last executing test programs:

49.972119184s ago: executing program 2 (id=11460):
mq_open(&(0x7f0000000040)='!selinuxsel\xad\"\x0e\xabx\xb8\xc9\xa8x\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c008d0e000020000000000000000000"], 0x15)
socket$alg(0x26, 0x5, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0xb970acdd662fb944)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

49.698920261s ago: executing program 2 (id=11461):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000090003000040"])
getsockopt$inet_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000000)=""/119, &(0x7f0000000080)=0x77)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d414000000010902120001000040000904"], 0x0)
syz_usb_connect(0x5, 0x528, &(0x7f00000010c0)=ANY=[@ANYBLOB="120110014308a4ff572300908648010203010902160501b20580010904040110335a1806052406000105240007000d240f019a2f00000e0802000006241afe000a09050d0308007fff00663059ccb4342dfb2fde601c7c7351ad276d3d94eee803284a70fd696e9a6b6691cc9180ed85eb363670a0cc558afe7bac939cebbb1755fa744ec31845505054a9bd4525825eaef6f17f2f63f5d943a1cc01bafb559dd5b100cf9fa83384a7468085d0b48c1f1f09cca511daadb4bf52defe6656ce809d345b39958b2251b08bd7f5c226b80905051010000001200725010001060009050808ff030da80609050812ff03097703f2118a5ce6bfdf2eedd035f069152984f94bfb72c76d23a29e0250c4b70475a928c417ab181c6c22fe7637099f5014b8d0ed1e4af8e9919804b81684e90a6167d578b7434bb84a9c696c7b8280a32038cc1887a2c45c6884e18883595cd286d5638f260dd7cb8bf1eb68a75b1d990832cee0c493af14ed69b1d92979bb7e9d9d52154950bf3b82d3de1076844b5a9f1191e973ac1aa5beac5cb3e9d38365a3cd6bf76d70d65348c6cb5f8ac2a905173f5fe7c6d594dae279cf552bedb17b7b75a9e94659818b8000b235f2ea7d7e6408bba3b94933eff6630d9c0a3394dee950a68139a13fd499cb4b5ce3412779590bf08bfe031c4c3222dbc954fb9a2717ba3ec56c4877608fe23e338a0a5e7fafba4e46422a7833839014cde02c3b4530f40dd46019306553139a408bffea2457ab090e2d64ec47d365f819c4a41862e17ffe01dd98fd5d7e394348f7f6c198c360cfa6466cafe53dc41a57cf40357f37d79734d78de0dd261006b4d1936e862a543fdd9e12d6e4f00b810b5a1951c2fd1eaf58cf43a5baf9a90389d48886ea1d14c5814e8ba312700771f50b063737c560f60e0106712ff806c452c35c769cd3cb2d8b68986145bdffa3edf05fb7667dc85e8abf4fdcfca23d9b8f05b77285e14a534ca5c40fa09f3dd1420722f987cad123519ca3272c84456ac14668a8f2bcff09050a020800a1050509050c100002060603072501010203000905030340000609d309050d010002641f400905800308000840ff0905040000040420ab090580000800010504090505080800031c04e121622b7bce142d887d80058676ab922712d6b8b3d87e4504c64a5238a5f098fce98ecf34c31a6f899c5d27135d605ecb6866b6d06924695cc6a0e4f2bf84377efdf3bc4c8ec5ed0e12c9df4c387a846fd3295e91b878ac13b37af659c3a491930e0d28325620a4730386890a06f3bcd32fd2f23f19644eed78b74232bca4923e3e23a422010363a6e9d1e6efafe1a90f342940de10e3f1fa30d94e678da5ab7bdc452e620c9631aca5a4a33f1d2fdb2d1d88f611db45c9aa90944b0e4346c808a408d0c3248f32720ef69b9caf4ae9d0e70f7e4312e0d22b63bc65776286de070725010109090009050810000400800109050c02080081038107250182200180830264f4935ec208c00415b6d458961160af6c0679bcbfef301992078374772b06615d3deca84ebf7b7bfcadc8fd433244eaf637ec56e679a1b9e2961df42a3c9d788b49ead699ca57d167362119b21fe82cd6cc9534632ceb8c4078b589ca2093a65acc7fc7a8c818aa1f6e311d6a594a925e63da15965924c37a42a68bf814a44cf009050c030002020509072501020000805b091e5156ca3b41fcdc8df7b4d236cb25e549a2ab42ee115f46c35bfb2e04e744b6ee8f7e5bbe9d7eb90b088c843dd7315c2822adb78fe1ee15ac14de7745769b893f79e700bc275b15ae8df00688ad508e9d106beb7fe4ca01e1090502082000fff554223712396408a6346dc41dd43edeb32de3dcc0ff23e6823ff36135dc370b7ce778937ba6729adee3c5b645ef968d902653657a90b973fd6edd54626307d63ee23bf3c12da8dada31568a419dd9155ee3b38f9a91f84eee3ed34a130a3e63fa1f33a0ea6c4995b0bc0526fad85fe20ac5045ae9e41155029922500efe15d1badaf30aaa978d038d76b9fd91f99355d3602093c3327ad5f980d59f659c979684ca4ea72d13af9af810795c85d283fc69f37044a38426485e57078ffd97437b9d4f3583a0"], &(0x7f0000000380)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x1, 0x5, 0x2a, 0x40, 0x1}, 0x198, &(0x7f0000000f00)={0x5, 0xf, 0x198, 0x6, [@ptm_cap={0x3}, @generic={0x103, 0x10, 0x2, "ff1e71105ab6d641dd768fd5906ee0d49c645797e9c62c170293a6f57971cbe67eac0551808f8446848b27070000001675218100b9e65c2468ea140100000000000000babfffdd660fa39108c0d0be89cf4fb81a5606d7a7dce13333ce10d129e329605f71c25a268e577cee9b952a605c045fbb26ae9a01a9fd0056320551e8d825f482000000003491049e4da8cc5cd341e8bc5fd061a9bc4417fa703e27d042501bdf3fe45c333d05d1302e6751fec56d6f3b50d2c8ed36cbda41cae65f6f158f77717dbc8c4604f0599e3cab76b38b4020c9a76f8abb0614c21943db354b21d20000000094314cedeb63486761b18e44bd6423b0f409ff8ee41f189ce89d"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x40, 0x80, 0x3c}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x9, 0x2, 0xfffe}, @generic={0x6e, 0x10, 0x4, "0609295d2bf64da29b94faae07b866b3fbd26bd44f32794025799317ddea5264625ea7f8191e17d03d096c590b17651fc08d123bd14a00aa069a3b3d6f0c5435447dbcff82de962a44f95d4176ffaa902a159bd2c9f24e9220887454cef1cb060ad550e951a16d688ca3de"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x18, 0x36, 0x0, 0x7, 0x5}]}, 0x7, [{0xdd, &(0x7f00000000c0)=@string={0xdd, 0x3, "19458e5d180f44bc9c09a8944523b795de0d88d0ca62e7b022135021e1ea91dd2d63a1c6d2d6eedfb2cfebc2fea93ba2c0c4ead938364b5ec0089433892f2fee8f9704919a5cbdbe4117909bec25cec59bb65fbd7f9f7c33fcde3f269f97c7342f6b0e7af20619aebf0d985a579e043cec1b0f70138d99b2107c1973dc53ee54ebbbba12e53ce5b4ee4127d0cca46c0387f60d1f805ea07ed203972764c8a38015fbeb6e91e6d900c8c228dfafd121bd9ed03532962e0b5d317b27284ffbbcf25997794034784b43585465e92b5cf4df38da77a395b162cd80318e"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42b}}, {0xed, &(0x7f0000000740)=@string={0xed, 0x3, "108a6266635c3de66ea656d465ceb81af76aafeecdfa8f356edd15d8488da4e5039080d3d00b32d818b2b9feb2fc6bcb8cff6ccc679f80ea5b2589232df51c7f5df6ee245da1d15a4d180505acf1eefc72968fbb352ba516d96807f6bcbcd50ad35a00e5983a4ae68968a02bdf01b9d5cb54956c81f48a11521231ee95d682f8fc041d12c8a3245837bfab59173710dd5af9ed8147b2919bcf4182b90045df2f14ed25845c119b31a84cf6cd97a556ddf5cb7093121eb8c23337d88ddc82b238f9b58086c3c508f75e153ddf4c592f2d7e5a8aba3f7fd2af750a4f79e15adbb90254f01180a70d182bca9d"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x443}}, {0x97, &(0x7f0000000680)=@string={0x97, 0x3, "8cf2e3085a68a7d8c20e9856a2fe8bd734d8eb80e278bccc9fd7d3c1782a25fa74e1f090958e80125cee18139eed9293bc591a86736315516b42dfff8044404e14a092cce49077e69d1359db6f8ff3ed41445bb77071cafe228194968223814aae9dbf23776df9fb9aa481c56d746e6a90985cdd77c78a032dfad1a7e7f8a8b0abe115a1985a73f96384462726ac76c319898461c5"}}, {0x72, &(0x7f0000000480)=@string={0x72, 0x3, "83bf29973ca2247868ecefca51b0f349d918d386e373f06cfe2e84f244e8ad394edfa88ccc4541ad0b60f28adfa902b2acd0436f86e227530b01f9e4a7e14b293933c1896157c72fe32eb4dd5febe305133c07022f10b118b31247ae8b3864b3d350886b5758a30e4c2ea50c6c04608d"}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x415}}]})
setuid(0xee01)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00010c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000200)={0x0, 0x0, 0x28, "61752b496c088bfa3ab146172ea135d9eb2804e1c77d9a2afb2ccf56645ad9a4d2d7a884e117b513"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f00000016c0)=""/102386, 0x18ff2}], 0x1, 0x2000003, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000280)=ANY=[@ANYRES8=r5, @ANYRES32=r7], 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0xa)
ioctl$sock_inet_sctp_SIOCINQ(r5, 0x541b, &(0x7f0000000140))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$l2tp6(r5, &(0x7f0000000100)={0xa, 0x0, 0xfff, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffff79, 0x3}, 0x20)

48.568394681s ago: executing program 3 (id=11466):
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000240)={0x28, 0x0, 0x2710}, 0x10, 0x80000)
setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000002e40)={@map, 0xffffffffffffffff, 0x19, 0x34, 0x0, @link_id}, 0x20)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
rt_tgsigqueueinfo(r1, 0xffffffffffffffff, 0x18, &(0x7f00000001c0)={0x14, 0xe13, 0x8})
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
socket$nl_xfrm(0x10, 0x3, 0x6)
seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000040))
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = syz_open_dev$vcsu(&(0x7f0000000280), 0x0, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x61, &(0x7f00000002c0)={'filter\x00', 0x4}, 0x68)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'bond0\x00', <r6=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="df559fdab89a"}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
r10 = socket(0x1, 0x803, 0x0)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000101000010400"/20, @ANYRES32=0x0, @ANYRES8=r3, @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r11], 0x94}, 0x1, 0x0, 0x0, 0x4000081}, 0x40)
r12 = syz_open_dev$sndpcmp(&(0x7f0000000340), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
modify_ldt$write2(0x11, 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r12, 0xc2604110, &(0x7f0000000380)={0x0, [[0x1fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x620], [0x2000005], [0x8002]], '\x00', [{0x0, 0x610cfd08}, {0x0, 0xc}, {0x0, 0x1efb660a}], '\x00', 0x600})
timer_delete(r2)

48.138255182s ago: executing program 0 (id=11467):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0000fa00ea8000"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSETD(r2, 0x40186366, &(0x7f0000000ec0))

47.230476055s ago: executing program 3 (id=11468):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x1100, 0x0)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'veth1_to_bond\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001240)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x4}}]}, 0x30}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@getnexthop={0x20, 0x76, 0xb0d, 0x0, 0x0, {0x3}, [@NHA_MASTER={0x8, 0xa, 0xfffffffc}]}, 0x20}}, 0x0)

47.115171113s ago: executing program 0 (id=11469):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
unshare(0x8000000)
unshare(0x8040080)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0xac802, 0x61)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @empty}, 0x290, 0x0, 0x0, 0x0, 0x8000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/power/image_size', 0x40042, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r3=>0x0)
io_submit(r3, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x6a040000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000000)={0x0, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
userfaultfd(0x1)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="30000000000801dda26a0bebe1fb8e1a115a0a1b44defb3636ebda9c1adbc4c318ae1de72707a3a063d48067465e7f56f99c82edd2878a684ca7964b7cc2407069b7e8e44d9a9a84096af7bf61fe40e4332cc2903b7316d1dfdeb4dcb5a06c6e9add90eddff207e870d304e1"], 0x30}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000013000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe80, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)

47.114867354s ago: executing program 3 (id=11470):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\x1b\x00m\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r5, 0x0)
ioctl$TIOCGPTPEER(r5, 0x5441, 0x7f)
ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000300)={r3, 0x0, 0x0, 0x4000})
pselect6(0x40, &(0x7f00000007c0), &(0x7f0000000800)={0x7f}, 0x0, 0x0, 0x0)
r6 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000080)=0x1c, 0x800)
ioctl$sock_inet_SIOCSIFADDR(r6, 0x8916, &(0x7f00000000c0)={'veth1_to_batadv\x00', {0x2, 0x4e24, @rand_addr=0x64010102}})
ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0585605, &(0x7f0000000100)={0x0, 0x1, @raw_data})
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000000002505a8"], 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000580)="d8000000140081054e81f782db44b904021d08020a000000040000a1180002000000000000000e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08002a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
syz_usb_control_io(r1, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xffffffffffffffff, r0, 0x0, 0x0)

46.924048522s ago: executing program 2 (id=11471):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0104000000a34c00000002000000400004803c0001800b00010065787468647200002c0002800500020083000000080003400000000008000440000000be080006400000000208000140000000130900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}}, 0x0)

46.748163893s ago: executing program 2 (id=11472):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x2, &(0x7f0000006680)=0xfe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
unlinkat(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x2, &(0x7f0000006680)=0xfe) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async)
unlinkat(0xffffffffffffffff, 0x0, 0x0) (async)

46.391387899s ago: executing program 4 (id=11474):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000580)}, {0x0}, {0x0}, {0x0}, {&(0x7f00000039c0)="10", 0x1}], 0x5}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x40000042}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000080)={0x42}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008000a00040e00000800090000a800000800070000000000080008"], 0x4c}}, 0x0)

46.065318659s ago: executing program 4 (id=11476):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002e80), 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000001000000010000000068a0000040000000000000e0000000000000000000000005f007898167877ad308eb6cb4fbc9bd557d729317e5862e923b9844da792baa81859b352a8d60e62effbf25946d6ed2901775534d79bb56f2e545732501bc8f8f3fb0a3aeab5570953cb4578515735d4249439acd98da7f4bbc784ea7b46f96ec472e18cdb68ff1547ab7bfca90ec877a4b4c014897751951f6e10180451b87086df60ec2fd32b17f5aae93694b1cb0916017f29381313a6f29dbdcd75baf7d55ee1dde1806d02d4458c9a6b187e3c9c"], 0x0, 0x2e}, 0x20)
socket$netlink(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x0, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000340)=@assoc_value, &(0x7f0000000200)=0xfffffffffffffc62)
ppoll(&(0x7f00000001c0)=[{}], 0x1, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="040e0443050c", @ANYRESOCT], 0x7)
socket$inet6(0xa, 0x3, 0x7)
socket(0xa, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000680)='net/ip6_mr_cache\x00')
preadv(r4, &(0x7f0000000b00)=[{&(0x7f00000006c0)=""/168, 0xa8}], 0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000001c000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="408f67000a8a00875a61d52e9a619e66577aede9bf4fa5fa4f59f933ce5d85b295d1154bf4de2d4929bb152abdd01f4f2ce63e13ecc133d7f57c5e12e15e8be3b4878725700bbd0b8d4446e45d5ee247a69300b50785df8d6e"], 0x28}}, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000080)={0x0, 0x0, 0x0, {0xa, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x8, [], 0x0, 0x0, 0x3}}})

45.134706703s ago: executing program 0 (id=11478):
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={<r0=>0x0, 0x8000}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000140)={r0, 0x5c6}, &(0x7f0000000180)=0x8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="780000001000090400000000fedbdf2500000000", @ANYRESOCT=r1], 0x78}}, 0x0)

45.097819255s ago: executing program 4 (id=11479):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = dup2(r0, r1)
sendmmsg$inet(r2, &(0x7f0000000dc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a00)="316f825a3d29f96a2093a917017b4cd30000000000000035ed313e19d6dd", 0x1e}, {&(0x7f0000000640)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23374ec7c4aadbb8b985f14893a91d750e168350685e0f4f079d2d8e79be174ef9355b70719c712c5d15d2e7505a8696b50738ece15ee5", 0xbe}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25c951279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef3", 0xde}, {&(0x7f0000000500)="fff5c0293353db83a683db60266a3867d03f740f4f0a7bafe7be9b2bac0bf1b2019dbde5f640c897ac57789fb8490642b47a96f0d03ec69d1f6e90e86be7fb3ef9e76969438283b0ab8d31b707ddd3b453f5ed67232e172945aecaf6dd89d72d7a429ef6d0dcc5f0d9cc15dba086d191c0a8f23acdeb928805cae14ca8aec1241e536cdb42ef1675f8b948568fe6229a3bb6b7fbf033", 0x96}, {&(0x7f0000000800)="560e784a5947b90900000000000000d4f4adc887d8a4c55ae9e6d3bae49259a935b480ee610800f5c5b35943bdb14ae21509b259f5eaf5f3a71155845156bf64809dee25c0eadad25cac50b01aabdb713c8c9965a19e114c8bbc35054f68bf889f1a6ed430aff1952b2498efc46cbaebc815cb2ea2ff01000067d49fff192dad5fcac955fee31e59228679db51d72e0ba6bd6fa2545df05482e63a", 0x9b}], 0x5}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000180)="d06e8c3dc885a29d9b5a4c0cdc701c0a29e04f23dac714e90c70202e052be86141ead3c90a0e23650d6a5c10ba19943c89ab235f149ddaa2bf84d5e52bce3fbecc01eb03e0cd322dbc4b9c1bd3263a9d7bbc6de3e50842793e1ee7997649a6ab10775e6e50", 0x65}], 0x1}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000a40)="2ea5d94f90933978352c42a3dad24b4909f57c7dba2fcb7db2082f8d44aeb2d6f110ed7e3d662c1f933da4fa8a8bb24903c1447e1124f3b25cc920a03ddbe1cc78be62a31a8e767919deae04953f717a6b49186062637fc575d6ac16ced7258a0c23cda4c8f992", 0x67}], 0x1}}], 0x3, 0x0)
sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a40)=ANY=[], 0x344}}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

