last executing test programs:

27.558400204s ago: executing program 3 (id=1483):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty=0x7000000}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x16, 0x1}}}}}}, 0x0)

23.150122649s ago: executing program 1 (id=1516):
r0 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000280)={{{@in=@local, @in6=@dev={0xfe, 0x80, '\x00', 0x8}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x403, 0x4}, {0x0, 0x4000000}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x6c}, 0xa, @in6=@loopback, 0x0, 0x1, 0x1, 0x0, 0x100}}, 0x90)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket(0x2a, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)}], 0x1}, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x200, 0xa, 0x2})
r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0585609, &(0x7f0000000040)={0x100, 0xa, 0x3})
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,us', @ANYRESDEC=0x0, @ANYBLOB=',group_id='])
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000240)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x202}}, 0x50)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004200)="ee43a8f8855298a8290b47b6eb9ecbe3b5cc7d6c5531c6b9218388565017628705c4c32fd55292c0c3f883dbf2e8034edf548838c491174fa9ac73e1c9cc70bf5a3522661ea6daeb623ad80d7d2c07b34a3c60821044fcdef7787b6571dfdf4179e6fe0b1d1a55e1804b1c64f153b46f3ea2ddeb087377540bd71dd01663b7fcb827815c7f8a0045e3e851ccf0c6e73fee19fedd3098a97fbef63ff5eb7c1c1f2facda43aba1f2cdf493a3539ab05e525711238ea2b5e70c7bf56091e3fdd7de8cc3ff7b43e649b5c7378c1f9538f8cd9adc78d0093204f65f7d3b0c7d4d5dd1441cf6d19035e5382545c8c91521551b6347bf4d2356b015b77d05a492e1f8a5a356afeec8b308d8f2c838bd0c9b28dde9239783312362e311e727d23d8545f171dfad77a54fc618378a8088c4627b29643e40ddabc200ae14284084d327e439fa1901f9bf6c52e9a2b7176cd308b3c0d82f6ac370a95055c37b56478f8f33648164250f2c4ec4ff44ff22fc62308909ac5f6b3ee783169933dd421a77bdc238b6e54ed292d033fc80b2f4f6e9200589ef32be4de445d981ed0df390fa2691cf5a22eb7dd1277eed9f79cc489fcbd424f9e42683b4891d54d93d1d12eb6076af805bd5ab5a6007da7daa9eaa4763c5ff36b4d6547145e90e5b74041e24bd3c4b996412637757dcc343784511f09bce6e91908b1a3d4f2bc8310105bef2474b2a7e3204a475a1aa5b6189ca02892342e4ce48e4e7a34eac5f5a973ad1fdeb2404e8899bfa9e40f411c84f75d76a4c680ca107e8cc134527f942d15a17011ffed9f11947a2054d8875d6a562a10685e73c92b78ed8b8c05ac12bdc7b627f0f00a2048027ef15085179610b3142e65b73e931ffd17a40f207e682cd567213c4b88ece6f8e41917944da92b7b834027b0ca18d3f1d1264a920dda9f494bdc359e060be1298dcf3be313cbbc61a70bc02dadc0bbaa4fcc2ce0575651adf3d277f0d4e0bf7ef449e0a6a9d9ff5a20f659fd0b5515d46dd1ed1b412b19a7ab40eff607d26b71056de718acdf6ac40f5e50bfd2a65984242fc20d69bba826d308e0cbafe1b6bd336bc2f1c205bd454a06e5199a23ca1c0a7595cae2550c21aae006001cfa7cdc428cded037397e6b6d009f6b9bee1615aa52da336538e045bf324c71dad2997d87801f87d4d3e0a9a7038573b6220b0676af9b56240f3db4af583ff2a8b9242a6568bc0994d89639a88fea8ede9c59b04591378ec636088dd6ec82c4de4c9de7776ca070a3e7103551ad58eee1ccc0e4d3a0392285802d23b8b5be7b407bb8e38dd7fb793c295c16167c6761ab88f28d509854314f5b7120eaa00f0665c4131cad14a86cd4a758716426eb189b9ad7736d7c7b4a49e7be11019cd28d8869a9f30d8ae52ce35c5a69163d514884fb0e404f59bb7f378dae93d3b1c77db574c5115136a7a0d751486cb0dfc6231b3e242ef88c0d983f65e78e74001e50019fd124d1a0761362cd0ee6d6212c55f37837e21356db7fb5fe79c05db8e45425222f3c4d1fc09667accd4164b8ef336ae3db5b215c82dc0ae4e44c98db78481b9942555dc0ca311c4cabdddd318c5e4f8d477294aa43820f3e4c334987423acd6736196a2990789b4b2d65f48ba3039eeecb2ab8abbf1004c10cc1b563ad368df3513b152878c08fefe65744210432347bf4a67f09dda78be9f1024e077c7191f39b718eb12d7bc7500e855f40673d9975c12ac0bc3526d5017cbfa2a07263f58293bb8c7500b8e365533161295d9ca65c6b8b29482ce3078295a6454bdb574476249c0f7b4cdf3ae3ef55afa3ef653e712f14dd7e270ef728ff4c4f38d09b03daad2868e922a7723ec00884ddfd19a527744ef6cecbc74e8c74aa37b62734286ef94d400a7f884f20c2891ebe78b70a7ea6535c1f1d2a421fd3a05a45749f1511a10eb6f45e54e1b83a2e437df5127be5b54cdaf39bbc96187e46cde341a948bc6999ff738a8abb8da9b943e8e2de28d37cd07c346d05b18b90dc98310d8de6286c42bad83393f3f57ab3c54ad753588909c7eaa08eaccfbda485af7423bcfb58966a0f2b1362801223a99228865b1dfba3d102b63fe3a1dfedd561d205358a276d3887612ce91de546ce6d0b9f5420b667675bc597964910891bf71f949e186f4fe96324b1690c53a8ac12bcbd86e046f3752453bc8c3abc04ca05aeaa4539419dcc2985eb0ba64faa63733a417c25eb4e0a94d4237c9f305fc1a5575b85835f2a71d9dbebbf13a8f58ae798feac3f36af38970b89a705fdb4964ad62c2e3bcf80078a03bff48b9a7c948010789fcd4930999ab49c8dbac946ae3e51ce06b24d0a96fd51070e79950f4477fa39452180ae8cf0dae34079354e0772283d07f0580fc9e03cdac4b27edcf59587746871b1739daf3db43e78d832039f3d82f2fc9aee5798b4d19ae96b9b81c73bc2633a32db2b0452bd22a0cc557d20d46343b244051e0aa33edb3edf35d26114e59424454225e4468131ba1ab70c320a321d5771f18c8fc48617763f77cd3d0b51d90a0d05bef340cc4d52fd65e6b39f2e4f7a7bb8722641df73ec3931541a6cdc43cafa6c5e885ebcc00d230f5d03e59e46feb996da8fa59d16d1e271b0faf2f3f1e1eeda53b9f6bee341b94f4ac6c2f0431253c2beb3d3dac49ae543643a2a4b6aaf5ae46d85a102b71d7ae6cbcd50ab8c6a7a61a972cd6c0ecc8ac1cb7c2b7b732e268c0155b918559afe4f470a9f3e61a41acdee97605332613bce6cb5eadf3786a6ab6bd90d672cd4861f273b1a16998a22c03a81fd8295f6a3068581844ffee8b1e7b95b246167b367b2696508d51b2fa3ccdaae9edd68a04a85a95603b28c273f24715267b8e066cfbbce136ea2cbcc9087fcfe17da753734ce7c47195d9aa65149dc2d0e6155d52ac5173160b84d21906704ea06b34c6f7696f81f39ea3c3b2e5ccb3866357143da1ea3362fa2567b3822f3cfa547cab553f16c589339cefd6620f290273be6375afe68d09f910c6121c84d787b6fbb46ea6561f78459d08a15d8e712606015709fbf5902e46f84ac3d270df370acb8f6c7ee59f61eccd167a885068da639fb3f1c4c7722d7a0fed2489855dd31783bfe807926dff94b6d98535364ea1117592025d20942d2090b0706ae357f98f1e2b7511a9f37b3a9d3d2bacc5aff1e8b3d5f3d5134e75f8af24bf348d50a5222eb0cb2ac2a53ae4e069bce30cda581df56adfe41f7c1831bb2e4370914be2d3c6b5f33c5414597c7248d402e373aa246535d69385da9da1c4a3584b8d280fea95ab160ac8c4303c3f2800ccb7b5797395418b4f3c7dc728dac80404c576e6731644089bc7fc82bc3c6abbd5e174a40e6f1d56c5023669aa08130eee2a0b7263eb215af283b7422689b1966d0bb8e34b8b2b8acd118f125c3d45c4297ff38e1e45c5eb1f3d9b5ef283a7f188baf6ca030b9dbf624e23f8455bb8afe8314bc1acd0beda0cd477a16d982ddbc9c525c8c24b9e53ddb4ff9d03c6db15b121738c4d5a24e638a0c238e3cb865eb7433d672401f6dae1ce7ffe330045e44644f185b2d47c82108dd6052d2a928d7f49e9e22b7cdd94c09a6c9820ff22169acc82e08b430926c5af7d290ca92598fa2d212154a10e17e5af05b5c2141475d7ab034bd384cf663fec9e1f9d8f50c1d3e0406f2665cb273ca0185281ee3a65cd76a1a350fe9aeae6e49cb8f0eb4dba4c19ecf27479833fc47dfee6ae7806723ba5c2f24c62e26a3d8a74cb43546d28acb0fbf287c03dcdac6699c3c7f9a3b806bcac2318118395fa4e052eb620f02a90dc0556e6338266d5529f968359372a21c5b54a46ae61dcd528d7569435311abf1133be800f466dc19ade70b233ab4a5fa04ddcc476ba44aafd2c443a0c6738a422477a8da46420dbc8cf09302e8e59ce967a4832b46e74bf81306ccb497bcd35ae1e552566c5414