44.903223852s ago: executing program 0 (id=11480):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup(r2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
dup3(r1, r3, 0x0)
r4 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r4, 0x541b, &(0x7f00000002c0))
r5 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3)
sendmsg$NL80211_CMD_FLUSH_PMKSA(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, r7, 0x4, 0xf, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x8, 0x61}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4008801}, 0x40000)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=@newqdisc={0xac, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x7c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x18, 0x2, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x5}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xcb2}]}]}]}}]}, 0xac}}, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f0000000000), 0xfea7)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_SET(r10, &(0x7f0000000980)={0x0, 0xfffffffffffffe44, &(0x7f0000000940)={&(0x7f0000000080)={0x20, r11, 0x1, 0x0, 0x0, {0x1b}, [@ETHTOOL_A_EEE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0)
r12 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r13 = dup(r12)
ioctl$USBDEVFS_SUBMITURB(r13, 0x8038550a, &(0x7f0000000100)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r9, 0x0)
ioctl$LOOP_SET_FD(r9, 0x4c00, r0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a07, 0x1700)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000100)=@hci={0x1f, 0x0, 0x4}, 0xd0, &(0x7f0000000080), 0x1}, 0x0)

44.90285932s ago: executing program 4 (id=11481):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x12, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="780000001000090400000000fedbdf2500000000", @ANYBLOB="05001d00080000000400180006001f"], 0x78}}, 0x0)

43.712825334s ago: executing program 3 (id=11482):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x4}}, 0x10) (fail_nth: 2)

43.529186219s ago: executing program 2 (id=11483):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000010000d0400"/20, @ANYRES32=0x0, @ANYBLOB="89f28cde1a84d9fe931760ff58e47acfc389ed8e9466bbcb012800fd4ed62c0f87d39d392c055bc443931ad7d5331d6778135dc6f46e3058cff3c76c6b4f"], 0x20}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$caif_stream(0x25, 0x1, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2)
ioctl$SOUND_MIXER_READ_STEREODEVS(r3, 0x80044dfb, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$igmp6(0xa, 0x3, 0x2)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
memfd_create(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d070905030200"], &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000380))
syz_open_dev$char_usb(0xc, 0xb4, 0x7)
syz_usb_disconnect(r4)
io_setup(0x7fff, &(0x7f0000000180))

42.883134922s ago: executing program 3 (id=11484):
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/fs/nfs', 0x0, 0x0)
set_mempolicy(0x0, 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180), &(0x7f0000000040), 0x1d4, r0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x4e}, [@ldst={0x7, 0x3, 0x5, 0x0, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xe}, 0x23)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000006604000008000300", @ANYRES32=r3, @ANYBLOB="0800b70004000000080026009409"], 0x4c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000004c0)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x20}}, 0x0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r7, 0x6, 0x14, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000400)={{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@dev, 0x0, 0x6c}, 0x0, @in=@empty}}, 0xe8)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000f1d566201e043c40d7cc000000010902120001000000000904"], 0x0)
syz_usb_control_io(r8, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x9)
syz_usb_control_io$printer(r8, &(0x7f0000000140)={0x14, &(0x7f0000000000)={0x40, 0x11, 0xea, {0xea, 0x8, "8d4506c5083e0599aa7fecbfbaf8b9c62b62ec7ae68078891f3310459068bd2c382cf245bec107a2497c1fb507ec71ccb4fd524165685e757c0beec69cd5cdf9abe16763b8233ab19fbab15cc1b9b4d16a35824b4426d992426c1060a71b53667155a81c00055331c51e5fb76e3457915e1e4875a89ee2fad1001a3fca038e0b0162cbab190fb20c4ba2a3c03c1d0fb95c6e3b0962704ef84ab3a5a928073a2723a0bf2720b77786496e14507bd915914ebc26890e7884ab4c4489cd59a03174e00a9bb553c3fa4b6bdd2c5c4c53ed18ea301dc8525c7917ae8bd7b5dd856da2ab86dcd9dfe2f571"}}, &(0x7f0000000540)=ANY=[@ANYBLOB]}, &(0x7f0000000440)={0x34, &(0x7f0000000180)={0x40, 0x19, 0x81, "47516219317d09147d7b9304abe8a2f73299780c61b11053cccc07e57f1ac33e2f6cf2b7d6c0d0ea9c90068d1c47e35f765b1b4250fd72a25acca3f3393bbc3f7f9f1b5d5ebd1eee75ffc6abd6e8c257b73e8c64335b04a8e2f64e2bafb4231c3c446c926d1957a36cc36f39acf429005f72704665633632de7d651ad53fb77938"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x40}, &(0x7f00000002c0)={0x20, 0x0, 0xe7, {0xe5, "025f4c0373c614d76b8364805a533f1ccb6d2da2ea67949fed628456089d7f42f456a82b1ae18008d3e88748f34d6ba64f664434741db0d2c229febfe6486f9a110ee7e87d9c895fb92a9a97ffa450ea939ca5a0c40c520b131bbb8725bc2f46acc7b5524eed9982d4a505748191f4f168f404dd316d873b742120ab579e20a2661739a39adcdcd9913abd11923db38f523bf139ccafcc2e3eaf17280525a80908a31db826790fc0a2d38aaeeb91c7b2148768030c72d4f27c650f621f782529bee8afc3b2e56f70cc0befe9d476085e7d46cb6acc058495a2b146e476e08509b62bec0af7"}}, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, &(0x7f0000000400)={0x20, 0x0, 0x1, 0x8}})

40.377644552s ago: executing program 4 (id=11485):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x84, 0xfde1)
sendto$inet6(r0, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe21, 0x0, @mcast2}, 0x19)
sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
sendto$inet6(r0, &(0x7f0000000100)="2501f71d330b7e73d6b1d1b8a473ff7487b4b43ce086388e5de7714fa228ee1f68", 0x21, 0x0, 0x0, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x2003, 0x0, 0x0)

40.369976605s ago: executing program 0 (id=11486):
mq_open(&(0x7f0000000040)='!selinuxsel\xad\"\x0e\xabx\xb8\xc9\xa8x\x00', 0x6e93ebbbcc0884f2, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000003c0), 0x500, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90010000c008d0e000020000000000000000000"], 0x15)
socket$alg(0x26, 0x5, 0x0)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x3}, 0x0, 0x0)
fcntl$setstatus(r0, 0x4, 0xb970acdd662fb944)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)

39.8031562s ago: executing program 3 (id=11487):
r0 = socket$inet(0x2, 0x3, 0x800000000000a)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x198, [0x0, 0x0, 0x0, 0x0, 0x200005e0], 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="000000000000000000000000004ff8d978fa7ef9850000000000e5ffffffffffffff000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000013000000e2d0be86000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000799e3b3c00000001000000000000000000ffffffff01000000110000000000000000000300736630000011000000000008000064756d6d793000000000000000000000010000000000000000000000000000006c6f00000000200000000000f8fffffffeffffffffff000000000000ffffffffffff000000000000000070000000a8000000d8000000646e6174000000000000200000000000000000000000000000000000000000001000000000000000aaaaaaaaaaaa00000100000000000000726564697265637400000000f6f678c1bcc95568ee000000000000000000000008000000000000000008000000000000"]}, 0x210)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xb, &(0x7f00000000c0)=0x50f, 0x24)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x3, 0x2000000000000145, 0x0, &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfe68}, 0xcd)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r2, 0x4188aec6, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e5cf01406e0510401c20000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB="00000100000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, &(0x7f0000000700)={0x2c, &(0x7f0000000540)={0x40, 0x21, 0x7b, {0x7b, 0x24, "0a5097ccf6015a6932806b3275520179189617f3518a2486ed73f81bf29c017bfd0cab6c3d598396c6c693dd1175f69c50a90e990648322bae846e079c63d0fd350b5de8c544d16b56414b0047641f22aab27a73dfdb14c547dc3a6d86eade33020563da0fc605a5533ac0b8f30d905c3c3bb8515cea778599"}}, &(0x7f0000000600)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2809}}, &(0x7f0000000640)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000ec0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3f, 0x80, 0xcf, 0x3, "1387a668", "d45caed7"}}, &(0x7f00000006c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x2, 0x2, 0x6, 0x1, 0x6, 0x9}}}, &(0x7f0000000dc0)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="20059f0000009db73eecaade449a1bdb471bf177c5b1b9bd728f20ceb96c3c04e5d4c48dbe439fe1aba0f57a75f0833f51a81d0fdc637346fd5de966134ec14ef81e28091bbfae64c4541958bdd2f93948e3316c74c704c992599785b117956372ebe845512d090d2c391b497d1f64871cd1e3f5cd7bcb9477fc373f0a2ba73ac2a2225b7eb905ccaacc83725140e677a4561459e949ee0d3a347e94f6c6ac3ac54a9976dd"], &(0x7f0000000e80)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000d40)={0x0, 0x8, 0x1, 0xa1}, &(0x7f0000000880)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000d80)={0x20, 0x0, 0x8, {0x1c00, 0x20, [0xfff0]}}, &(0x7f0000000900)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000940)={0x40, 0x9, 0x1}, &(0x7f0000000980)={0x40, 0xb, 0x2, "b319"}, &(0x7f0000000840)={0x40, 0xf, 0x2, 0x80}, &(0x7f0000000a00)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f0000000a40)={0x40, 0x17, 0x6, @random="b1c865b2f5df"}, &(0x7f0000000a80)={0x40, 0x19, 0x2, "e384"}, &(0x7f0000000ac0)={0x40, 0x1a, 0x2, 0xb0e9}, &(0x7f0000000b00)={0x40, 0x1c, 0x1, 0xf9}, &(0x7f0000000b40)={0x40, 0x1e, 0x1, 0x6f}, &(0x7f0000000c40)={0x40, 0x21, 0x1}})
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00+2'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r3, &(0x7f0000000180)={0x14, &(0x7f0000000080)={0x20, 0x7, 0x94, {0x94, 0x31, "abb2821e2ecea26d44acbfb2d1be7993c75270e68f5242d53aea20452a654dc07ed80e3e5b5308215526321687642b77238eb582c38a819cb523f0673519e2d5b11340c1966cccf468c4dcf5736890d1056b6c0dc535b9db3658ae539570b1d41f6ce7fcdda7a8bbbfa02dacb7b90d5ee6d3480beaa0b1f6997977ef4a9ced893566d6b36dbbc92408429b948e8e886af38c"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}}, &(0x7f0000000500)={0x34, &(0x7f00000001c0)={0x40, 0x13, 0xb5, "f2db70d613de9615bda844a7865b121964443143e8e6e36bd07f21b1cc3d1beaa37edc1e607b9215161a66653f7c08f8aa734766a63e380728c73672c349ef8448a0e6f38d2fa2a75baa05b64539953ae799756980822bed20c4cdf1dba07a0d3529c55ef9100e0be77937bfe7b76716413b657dba7c3f228e63e78329045d0c172a5bdcb1fe3fbb789695545e4119146b1016271ef5bc5df1fb9bd09db8713fbae54654d457cfd78e404b5944421bd29d0b9402a6"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000380)={0x20, 0x0, 0x6d, {0x6b, "acde4b23d263a0f66e4f8efcf45d127d7c070e538f3e63e85e57c7063baa1ecd96fec8045fc044a6ee115542b1e76d31a6d789eb55acc4a4fbe22107fd24441b3404beb7a4743717b80fc511d96e94dffe5fb1999d826b073ccf8d9b8ecc9dc123d86cde07a185e50f35df"}}, &(0x7f0000000400)={0x20, 0x1, 0x1, 0xd8}, &(0x7f00000004c0)={0x20, 0x0, 0x1, 0x2}})

38.54795585s ago: executing program 4 (id=11488):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
unshare(0x8000000)
unshare(0x8040080)
r1 = openat$sysfs(0xffffffffffffff9c, 0x0, 0xac802, 0x61)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000000)={0x4000000, {}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @empty}, 0x290, 0x0, 0x0, 0x0, 0x8000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/power/image_size', 0x40042, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r3=>0x0)
io_submit(r3, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x6a040000)
ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f0000000000)={0x0, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
userfaultfd(0x1)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="30000000000801dda26a0bebe1fb8e1a115a0a1b44defb3636ebda9c1adbc4c318ae1de72707a3a063d48067465e7f56f99c82edd2878a684ca7964b7cc2407069b7e8e44d9a9a84096af7bf61fe40e4332cc2903b7316d1dfdeb4dcb5a06c6e9add90eddff207e870d304e1"], 0x30}}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000013000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0xe80, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r5)

38.536286797s ago: executing program 0 (id=11489):
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000000), 0x8)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000090003000040"])
getsockopt$inet_mptcp_buf(r1, 0x11c, 0x2, &(0x7f0000000000)=""/119, &(0x7f0000000080)=0x77)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ab9fd540501d6f60d414000000010902120001000040000904"], 0x0)
syz_usb_connect(0x5, 0x528, &(0x7f00000010c0)=ANY=[@ANYBLOB="120110014308a4ff572300908648010203010902160501b20580010904040110335a1806052406000105240007000d240f019a2f00000e0802000006241afe000a09050d0308007fff00663059ccb4342dfb2fde601c7c7351ad276d3d94eee803284a70fd696e9a6b6691cc9180ed85eb363670a0cc558afe7bac939cebbb1755fa744ec31845505054a9bd4525825eaef6f17f2f63f5d943a1cc01bafb559dd5b100cf9fa83384a7468085d0b48c1f1f09cca511daadb4bf52defe6656ce809d345b39958b2251b08bd7f5c226b80905051010000001200725010001060009050808ff030da80609050812ff03097703f2118a5ce6bfdf2eedd035f069152984f94bfb72c76d23a29e0250c4b70475a928c417ab181c6c22fe7637099f5014b8d0ed1e4af8e9919804b81684e90a6167d578b7434bb84a9c696c7b8280a32038cc1887a2c45c6884e18883595cd286d5638f260dd7cb8bf1eb68a75b1d990832cee0c493af14ed69b1d92979bb7e9d9d52154950bf3b82d3de1076844b5a9f1191e973ac1aa5beac5cb3e9d38365a3cd6bf76d70d65348c6cb5f8ac2a905173f5fe7c6d594dae279cf552bedb17b7b75a9e94659818b8000b235f2ea7d7e6408bba3b94933eff6630d9c0a3394dee950a68139a13fd499cb4b5ce3412779590bf08bfe031c4c3222dbc954fb9a2717ba3ec56c4877608fe23e338a0a5e7fafba4e46422a7833839014cde02c3b4530f40dd46019306553139a408bffea2457ab090e2d64ec47d365f819c4a41862e17ffe01dd98fd5d7e394348f7f6c198c360cfa6466cafe53dc41a57cf40357f37d79734d78de0dd261006b4d1936e862a543fdd9e12d6e4f00b810b5a1951c2fd1eaf58cf43a5baf9a90389d48886ea1d14c5814e8ba312700771f50b063737c560f60e0106712ff806c452c35c769cd3cb2d8b68986145bdffa3edf05fb7667dc85e8abf4fdcfca23d9b8f05b77285e14a534ca5c40fa09f3dd1420722f987cad123519ca3272c84456ac14668a8f2bcff09050a020800a1050509050c100002060603072501010203000905030340000609d309050d010002641f400905800308000840ff0905040000040420ab090580000800010504090505080800031c04e121622b7bce142d887d80058676ab922712d6b8b3d87e4504c64a5238a5f098fce98ecf34c31a6f899c5d27135d605ecb6866b6d06924695cc6a0e4f2bf84377efdf3bc4c8ec5ed0e12c9df4c387a846fd3295e91b878ac13b37af659c3a491930e0d28325620a4730386890a06f3bcd32fd2f23f19644eed78b74232bca4923e3e23a422010363a6e9d1e6efafe1a90f342940de10e3f1fa30d94e678da5ab7bdc452e620c9631aca5a4a33f1d2fdb2d1d88f611db45c9aa90944b0e4346c808a408d0c3248f32720ef69b9caf4ae9d0e70f7e4312e0d22b63bc65776286de070725010109090009050810000400800109050c02080081038107250182200180830264f4935ec208c00415b6d458961160af6c0679bcbfef301992078374772b06615d3deca84ebf7b7bfcadc8fd433244eaf637ec56e679a1b9e2961df42a3c9d788b49ead699ca57d167362119b21fe82cd6cc9534632ceb8c4078b589ca2093a65acc7fc7a8c818aa1f6e311d6a594a925e63da15965924c37a42a68bf814a44cf009050c030002020509072501020000805b091e5156ca3b41fcdc8df7b4d236cb25e549a2ab42ee115f46c35bfb2e04e744b6ee8f7e5bbe9d7eb90b088c843dd7315c2822adb78fe1ee15ac14de7745769b893f79e700bc275b15ae8df00688ad508e9d106beb7fe4ca01e1090502082000fff554223712396408a6346dc41dd43edeb32de3dcc0ff23e6823ff36135dc370b7ce778937ba6729adee3c5b645ef968d902653657a90b973fd6edd54626307d63ee23bf3c12da8dada31568a419dd9155ee3b38f9a91f84eee3ed34a130a3e63fa1f33a0ea6c4995b0bc0526fad85fe20ac5045ae9e41155029922500efe15d1badaf30aaa978d038d76b9fd91f99355d3602093c3327ad5f980d59f659c979684ca4ea72d13af9af810795c85d283fc69f37044a38426485e57078ffd97437b9d4f3583a0"], &(0x7f0000000380)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x1, 0x5, 0x2a, 0x40, 0x1}, 0x198, &(0x7f0000000f00)={0x5, 0xf, 0x198, 0x6, [@ptm_cap={0x3}, @generic={0x103, 0x10, 0x2, "ff1e71105ab6d641dd768fd5906ee0d49c645797e9c62c170293a6f57971cbe67eac0551808f8446848b27070000001675218100b9e65c2468ea140100000000000000babfffdd660fa39108c0d0be89cf4fb81a5606d7a7dce13333ce10d129e329605f71c25a268e577cee9b952a605c045fbb26ae9a01a9fd0056320551e8d825f482000000003491049e4da8cc5cd341e8bc5fd061a9bc4417fa703e27d042501bdf3fe45c333d05d1302e6751fec56d6f3b50d2c8ed36cbda41cae65f6f158f77717dbc8c4604f0599e3cab76b38b4020c9a76f8abb0614c21943db354b21d20000000094314cedeb63486761b18e44bd6423b0f409ff8ee41f189ce89d"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x40, 0x80, 0x3c}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x9, 0x2, 0xfffe}, @generic={0x6e, 0x10, 0x4, "0609295d2bf64da29b94faae07b866b3fbd26bd44f32794025799317ddea5264625ea7f8191e17d03d096c590b17651fc08d123bd14a00aa069a3b3d6f0c5435447dbcff82de962a44f95d4176ffaa902a159bd2c9f24e9220887454cef1cb060ad550e951a16d688ca3de"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x18, 0x36, 0x0, 0x7, 0x5}]}, 0x7, [{0xdd, &(0x7f00000000c0)=@string={0xdd, 0x3, "19458e5d180f44bc9c09a8944523b795de0d88d0ca62e7b022135021e1ea91dd2d63a1c6d2d6eedfb2cfebc2fea93ba2c0c4ead938364b5ec0089433892f2fee8f9704919a5cbdbe4117909bec25cec59bb65fbd7f9f7c33fcde3f269f97c7342f6b0e7af20619aebf0d985a579e043cec1b0f70138d99b2107c1973dc53ee54ebbbba12e53ce5b4ee4127d0cca46c0387f60d1f805ea07ed203972764c8a38015fbeb6e91e6d900c8c228dfafd121bd9ed03532962e0b5d317b27284ffbbcf25997794034784b43585465e92b5cf4df38da77a395b162cd80318e"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x42b}}, {0xed, &(0x7f0000000740)=@string={0xed, 0x3, "108a6266635c3de66ea656d465ceb81af76aafeecdfa8f356edd15d8488da4e5039080d3d00b32d818b2b9feb2fc6bcb8cff6ccc679f80ea5b2589232df51c7f5df6ee245da1d15a4d180505acf1eefc72968fbb352ba516d96807f6bcbcd50ad35a00e5983a4ae68968a02bdf01b9d5cb54956c81f48a11521231ee95d682f8fc041d12c8a3245837bfab59173710dd5af9ed8147b2919bcf4182b90045df2f14ed25845c119b31a84cf6cd97a556ddf5cb7093121eb8c23337d88ddc82b238f9b58086c3c508f75e153ddf4c592f2d7e5a8aba3f7fd2af750a4f79e15adbb90254f01180a70d182bca9d"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x443}}, {0x97, &(0x7f0000000680)=@string={0x97, 0x3, "8cf2e3085a68a7d8c20e9856a2fe8bd734d8eb80e278bccc9fd7d3c1782a25fa74e1f090958e80125cee18139eed9293bc591a86736315516b42dfff8044404e14a092cce49077e69d1359db6f8ff3ed41445bb77071cafe228194968223814aae9dbf23776df9fb9aa481c56d746e6a90985cdd77c78a032dfad1a7e7f8a8b0abe115a1985a73f96384462726ac76c319898461c5"}}, {0x72, &(0x7f0000000480)=@string={0x72, 0x3, "83bf29973ca2247868ecefca51b0f349d918d386e373f06cfe2e84f244e8ad394edfa88ccc4541ad0b60f28adfa902b2acd0436f86e227530b01f9e4a7e14b293933c1896157c72fe32eb4dd5febe305133c07022f10b118b31247ae8b3864b3d350886b5758a30e4c2ea50c6c04608d"}}, {0x4, &(0x7f0000000e00)=@lang_id={0x4, 0x3, 0x415}}]})
setuid(0xee01)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="00010c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000200)={0x0, 0x0, 0x28, "61752b496c088bfa3ab146172ea135d9eb2804e1c77d9a2afb2ccf56645ad9a4d2d7a884e117b513"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = creat(&(0x7f0000000040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f00000016c0)=""/102386, 0x18ff2}], 0x1, 0x2000003, 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000280)=ANY=[@ANYRES8=r5, @ANYRES32=r7], 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0xa)
ioctl$sock_inet_sctp_SIOCINQ(r5, 0x541b, &(0x7f0000000140))
socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$l2tp6(r5, &(0x7f0000000100)={0xa, 0x0, 0xfff, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffff79, 0x3}, 0x20)