982ba51151a4f1b13dc1d0065ea65e5272d9a004ffa84574ce96d94561d46664659dd9ebabd1a907b5127b140801720c1d92a40530040c03a869debffa977a57a8d6196cfc24e844f2486639ed630f5eae1dafd32ebaa1d71a7cfbe98badd7f0962fdce731e2ebd4b97fbbfb82a6cbf94d9d67a58f74d0856ae50e757823976f018281590e6adb9b6d5c0e58833d747957196d502f0f96f70bc351fb9599dd3d177162d087f25f4ef07c2796d2b3b1d2ed1d45bd3ee150d0b9569c4ba640526df0c91825fa8442045ca8397aaa16a39f179dd04fa63c9195617849868f0018756391089827fd090b898b165c0528f835d7726c18cd81f1613c5607d54d074d0c3e37a76c884f963ff8070cb25e441d215c02328ea43f518e139a5df4c033e429a27ca9ec62b103578c075baee7a047e070892c169401bd1d3b9b94bb3375af9ef41d75e4199e486042c0c50bf7b2b883251938ec16150cdcd3806b1df7c6bf190567afbfc540145e9f4885a02a2e0a32f878c097799b728eb6db95061c741526f9a8f988f6c6c24b459fa236b27e978628e38c6a4e0a88199f645e64a535a13e8aec318c43c55c7e61160851d534383b76e300718553a710ddbf937f2f16bff9a2cb883d4d96151b2ce87b6269dce42b153d8d4d7cdd1f1d041bd0a58e76f169f8a3ca5fe9d1cd0d5023b9caaec86fbd65b67c7a972a9616cbeee989942b965d6fc0eaa1ac40240dbc910a72cb5ac4af89b390eabfa9fb874323ff0db6c52036df330d65b958d54b92e156a560648e83fc66c05aa2e64b558c03a035f539ae047d611c3eff899ea684e02eb0021ab1a7a20ada3a7bc671935238232b785bc740aeda2a9a8107d63aaea386b9b4462921f2a57c9f681ac4d2e5688de78480826fd0c2646c6922a337a121efad078e8032b9adae398d02da7ab5144f9cde3cc6306c4250788f365f7a51f59e4bd7b4944f5c3acf6046e5ac66fb5d0f83ffbd24de6b43ca32547138609099bb2615fb1ffd971a7117b21e2b70002b5de395f14bf5bd96869bb858687c69026453e2f2f058736603f95f80d8c8d0a22f4f547bf5873ec896f46ce6699682f375cc3d460e836ab58e19830d10dd6458eca0b31dc8b568a1d99b7f01ae483f8c9e99245a5437d4af82b3925aee36b3dc77d5b588d9e225050ee847bbf1c4d0a26fa55eed6f8586d979e9b0e0fadafc8cb56bb74f16efdf4967627a11f669aa5eea716f957d2352e158dec9d295f9d50ca846fda87fcbaeac91df406b7250da41177587dc7102f8fcd9086e263feec335ed1312b71d74403f81c7c7d5731d4b8a10475f86bfeb59a52e769d8c1322facd03960286cda9b6fbea84b06b443baf710d29a209e01d572beb43ddd6ffef3c35afd79a3b12099680a377ee7469610fa26210522d8764d93a00d4a63061f7d0c777199984217b34b4f247ceabff49eed8f404739cb76c6a3f3a1c5804074756266294e2ed4fb15ef2f2cbbf98183dc5dfcb568da748ddf2e5ff56688e1ea25410321d0015c45ceb9eff7c855f683e6a7da716ae15363f98a17fa602edc2cda3ba3bf3d0f53adf56618b2629d4feb77bf70f80c68beea0a37034270c6599498d995c91468fcc4c6650471227af2e38eb3ba208bb7c3c7c326ef744c58bb10e548a770caf35e0ee64053bd8820cdcb4cee1f5ef3dc45ecf8f2a6a0d8e3978c5456ea5989316d75ec5743faf8e63c6b1d68186c7dc2bb8b04f239b42af853e39a43d5891ba3479c0efcb885466710ea1112bd2a7561a6ddbb744ba207ab8ff1e755f3f304d286de3a739b2801af5bab3fd7f034ede2dd38da60415393d6b12ea96ee6cf3b1a87b12b034719e9d907497e1114c888ff2ead6cbc00aa4e9db18186913c35147c9ad06748971a7aed0fa87b4c864150ff06e37b2ef984f0d6e2838e099bcfb92939c75082fa5dc9c7c8455b119866939ef78a594d48b1e233ab2530058a7c2ae8f4147528d0ba328aabdd8d61c2270fb9ab790fbf913e97d15d5e20553016791855e617131474ef0b75081a0c43fc5fa1ecb67c7edeeecc97cd7d941845dad2e54b42e18e68ce41f849313143fe0152e104a2a401e42f982145d9bce7ed874705bf7576ce102ebbe11d6187acba2d06e2b3762cdc8c3f67aa66fd1d70e4ee55e739ebe0b390c8205edc63a9895969ec6fd13b798d5a0401c2e18a580f10505d5abc79a799088d59481a6c26b94180efda1c5c23e9b884f658d8fb0cd80e8e6b3a20c81676f47e929433c27bacb24257edf3e8630755e17d800d8db4f2be1fda9317ba2ecb53756fb0ca80701e49e209859f006a4324c0de093b3da7c23be79567990c79887a03ab64b787832dbaf2579e76d343d41d37431475d11e918393296bff7a33feb659948d554405fac79bf7cc7c4f702e0d74a3cc384f44bdcb800cb24ee11c9531418c1c82453c0410514391cf5679e4d0d9949a8ce20ac70c12694ea6ca08a87307a98a05d48c7608783e0acc829c65425d8677f103a92e1c852164f09ab67f9a155f3575b2ec3ccfd7cb9ad431dd875369abb7ea31b994e2e39a59e5bd93bc8852ea3e2efff3707c8e1319e6c16be14e3386ad2bb5affb435c2436762b58dc6ffeec0743ea0dca0384ef1217db3d6219fb2921861b176fa0b714decb2e5bfe305691d92c4c65a427ab02b8cbf11a701fe74c20de74ef56ed85fd9136ca03b15d0d99e553ba4ebc8ac4e6c41506c97a33c9a05ce53d19bf62cf6ff16ede1bdbee982553bcf11ea5d2d4922f4e7ba82c83a6307610e34da0ca81c43193cdd16a8bd73b6b119461dd245e1f033da72e644614743741b34bc7813a3937a6447e499f036440781a43ccef1bcc15c8b58999e60ad807e82529bd8c819194f0e396b0d93168fc800c0fec2b7b260d1b6c18956d66ad2db20acb3117a2bd17ddb5c046559461f5e91c74b89535c49efb89bf78ec20743017eae6e1f7c393d28f5c8f7c0f0914a30eb2626a294a3ed7ada207e51bd7a95204605af2b8586c29fdf88ece2a3a5a068430a571d98c26e51a45bbb50231197363845c76f58506bf31738a23fe792f678c042e30d7dd5f19ed5ab4bb36536671e160925d4af6ff078c2b7dbdf9c55ed31e61eacc01babc62d9d2e671bc6c1932e170e3dcc5ad67a9ea7d46fca2f256fbf781019782d4066331fe10f62a6ae077a8b9569dc4bac6b90fb730a968f1782cbfc5e005bad8d9b00ae9199c81e317d91196abc75f1887cb8ffcb440f37a972d4ced20f158844e0ee36111a4247dfda14cc5cada6d372e75ee370149d7fa822f73ef0edc835a338c6d5699911fea2fedd7f3e381caff836a690331327f96ab7904a461ef5a36ce5f552bc1d1d9968106a7b8e07eef4aae2e716422a2fb7b0c1e05f09c29ca83f3405adb80e237d6f145383ec4885573e50ca2ad014308ed70477257f4d904089eec809c55d85684265a1d3b00718cfb14d644463623ba225aa95bee2a95e13a0817e2c98d96b822e6e4ef36d18a831699889034d116c84e45467f46140b88c765339b04ee65e3ef12356fe6d7ef1c80653d2e34af6e03c4503431f775e161ab7edbbfd9316372084e5e69d98443d529c9488e26c40734a636d3cb2f3b7e9bf248d647382937e623f1a7119a8deb731db5e2dbb5cc9d7b60e80f35ada2ee398d3a6c1d1d9c485d4c31c4e3beb69017bc92d9d1eba03994832aa7081bc0d29d97154c20f29d183c589e939f2e62ee71ebcbbf42ecdc9b0342920112b6a50bfa1558ca9b8af99008a8a9be29d121b4cb879ad0f61a21d57698cbda61acf65abd1912e1956226ee647d1e87315939ec9d98db2e49101964e26b28350c7fa529bbcad3c1794c2c52fa63755f09b6e1e2ee4d63050f7197b8d013296b1594a8aa16aafbb3cd4cead348e1c1a9cbdcbc09908e8696a72528ecdf12579e3a9d16afcc7b995398e3f0e6c169363195c454c0d761b20a073c962b29d0dc6dc053a586fe928ca31a759781744ed81844ae0c002b039c32538d35cc293d1fe828123110c07a81e6e0ecabf7075cd890c88c4b67a900464a234dc7043ad678f189c4c47068f16d9cc2ea87211cac5d3c3db3e220eb2463a548d4329093d486ea81c020bb72bffaaf205490011900e3dec6dc911343298a47019dd4d18a8bd71cad38ada40ffe14072790ab40c0a586a3ce452dc15940847ce5c794a6840ff6222c934893226bf8315a0be2f2fb6371cfeeedfe94736af945259bee27ce07827b4fa6dfab66e28ebde09053cf8ec25861aad91cfd1efcb69e60cf8ff3c1b8283301c0b5c1122f7b0733fcfe7f71066d74da3a0fa3abe052de9acf07aa091c139120bf5a35fadf7894d494d34f4e10b5cba392de299c971b1cd8eb8c5fcfba94585f58b995c89136383742f318bb3c738ecf00014d9025b7b01b905aafbb58910a873e6dad1227dc062455b1390d8835e1ca0e0799993239fcc387f2bcc85380286c79317e1233faaade720b19b4847c97840fab93d928a2d664edf10c610110188c69cbcba07e95a7659ee5311dbb4fbbdb63c8c561a1d8e6f3c8c940c4ea4d8ebf8e18ca586f8da46e82dfd1fe22a396518f81b97fed2a3b1d36a7e5348e64838594f9f9aacc3494d01f2bf7cf78c5ab4d715aaa3300b384d80265c9675a9db90ea034d91731dd4c0186bdf370df405a8c3aac525aee5dc5174d61e0ea993b79f47f63ca6d7fa2cb2ac622020e7f7b1c4701a248835de588056c4ca462777cca604c3df4d4984ae969c3bfd440906360341b624a234f28de