36.536311161s ago: executing program 2 (id=11490):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000080)=[{0x48}, {0x6}]}, 0x10)
socket$kcm(0x2, 0x3, 0x106)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2b, 0x4, 0x0, 0x0, 0xac, 0x2000, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x658}, {@broadcast}, {@remote}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010121, 0x1ff}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0xf, 0x0, [@remote, @private=0xa010102, @remote]}]}}}}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)
socket(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e06000d08"], 0x9)
dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
preadv(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {&(0x7f00000028c0)=""/219, 0xdb}], 0x2, 0x0, 0x0)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)

28.932032843s ago: executing program 1 (id=11498):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000000), 0x4)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000040)={0x5c, 0x0, 0x33, 0x8, 0x13, "904a19522f9a5d9ff26527442de2e1b916198a"})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='memory.events\x00', 0x275a, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
r3 = syz_open_dev$ndb(&(0x7f0000000300), 0x0, 0x201)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000340)={0x0, 0x20})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000340))

28.754861939s ago: executing program 1 (id=11499):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x3}, 0x48)
timer_create(0x0, 0x0, 0xffffffffffffffff)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@dellinkprop={0x70, 0x6d, 0x200, 0x70bd29, 0x25dddbff, {0x0, 0x0, 0x0, 0x0, 0x4038, 0x8}, [@IFLA_MTU={0x8, 0x4, 0x30f6}, @IFLA_VF_PORTS={0x4}, @IFLA_GROUP={0x8, 0x1b, 0x78}, @IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x7}]}}}, @IFLA_PORT_SELF={0x4}, @IFLA_EVENT={0x8, 0x2c, 0xff}, @IFLA_LINK={0x8}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x8}]}, 0x70}}, 0x80)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00"], 0xec}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
close(r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, &(0x7f0000000000))
ppoll(&(0x7f0000000240)=[{}], 0x1, 0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f00000001c0)={0x13})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x8, 0x1c, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f00000003c0)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x306}, 0x0, {0x2, 0x0, @private=0xa010101}, 'wlan0\x00'})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket(0x840000000002, 0x3, 0x100)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000540)=ANY=[@ANYBLOB="ffffffffffff000000000000080b450000380000000000019078ac1e0001ac1414aa050090780300000045000000000000000033000000000000ac1414bb0000000000000000a441e1037b2d7d675bdb8754bdd299317ee62831776e963ace01bca41cc39d8a410aa91aafc08b342d0583cd13a3ceb3bcb299cc09055c9ffe8372ad69c57f563060c9a5a22547bc1a57d0837a6c816d33965aee2485"], 0x0)

16.826230584s ago: executing program 1 (id=11501):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_io_uring_setup(0x1e62, &(0x7f00000002c0)={0x0, 0xd029, 0x1, 0x1, 0xa0}, &(0x7f0000000340), &(0x7f0000000380))
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="5c00000012006bab9e3fe3d86e6c1d0000147ea60864160af36504b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64c9f4080003680601000008000300ff000000", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000040)="100c060026220300000000000000", 0xe, 0xfffffffffffffffc)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
socket$netlink(0x10, 0x3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000040), 0xfefc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000000080)=""/70, 0x46}, {&(0x7f0000000100)=""/107, 0x6b}, {&(0x7f0000000180)=""/69, 0xfc71}, {&(0x7f0000000200)=""/107, 0x6b}], 0x4)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', <r6=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0x300, 0x2, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}]}}}]}, 0x50}}, 0x0)

8.496142495s ago: executing program 1 (id=11504):
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000000000063aaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000200000000b7050000b7da0800bdcba85608003e008500000008000000"], &(0x7f0000000300)='GPL\x00', 0x4}, 0x90)
ioctl$EVIOCSKEYCODE_V2(r0, 0x80104592, &(0x7f00000001c0)={0x0, 0x0, 0x8cc4, 0x24e9, "00f8ffffffffffffff0000f62386f0dfdf293700"})

111.095672ms ago: executing program 1 (id=11505):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8949, &(0x7f0000000900)={'ip6gre0\x00', @random="0600002000"})

0s ago: executing program 1 (id=11506):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r3 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1}}, 0x10, 0x0}, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='blkio.bfq.io_service_bytes\x00', 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r6, 0x810c5701, &(0x7f0000000400))
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000280)='cgroup.procs\x00', 0x2, 0x0)
r9 = syz_clone(0x0, &(0x7f0000000600), 0x0, 0x0, 0x0, 0x0)
write$cgroup_pid(r8, &(0x7f0000000800)=r9, 0x12)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRESOCT=r10, @ANYBLOB="010000000000000000000900000008000300", @ANYRES32=r1, @ANYBLOB="05023901"], 0x44}}, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
r11 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000180)=0x1080, 0x4)
recvmmsg(r11, &(0x7f00000005c0)=[{{0x0, 0xfffffffffffffea3, 0x0}}], 0x3ffffffffffff62, 0x0, 0x0)

kernel console output (not intermixed with test programs):

transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2912.670305][T22435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2912.922338][T22435] hsr_slave_0: entered promiscuous mode
[ 2912.945192][T25602] usb 1-1: USB disconnect, device number 86
[ 2912.962675][T22435] hsr_slave_1: entered promiscuous mode
[ 2912.991197][T22435] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2913.002215][T22435] Cannot create hsr debugfs directory
[ 2913.043569][T22367] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2913.077568][T22367] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2913.174358][ T2903] hsr_slave_0: left promiscuous mode
[ 2913.194153][ T2903] hsr_slave_1: left promiscuous mode
[ 2913.206444][ T2903] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2913.222129][ T2903] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2913.233782][ T2903] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2913.241249][ T2903] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2913.291908][ T2903] veth1_macvtap: left promiscuous mode
[ 2913.298890][ T2903] veth0_macvtap: left promiscuous mode
[ 2913.313108][ T2903] veth1_vlan: left promiscuous mode
[ 2913.323187][ T2903] veth0_vlan: left promiscuous mode
[ 2913.384937][T16927] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 2913.589131][T16927] usb 3-1: Using ep0 maxpacket: 32
[ 2913.605556][T16927] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2913.627995][T16927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2913.645794][T16927] usb 3-1: config 0 descriptor??
[ 2913.669783][T16927] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2913.804307][T20682] Bluetooth: hci5: command tx timeout
[ 2914.065764][ T2903] team0 (unregistering): Port device team_slave_1 removed
[ 2914.123118][ T2903] team0 (unregistering): Port device team_slave_0 removed
[ 2914.669395][T16927] gspca_sq930x: ucbus_write failed -71
[ 2914.680835][T16927] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[ 2914.712583][T16927] usb 3-1: USB disconnect, device number 82
[ 2914.757134][ T5150] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 2914.789113][T22367] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2914.820100][T22568] team0: mtu less than device minimum
[ 2914.850608][T22367] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2914.965796][ T5150] usb 1-1: Using ep0 maxpacket: 16
[ 2914.981120][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2915.000168][ T5150] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2915.011602][ T5150] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2915.030448][ T5150] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2915.079488][ T5150] usb 1-1: config 0 descriptor??
[ 2915.620100][T22587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2915.631714][T22367] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2915.707558][T22587] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2915.900568][T22587] netlink: 'syz.0.11256': attribute type 2 has an invalid length.
[ 2915.954957][T22587] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11256'.
[ 2916.163225][T22367] 8021q: adding VLAN 0 to HW filter on device team0
[ 2916.193238][T25602] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[ 2916.219015][ T5146] usb 3-1: new low-speed USB device number 83 using dummy_hcd
[ 2916.318739][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2916.325876][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2916.342631][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2916.349761][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2916.417959][T25602] usb 5-1: Using ep0 maxpacket: 8
[ 2916.433977][ T5146] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2916.474471][T25602] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2916.486269][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2916.509308][T25602] usb 5-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=42.10
[ 2916.519786][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2916.531629][T25602] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2916.550919][T25602] usb 5-1: Product: syz
[ 2916.555618][ T5146] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2916.579652][T22367] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 2916.584691][T25602] usb 5-1: Manufacturer: syz
[ 2916.622756][T25602] usb 5-1: SerialNumber: syz
[ 2916.630833][ T5146] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2916.665980][T25602] usb 5-1: config 0 descriptor??
[ 2916.688951][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2916.713027][T25602] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[ 2916.741293][T25602] dvb-usb: bulk message failed: -8 (3/0)
[ 2916.753433][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2916.795093][T25602] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2916.813854][ T5146] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2916.853253][ T5150] usbhid 1-1:0.0: can't add hid device: -71
[ 2916.856213][T22367] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2916.859419][ T5150] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 2916.874161][T25602] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[ 2916.890378][T25602] usb 5-1: media controller created
[ 2916.899437][ T5146] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2916.950912][ T5150] usb 1-1: USB disconnect, device number 87
[ 2916.957890][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2917.024219][T25602] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2917.036804][ T5146] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2917.048545][T22435] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 2917.082254][ T5146] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2917.110136][T22435] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 2917.118753][T25602] dvb-usb: bulk message failed: -8 (6/0)
[ 2917.138810][ T5146] usb 3-1: string descriptor 0 read error: -22
[ 2917.140066][T22435] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 2917.153186][T25602] dvb-usb: bulk message failed: -8 (6/0)
[ 2917.173248][ T5146] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2917.183102][T25602] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[ 2917.208699][ T5146] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2917.218117][T25602] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input87
[ 2917.257586][ T5146] adutux 3-1:168.0: interrupt endpoints not found
[ 2917.271469][T25602] dvb-usb: schedule remote query interval to 150 msecs.
[ 2917.294130][T22435] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 2917.297312][T25602] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[ 2917.354732][T25602] usb 5-1: USB disconnect, device number 77
[ 2917.408309][T22367] veth0_vlan: entered promiscuous mode
[ 2917.488918][T22367] veth1_vlan: entered promiscuous mode
[ 2917.504472][T25602] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[ 2917.576205][ T5150] usb 3-1: USB disconnect, device number 83
[ 2917.658039][T22367] veth0_macvtap: entered promiscuous mode
[ 2917.715234][T22367] veth1_macvtap: entered promiscuous mode
[ 2917.911414][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2917.937743][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2917.990255][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2918.024655][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2918.058117][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2918.085323][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2918.111463][T22367] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2918.163795][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2918.177622][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2918.195550][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2918.214107][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2918.226918][T22367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2918.239155][T22367] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2918.274298][T22367] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2918.298411][T22435] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2918.328566][T22367] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.385357][T22367] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.414275][T22367] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.434047][T22367] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2918.568929][T22435] 8021q: adding VLAN 0 to HW filter on device team0
[ 2918.646039][T25602] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2918.653271][T25602] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2918.671897][T25602] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2918.679119][T25602] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2918.795240][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2918.830687][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2918.957690][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2918.985859][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2919.045007][T22435] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2919.272425][T22435] veth0_vlan: entered promiscuous mode
[ 2919.300572][T22435] veth1_vlan: entered promiscuous mode
[ 2919.307225][T22662] xt_hashlimit: max too large, truncated to 1048576
[ 2919.438376][T22435] veth0_macvtap: entered promiscuous mode
[ 2919.482345][T22435] veth1_macvtap: entered promiscuous mode
[ 2919.503975][ T5128] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 2919.536175][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2919.561113][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.572508][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2919.588929][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.605272][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2919.623733][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.637633][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2919.650909][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.679715][T22435] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2919.704851][ T5128] usb 3-1: Using ep0 maxpacket: 16
[ 2919.713193][T22670] netlink: 'syz.3.11273': attribute type 21 has an invalid length.
[ 2919.722100][ T5128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2919.745796][T22670] netlink: 156 bytes leftover after parsing attributes in process `syz.3.11273'.
[ 2919.758632][ T5128] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2919.775148][ T5128] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2919.787966][ T5128] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2919.808626][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2919.844630][ T5128] usb 3-1: config 0 descriptor??
[ 2919.850780][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.879226][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2919.902285][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.945430][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2919.966359][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2919.977206][T22435] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2919.988568][T22435] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2920.001018][T22435] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2920.031630][T22435] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2920.041333][T22435] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2920.055147][T22435] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2920.092441][T22435] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2920.105379][T22684] FAULT_INJECTION: forcing a failure.
[ 2920.105379][T22684] name failslab, interval 1, probability 0, space 0, times 0
[ 2920.123892][T22684] CPU: 0 PID: 22684 Comm: syz.4.11276 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2920.134150][T22684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2920.144211][T22684] Call Trace:
[ 2920.147494][T22684]  <TASK>
[ 2920.150433][T22684]  dump_stack_lvl+0x241/0x360
[ 2920.155139][T22684]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2920.160363][T22684]  ? __pfx__printk+0x10/0x10
[ 2920.164981][T22684]  ? __pfx___might_resched+0x10/0x10
[ 2920.170301][T22684]  should_fail_ex+0x3b0/0x4e0
[ 2920.175010][T22684]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 2920.180751][T22684]  should_failslab+0x9/0x20
[ 2920.185260][T22684]  __kmalloc_noprof+0xd8/0x400
[ 2920.190036][T22684]  ? kfree+0x4e/0x360
[ 2920.194048][T22684]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 2920.199618][T22684]  tomoyo_path_number_perm+0x23a/0x880
[ 2920.205089][T22684]  ? tomoyo_path_number_perm+0x208/0x880
[ 2920.210740][T22684]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2920.216761][T22684]  ? __fget_files+0x29/0x470
[ 2920.221370][T22684]  ? __fget_files+0x3f6/0x470
[ 2920.226037][T22684]  ? __fget_files+0x29/0x470
[ 2920.230632][T22684]  security_file_ioctl+0x75/0xb0
[ 2920.235587][T22684]  __se_sys_ioctl+0x47/0x170
[ 2920.240180][T22684]  do_syscall_64+0xf3/0x230
[ 2920.244706][T22684]  ? clear_bhb_loop+0x35/0x90
[ 2920.249404][T22684]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2920.255311][T22684] RIP: 0033:0x7f8341175bd9
[ 2920.259887][T22684] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2920.279507][T22684] RSP: 002b:00007f8341ea2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2920.287929][T22684] RAX: ffffffffffffffda RBX: 00007f8341304038 RCX: 00007f8341175bd9
[ 2920.295902][T22684] RDX: 0000000020000380 RSI: 00000000c0306201 RDI: 0000000000000008
[ 2920.303868][T22684] RBP: 00007f8341ea20a0 R08: 0000000000000000 R09: 0000000000000000
[ 2920.311841][T22684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2920.319842][T22684] R13: 000000000000006e R14: 00007f8341304038 R15: 00007f834142fa68
[ 2920.327847][T22684]  </TASK>
[ 2920.442988][T13927] Bluetooth: hci3: command 0x0406 tx timeout
[ 2920.513769][T22684] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2920.559489][T22660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2920.603837][T17284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2920.634352][T17284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2920.671180][T22660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2920.727202][T22660] netlink: 'syz.2.11271': attribute type 2 has an invalid length.
[ 2920.760572][T22660] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11271'.
[ 2920.833862][T23987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2920.867660][T23987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2921.084308][T25602] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[ 2921.264157][T25602] usb 4-1: Using ep0 maxpacket: 32
[ 2921.266406][T25602] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2921.266443][T25602] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2921.270266][T25602] usb 4-1: config 0 descriptor??
[ 2921.293356][T25602] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2921.360932][ T5150] usb 5-1: new low-speed USB device number 78 using dummy_hcd
[ 2921.548756][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2921.548827][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2921.548841][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2921.548854][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2921.550860][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2921.550963][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2921.550988][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2921.551012][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2921.553806][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2921.553837][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2921.553851][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2921.553879][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2921.586645][ T5150] usb 5-1: string descriptor 0 read error: -22
[ 2921.586883][ T5150] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2921.586912][ T5150] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2921.618730][ T5150] adutux 5-1:168.0: interrupt endpoints not found
[ 2921.834669][ T5150] usb 5-1: USB disconnect, device number 78
[ 2922.285697][ T5128] usbhid 3-1:0.0: can't add hid device: -71
[ 2922.304785][T25602] gspca_sq930x: ucbus_write failed -71
[ 2922.310509][T25602] sq930x 4-1:0.0: probe with driver sq930x failed with error -71
[ 2922.337254][T25602] usb 4-1: USB disconnect, device number 12
[ 2922.338238][ T5128] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2922.354718][ T5128] usb 3-1: USB disconnect, device number 84
[ 2922.626392][T20682] Bluetooth: hci3: unexpected event for opcode 0x080d
[ 2923.402920][T25602] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 2923.423024][ T5146] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[ 2923.615802][ T5146] usb 4-1: config 1 has an invalid interface number: 2 but max is 0
[ 2923.627457][T25602] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 2923.649657][ T5146] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2923.693900][T25602] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2923.715612][ T5146] usb 4-1: config 1 has no interface number 0
[ 2923.727544][T25602] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2923.754872][ T5146] usb 4-1: config 1 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[ 2923.783576][T25602] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 2923.811723][ T5146] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2923.822597][ T5146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 2923.835853][T25602] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 2923.849830][ T5146] usb 4-1: SerialNumber: syz
[ 2923.889521][T25602] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 2923.922753][T25602] usb 1-1: Manufacturer: syz
[ 2923.955763][T25602] usb 1-1: config 0 descriptor??
[ 2924.082036][ T5146] usb 4-1: bad CDC descriptors
[ 2924.248430][T22756] netlink: 24 bytes leftover after parsing attributes in process `syz.0.11289'.
[ 2924.690417][T22777] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11290'.
[ 2924.971187][T25602] appleir 0003:05AC:8243.017A: item fetching failed at offset 0/1
[ 2925.001667][T25602] appleir 0003:05AC:8243.017A: parse failed
[ 2925.026654][T25602] appleir 0003:05AC:8243.017A: probe with driver appleir failed with error -22
[ 2925.093941][ T5146] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 2925.153980][T22808] FAULT_INJECTION: forcing a failure.
[ 2925.153980][T22808] name failslab, interval 1, probability 0, space 0, times 0
[ 2925.167760][T22808] CPU: 1 PID: 22808 Comm: syz.1.11297 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2925.178029][T22808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2925.188103][T22808] Call Trace:
[ 2925.191405][T22808]  <TASK>
[ 2925.194355][T22808]  dump_stack_lvl+0x241/0x360
[ 2925.199067][T22808]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2925.204290][T22808]  ? __pfx__printk+0x10/0x10
[ 2925.208913][T22808]  ? __ip_dev_find+0x532/0x610
[ 2925.214140][T22808]  ? __ip_dev_find+0xa4/0x610
[ 2925.218846][T22808]  ? __pfx___ip_dev_find+0x10/0x10
[ 2925.223981][T22808]  should_fail_ex+0x3b0/0x4e0
[ 2925.228730][T22808]  ? dst_alloc+0x12b/0x190
[ 2925.233167][T22808]  should_failslab+0x9/0x20
[ 2925.237695][T22808]  kmem_cache_alloc_noprof+0x6c/0x2a0
[ 2925.243095][T22808]  dst_alloc+0x12b/0x190
[ 2925.247362][T22808]  ip_route_output_key_hash_rcu+0x13cc/0x2390
[ 2925.253462][T22808]  ip_route_output_key_hash+0x193/0x2b0
[ 2925.259038][T22808]  ? ip_route_output_key_hash+0xdf/0x2b0
[ 2925.264784][T22808]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 2925.270876][T22808]  ? ip_cmsg_send+0x9cd/0xa80
[ 2925.275580][T22808]  ip_route_output_flow+0x29/0x140
[ 2925.280720][T22808]  raw_sendmsg+0x15e6/0x2490
[ 2925.285357][T22808]  ? __pfx_raw_sendmsg+0x10/0x10
[ 2925.290348][T22808]  ? __pfx_lock_release+0x10/0x10
[ 2925.295411][T22808]  ? inet_sendmsg+0x330/0x390
[ 2925.300106][T22808]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2925.305410][T22808]  ? security_socket_sendmsg+0x87/0xb0
[ 2925.310895][T22808]  __sock_sendmsg+0x1a6/0x270
[ 2925.315604][T22808]  ____sys_sendmsg+0x525/0x7d0
[ 2925.320402][T22808]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2925.325726][T22808]  __sys_sendmsg+0x2b0/0x3a0
[ 2925.330351][T22808]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2925.335487][T22808]  ? vfs_write+0x7c4/0xc90
[ 2925.339976][T22808]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2925.346329][T22808]  ? do_syscall_64+0x100/0x230
[ 2925.351122][T22808]  ? do_syscall_64+0xb6/0x230
[ 2925.355824][T22808]  do_syscall_64+0xf3/0x230
[ 2925.360353][T22808]  ? clear_bhb_loop+0x35/0x90
[ 2925.365050][T22808]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2925.370967][T22808] RIP: 0033:0x7f708d575bd9
[ 2925.375399][T22808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2925.395030][T22808] RSP: 002b:00007f708e40f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2925.403468][T22808] RAX: ffffffffffffffda RBX: 00007f708d703f60 RCX: 00007f708d575bd9
[ 2925.411462][T22808] RDX: 0000000000000000 RSI: 0000000020001640 RDI: 0000000000000003
[ 2925.419462][T22808] RBP: 00007f708e40f0a0 R08: 0000000000000000 R09: 0000000000000000
[ 2925.427457][T22808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2925.435450][T22808] R13: 000000000000000b R14: 00007f708d703f60 R15: 00007f708d82fa68
[ 2925.443459][T22808]  </TASK>
[ 2925.506564][T25602] usb 1-1: USB disconnect, device number 88
[ 2925.603293][ T5146] usb 3-1: Using ep0 maxpacket: 16
[ 2925.610377][ T5146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2925.621434][ T5146] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2925.634195][ T5146] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2925.654994][ T5146] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2925.675921][ T5146] usb 3-1: config 0 descriptor??
[ 2925.844597][ T5150] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[ 2926.002987][T16848] usb 2-1: new low-speed USB device number 63 using dummy_hcd
[ 2926.033045][ T5150] usb 5-1: Using ep0 maxpacket: 32
[ 2926.060448][ T5150] usb 5-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2926.092111][ T5150] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2926.161091][ T5150] usb 5-1: config 0 descriptor??
[ 2926.164666][ T9254] usb 4-1: USB disconnect, device number 13
[ 2926.174722][T22828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2926.211523][ T5150] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2926.224962][T16848] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2926.238490][T22828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2926.258148][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2926.309597][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2926.340298][T16848] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2926.405179][T16848] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2926.449107][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2926.499107][T17284] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2926.513090][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2926.539595][T16848] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2926.600021][T22828] netlink: 'syz.2.11294': attribute type 2 has an invalid length.
[ 2926.611329][T16848] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2926.635469][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2926.660618][T22828] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11294'.
[ 2926.681099][T16848] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2926.694358][T20682] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 2926.704035][T20682] Bluetooth: hci3: Injecting HCI hardware error event
[ 2926.715858][T20682] Bluetooth: hci3: hardware error 0x00
[ 2926.737215][T16848] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2926.751579][ T9254] usb 4-1: new low-speed USB device number 14 using dummy_hcd
[ 2926.779398][T16848] usb 2-1: string descriptor 0 read error: -22
[ 2926.791376][T16848] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2926.801154][T16848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2926.835546][T16848] adutux 2-1:168.0: interrupt endpoints not found
[ 2926.934365][T17284] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2926.958180][ T9254] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2926.970041][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2926.983759][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2926.999187][ T9254] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2927.018421][ T9254] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2927.043479][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2927.054000][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2927.112323][ T9254] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2927.134253][ T9254] usb 4-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2927.147391][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2927.173712][T17284] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2927.214220][ T9254] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2927.228178][ T9254] usb 4-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2927.242522][ T5150] gspca_sq930x: ucbus_write failed -71
[ 2927.258892][ T5150] sq930x 5-1:0.0: probe with driver sq930x failed with error -71
[ 2927.264127][ T9254] usb 4-1: string descriptor 0 read error: -22
[ 2927.279427][T25602] usb 2-1: USB disconnect, device number 63
[ 2927.280540][ T9254] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2927.299084][ T9254] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2927.344428][ T5150] usb 5-1: USB disconnect, device number 79
[ 2927.388531][ T9254] adutux 4-1:168.0: interrupt endpoints not found
[ 2927.417945][T17284] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2927.606312][T17284] bridge_slave_1: left allmulticast mode
[ 2927.632608][T17284] bridge_slave_1: left promiscuous mode
[ 2927.650598][ T5150] usb 4-1: USB disconnect, device number 14
[ 2927.659322][T17284] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2927.673437][ T5146] usbhid 3-1:0.0: can't add hid device: -71
[ 2927.679456][ T5146] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2927.711299][ T5146] usb 3-1: USB disconnect, device number 85
[ 2927.735749][T17284] bridge_slave_0: left allmulticast mode
[ 2927.743208][T17284] bridge_slave_0: left promiscuous mode
[ 2927.759162][T17284] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2928.557578][T17284] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2928.571325][T17284] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2928.582634][T17284] bond0 (unregistering): Released all slaves
[ 2928.765465][T20682] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 2929.169119][T17284] hsr_slave_0: left promiscuous mode
[ 2929.176190][T17284] hsr_slave_1: left promiscuous mode
[ 2929.183657][ T9254] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[ 2929.191316][T17284] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2929.203278][T17284] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2929.221798][T17284] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2929.232040][T17284] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2929.305294][ T5146] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 2929.326935][T17284] veth1_macvtap: left promiscuous mode
[ 2929.332560][T17284] veth0_macvtap: left promiscuous mode
[ 2929.349150][T13927] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2929.362753][T13927] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2929.372413][T13927] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2929.394505][T13927] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2929.402031][T13927] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 2929.410585][T13927] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2929.423143][ T9254] usb 5-1: Using ep0 maxpacket: 32
[ 2929.464849][ T9254] usb 5-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=75.9e
[ 2929.474925][T17284] veth1_vlan: left promiscuous mode
[ 2929.495543][T17284] veth0_vlan: left promiscuous mode
[ 2929.513465][ T5146] usb 2-1: Using ep0 maxpacket: 32
[ 2929.520854][ T9254] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2929.533184][ T5146] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2929.542641][ T5146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2929.551526][ T9254] usb 5-1: Product: syz
[ 2929.551547][ T9254] usb 5-1: Manufacturer: syz
[ 2929.551564][ T9254] usb 5-1: SerialNumber: syz
[ 2929.572294][ T5146] usb 2-1: config 0 descriptor??
[ 2929.610638][ T9254] usb 5-1: config 0 descriptor??
[ 2929.618782][ T5146] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2929.814009][T22868] netlink: 'syz.3.11308': attribute type 8 has an invalid length.
[ 2929.855541][T22841] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2929.874188][T22841] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2929.939863][T13927] Bluetooth: Unknown BR/EDR signaling command 0x0d
[ 2929.946657][T13927] Bluetooth: Wrong link type (-22)
[ 2930.223118][   T29] audit: type=1326 audit(1720242042.202:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22840 comm="syz.4.11304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8341175bd9 code=0x0
[ 2930.611450][T17284] team0 (unregistering): Port device team_slave_1 removed
[ 2930.668704][T17284] team0 (unregistering): Port device team_slave_0 removed
[ 2930.677458][ T5146] gspca_sq930x: ucbus_write failed -71
[ 2930.690551][ T5146] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[ 2930.714817][ T5146] usb 2-1: USB disconnect, device number 64
[ 2931.495274][T13927] Bluetooth: hci2: command tx timeout
[ 2932.226374][T22862] chnl_net:caif_netlink_parms(): no params data found
[ 2932.466229][T22862] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2932.484635][T22862] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2932.501642][T22862] bridge_slave_0: entered allmulticast mode
[ 2932.512461][T22862] bridge_slave_0: entered promiscuous mode
[ 2932.534027][T22862] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2932.547606][T22862] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2932.564672][T22862] bridge_slave_1: entered allmulticast mode
[ 2932.583025][T22862] bridge_slave_1: entered promiscuous mode
[ 2932.603320][  T784] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[ 2932.634254][T25602] usb 5-1: USB disconnect, device number 80
[ 2932.735060][T22862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2932.779023][T22862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2932.812900][  T784] usb 4-1: Using ep0 maxpacket: 16
[ 2932.840490][  T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2932.887914][  T784] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2932.939760][  T784] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2932.964969][T22862] team0: Port device team_slave_0 added
[ 2932.971114][  T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2933.022479][T22862] team0: Port device team_slave_1 added
[ 2933.029221][  T784] usb 4-1: config 0 descriptor??
[ 2933.042986][ T5146] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 2933.179172][T22862] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2933.198500][T22862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2933.247927][T22862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2933.266760][T22862] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2933.274021][ T5146] usb 2-1: Using ep0 maxpacket: 32
[ 2933.289789][T22862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2933.354356][ T5146] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2933.371146][ T5146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2933.394276][T22862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2933.415237][ T5146] usb 2-1: config 0 descriptor??
[ 2933.431075][ T5146] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2933.558615][T22935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2933.564735][T13927] Bluetooth: hci2: command tx timeout
[ 2933.695828][T22935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2933.712996][ T5128] usb 3-1: new low-speed USB device number 86 using dummy_hcd
[ 2933.921826][ T5128] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2933.933636][T22862] hsr_slave_0: entered promiscuous mode
[ 2933.950153][T22862] hsr_slave_1: entered promiscuous mode
[ 2933.958403][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2933.978986][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2933.994952][T22935] netlink: 'syz.3.11313': attribute type 2 has an invalid length.
[ 2934.002981][ T5128] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2934.038194][ T5128] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2934.057211][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2934.067739][T22935] netlink: 132 bytes leftover after parsing attributes in process `syz.3.11313'.
[ 2934.087893][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2934.125256][ T5128] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2934.180483][ T5128] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2934.216116][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2934.241262][ T5128] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2934.271986][ T5128] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2934.339276][ T5128] usb 3-1: string descriptor 0 read error: -22
[ 2934.347840][ T5128] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2934.388934][ T5128] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2934.434316][ T5128] adutux 3-1:168.0: interrupt endpoints not found
[ 2934.443175][ T5146] gspca_sq930x: ucbus_write failed -71
[ 2934.448716][ T5146] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[ 2934.523412][ T5146] usb 2-1: USB disconnect, device number 65
[ 2934.672760][ T5150] usb 3-1: USB disconnect, device number 86
[ 2935.189036][  T784] usbhid 4-1:0.0: can't add hid device: -71
[ 2935.204914][  T784] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2935.256499][  T784] usb 4-1: USB disconnect, device number 15
[ 2935.363343][T22956] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11319'.
[ 2935.642715][T22964] netlink: 'syz.1.11321': attribute type 29 has an invalid length.
[ 2935.651618][T13927] Bluetooth: hci2: command tx timeout
[ 2935.709134][T22964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11321'.
[ 2935.836739][T22964] netlink: 'syz.1.11321': attribute type 29 has an invalid length.
[ 2935.866782][T22964] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11321'.
[ 2936.106683][ T9254] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 2936.155134][T22862] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 2936.188730][T22862] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 2936.214625][T22862] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 2936.240744][T22862] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 2936.323861][ T9254] usb 4-1: Using ep0 maxpacket: 32
[ 2936.350107][ T9254] usb 4-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[ 2936.379778][ T9254] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2936.405965][ T9254] usb 4-1: config 0 descriptor??
[ 2936.445591][ T9254] gspca_main: sq930x-2.14.0 probing 041e:403c
[ 2936.726826][T22862] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2936.825731][T22862] 8021q: adding VLAN 0 to HW filter on device team0
[ 2936.854483][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2936.861638][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2936.901571][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2936.908778][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2937.274637][T22862] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2937.441719][T22862] veth0_vlan: entered promiscuous mode
[ 2937.482499][ T9254] gspca_sq930x: ucbus_write failed -71
[ 2937.490187][ T9254] sq930x 4-1:0.0: probe with driver sq930x failed with error -71
[ 2937.542227][T22862] veth1_vlan: entered promiscuous mode
[ 2937.559221][ T9254] usb 4-1: USB disconnect, device number 16
[ 2937.693795][T22862] veth0_macvtap: entered promiscuous mode
[ 2937.723012][T13927] Bluetooth: hci2: command tx timeout
[ 2937.756709][T22862] veth1_macvtap: entered promiscuous mode
[ 2937.991441][ T5145] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[ 2938.017572][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2938.030972][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.042849][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2938.055928][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.065848][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2938.065867][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.065884][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2938.065897][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.067605][T22862] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2938.168133][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2938.183402][ T5128] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 2938.203847][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.223039][ T5145] usb 3-1: Using ep0 maxpacket: 16
[ 2938.228306][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2938.239351][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.249838][ T5145] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2938.263194][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2938.274772][ T5145] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2938.281443][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.299306][ T5145] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2938.302246][T22862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2938.319407][T22862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2938.329340][ T5145] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2938.331566][T22862] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2938.363579][ T5145] usb 3-1: config 0 descriptor??
[ 2938.394134][ T5128] usb 2-1: Using ep0 maxpacket: 16
[ 2938.405252][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2938.420287][T22862] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2938.429252][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2938.447494][T22862] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2938.483711][ T5128] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2938.493338][T22862] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2938.502060][T22862] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2938.532043][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2938.556303][ T5128] usb 2-1: config 0 descriptor??
[ 2938.734075][ T9254] usb 5-1: new low-speed USB device number 81 using dummy_hcd
[ 2938.964165][ T9254] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2938.985022][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2938.989129][T23040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2939.056483][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2939.108780][T23040] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2939.120416][ T9254] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2939.130683][T23041] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2939.194655][ T9254] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2939.201877][T23041] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2939.231999][T16200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2939.234078][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2939.281526][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2939.294600][T16200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2939.325095][ T9254] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2939.396265][ T9254] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2939.441313][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2939.491118][ T9254] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2939.501449][T23040] netlink: 'syz.2.11328': attribute type 2 has an invalid length.
[ 2939.540197][ T9254] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2939.563226][T23040] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11328'.
[ 2939.578758][ T9254] usb 5-1: string descriptor 0 read error: -22
[ 2939.589712][T23041] netlink: 'syz.1.11330': attribute type 2 has an invalid length.
[ 2939.592971][ T9254] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2939.619489][ T9254] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2939.656158][ T9254] adutux 5-1:168.0: interrupt endpoints not found
[ 2939.719685][T23041] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11330'.
[ 2939.857364][T17284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2939.889607][  T784] usb 5-1: USB disconnect, device number 81
[ 2939.910757][T17284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2940.767067][T13927] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 2940.776125][T13927] Bluetooth: hci5: Injecting HCI hardware error event
[ 2940.785674][T13927] Bluetooth: hci5: hardware error 0x00
[ 2940.787986][ T5145] usbhid 3-1:0.0: can't add hid device: -71
[ 2940.825335][ T5145] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 2940.828338][ T5128] usbhid 2-1:0.0: can't add hid device: -71
[ 2940.844567][ T5128] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 2940.855169][ T5128] usb 2-1: USB disconnect, device number 66
[ 2940.930879][ T5145] usb 3-1: USB disconnect, device number 87
[ 2940.970904][T23064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11335'.
[ 2940.992306][T23064] vxcan2: entered promiscuous mode
[ 2940.997960][T23064] vxcan2: entered allmulticast mode
[ 2941.720522][T23092] FAULT_INJECTION: forcing a failure.
[ 2941.720522][T23092] name failslab, interval 1, probability 0, space 0, times 0
[ 2941.759164][T23092] CPU: 0 PID: 23092 Comm: syz.3.11344 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2941.771702][T23092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2941.771719][T23092] Call Trace:
[ 2941.771728][T23092]  <TASK>
[ 2941.788001][T23092]  dump_stack_lvl+0x241/0x360
[ 2941.792798][T23092]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2941.798040][T23092]  ? __pfx__printk+0x10/0x10
[ 2941.802659][T23092]  ? __pfx___might_resched+0x10/0x10
[ 2941.807978][T23092]  should_fail_ex+0x3b0/0x4e0
[ 2941.812683][T23092]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 2941.818421][T23092]  should_failslab+0x9/0x20
[ 2941.822948][T23092]  __kmalloc_noprof+0xd8/0x400
[ 2941.827737][T23092]  ? kfree+0x4e/0x360
[ 2941.831746][T23092]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 2941.837323][T23092]  tomoyo_path_number_perm+0x23a/0x880
[ 2941.842819][T23092]  ? tomoyo_path_number_perm+0x208/0x880
[ 2941.848476][T23092]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2941.854520][T23092]  ? __fget_files+0x29/0x470
[ 2941.859137][T23092]  ? __fget_files+0x3f6/0x470
[ 2941.862971][T25602] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[ 2941.863816][T23092]  ? __fget_files+0x29/0x470
[ 2941.863853][T23092]  security_file_ioctl+0x75/0xb0
[ 2941.881011][T23092]  __se_sys_ioctl+0x47/0x170
[ 2941.885626][T23092]  do_syscall_64+0xf3/0x230
[ 2941.890164][T23092]  ? clear_bhb_loop+0x35/0x90
[ 2941.894861][T23092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2941.900789][T23092] RIP: 0033:0x7ff6e3b75bd9
[ 2941.905219][T23092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2941.924850][T23092] RSP: 002b:00007ff6e4a29048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2941.933282][T23092] RAX: ffffffffffffffda RBX: 00007ff6e3d03f60 RCX: 00007ff6e3b75bd9
[ 2941.941257][T23092] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[ 2941.949225][T23092] RBP: 00007ff6e4a290a0 R08: 0000000000000000 R09: 0000000000000000
[ 2941.957191][T23092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2941.965156][T23092] R13: 000000000000000b R14: 00007ff6e3d03f60 R15: 00007ff6e3e2fa68
[ 2941.973132][T23092]  </TASK>
[ 2942.013107][T23092] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2942.085851][T25602] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[ 2942.095361][T25602] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2942.119110][T25602] usb 3-1: config 0 descriptor??
[ 2942.182944][ T5128] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 2942.344125][T23080] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2942.413271][ T5128] usb 2-1: Using ep0 maxpacket: 16
[ 2942.431460][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2942.456713][T23080] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2942.482299][ T5128] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2942.509064][ T5128] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2942.539707][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2942.589876][ T5128] usb 2-1: config 0 descriptor??
[ 2942.701823][T25602] gs_usb 3-1:0.0: Configuring for 1 interfaces
[ 2942.723070][T16928] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 2942.932426][T16928] usb 4-1: Using ep0 maxpacket: 16
[ 2943.023388][T13927] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 2943.045723][T16928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2943.132354][T16928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2943.184587][T16928] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2943.204451][T16928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2943.234858][T16928] usb 4-1: config 0 descriptor??
[ 2943.252543][T23126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2943.316690][T23126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2943.421127][T23126] netlink: 'syz.1.11347': attribute type 2 has an invalid length.
[ 2943.529404][T23126] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11347'.
[ 2943.944340][T23138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2944.047816][T25602] gs_usb 3-1:0.0: Couldn't get extended bit timing const for channel 0 (-ETIMEDOUT)
[ 2944.083867][T25602] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -110
[ 2944.085387][T23138] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2944.379283][ T5145] usb 3-1: USB disconnect, device number 88
[ 2944.573080][T23138] netlink: 'syz.3.11348': attribute type 2 has an invalid length.
[ 2944.660294][T23138] netlink: 132 bytes leftover after parsing attributes in process `syz.3.11348'.
[ 2945.073139][ T5150] usb 5-1: new low-speed USB device number 82 using dummy_hcd
[ 2945.091577][ T5128] usbhid 2-1:0.0: can't add hid device: -71
[ 2945.119561][ T5128] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 2945.172600][ T5128] usb 2-1: USB disconnect, device number 67
[ 2945.291230][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2945.358977][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2945.425271][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2945.519201][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2945.604947][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2945.637238][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2945.691519][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2945.774113][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2945.827266][ T5150] usb 5-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 2945.872913][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[ 2945.919041][ T5150] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2945.961906][ T5150] usb 5-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2946.025358][ T5150] usb 5-1: string descriptor 0 read error: -22
[ 2946.052516][ T5150] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2946.086986][ T5150] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2946.157035][ T5150] adutux 5-1:168.0: interrupt endpoints not found
[ 2946.207911][T16928] usbhid 4-1:0.0: can't add hid device: -71
[ 2946.253533][T16928] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 2946.284301][T16928] usb 4-1: USB disconnect, device number 17
[ 2946.425053][ T5128] usb 5-1: USB disconnect, device number 82
[ 2946.973228][ T5128] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 2947.166798][ T5128] usb 1-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[ 2947.179641][ T5128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2947.191473][ T5128] usb 1-1: config 0 descriptor??
[ 2947.396373][T16928] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[ 2947.420545][T23189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2947.468095][T23211] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11363'.
[ 2947.475502][T23189] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2947.623010][T16928] usb 2-1: Using ep0 maxpacket: 16
[ 2947.634777][T16928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2947.647320][T16928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2947.661903][T16928] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2947.687579][T16928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2947.696641][ T5128] gs_usb 1-1:0.0: Configuring for 1 interfaces
[ 2947.722669][T16928] usb 2-1: config 0 descriptor??
[ 2948.072170][T23221] netlink: 'syz.4.11365': attribute type 5 has an invalid length.
[ 2948.093084][T25602] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[ 2948.118876][T23221] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2948.271930][T23219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2948.294050][T25602] usb 4-1: Using ep0 maxpacket: 8
[ 2948.316194][T25602] usb 4-1: config 7 has an invalid interface number: 158 but max is 0
[ 2948.323216][T23219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2948.332486][T25602] usb 4-1: config 7 has no interface number 0
[ 2948.367268][T25602] usb 4-1: config 7 interface 158 altsetting 53 endpoint 0xA has invalid maxpacket 512, setting to 64
[ 2948.402324][T25602] usb 4-1: config 7 interface 158 altsetting 53 endpoint 0xB has invalid maxpacket 512, setting to 64
[ 2948.418964][T25602] usb 4-1: config 7 interface 158 altsetting 53 has an invalid descriptor for endpoint zero, skipping
[ 2948.428356][T23219] netlink: 'syz.1.11362': attribute type 2 has an invalid length.
[ 2948.438916][T25602] usb 4-1: config 7 interface 158 altsetting 53 has an invalid descriptor for endpoint zero, skipping
[ 2948.491893][ T5128] gs_usb 1-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[ 2948.517922][T25602] usb 4-1: config 7 interface 158 altsetting 53 endpoint 0xC1 has invalid maxpacket 39378, setting to 64
[ 2948.519109][T23219] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11362'.
[ 2948.537787][ T5128] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71
[ 2948.558044][T25602] usb 4-1: config 7 interface 158 altsetting 53 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[ 2948.601597][ T5128] usb 1-1: USB disconnect, device number 89
[ 2948.608477][T16928] hid (null): bogus close delimiter
[ 2948.617266][T16928] hid (null): invalid report_size 29797
[ 2948.622960][T25602] usb 4-1: config 7 interface 158 has no altsetting 0
[ 2948.631359][T16928] hid (null): invalid report_size 512