5e5f2fd22b13daae2ce5afcec92a7950930b771c18f18926cedbfe440ec532e343ba80da0ae9f5f5357094052c26d554715a08670aa16bc4d7787a5d81af654e37133e3557d36ca5a9b6206b0d5a0e82c210e4f9693a91d8a5d7d074cce6c9b9f52ca31f0895add87f9fd430b6cf3e9ad17aeae6ed22278b41a2ae03eebb14d679a11372a5850d2456714bf379799d4b8fae37c0e6176c2b6017a73c2234133632a4f0b582a79573e3fb1669a94708da158443266feefe6cfe3b618d1a9cadc213952c420267016deed5cdcfbd521fb8d0f93f5d445b682a67f214d73467c4c76719eef00990fbcbc327ad082a111bc618593bdb67bad926a47c4a5bf18a37abb8f8b6808d69c36520e9dd74799f565cdb5cdea0d89888b4e83b885aaf1c08131f9bb680392b83aae52911f824865a0678160aceebbfb599871399319c4743ae40fdb9d8219ff9ca1c910e42eeb8e79c902b2bfa71ca623ca5ab04b191c50a2a131dbfa051fa4419161285e39ba8eced0fa666b0a83d7677e786396e63efcb0122c437b2396d4b93047320c136e965f24884bbc7f7211c92330205241b1b50013881ba99c1f630f9942be247bbb8db79d517d60d71d16270d7abc0780b812efba3dec50711bd7cbdfa1606bafca8401c44f3672b64a5fd53fd6f8f4dbde88e3dee77df73eba8deeebe60ebbea469fc95e69210be69cf3c483c1ed1e109dd96f4c87e23a2350574e7c6d856628dced7383176ec275fcec450a0cd3c3762d7646ea93c3dc83914127c344c05f6d951e733da419dc5ffb448cbac887194560a0e6072c4bb6c46678a15e6c4086dcae730ac7100d2fa6885002ee67fdb3191179646fcbffd570d4c788e21557acddb0a169e358b3ad891db2013f5155793a8cd8b30a89081709a9d32abe87b8c659439443c5b2a2b4154a531220c7ed0a1719b379d0586ba129b64c6c648546e127e2a9e12121d7a23d453ced5d1659fae2e8472d0a57837dea21faae210abdc7647491cff768dc4b22a3848be5fa919f475117eb9be58660db072ca53c4496308c75a341deb2637c58b58d33e06659d0ef2b89f2e39d7489365ff42204353887b2911b8ab780ca4939033717223286671fe3a91eace5eb8ef8e613cb2256e9cf98a828f3568e89a8124a23f796f49243a5d9e194f4dc832a756fa800cf25a919ca672d027b9aea023261f8d2e923020f9f80292e9a5288160632ceb2017c3f355d1e87371a2db60d6ef950161c9aab029e9e41d3539ec0b73041586063d060e7c1a03d40347b25f6c304f37babf81ad29acd7e7843a15024de14d6f4eb41ac1bf595938c8c831802bddfda06c714c05ffd88954b230d1bdcc1e186ce5e856483b571b7181770c29df1b1997916949194066134a3ec3ad3ffe2075cc4c327f6a50dedb03c63e791f5d2ecc04fe56c96d7e24175c6d9fa6c0f9bbbc51686ae9ad58c7ce31744610e4ba65c86f19cb03cb93fc570d5b8a3e14b5500df16c8929e263193f57d6dd358a1d958bb43a21b5bb59e218bf7eac475c852a0291fdda5a07c8a35a34ffe25d869c769242bc2ac43b9a7a3c6699a5dc51d5289a075406e893adc7cf3bc460914fe02f287c8bed53fb562c36561caee0a49aeb021235aecfa1897bd118f876d7b10b274ce0328eae9b6586296347c8021ea5d3bb651d7fc7ef7810dd8358850c0f6bd2e17b56cd904c52d6f09f3488c6888e78558cc2c1ec1ae10aee278a3d6aa94ea83e2c62fb3fe9f109e34b1911f87cc37d4ec57f0df5aeae79aa4fa669efef94a35298d9cb0221dceb1579094df98bbbc2f5934c52c4dceca9c3296e8a19ca944c8a9222cd0a98dcdc399fd7ed7eee87d90faa80c5a87a13dd195683e94ff03eed98cc5015a31e587497f9152e43423b8f60df798384be82b41736aba5e40ce8ddfd4197637769fa8143886dd72af1ec9bb9b2860fb23f64ac33e8dfa5496fe2099a0d2a7d6c5991e858b909221981dd426bdaa2f98a4d85d8bc6bbe054861c83c2a7c817ed30aff28942165c0a97e0705a759d38c204b41d757501cf5692645c561e9f74e9fc0e77aa2c72880066d7397be02931ac1e51e3a4a624110e89d782479b7566d711504c62724617648ddae642e45696909bc03f4dee792cb7065ad13b4098400bb1f5b85602f8abb6c3cd0e113a04df48cc27b3524de423bcd2468b96262059958c3b576fd755a3f47e6e8adb9707b781545eff74eba17e3165e0aa070a113c9dfe8e02628581a31284d10b4bae5fed080f3fc34785e388e4ea17107945e3542f103e2991084d55165ddc8a42e66ab8011d030c9b2b8ce7dbbe556b40bd37e8adb463cbcb98f721dbafec0effa06975360cf73d1402f973fad361769f7a6fc58b4e4309e973b180662ce8bcbcd2856dc869cad595c9403c34745f59a48648397c8bac67e3df1f5f9463f4ee0cdb6f0e0e14d88b7b56627bad0e79c9b1449efe71517125591671122b482887b36af65250efb90d6de209b38285305fb4460d418046e422c5726b095ea16396878d2884bf0342f3909b9b497cad70fb25d6a6edd41df986bd4586608c45c9dbe452424f1b339cea49d88b2c4e9968e27da1b6bbb62074fd24368cc0f60dadb5965efaf09788d618a76cec20920bcf1634c93b101f15cdf12ad81ab311a0963679be0b1fa1fddada5c37e0fee1cf92952375133b518edac696889a54c6c42bf655f8b982704ee2356133d78c20ef8ec58bc4b1b3b71b8440aca555ddb82e8c6774970298116369847d443e0fc134aab890c658bce45801df1e1ca6b2eb433e0af4ccf7436d7", 0x2000, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
msgget$private(0x0, 0x4e4)
msgctl$MSG_STAT_ANY(0x0, 0xd, 0xfffffffffffffffe)
socket$inet(0x2, 0x4000000805, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001)

19.544840957s ago: executing program 4 (id=1528):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$BLKZEROOUT(r1, 0x1268, &(0x7f0000000240)={0x0, 0x1000000}) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0xb, &(0x7f0000001840)={&(0x7f0000000240)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000400000000000900020073797a300000000014000780080013400000000008000640000019000500050002000000050001000600000012000300686173683a6e6574"], 0x60}}, 0x0)

19.426399794s ago: executing program 4 (id=1529):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x38, 0xff, 0x4f, 0x40, 0x13d3, 0x3219, 0x7a67, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7a, 0x1, 0x0, 0x5e, 0x8b, 0x15}}]}}]}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$unix(0x1, 0x1, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socket$inet_dccp(0x2, 0x6, 0x0)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

17.993994636s ago: executing program 1 (id=1533):
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
socket$inet_dccp(0x2, 0x6, 0x0)
socket$alg(0x26, 0x5, 0x0)
fsopen(&(0x7f00000003c0)='ext3\x00', 0x0)
syz_usbip_server_init(0x3)
socket$l2tp6(0xa, 0x2, 0x73)
write(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c)
r3 = socket$inet6(0xa, 0x3, 0x8)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000080)={{{@in=@local, @in6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0xfffe, 0x0, 0xfffe, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x400}, 0x0, 0x1}, {{@in=@empty, 0xffffffff, 0x6c}, 0xa, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3}}, 0xe8)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
close_range(r0, r2, 0x2)
mlock2(&(0x7f0000668000/0x4000)=nil, 0x4000, 0x1)
mlockall(0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000080850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000200)='ext4_ext_rm_idx\x00', r4}, 0x18)
r5 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
r6 = io_uring_setup(0x74d, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x75, 0x0, r5})
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0x1a, 0x20000007, r7)
fcntl$setlease(r5, 0x400, 0x1)
fremovexattr(r5, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
syz_open_dev$video(&(0x7f0000000040), 0x7, 0x88802)

17.796073113s ago: executing program 4 (id=1534):