[ 2948.644542][T25602] usb 4-1: Dual-Role OTG device on HNP port
[ 2948.652197][T16928] hid (null): report_id 456434233 is invalid
[ 2948.662750][T25602] usb 4-1: New USB device found, idVendor=0923, idProduct=010f, bcdDevice=bf.b9
[ 2948.672261][T16928] hid (null): unknown global tag 0xa5
[ 2948.686962][T25602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2948.699393][T16928] hid (null): unknown global tag 0xd
[ 2948.708419][T16928] hid (null): unknown global tag 0xc
[ 2948.715768][T25602] usb 4-1: Product: syz
[ 2948.719953][T25602] usb 4-1: Manufacturer: ✶㌂蓖伍伽톌傠ᶳ쾔ꑄ聧⡚䄔揄⍛⦗퉀㡻ᮅ動荦鞏㢈닜為혼긧杭萨ꜙᬚ쵩ꏊ㗗爛馫騏ΰ䪺슦쁧⦔屑怃׉ƜꚎ5型砪혆䦌ㅦ㘿㣜䋒郞锞䗊分둈Ĭ误黗ଢἉ⼖箾ᥝ哩衖䐟䔮籌愀鎫邮
[ 2948.752885][T16928] hid (null): global environment stack underflow
[ 2948.783599][T16928] hid-generic 0003:0158:0100.017B: unknown main item tag 0x0
[ 2948.791038][T16928] hid-generic 0003:0158:0100.017B: unknown main item tag 0x0
[ 2948.811316][T25602] usb 4-1: SerialNumber: syz
[ 2948.832651][T16928] hid-generic 0003:0158:0100.017B: bogus close delimiter
[ 2948.842556][T16928] hid-generic 0003:0158:0100.017B: item 0 0 2 10 parsing failed
[ 2948.864962][T16928] hid-generic 0003:0158:0100.017B: probe with driver hid-generic failed with error -22
[ 2949.290803][T25602] gspca_main: tv8532-2.14.0 probing 0923:010f
[ 2949.381032][T25602] usb 4-1: USB disconnect, device number 18
[ 2949.552181][  T784] usb 2-1: USB disconnect, device number 68
[ 2950.226933][T15334] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2950.502365][T15334] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2950.731693][T23278] FAULT_INJECTION: forcing a failure.
[ 2950.731693][T23278] name failslab, interval 1, probability 0, space 0, times 0
[ 2950.763348][T23278] CPU: 1 PID: 23278 Comm: syz.1.11382 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2950.773603][T23278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2950.783663][T23278] Call Trace:
[ 2950.786927][T23278]  <TASK>
[ 2950.789842][T23278]  dump_stack_lvl+0x241/0x360
[ 2950.794513][T23278]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2950.799692][T23278]  ? __pfx__printk+0x10/0x10
[ 2950.804274][T23278]  should_fail_ex+0x3b0/0x4e0
[ 2950.808939][T23278]  ? __alloc_skb+0x1c3/0x440
[ 2950.813512][T23278]  should_failslab+0x9/0x20
[ 2950.817997][T23278]  kmem_cache_alloc_node_noprof+0x71/0x320
[ 2950.823818][T23278]  __alloc_skb+0x1c3/0x440
[ 2950.828243][T23278]  ? __pfx___alloc_skb+0x10/0x10
[ 2950.833172][T23278]  ? netlink_ack_tlv_len+0x6e/0x200
[ 2950.838355][T23278]  netlink_ack+0x13f/0xa30
[ 2950.842752][T23278]  ? kasan_save_track+0x51/0x80
[ 2950.847581][T23278]  ? kasan_save_free_info+0x40/0x50
[ 2950.852770][T23278]  ? __dev_queue_xmit+0x1b0e/0x3d30
[ 2950.857964][T23278]  ? __netlink_deliver_tap+0x54d/0x7c0
[ 2950.863407][T23278]  ? netlink_unicast+0x7b8/0x980
[ 2950.868325][T23278]  ? ____sys_sendmsg+0x525/0x7d0
[ 2950.873265][T23278]  netlink_rcv_skb+0x262/0x430
[ 2950.878012][T23278]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 2950.883453][T23278]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2950.888725][T23278]  ? apparmor_capable+0x138/0x1b0
[ 2950.893739][T23278]  ? bpf_lsm_capable+0x9/0x10
[ 2950.898398][T23278]  ? security_capable+0x90/0xb0
[ 2950.903237][T23278]  nfnetlink_rcv+0x297/0x2a80
[ 2950.907895][T23278]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2950.914205][T23278]  ? __local_bh_enable_ip+0x168/0x200
[ 2950.919555][T23278]  ? lockdep_hardirqs_on+0x99/0x150
[ 2950.924738][T23278]  ? __local_bh_enable_ip+0x168/0x200
[ 2950.930103][T23278]  ? dev_hard_start_xmit+0x773/0x7e0
[ 2950.935370][T23278]  ? __dev_queue_xmit+0x2d2/0x3d30
[ 2950.940463][T23278]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 2950.946166][T23278]  ? __dev_queue_xmit+0x2d2/0x3d30
[ 2950.951273][T23278]  ? __dev_queue_xmit+0x16c9/0x3d30
[ 2950.956472][T23278]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 2950.961569][T23278]  ? __dev_queue_xmit+0x2d2/0x3d30
[ 2950.966666][T23278]  ? ref_tracker_free+0x643/0x7e0
[ 2950.971672][T23278]  ? __asan_memcpy+0x40/0x70
[ 2950.976246][T23278]  ? __pfx_ref_tracker_free+0x10/0x10
[ 2950.981609][T23278]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2950.986792][T23278]  ? skb_clone+0x240/0x390
[ 2950.991190][T23278]  ? __pfx_lock_release+0x10/0x10
[ 2950.996195][T23278]  ? __netlink_deliver_tap+0x77e/0x7c0
[ 2951.001641][T23278]  ? netlink_deliver_tap+0x2e/0x1b0
[ 2951.006821][T23278]  netlink_unicast+0x7ea/0x980
[ 2951.011570][T23278]  ? __pfx_netlink_unicast+0x10/0x10
[ 2951.016834][T23278]  ? __virt_addr_valid+0x183/0x520
[ 2951.021927][T23278]  ? __check_object_size+0x49c/0x900
[ 2951.027217][T23278]  ? bpf_lsm_netlink_send+0x9/0x10
[ 2951.032341][T23278]  netlink_sendmsg+0x8db/0xcb0
[ 2951.037129][T23278]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2951.042406][T23278]  ? __import_iovec+0x536/0x820
[ 2951.047240][T23278]  ? aa_sock_msg_perm+0x91/0x160
[ 2951.052162][T23278]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[ 2951.057434][T23278]  ? security_socket_sendmsg+0x87/0xb0
[ 2951.062879][T23278]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2951.068148][T23278]  __sock_sendmsg+0x221/0x270
[ 2951.072825][T23278]  ____sys_sendmsg+0x525/0x7d0
[ 2951.077598][T23278]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2951.082880][T23278]  __sys_sendmsg+0x2b0/0x3a0
[ 2951.087460][T23278]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2951.092553][T23278]  ? vfs_write+0x7c4/0xc90
[ 2951.096978][T23278]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2951.103286][T23278]  ? do_syscall_64+0x100/0x230
[ 2951.108037][T23278]  ? do_syscall_64+0xb6/0x230
[ 2951.112697][T23278]  do_syscall_64+0xf3/0x230
[ 2951.117187][T23278]  ? clear_bhb_loop+0x35/0x90
[ 2951.121846][T23278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2951.127735][T23278] RIP: 0033:0x7f708d575bd9
[ 2951.132134][T23278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2951.151725][T23278] RSP: 002b:00007f708e40f048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2951.160125][T23278] RAX: ffffffffffffffda RBX: 00007f708d703f60 RCX: 00007f708d575bd9
[ 2951.168080][T23278] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[ 2951.176035][T23278] RBP: 00007f708e40f0a0 R08: 0000000000000000 R09: 0000000000000000
[ 2951.183989][T23278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2951.192033][T23278] R13: 000000000000000b R14: 00007f708d703f60 R15: 00007f708d82fa68
[ 2951.199995][T23278]  </TASK>
[ 2951.344375][T15334] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2951.551288][T15334] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2951.606410][T20682] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2951.623366][T20682] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2951.635080][T20682] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2951.647353][T20682] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2951.656733][T20682] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 2951.664675][T20682] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2952.014395][T15334] bridge_slave_1: left allmulticast mode
[ 2952.037278][T15334] bridge_slave_1: left promiscuous mode
[ 2952.083420][T15334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2952.084349][T13927] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2952.103755][T15334] bridge_slave_0: left allmulticast mode
[ 2952.109394][T15334] bridge_slave_0: left promiscuous mode
[ 2952.119250][T13927] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2952.119424][T15334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2952.134080][T13927] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2952.166004][T13927] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2952.173953][T13927] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 2952.183714][T13927] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2952.303210][T16928] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[ 2952.487912][T16928] usb 2-1: Using ep0 maxpacket: 16
[ 2952.500113][T16928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2952.511902][T16928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2952.538450][T16928] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2952.548086][T16928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2952.562514][T16928] usb 2-1: config 0 descriptor??
[ 2952.884972][T23306] kvm: kvm [23305]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x12df00000800
[ 2953.099977][T23309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2953.119718][T23309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2953.211025][T16928] hid (null): bogus close delimiter
[ 2953.218216][T16928] hid (null): invalid report_size 29797
[ 2953.244337][T16928] hid (null): invalid report_size 512
[ 2953.251233][T16928] hid (null): report_id 456434233 is invalid
[ 2953.264521][T16928] hid (null): unknown global tag 0xa5
[ 2953.269958][T16928] hid (null): unknown global tag 0xd
[ 2953.279911][T16928] hid (null): unknown global tag 0xc
[ 2953.285437][T16928] hid (null): global environment stack underflow
[ 2953.285963][T15334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2953.295038][T16928] hid-generic 0003:0158:0100.017C: unknown main item tag 0x0
[ 2953.311267][T16928] hid-generic 0003:0158:0100.017C: unknown main item tag 0x0
[ 2953.318954][T16928] hid-generic 0003:0158:0100.017C: bogus close delimiter
[ 2953.326714][T16928] hid-generic 0003:0158:0100.017C: item 0 0 2 10 parsing failed
[ 2953.335011][T15334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2953.335364][T16928] hid-generic 0003:0158:0100.017C: probe with driver hid-generic failed with error -22
[ 2953.358286][T15334] bond0 (unregistering): Released all slaves
[ 2953.388403][T23296] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11389'.
[ 2953.453041][T23309] netlink: 'syz.1.11388': attribute type 2 has an invalid length.
[ 2953.474102][T23309] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11388'.
[ 2953.787756][T15334] hsr_slave_0: left promiscuous mode
[ 2953.794057][T15334] hsr_slave_1: left promiscuous mode
[ 2953.800331][T15334] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2953.808556][T20682] Bluetooth: hci3: command tx timeout
[ 2953.809884][T15334] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2953.825064][T15334] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2953.842050][T15334] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2953.879561][T15334] veth1_macvtap: left promiscuous mode
[ 2953.897286][T15334] veth0_macvtap: left promiscuous mode
[ 2953.903473][T15334] veth1_vlan: left promiscuous mode
[ 2953.908827][T15334] veth0_vlan: left promiscuous mode
[ 2954.055198][ T5146] usb 2-1: USB disconnect, device number 69
[ 2954.232442][   T29] audit: type=1326 audit(1720242066.222:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23338 comm="syz.2.11395" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d2f575bd9 code=0x0
[ 2954.290029][T20682] Bluetooth: hci1: command tx timeout
[ 2955.106910][T15334] team0 (unregistering): Port device team_slave_1 removed
[ 2955.220978][T15334] team0 (unregistering): Port device team_slave_0 removed
[ 2955.883019][T20682] Bluetooth: hci3: command tx timeout
[ 2956.085425][T23288] chnl_net:caif_netlink_parms(): no params data found
[ 2956.364046][T20682] Bluetooth: hci1: command tx timeout
[ 2956.430065][T23302] chnl_net:caif_netlink_parms(): no params data found
[ 2956.946408][T23288] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2956.956670][T23288] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2956.963961][T23288] bridge_slave_0: entered allmulticast mode
[ 2956.971442][T23288] bridge_slave_0: entered promiscuous mode
[ 2957.008408][T23288] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2957.052547][T23288] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2957.085699][T23288] bridge_slave_1: entered allmulticast mode
[ 2957.092767][T23288] bridge_slave_1: entered promiscuous mode
[ 2957.160018][T23288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2957.251886][T23302] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2957.269828][T23302] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2957.286543][T23302] bridge_slave_0: entered allmulticast mode
[ 2957.309266][T23302] bridge_slave_0: entered promiscuous mode
[ 2957.349077][T23288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2957.410041][T23302] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2957.417876][T23302] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2957.425636][T23302] bridge_slave_1: entered allmulticast mode
[ 2957.440935][T23302] bridge_slave_1: entered promiscuous mode
[ 2957.448418][T23398] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11401'.
[ 2957.540007][T23288] team0: Port device team_slave_0 added
[ 2957.558563][T23288] team0: Port device team_slave_1 added
[ 2957.600403][T23302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 2957.698672][T15334] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2957.739240][T23302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 2957.749859][T23288] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2957.759184][T23288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2957.786249][T23288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2957.947521][T15334] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2957.963239][T20682] Bluetooth: hci3: command tx timeout
[ 2958.019194][T23288] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2958.038842][T23288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2958.096477][T23288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2958.223092][ T5128] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 2958.245430][T15334] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2958.272692][T23302] team0: Port device team_slave_0 added
[ 2958.289040][T23302] team0: Port device team_slave_1 added
[ 2958.402918][ T5128] usb 1-1: Using ep0 maxpacket: 16
[ 2958.425201][ T5128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2958.447377][T20682] Bluetooth: hci1: command tx timeout
[ 2958.455932][T15334] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 2958.457944][ T5128] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2958.479003][ T5128] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2958.488591][ T5128] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2958.499336][ T5128] usb 1-1: config 0 descriptor??
[ 2958.687560][T23288] hsr_slave_0: entered promiscuous mode
[ 2958.727185][T23288] hsr_slave_1: entered promiscuous mode
[ 2958.753789][T23288] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2958.780132][T23288] Cannot create hsr debugfs directory
[ 2958.824893][T23302] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 2958.839348][T23302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2958.866612][T23302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 2958.940622][T23302] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 2958.959384][T23302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2958.986432][T23302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 2959.015142][T23433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2959.039682][T23433] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2959.073125][ T5896] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[ 2959.120708][T23433] netlink: 'syz.0.11403': attribute type 2 has an invalid length.
[ 2959.140618][T23433] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11403'.
[ 2959.173604][ T5128] hid (null): bogus close delimiter
[ 2959.213839][ T5128] hid (null): invalid report_size 29797
[ 2959.219996][ T5128] hid (null): invalid report_size 512
[ 2959.255485][ T5128] hid (null): report_id 456434233 is invalid
[ 2959.261572][ T5128] hid (null): unknown global tag 0xa5
[ 2959.272247][ T5128] hid (null): unknown global tag 0xd
[ 2959.278138][ T5128] hid (null): unknown global tag 0xc
[ 2959.282143][T23436] ALSA: seq fatal error: cannot create timer (-22)
[ 2959.284520][ T5128] hid (null): global environment stack underflow
[ 2959.292019][ T5896] usb 3-1: Using ep0 maxpacket: 16
[ 2959.312090][ T5896] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2959.320179][ T5128] hid-generic 0003:0158:0100.017D: unknown main item tag 0x0
[ 2959.335251][ T5128] hid-generic 0003:0158:0100.017D: unknown main item tag 0x0
[ 2959.343148][ T5128] hid-generic 0003:0158:0100.017D: bogus close delimiter
[ 2959.344911][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[ 2959.351111][ T5128] hid-generic 0003:0158:0100.017D: item 0 0 2 10 parsing failed
[ 2959.358993][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[ 2959.367246][ T5128] hid-generic 0003:0158:0100.017D: probe with driver hid-generic failed with error -22
[ 2959.380380][ T5896] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 2959.402904][ T5896] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8
[ 2959.412571][ T5896] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 25
[ 2959.451412][ T5896] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2959.462911][ T5896] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 2959.501345][ T5896] usb 3-1: SerialNumber: syz
[ 2959.523602][T23418] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 2959.534398][ T5896] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 2959.542236][ T5896] cdc_acm 3-1:1.0: This needs exactly 3 endpoints
[ 2959.567906][T23302] hsr_slave_0: entered promiscuous mode
[ 2959.575978][ T5896] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22
[ 2959.590842][T23302] hsr_slave_1: entered promiscuous mode
[ 2959.604922][T23302] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 2959.622690][T23302] Cannot create hsr debugfs directory
[ 2959.850685][T15334] bridge_slave_1: left allmulticast mode
[ 2959.857846][T15334] bridge_slave_1: left promiscuous mode
[ 2959.864398][T15334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2959.882956][ T5128] usb 2-1: new full-speed USB device number 70 using dummy_hcd
[ 2959.883558][T15334] bridge_slave_0: left allmulticast mode
[ 2959.918365][T15334] bridge_slave_0: left promiscuous mode
[ 2959.931474][T15334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2960.043308][T20682] Bluetooth: hci3: command tx timeout
[ 2960.085127][ T5128] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 2960.094441][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2960.124433][ T5150] usb 1-1: USB disconnect, device number 90
[ 2960.131556][ T5128] usb 2-1: config 0 descriptor??
[ 2960.531493][T20682] Bluetooth: hci1: command tx timeout
[ 2960.822552][T15334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 2960.837830][T15334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 2960.846787][T16848] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 2960.859699][T15334] bond0 (unregistering): Released all slaves
[ 2960.873212][T23415] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11404'.
[ 2960.889499][T23415] batadv0: entered promiscuous mode
[ 2960.894906][T23415] macsec1: entered promiscuous mode
[ 2960.907448][ T5896] usb 3-1: USB disconnect, device number 89
[ 2961.043088][T16848] usb 1-1: Using ep0 maxpacket: 32
[ 2961.056862][T16848] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 2961.092942][T16848] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2961.121928][T16848] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 2961.134145][T16848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2961.176068][T16848] hub 1-1:4.0: bad descriptor, ignoring hub
[ 2961.188198][T16848] hub 1-1:4.0: probe with driver hub failed with error -5
[ 2961.200743][T16848] usbhid 1-1:4.0: couldn't find an input interrupt endpoint
[ 2961.482312][T15334] hsr_slave_0: left promiscuous mode
[ 2961.501842][T15334] hsr_slave_1: left promiscuous mode
[ 2961.514090][T15334] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 2961.521587][T15334] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 2961.530131][T15334] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 2961.541340][T15334] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 2961.571865][T15334] veth1_macvtap: left promiscuous mode
[ 2961.577728][T15334] veth0_macvtap: left promiscuous mode
[ 2961.584946][T15334] veth1_vlan: left promiscuous mode
[ 2961.590588][T15334] veth0_vlan: left promiscuous mode
[ 2961.807753][ T5128] pegasus 2-1:0.0: setup Pegasus II specific registers
[ 2961.844711][T23463] fuse: Bad value for 'user_id'
[ 2961.978412][ T5128] pegasus 2-1:0.0: can't locate MII phy, using default
[ 2962.399615][T15334] team0 (unregistering): Port device team_slave_1 removed
[ 2962.524148][T15334] team0 (unregistering): Port device team_slave_0 removed
[ 2962.984073][T23477] FAULT_INJECTION: forcing a failure.
[ 2962.984073][T23477] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2962.997470][T23477] CPU: 0 PID: 23477 Comm: syz.2.11414 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2963.007720][T23477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2963.017768][T23477] Call Trace:
[ 2963.021060][T23477]  <TASK>
[ 2963.024002][T23477]  dump_stack_lvl+0x241/0x360
[ 2963.028689][T23477]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2963.033896][T23477]  ? __pfx__printk+0x10/0x10
[ 2963.038493][T23477]  should_fail_ex+0x3b0/0x4e0
[ 2963.043436][T23477]  _copy_from_user+0x2f/0xe0
[ 2963.048023][T23477]  move_addr_to_kernel+0x82/0x150
[ 2963.053048][T23477]  copy_msghdr_from_user+0x43e/0x680
[ 2963.058338][T23477]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 2963.064151][T23477]  __sys_sendmsg+0x23d/0x3a0
[ 2963.068733][T23477]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2963.073833][T23477]  ? vfs_write+0x7c4/0xc90
[ 2963.078267][T23477]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 2963.084588][T23477]  ? do_syscall_64+0x100/0x230
[ 2963.089349][T23477]  ? do_syscall_64+0xb6/0x230
[ 2963.094028][T23477]  do_syscall_64+0xf3/0x230
[ 2963.098524][T23477]  ? clear_bhb_loop+0x35/0x90
[ 2963.103190][T23477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2963.109424][T23477] RIP: 0033:0x7f8d2f575bd9
[ 2963.113831][T23477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2963.133421][T23477] RSP: 002b:00007f8d303e5048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2963.141824][T23477] RAX: ffffffffffffffda RBX: 00007f8d2f703f60 RCX: 00007f8d2f575bd9
[ 2963.149791][T23477] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003
[ 2963.157754][T23477] RBP: 00007f8d303e50a0 R08: 0000000000000000 R09: 0000000000000000
[ 2963.165719][T23477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2963.173681][T23477] R13: 000000000000000b R14: 00007f8d2f703f60 R15: 00007f8d2f82fa68
[ 2963.181653][T23477]  </TASK>
[ 2963.314885][T23479] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11415'.
[ 2963.763005][ T5150] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 2963.904773][ T5146] usb 1-1: reset high-speed USB device number 91 using dummy_hcd
[ 2963.923499][ T5146] usb 1-1: device reset changed ep0 maxpacket size!
[ 2963.943258][ T5150] usb 3-1: Using ep0 maxpacket: 16
[ 2963.960336][ T5150] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2963.979951][ T5146] usb 1-1: USB disconnect, device number 91
[ 2963.998936][ T5150] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2964.014898][ T5150] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2964.025088][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2964.047313][ T5150] usb 3-1: config 0 descriptor??
[ 2964.074114][ T5128] pegasus 2-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 36:33:a7:6d:49:b8
[ 2964.085865][ T5128] usb 2-1: USB disconnect, device number 70
[ 2964.388647][ T5146] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 2964.538632][T23487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2964.592989][ T5146] usb 1-1: Using ep0 maxpacket: 8
[ 2964.611057][ T5146] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 2964.627078][T23487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2964.635864][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2964.688053][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2964.721714][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2964.740668][ T5146] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 2964.758694][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2964.802084][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2964.820117][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2964.836019][ T5150] hid (null): bogus close delimiter
[ 2964.863513][ T5150] hid (null): invalid report_size 29797
[ 2964.869120][ T5150] hid (null): invalid report_size 512
[ 2964.889901][ T5146] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 2964.909536][ T5150] hid (null): report_id 456434233 is invalid
[ 2964.929194][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2964.930424][T23487] netlink: 'syz.2.11416': attribute type 2 has an invalid length.
[ 2964.945932][ T5150] hid (null): unknown global tag 0xa5
[ 2964.968635][ T5150] hid (null): unknown global tag 0xd
[ 2964.976840][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2965.005598][ T5150] hid (null): unknown global tag 0xc
[ 2965.010956][ T5150] hid (null): global environment stack underflow
[ 2965.022146][ T5146] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2965.045253][ T5150] hid-generic 0003:0158:0100.017E: unknown main item tag 0x0
[ 2965.060205][ T5150] hid-generic 0003:0158:0100.017E: unknown main item tag 0x0
[ 2965.068154][ T5150] hid-generic 0003:0158:0100.017E: bogus close delimiter
[ 2965.068338][T23487] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11416'.
[ 2965.076046][ T5150] hid-generic 0003:0158:0100.017E: item 0 0 2 10 parsing failed
[ 2965.110573][ T5146] usb 1-1: string descriptor 0 read error: -22
[ 2965.122286][ T5146] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2965.133231][ T5150] hid-generic 0003:0158:0100.017E: probe with driver hid-generic failed with error -22
[ 2965.143213][ T5146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2965.175826][ T5146] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 2965.296389][T23288] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 2965.319685][T23288] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 2965.348648][T23288] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 2965.382307][T23288] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 2965.389937][ T5128] usb 2-1: new full-speed USB device number 71 using dummy_hcd
[ 2965.505936][T23302] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 2965.524400][T23302] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 2965.550860][T23302] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 2965.569106][T23302] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 2965.587627][ T5128] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 2965.593409][T16848] usb 1-1: USB disconnect, device number 92
[ 2965.616386][ T5128] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2965.659924][ T5128] usb 2-1: config 0 descriptor??
[ 2965.701131][T23288] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2965.746671][T23288] 8021q: adding VLAN 0 to HW filter on device team0
[ 2965.770188][ T5896] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2965.777369][ T5896] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2965.802743][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2965.809917][ T5896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2965.818017][ T5150] usb 3-1: USB disconnect, device number 90
[ 2965.895433][T23302] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2965.959585][T23302] 8021q: adding VLAN 0 to HW filter on device team0
[ 2965.998276][ T9254] bridge0: port 1(bridge_slave_0) entered blocking state
[ 2966.005472][ T9254] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 2966.040842][ T5896] bridge0: port 2(bridge_slave_1) entered blocking state
[ 2966.048021][ T5896] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 2966.207115][T23288] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2966.450550][T23288] veth0_vlan: entered promiscuous mode
[ 2966.494072][T23302] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 2966.530533][T23288] veth1_vlan: entered promiscuous mode
[ 2966.714562][T23302] veth0_vlan: entered promiscuous mode
[ 2966.775728][T23302] veth1_vlan: entered promiscuous mode
[ 2966.798672][T23288] veth0_macvtap: entered promiscuous mode
[ 2966.832349][T23288] veth1_macvtap: entered promiscuous mode
[ 2966.929800][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2966.945486][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2966.957258][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2966.990678][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.022973][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2967.037278][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.055620][T23288] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2967.106121][T23302] veth0_macvtap: entered promiscuous mode
[ 2967.189812][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2967.207887][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.248832][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2967.284687][ T5128] pegasus 2-1:0.0: setup Pegasus II specific registers
[ 2967.300534][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.322192][T23288] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2967.361055][T23288] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.380785][T23288] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2967.417900][T23302] veth1_macvtap: entered promiscuous mode
[ 2967.435943][ T5128] pegasus 2-1:0.0: can't locate MII phy, using default
[ 2967.467104][T23288] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2967.502620][T23288] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2967.522711][T23288] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2967.563563][T23288] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2967.692180][ T5128] pegasus 2-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, ea:05:0e:16:0a:43
[ 2967.719100][ T5128] usb 2-1: USB disconnect, device number 71
[ 2967.908459][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2967.933586][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2967.977165][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2967.999152][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.030366][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2968.064669][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.086352][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 2968.099985][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.124386][T23302] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 2968.163217][ T9254] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 2968.228108][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2968.247680][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.263114][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2968.287926][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.301858][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2968.317064][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.327618][T23302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 2968.357456][T23302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 2968.384278][ T9254] usb 1-1: Using ep0 maxpacket: 16
[ 2968.401575][ T9254] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2968.416071][T23302] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 2968.461829][ T9254] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2968.484197][ T9254] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2968.511528][ T9254] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2968.541126][ T9254] usb 1-1: config 0 descriptor??
[ 2968.695493][T23302] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 2968.726440][T23302] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 2968.742726][T23302] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 2968.751690][T23302] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 2968.828679][T17284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2968.868617][T17284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2969.068713][T23583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2969.115228][T23583] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2969.139836][T23987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2969.168331][T23987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2969.207730][T23583] netlink: 'syz.0.11428': attribute type 2 has an invalid length.
[ 2969.233588][T23583] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11428'.
[ 2969.258002][ T9254] hid (null): bogus close delimiter
[ 2969.287435][ T9254] hid (null): invalid report_size 29797
[ 2969.304155][T16200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2969.312187][T16200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2969.337515][ T9254] hid (null): invalid report_size 512
[ 2969.353749][ T9254] hid (null): report_id 456434233 is invalid
[ 2969.373032][ T9254] hid (null): unknown global tag 0xa5
[ 2969.403936][ T9254] hid (null): unknown global tag 0xd
[ 2969.409333][ T9254] hid (null): unknown global tag 0xc
[ 2969.465157][ T9254] hid (null): global environment stack underflow
[ 2969.516375][ T9254] hid-generic 0003:0158:0100.017F: unknown main item tag 0x0
[ 2969.557079][ T9254] hid-generic 0003:0158:0100.017F: unknown main item tag 0x0
[ 2969.571747][T17284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2969.577143][ T9254] hid-generic 0003:0158:0100.017F: bogus close delimiter
[ 2969.597702][ T9254] hid-generic 0003:0158:0100.017F: item 0 0 2 10 parsing failed
[ 2969.615903][ T9254] hid-generic 0003:0158:0100.017F: probe with driver hid-generic failed with error -22
[ 2969.623593][T17284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2969.982955][T16928] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 2970.152950][ T5146] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[ 2970.173028][T16928] usb 3-1: Using ep0 maxpacket: 8
[ 2970.182435][T16928] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 2970.196838][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2970.219984][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2970.231345][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2970.253440][T16928] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 2970.271507][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2970.289627][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2970.331701][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2970.353159][ T5146] usb 5-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[ 2970.364301][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2970.399867][ T5150] usb 1-1: USB disconnect, device number 93
[ 2970.410682][ T5146] usb 5-1: config 0 descriptor??
[ 2970.416126][T16928] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 2970.438152][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 2970.500838][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[ 2970.544153][T16928] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 2970.580426][T16928] usb 3-1: string descriptor 0 read error: -22
[ 2970.596513][T16928] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 2970.628543][T16928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2970.666723][T23609] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2970.677571][T16928] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 2970.692483][T23609] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2970.792029][T23639] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11437'.
[ 2970.940041][ T5146] gs_usb 5-1:0.0: Configuring for 1 interfaces
[ 2970.982987][T16928] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 2971.058296][ T5896] usb 3-1: USB disconnect, device number 91
[ 2971.191531][T16928] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 2971.249600][T16928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2971.271522][T16928] usb 4-1: config 0 descriptor??
[ 2972.203436][ T5146] gs_usb 5-1:0.0: Couldn't get extended bit timing const for channel 0 (-ETIMEDOUT)
[ 2972.237711][ T5146] gs_usb 5-1:0.0: probe with driver gs_usb failed with error -110
[ 2972.464222][ T5146] usb 5-1: USB disconnect, device number 83
[ 2972.883965][T16848] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 2972.912001][T16928] pegasus 4-1:0.0: setup Pegasus II specific registers
[ 2972.982157][T23691] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11447'.
[ 2973.045639][T16928] pegasus 4-1:0.0: can't locate MII phy, using default
[ 2973.079355][T16928] pegasus 4-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, a6:93:68:83:d9:86
[ 2973.097170][T16928] usb 4-1: USB disconnect, device number 19
[ 2973.163435][T16848] usb 3-1: device descriptor read/64, error -71
[ 2973.472927][T16848] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 2973.567770][ T5146] usb 5-1: new high-speed USB device number 84 using dummy_hcd
[ 2973.666891][T16848] usb 3-1: device descriptor read/64, error -71
[ 2973.732551][T23705] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2973.773519][ T5146] usb 5-1: Using ep0 maxpacket: 16
[ 2973.792098][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2973.815519][T16848] usb usb3-port1: attempt power cycle
[ 2973.822903][ T5146] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2973.853917][ T5146] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2973.877650][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2973.919853][ T5146] usb 5-1: config 0 descriptor??
[ 2974.168555][ T5145] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 2974.252967][T16848] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[ 2974.314118][T16848] usb 3-1: device descriptor read/8, error -71
[ 2974.383104][ T5145] usb 1-1: Using ep0 maxpacket: 32
[ 2974.399026][ T5145] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 2974.430896][ T5145] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 2974.452245][T23717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2974.454391][ T5145] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 2974.486901][T23717] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2974.518662][ T5145] usb 1-1: Product: syz
[ 2974.530033][ T5145] usb 1-1: Manufacturer: syz
[ 2974.547396][ T5145] usb 1-1: SerialNumber: syz
[ 2974.555615][T23717] netlink: 'syz.4.11449': attribute type 2 has an invalid length.
[ 2974.586051][ T5145] usb 1-1: config 0 descriptor??
[ 2974.592341][T23709] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 2974.600555][T16848] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 2974.617131][ T5146] hid (null): bogus close delimiter
[ 2974.623014][T23717] netlink: 132 bytes leftover after parsing attributes in process `syz.4.11449'.
[ 2974.645780][ T5146] hid (null): invalid report_size 29797
[ 2974.665778][T16848] usb 3-1: device descriptor read/8, error -71
[ 2974.674379][ T5146] hid (null): invalid report_size 512
[ 2974.709531][ T5146] hid (null): report_id 456434233 is invalid
[ 2974.739415][ T5146] hid (null): unknown global tag 0xa5
[ 2974.759730][ T5146] hid (null): unknown global tag 0xd
[ 2974.772408][ T5146] hid (null): unknown global tag 0xc
[ 2974.781346][ T5146] hid (null): global environment stack underflow
[ 2974.793786][T16848] usb usb3-port1: unable to enumerate USB device
[ 2974.811394][ T5146] hid-generic 0003:0158:0100.0180: unknown main item tag 0x0
[ 2974.830789][ T5146] hid-generic 0003:0158:0100.0180: unknown main item tag 0x0
[ 2974.852724][T16848] usb 1-1: USB disconnect, device number 94
[ 2974.853169][ T5146] hid-generic 0003:0158:0100.0180: bogus close delimiter
[ 2974.892717][ T5146] hid-generic 0003:0158:0100.0180: item 0 0 2 10 parsing failed
[ 2974.909727][ T5146] hid-generic 0003:0158:0100.0180: probe with driver hid-generic failed with error -22
[ 2975.243471][T20682] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[ 2975.254356][T20682] Bluetooth: hci2: Injecting HCI hardware error event
[ 2975.263390][T20682] Bluetooth: hci2: hardware error 0x00
[ 2975.662091][ T5146] usb 5-1: USB disconnect, device number 84
[ 2976.068138][T16848] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[ 2976.266144][T16848] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2976.276625][T16848] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2976.300259][T16848] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2976.309570][T16848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2976.318255][T16848] usb 2-1: Product: చ
[ 2976.324547][T16848] usb 2-1: Manufacturer: 她蕋멳龜ؔ됛ꦆ뗮齔㗘మᆤ幽埍瀷쬎룱窛퍽黱覝轤㴓犂讯࣍䉙녒ⶇ扚邆镻㢗濇蕃鐍혣☲밉庙랸袰৽夂憬芣稐录빬旟깿ꦇ婞㘳௴ﺋ࣊绾鸓ᬪ哴s
[ 2976.432923][ T9254] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 2976.463030][ T5146] usb 5-1: new full-speed USB device number 85 using dummy_hcd
[ 2976.582573][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2976.621950][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2976.634202][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2976.645522][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2976.655190][ T9254] usb 3-1: New USB device found, idVendor=1d50, idProduct=606f, bcdDevice=14.d4
[ 2976.665786][ T5146] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[ 2976.666323][ T9254] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2976.686157][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2976.704011][ T5146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2976.705803][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2976.736959][ T9254] usb 3-1: config 0 descriptor??
[ 2976.738263][ T5146] usb 5-1: config 0 descriptor??
[ 2976.760969][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2976.772041][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2976.794987][T23734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2976.828582][T23734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2976.995675][T16848] usb 2-1: 0:2 : does not exist
[ 2977.038830][T23741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2977.051116][T16848] usb 2-1: USB disconnect, device number 72
[ 2977.067907][T23741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2977.103887][T13927] Bluetooth: hci2: unexpected event for opcode 0x080d
[ 2977.323111][T20682] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[ 2977.330536][ T9254] gs_usb 3-1:0.0: Configuring for 1 interfaces
[ 2977.338575][ T3315] udevd[3315]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 2977.889150][T20682] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 2977.898258][T20682] Bluetooth: hci3: Injecting HCI hardware error event
[ 2977.908977][T20682] Bluetooth: hci3: hardware error 0x00
[ 2978.169394][ T9254] gs_usb 3-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[ 2978.187041][ T9254] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71
[ 2978.259028][ T9254] usb 3-1: USB disconnect, device number 96
[ 2978.497543][ T5146] pegasus 5-1:0.0: setup Pegasus II specific registers
[ 2978.654002][ T5146] pegasus 5-1:0.0: can't locate MII phy, using default
[ 2978.679375][ T5146] pegasus 5-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 7a:a9:86:e4:b8:c8
[ 2978.708731][ T5146] usb 5-1: USB disconnect, device number 85
[ 2979.113049][ T9254] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[ 2979.376284][ T9254] usb 4-1: Using ep0 maxpacket: 16
[ 2979.431793][ T9254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2979.475064][ T9254] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2979.518953][ T9254] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2979.563395][ T9254] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2979.621228][ T9254] usb 4-1: config 0 descriptor??
[ 2979.963156][T20682] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 2980.122448][T23801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2980.213134][T23801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2980.244889][T23797] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11476'.
[ 2980.287405][T23801] netlink: 'syz.3.11470': attribute type 2 has an invalid length.
[ 2980.350656][T23801] netlink: 132 bytes leftover after parsing attributes in process `syz.3.11470'.
[ 2980.367177][ T9254] hid (null): bogus close delimiter
[ 2980.381543][ T9254] hid (null): invalid report_size 29797
[ 2980.404905][ T9254] hid (null): invalid report_size 512
[ 2980.431314][ T9254] hid (null): report_id 456434233 is invalid
[ 2980.460239][ T9254] hid (null): unknown global tag 0xa5
[ 2980.511326][ T9254] hid (null): unknown global tag 0xd
[ 2980.529224][ T9254] hid (null): unknown global tag 0xc
[ 2980.552913][ T9254] hid (null): global environment stack underflow
[ 2980.595238][ T9254] hid-generic 0003:0158:0100.0181: unknown main item tag 0x0
[ 2980.650235][ T9254] hid-generic 0003:0158:0100.0181: unknown main item tag 0x0
[ 2980.668276][ T9254] hid-generic 0003:0158:0100.0181: bogus close delimiter
[ 2980.702910][ T9254] hid-generic 0003:0158:0100.0181: item 0 0 2 10 parsing failed
[ 2980.719531][T23812] netlink: 88 bytes leftover after parsing attributes in process `syz.0.11478'.
[ 2980.733911][ T9254] hid-generic 0003:0158:0100.0181: probe with driver hid-generic failed with error -22
[ 2980.906776][T23809] kvm: vcpu 0: requested 32 ns lapic timer period limited to 200000 ns
[ 2982.015750][ T5146] usb 4-1: USB disconnect, device number 20
[ 2982.306908][T23821] FAULT_INJECTION: forcing a failure.
[ 2982.306908][T23821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2982.332943][T23821] CPU: 1 PID: 23821 Comm: syz.3.11482 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 2982.343216][T23821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 2982.353277][T23821] Call Trace:
[ 2982.356561][T23821]  <TASK>
[ 2982.359496][T23821]  dump_stack_lvl+0x241/0x360
[ 2982.364195][T23821]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2982.369407][T23821]  ? __pfx__printk+0x10/0x10
[ 2982.374013][T23821]  ? snprintf+0xda/0x120
[ 2982.378268][T23821]  should_fail_ex+0x3b0/0x4e0
[ 2982.382964][T23821]  _copy_to_user+0x2f/0xb0
[ 2982.387389][T23821]  simple_read_from_buffer+0xca/0x150
[ 2982.392775][T23821]  proc_fail_nth_read+0x1e9/0x250
[ 2982.397811][T23821]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2982.403365][T23821]  ? rw_verify_area+0x520/0x6b0
[ 2982.408221][T23821]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2982.413777][T23821]  vfs_read+0x204/0xbc0
[ 2982.417945][T23821]  ? __pfx_aa_sk_perm+0x10/0x10
[ 2982.422831][T23821]  ? __might_fault+0xaa/0x120
[ 2982.427568][T23821]  ? __pfx_vfs_read+0x10/0x10
[ 2982.432256][T23821]  ? tipc_bind+0x138/0x250
[ 2982.436692][T23821]  ? __sys_bind+0x256/0x2f0
[ 2982.441214][T23821]  ksys_read+0x1a0/0x2c0
[ 2982.445475][T23821]  ? __pfx_ksys_read+0x10/0x10
[ 2982.450245][T23821]  ? do_syscall_64+0x100/0x230
[ 2982.455022][T23821]  ? do_syscall_64+0xb6/0x230
[ 2982.459713][T23821]  do_syscall_64+0xf3/0x230
[ 2982.464227][T23821]  ? clear_bhb_loop+0x35/0x90
[ 2982.468912][T23821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2982.474815][T23821] RIP: 0033:0x7f3930b746bc
[ 2982.479238][T23821] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[ 2982.498934][T23821] RSP: 002b:00007f39318c6040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2982.507356][T23821] RAX: ffffffffffffffda RBX: 00007f3930d03f60 RCX: 00007f3930b746bc
[ 2982.515331][T23821] RDX: 000000000000000f RSI: 00007f39318c60b0 RDI: 0000000000000004
[ 2982.523306][T23821] RBP: 00007f39318c60a0 R08: 0000000000000000 R09: 0000000000000000
[ 2982.531278][T23821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2982.539254][T23821] R13: 000000000000000b R14: 00007f3930d03f60 R15: 00007f3930e2fa68
[ 2982.547244][T23821]  </TASK>
[ 2982.854707][T23825] netlink: 32 bytes leftover after parsing attributes in process `syz.3.11484'.
[ 2985.305429][T23818] netlink: 'syz.4.11481': attribute type 31 has an invalid length.
[ 2985.554878][ T5146] usb 3-1: new low-speed USB device number 97 using dummy_hcd
[ 2991.107148][ T5150] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 2991.172524][ T5146] usb 3-1: device descriptor read/all, error -71
[ 2993.432012][T16679] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[ 2994.263426][T25602] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 2994.453006][T25602] usb 2-1: Using ep0 maxpacket: 16
[ 2994.466506][T25602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[ 2994.479446][T25602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[ 2994.496838][T25602] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 2994.509178][T25602] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2994.529262][T25602] usb 2-1: config 0 descriptor??
[ 2995.027298][T23859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2995.060995][T23859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2995.084423][T23859] netlink: 'syz.1.11493': attribute type 2 has an invalid length.
[ 2995.111656][T23859] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11493'.
[ 2995.151504][T25602] hid (null): bogus close delimiter
[ 2995.161499][T25602] hid (null): invalid report_size 29797
[ 2995.194515][T25602] hid (null): invalid report_size 512
[ 2995.211911][T25602] hid (null): report_id 456434233 is invalid
[ 2995.233800][T25602] hid (null): unknown global tag 0xa5
[ 2995.247871][T25602] hid (null): unknown global tag 0xd
[ 2995.268474][T25602] hid (null): unknown global tag 0xc
[ 2995.282092][T25602] hid (null): global environment stack underflow
[ 2995.304238][T25602] hid-generic 0003:0158:0100.0182: unknown main item tag 0x0
[ 2995.311650][T25602] hid-generic 0003:0158:0100.0182: unknown main item tag 0x0
[ 2995.324669][T25602] hid-generic 0003:0158:0100.0182: bogus close delimiter
[ 2995.331801][T25602] hid-generic 0003:0158:0100.0182: item 0 0 2 10 parsing failed
[ 2995.346487][T25602] hid-generic 0003:0158:0100.0182: probe with driver hid-generic failed with error -22
[ 2995.887567][T25602] usb 2-1: USB disconnect, device number 73
[ 2996.480588][T13927] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2996.493540][T13927] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2996.502085][T13927] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2996.511203][T13927] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2996.525565][T13927] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 2996.533232][T13927] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2996.682638][T23868] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[ 2996.701976][T23868] batman_adv: batadv0: Adding interface: ip6gretap1
[ 2996.709182][T23868] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 2996.750408][T23868] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[ 2997.259039][T23866] chnl_net:caif_netlink_parms(): no params data found
[ 3002.175845][T13927] Bluetooth: hci4: command tx timeout
[ 3005.712612][T13927] Bluetooth: hci4: command tx timeout
[ 3008.892587][T13927] Bluetooth: hci4: command tx timeout
[ 3009.104688][T23887] PKCS7: Unknown OID: [4] (bad)
[ 3009.110137][T23887] PKCS7: Only support pkcs7_signedData type