syz_emit_ethernet(0x4e, &(0x7f00000005c0)={@local, @random="cce390677742", @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "479b0c", 0x18, 0x0, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0={0xfc, 0x0, '\x00', 0x1}, {[@dstopts={0x87, 0x1, '\x00', [@padn, @calipso={0x7, 0x8, {0x2, 0x0, 0x1, 0x40}}]}]}}}}}, 0x0) (async)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0xad, 0x18, 0x38, 0x40, 0xcf3, 0x1002, 0x4f2c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfa, 0x0, 0x1, 0xed, 0x88, 0xb3, 0x0, [], [{{0x9, 0x5, 0x4, 0x10, 0x10, 0x3, 0x4}}]}}]}}]}}, 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x458, 0x501a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0) (async)
syz_usb_control_io$hid(r1, &(0x7f0000000a00)={0x24, 0x0, 0x0, &(0x7f0000000940)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x0, "2c98d613"}]}}, 0x0}, 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[], 0x0)

16.794662961s ago: executing program 1 (id=1540):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000030000240012800b000100697036746e6c000014000280050009002900000008000100", @ANYRES32, @ANYBLOB="080004"], 0x4c}, 0x9}, 0x0)

16.510045114s ago: executing program 1 (id=1542):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_open_dev$usbfs(0x0, 0x205, 0x8401)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000001a80)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
signalfd4(r0, &(0x7f0000000140), 0x8, 0x0)

15.859190559s ago: executing program 0 (id=1544):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x8, 0x0, 0x1800, 0x0, 0x61, 0x10, 0x54}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

15.650103544s ago: executing program 0 (id=1545):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x11}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000200)={0x0, 0x3, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f905ecc2"}})
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x50, 0x0, &(0x7f0000000080))
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x88, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721"})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmmsg$inet(r4, &(0x7f0000000540)=[{{0x0, 0x0, &(0x7f0000000000), 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="40e47dcb003e4932a1", 0x9}, {0x0}], 0x2}}], 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0000000104050000000000ef0000ff7f0000000000000002000000d5381253b65054649383407182a65bb03cf023d562572ff6e4f05bee4312183d2d8c550ee2a15a768a23d6e30e2ef0e61812db17edf87b2aa5b240cf48a9e52a0b8f37431d4949a051516555280386efc24f5e86cdf675b89ce54e7a580b7ac283e92b63cb0eab9f6643a19ec192ca0f4b5212e58581c13582d98f9b682f9f65e509fab695eee3e87fe6d4f0049a643d40362b65c4c83c196cf2c9c44071e00eb200abba5b5e922d2ad800bca4ba6ff08407a2cbb014fea0cddd2b5b01c5664659d2860995828138ad168147aa951ee25ef6f975af9cf45aaa59488b083a4c4bd599c3f5cc5f8b9d8a35abd6edff01e3014933c1c0221b21a85eb4e303aa9693ffffa38d0530023ac1ee9f82b100b87ba38345efa9d901aaa63d0328ba40fd5520b4e68e7f2ac61309b070b9876c991ebff28156062e2bdd1970bbaae0a38ef6554330cb836661a828b7a004f9df6eda45202ca5b97345c4a9c1a9f5d8c11a84"], 0x1c}}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffff"], 0x6f4}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88ad9925}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e22}, @IFLA_GENEVE_TTL={0xfffffffffffffcfd}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0)
r8 = socket(0x1e, 0x3, 0x0)
setsockopt$packet_tx_ring(r8, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
r9 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc}, 0x10)
sendmmsg(r9, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