[ 3009.252049][T13927] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 3009.263077][T13927] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 3009.278131][T13927] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 3009.288666][T13927] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 3009.302444][T13927] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 3009.311234][T13927] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 3012.729009][T13927] Bluetooth: hci3: command tx timeout
[ 3012.735954][T13927] Bluetooth: hci4: command tx timeout
[ 3017.163515][T20682] Bluetooth: hci3: command tx timeout
[ 3017.220552][T21875] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 3017.628075][T21875] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 3017.651500][T21875] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 3017.667741][T21875] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 3017.679066][T21875] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 3017.690290][T21875] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 3019.632981][T20682] Bluetooth: hci3: command tx timeout
[ 3022.339797][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[ 3022.346155][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[ 3022.376035][T21875] Bluetooth: hci3: command tx timeout
[ 3025.691915][T13927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 3025.827569][T20682] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 3025.841258][T20682] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 3029.508795][T20682] Bluetooth: hci6: command tx timeout
[ 3034.373712][T20682] Bluetooth: hci0: command 0x1005 tx timeout
[ 3034.386794][T20682] Bluetooth: hci6: command tx timeout
[ 3034.423207][T21875] Bluetooth: hci0: Opcode 0x1005 failed: -110
[ 3034.433555][T21875] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 3034.453814][T21875] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 3034.462475][T21875] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 3034.476916][T21875] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 3034.485027][T21875] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 3034.492880][T21875] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 3039.964975][T21875] Bluetooth: hci0: command tx timeout
[ 3039.971228][T21875] Bluetooth: hci6: command tx timeout
[ 3046.320884][T21875] Bluetooth: hci6: command tx timeout
[ 3046.326457][T21875] Bluetooth: hci0: command tx timeout
[ 3053.483438][T13927] Bluetooth: hci0: command tx timeout
[ 3053.745139][T13927] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 3061.623720][T13927] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 3061.632144][T13927] Bluetooth: hci0: command tx timeout
[ 3061.779452][T20682] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 3071.960911][T23866] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wg1": -EINTR
[ 3082.996671][T21875] Bluetooth: hci1: Opcode 0x1009 failed: -110
[ 3083.036892][T21875] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 3083.044482][T21875] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 3083.057685][T21875] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 3083.065933][T21875] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 3083.073803][T21875] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 3083.081154][T21875] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 3094.703096][T21875] Bluetooth: hci1: command tx timeout
[ 3094.781691][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[ 3094.793069][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[ 3095.048508][T23933] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 3095.058548][T23933] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 3095.067784][T23933] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 3095.091107][T23933] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 3095.099062][T23933] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 3095.106932][T23933] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 3095.122606][T23933] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 3095.130740][T23933] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 3095.138918][T23933] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 3095.162376][T23933] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 3095.170028][T23933] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 3095.177274][T23933] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 3095.196914][T23933] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 3095.204256][T23933] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 3095.211330][T23933] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 3095.227482][T23933] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 3095.235724][T23933] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 3095.243858][T23933] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 3106.355566][T23933] Bluetooth: hci1: command tx timeout
[ 3119.053904][T23933] Bluetooth: hci1: command tx timeout
[ 3119.059425][T23933] Bluetooth: hci7: command tx timeout
[ 3119.066415][T23933] Bluetooth: hci5: command tx timeout
[ 3119.073811][T23933] Bluetooth: hci2: command tx timeout
[ 3143.166818][T23933] Bluetooth: hci2: command tx timeout
[ 3143.172262][T23933] Bluetooth: hci5: command tx timeout
[ 3143.177809][T21875] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 3143.184304][T23933] Bluetooth: hci7: command tx timeout
[ 3143.189709][T23933] Bluetooth: hci1: command tx timeout
[ 3143.254436][T23933] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 3152.182858][T23917] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 3152.205369][T20682] Bluetooth: hci7: command tx timeout
[ 3152.210806][T20682] Bluetooth: hci5: command tx timeout
[ 3152.217610][T20682] Bluetooth: hci2: command tx timeout
[ 3152.579703][T32467] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 3152.766509][T13927] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 3152.776316][T13927] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 3153.389795][T32467] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 3153.399136][T32467] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 3163.177220][T23949] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 3163.254573][T32467] Bluetooth: hci10: Opcode 0x0c03 failed: -110
[ 3163.261506][T20682] Bluetooth: hci8: Opcode 0x1009 failed: -110
[ 3163.268361][T21875] Bluetooth: hci4: Opcode 0x1001 failed: -110
[ 3163.275003][T32467] Bluetooth: hci2: command tx timeout
[ 3163.280434][T32467] Bluetooth: hci5: command tx timeout
[ 3163.286243][T20682] Bluetooth: hci7: command tx timeout
[ 3163.291674][T20682] Bluetooth: hci6: command 0x0406 tx timeout
[ 3163.353326][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[ 3163.359648][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[ 3176.672643][T23951] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 3176.681257][T23951] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 3176.689523][T23951] Bluetooth: hci0: command 0x0406 tx timeout
[ 3176.709589][   T30] INFO: task syz-executor:23898 blocked for more than 147 seconds.
[ 3176.721048][   T30]       Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 3176.728978][T23946] Bluetooth: hci10: Opcode 0x0c03 failed: -110
[ 3176.735507][T23939] Bluetooth: hci8: Opcode 0x0c03 failed: -110
[ 3176.742157][T23941] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 3176.750025][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 3176.763511][   T30] task:syz-executor    state:D stack:26784 pid:23898 tgid:23898 ppid:1      flags:0x00004006
[ 3176.773994][   T30] Call Trace:
[ 3176.777289][   T30]  <TASK>
[ 3176.780228][   T30]  __schedule+0x17e8/0x4a20
[ 3176.794908][   T30]  ? __pfx___schedule+0x10/0x10
[ 3176.799800][   T30]  ? __pfx_lock_release+0x10/0x10
[ 3176.844593][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 3176.862841][   T30]  ? schedule+0x90/0x320
[ 3176.867116][   T30]  schedule+0x14b/0x320
[ 3176.871283][   T30]  schedule_preempt_disabled+0x13/0x30
[ 3176.930744][   T30]  __mutex_lock+0x6a4/0xd70
[ 3176.972880][   T30]  ? __mutex_lock+0x527/0xd70
[ 3176.977617][   T30]  ? register_nexthop_notifier+0x84/0x290
[ 3177.017374][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 3177.022465][   T30]  ? __asan_memset+0x23/0x50
[ 3177.062835][   T30]  register_nexthop_notifier+0x84/0x290
[ 3177.068431][   T30]  ? __pfx_lockdep_init_map_type+0x10/0x10
[ 3177.102896][   T30]  ? __pfx_register_nexthop_notifier+0x10/0x10
[ 3177.109108][   T30]  ? __asan_memset+0x23/0x50
[ 3177.152981][   T30]  ops_init+0x359/0x610
[ 3177.157199][   T30]  setup_net+0x515/0xca0
[ 3177.161452][   T30]  ? __pfx_down_read_killable+0x10/0x10
[ 3177.202872][   T30]  ? __pfx_setup_net+0x10/0x10
[ 3177.207716][   T30]  copy_net_ns+0x4e2/0x7b0
[ 3177.212158][   T30]  create_new_namespaces+0x425/0x7b0
[ 3177.302877][   T30]  ? bpf_lsm_capable+0x9/0x10
[ 3177.307625][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[ 3177.352833][   T30]  ksys_unshare+0x619/0xc10
[ 3177.359028][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[ 3177.382824][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3177.388860][   T30]  ? do_syscall_64+0x100/0x230
[ 3177.408206][   T30]  __x64_sys_unshare+0x38/0x40
[ 3177.413058][   T30]  do_syscall_64+0xf3/0x230
[ 3177.417576][   T30]  ? clear_bhb_loop+0x35/0x90
[ 3177.422261][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 3177.428247][   T30] RIP: 0033:0x7f188b777337
[ 3177.432673][   T30] RSP: 002b:00007f188ba2ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[ 3177.441164][   T30] RAX: ffffffffffffffda RBX: 00007f188b7e4be6 RCX: 00007f188b777337
[ 3177.449214][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[ 3177.457227][   T30] RBP: 0000000000000000 R08: 00007f188c437d60 R09: 0000000000000000
[ 3177.466317][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[ 3177.475084][   T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000009
[ 3177.483130][   T30]  </TASK>
[ 3177.486170][   T30] 
[ 3177.486170][   T30] Showing all locks held in the system:
[ 3177.493945][   T30] 4 locks held by kworker/u8:1/12:
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[ 3177.499056][   T30]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.510556][   T30]  #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.530138][   T30]  #2: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 3177.539697][   T30]  #3: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: cleanup_net+0x6af/0xcc0
[ 3177.548829][   T30] 1 lock held by khungtaskd/30:
[ 3177.553731][   T30]  #0: ffffffff8e333f20 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 3177.565016][   T30] 5 locks held by kworker/u8:8/2903:
[ 3177.570309][   T30] 2 locks held by getty/4841:
[ 3177.575923][   T30]  #0: ffff88802f2f20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 3177.585783][   T30]  #1: ffffc90002f162f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 3177.595992][   T30] 1 lock held by syz-executor/5082:
[ 3177.601193][   T30] 3 locks held by kworker/0:4/5145:
[ 3177.606492][   T30]  #0: ffff888015081948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.618926][   T30]  #1: ffffc90004307d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.630123][   T30]  #2: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x91/0xea0
[ 3177.639774][   T30] 3 locks held by kworker/u9:0/13927:
[ 3177.645509][   T30]  #0: ffff88805c391148 ((wq_completion)hci9){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.656403][   T30]  #1: ffffc9000508fd00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.669553][   T30]  #2: ffff888078bd4d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1bf/0x6b0
[ 3177.679783][   T30] 4 locks held by kworker/0:0/16848:
[ 3177.685139][   T30] 3 locks held by kworker/1:3/16927:
[ 3177.690423][   T30]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.701499][   T30]  #1: ffffc900100f7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.712755][   T30]  #2: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[ 3177.721798][   T30] 3 locks held by kworker/1:9/25602:
[ 3177.727525][   T30] 3 locks held by kworker/u8:2/16200:
[ 3177.732957][   T30]  #0: ffff88802a351148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.744615][   T30]  #1: ffffc900032dfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.758381][   T30]  #2: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[ 3177.768861][   T30] 1 lock held by syz-executor/20673:
[ 3177.774962][   T30]  #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 3177.784153][   T30] 5 locks held by kworker/u9:2/21875:
[ 3177.789529][   T30]  #0: ffff88807c1ce948 ((wq_completion)hci0#3){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3177.800588][   T30]  #1: ffffc9000d0d7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3177.813262][   T30]  #2: ffff88806bc14d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400
[ 3177.823181][   T30]  #3: ffff88806bc14078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0
[ 3177.832909][   T30]  #4: ffffffff8f751508 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340
[ 3177.842684][   T30] 1 lock held by syz-executor/22435:
[ 3177.848002][   T30]  #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 3177.857034][   T30] 1 lock held by syz-executor/22862:
[ 3177.862321][   T30] 1 lock held by syz-executor/23866:
[ 3177.867767][   T30]  #0: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 3177.877697][   T30] 3 locks held by syz-executor/23889:
[ 3177.883857][   T30]  #0: ffff88802f308d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[ 3177.893946][   T30]  #1: ffff88802f308078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[ 3177.903626][   T30]  #2: ffffffff8f751508 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[ 3177.913738][   T30] 2 locks held by syz-executor/23898:
[ 3177.919115][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3177.928581][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3177.938656][   T30] 2 locks held by syz-executor/23908:
[ 3177.944062][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3177.953553][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3177.963665][   T30] 2 locks held by syz-executor/23919:
[ 3177.969036][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3177.979496][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3177.990464][   T30] 6 locks held by kworker/u9:4/23933:
[ 3177.995910][   T30]  #0: ffff88806ec60148 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3178.006812][   T30]  #1: ffffc90004357d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3178.020044][   T30]  #2: ffff88807a9f0d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400
[ 3178.029963][   T30]  #3: ffff88807a9f0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0
[ 3178.039693][   T30]  #4: ffffffff8f751508 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x185/0x340
[ 3178.049508][   T30]  #5: ffffffff8e3392f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[ 3178.060506][   T30] 2 locks held by syz-executor/23934:
[ 3178.065929][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3178.076333][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3178.087146][   T30] 2 locks held by syz-executor/23935:
[ 3178.092527][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3178.102030][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3178.112177][   T30] 2 locks held by syz-executor/23936:
[ 3178.117634][   T30]  #0: ffffffff8f5da5d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 3178.127252][   T30]  #1: ffffffff8f5e6e08 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 3178.137367][   T30] 1 lock held by dhcpcd/23940:
[ 3178.142131][   T30]  #0: ffff88807ea75610 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240
[ 3178.152397][   T30] 1 lock held by syz-executor/23950:
[ 3178.157829][   T30] 3 locks held by kworker/u9:5/23949:
[ 3178.163270][   T30]  #0: ffff88807beb8148 ((wq_completion)hci11){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 3178.174299][   T30]  #1: ffffc90009f87d00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 3178.187451][   T30]  #2: ffff88804d9e0d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1bf/0x6b0
[ 3178.197681][   T30] 
[ 3178.200028][   T30] =============================================
[ 3178.200028][   T30] 
[ 3178.208552][   T30] NMI backtrace for cpu 1
[ 3178.212881][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 3178.222779][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 3178.232838][   T30] Call Trace:
[ 3178.236124][   T30]  <TASK>
[ 3178.239064][   T30]  dump_stack_lvl+0x241/0x360
[ 3178.243772][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3178.248981][   T30]  ? __pfx__printk+0x10/0x10
[ 3178.253581][   T30]  ? vprintk_emit+0x631/0x770
[ 3178.258724][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[ 3178.264485][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 3178.269538][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 3178.275006][   T30]  ? _printk+0xd5/0x120
[ 3178.279176][   T30]  ? __pfx__printk+0x10/0x10
[ 3178.283779][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 3178.288644][   T30]  ? __pfx__printk+0x10/0x10
[ 3178.293256][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 3178.298312][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 3178.304320][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 3178.310315][   T30]  watchdog+0xfde/0x1020
[ 3178.314571][   T30]  ? watchdog+0x1ea/0x1020
[ 3178.319003][   T30]  ? __pfx_watchdog+0x10/0x10
[ 3178.323685][   T30]  kthread+0x2f0/0x390
[ 3178.327769][   T30]  ? __pfx_watchdog+0x10/0x10
[ 3178.332453][   T30]  ? __pfx_kthread+0x10/0x10
[ 3178.337059][   T30]  ret_from_fork+0x4b/0x80
[ 3178.341484][   T30]  ? __pfx_kthread+0x10/0x10
[ 3178.346085][   T30]  ret_from_fork_asm+0x1a/0x30
[ 3178.350875][   T30]  </TASK>
[ 3178.354961][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 3178.360209][    C0] NMI backtrace for cpu 0
[ 3178.360223][    C0] CPU: 0 PID: 16848 Comm: kworker/0:0 Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 3178.360241][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 3178.360252][    C0] Workqueue: events_power_efficient gc_worker
[ 3178.360276][    C0] RIP: 0010:debug_smp_processor_id+0xb/0x20
[ 3178.360300][    C0] Code: e9 66 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 c7 c7 60 e9 1f 8c <48> c7 c6 a0 e9 1f 8c eb 1c 66 2e 0f 1f 84 00 00 00 00 00 66 90 90
[ 3178.360315][    C0] RSP: 0018:ffffc900000078d8 EFLAGS: 00000083
[ 3178.360328][    C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff81728ea0
[ 3178.360340][    C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8c1fe960
[ 3178.360351][    C0] RBP: ffffc90000007a30 R08: ffffffff8fad496f R09: 1ffffffff1f5a92d
[ 3178.360364][    C0] R10: dffffc0000000000 R11: fffffbfff1f5a92e R12: 1ffff92000000f2c
[ 3178.360376][    C0] R13: ffffffff84b685e0 R14: dffffc0000000000 R15: dffffc0000000000
[ 3178.360390][    C0] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[ 3178.360404][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3178.360417][    C0] CR2: 00007fd896fffd00 CR3: 000000000e132000 CR4: 00000000003506f0
[ 3178.360432][    C0] Call Trace:
[ 3178.360439][    C0]  <NMI>
[ 3178.360447][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 3178.360469][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 3178.360488][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 3178.360504][    C0]  ? nmi_handle+0x2a/0x5a0
[ 3178.360534][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 3178.360551][    C0]  ? nmi_handle+0x14f/0x5a0
[ 3178.360571][    C0]  ? nmi_handle+0x2a/0x5a0
[ 3178.360592][    C0]  ? debug_smp_processor_id+0xb/0x20
[ 3178.360612][    C0]  ? default_do_nmi+0x63/0x160
[ 3178.360630][    C0]  ? exc_nmi+0x123/0x1f0
[ 3178.360646][    C0]  ? end_repeat_nmi+0xf/0x53
[ 3178.360667][    C0]  ? debug_objects_fill_pool+0x80/0x9b0
[ 3178.360690][    C0]  ? lock_release+0xb0/0x9f0
[ 3178.360706][    C0]  ? debug_smp_processor_id+0xb/0x20
[ 3178.360727][    C0]  ? debug_smp_processor_id+0xb/0x20
[ 3178.360749][    C0]  ? debug_smp_processor_id+0xb/0x20
[ 3178.360770][    C0]  </NMI>
[ 3178.360776][    C0]  <IRQ>
[ 3178.360781][    C0]  rcu_is_watching+0x15/0xb0
[ 3178.360800][    C0]  lock_release+0xbf/0x9f0
[ 3178.360818][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 3178.360833][    C0]  ? __lock_acquire+0x1346/0x1fd0
[ 3178.360850][    C0]  ? __pfx_lock_release+0x10/0x10
[ 3178.360872][    C0]  ? debug_objects_fill_pool+0x80/0x9b0
[ 3178.360891][    C0]  ? debug_objects_fill_pool+0x80/0x9b0
[ 3178.360912][    C0]  debug_objects_fill_pool+0xc0/0x9b0
[ 3178.360932][    C0]  ? __lock_acquire+0x1346/0x1fd0
[ 3178.360954][    C0]  ? __pfx_debug_objects_fill_pool+0x10/0x10
[ 3178.360979][    C0]  ? advance_sched+0xa02/0xca0
[ 3178.361004][    C0]  debug_object_activate+0x135/0x510
[ 3178.361026][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 3178.361046][    C0]  ? __pfx_debug_object_activate+0x10/0x10
[ 3178.361065][    C0]  ? advance_sched+0xa02/0xca0
[ 3178.361088][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[ 3178.361103][    C0]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[ 3178.361127][    C0]  enqueue_hrtimer+0x30/0x3c0
[ 3178.361150][    C0]  __hrtimer_run_queues+0x6cb/0xd50
[ 3178.361170][    C0]  ? ktime_get_update_offsets_now+0x3c/0x250
[ 3178.361195][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[ 3178.361220][    C0]  hrtimer_interrupt+0x396/0x990
[ 3178.361251][    C0]  __sysvec_apic_timer_interrupt+0x110/0x3f0
[ 3178.361275][    C0]  sysvec_apic_timer_interrupt+0xa1/0xc0
[ 3178.361294][    C0]  </IRQ>
[ 3178.361300][    C0]  <TASK>
[ 3178.361306][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 3178.361327][    C0] RIP: 0010:seqcount_lockdep_reader_access+0x1e0/0x220
[ 3178.361346][    C0] Code: f7 4d 85 ed 75 16 e8 ef 2a f6 f7 eb 15 e8 e8 2a f6 f7 e8 e3 e9 e5 01 4d 85 ed 74 ea e8 d9 2a f6 f7 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00
[ 3178.361359][    C0] RSP: 0018:ffffc900043779a0 EFLAGS: 00000293
[ 3178.361373][    C0] RAX: ffffffff899ffcd7 RBX: 0000000000000000 RCX: ffff88802ae13c00
[ 3178.361385][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 3178.361395][    C0] RBP: ffffc90004377a50 R08: ffffffff899ffcad R09: 1ffffffff25f4ec2
[ 3178.361408][    C0] R10: dffffc0000000000 R11: fffffbfff25f4ec3 R12: dffffc0000000000
[ 3178.361420][    C0] R13: 0000000000000200 R14: 0000000000000046 R15: 1ffff9200086ef34
[ 3178.361435][    C0]  ? seqcount_lockdep_reader_access+0x1ad/0x220
[ 3178.361452][    C0]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[ 3178.361478][    C0]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[ 3178.361503][    C0]  gc_worker+0x316/0x1530
[ 3178.361522][    C0]  ? gc_worker+0x26b/0x1530
[ 3178.361543][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3178.361563][    C0]  ? __pfx_gc_worker+0x10/0x10
[ 3178.361585][    C0]  ? process_scheduled_works+0x945/0x1830
[ 3178.361601][    C0]  process_scheduled_works+0xa2c/0x1830
[ 3178.361632][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 3178.361652][    C0]  ? assign_work+0x364/0x3d0
[ 3178.361671][    C0]  worker_thread+0x86d/0xd50
[ 3178.361692][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 3178.361710][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 3178.361728][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3178.361745][    C0]  kthread+0x2f0/0x390
[ 3178.361762][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 3178.361778][    C0]  ? __pfx_kthread+0x10/0x10
[ 3178.361796][    C0]  ret_from_fork+0x4b/0x80
[ 3178.361815][    C0]  ? __pfx_kthread+0x10/0x10
[ 3178.361832][    C0]  ret_from_fork_asm+0x1a/0x30
[ 3178.361860][    C0]  </TASK>
[ 3178.362210][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 3178.906440][   T30] CPU: 1 PID: 30 Comm: khungtaskd Not tainted 6.10.0-rc6-syzkaller-00210-gd270dd21bee0 #0
[ 3178.916336][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 3178.926388][   T30] Call Trace:
[ 3178.929671][   T30]  <TASK>
[ 3178.932605][   T30]  dump_stack_lvl+0x241/0x360
[ 3178.937323][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 3178.942554][   T30]  ? __pfx__printk+0x10/0x10
[ 3178.947160][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 3178.953156][   T30]  ? vscnprintf+0x5d/0x90
[ 3178.957495][   T30]  panic+0x349/0x860
[ 3178.961409][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 3178.967571][   T30]  ? __pfx_panic+0x10/0x10
[ 3178.971998][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 3178.977382][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 3178.982935][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 3178.988316][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 3178.994475][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 3179.000662][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 3179.006841][   T30]  watchdog+0x101d/0x1020
[ 3179.011197][   T30]  ? watchdog+0x1ea/0x1020
[ 3179.015631][   T30]  ? __pfx_watchdog+0x10/0x10
[ 3179.020312][   T30]  kthread+0x2f0/0x390
[ 3179.024393][   T30]  ? __pfx_watchdog+0x10/0x10
[ 3179.029076][   T30]  ? __pfx_kthread+0x10/0x10
[ 3179.033672][   T30]  ret_from_fork+0x4b/0x80
[ 3179.038094][   T30]  ? __pfx_kthread+0x10/0x10
[ 3179.042692][   T30]  ret_from_fork_asm+0x1a/0x30
[ 3179.047494][   T30]  </TASK>
[ 3180.164442][   T30] Shutting down cpus with NMI
[ 3180.169425][   T30] Kernel Offset: disabled
[ 3180.173837][   T30] Rebooting in 86400 seconds..