setsockopt$sock_int(r8, 0x1, 0x8, &(0x7f0000000000), 0x4)

15.608767664s ago: executing program 1 (id=1546):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56e, 0x11c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000480)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="4f534b05a0ccd05dc989df85a711d64cb90cf0acf72587cbc8e887588dc4e66f21cd36af134ab53c974addd4e0e8b4f189ba84166dad7c17a60a6a18a45594d0b1cc2cd07c8fd2053b0b79beac9214b3dc"], 0x0, 0x0, 0x0, 0x0}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
userfaultfd(0x0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x400, 0x0)
ioctl$VIDIOC_G_SELECTION(r2, 0xc040565e, &(0x7f0000000100)={0x2, 0x101, 0x1, {0x2, 0x9, 0x1, 0x5}})
r3 = creat(&(0x7f0000000040)='./file0\x00', 0x1de)
close(0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000640)={&(0x7f0000000540), 0xc, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x8040}, 0x80)
execve(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000080)=[0x0, &(0x7f0000000a00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX cz\xb8\x14\xec*\xed\xa6u\xc4\x14*\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xe6\\h\\\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xc1\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\x82\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occQ\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6z?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\xda@\xc7-\x93\xbc4.C\f\x193\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xad#\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80M\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xb2\xea\br\xfb\xdc\'\xb8\xdbh\x02|\xacW\xd5\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9o\xda3C\xa0\x06\xd4^\x8bQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xe36\xa1\xd3\xb1o\x7f0:}\xad\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44L`\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf\xab'])
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'batadv_slave_1\x00'})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000eafa7240936901b0293df400100109021b000124a80080090400000103"], 0x0)
r7 = socket(0x29, 0x0, 0x7fe)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r5, 0x4068aea3, &(0x7f0000000180)={0x79, 0x0, 0x1})
r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, &(0x7f0000000400)=0x2)
syz_usb_control_io$uac1(r6, 0x0, 0x0)
bind$can_j1939(r7, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x0, 0x1}}, 0x18)
ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x9, 0x5, 0x0, '\x00', 0xfc})
ioctl$KVM_RUN(r8, 0xae80, 0x0)

15.257231392s ago: executing program 2 (id=1547):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
io_setup(0x2, &(0x7f0000000200)=<r1=>0x0) (async)
r2 = eventfd2(0x0, 0x0)
io_getevents(r1, 0x1001, 0x0, &(0x7f0000000400), 0x0) (async)
ppoll(&(0x7f0000000180)=[{r2, 0x11}], 0x1, 0x0, 0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r2}]) (async)
syz_usb_connect(0x2, 0x2ca, &(0x7f0000000bc0)=ANY=[@ANYBLOB="12010000c44d3010990407108fdf010203010902b80202000000000904ce02078d0e9901092406000152f5c3c005240002000d240f01090000000600bcf30306241a0600090c241b9060080053064000080424020005241502000c2407070000000001009b0f05240101080905060040001603817d03cd01496c5ea4e1b402464a4cd5f585899ad7e298090089e4f9aa823af7bd44c7f782edc8f2d93408bcd6a07ea219e3728a4c1062c30231048e9f3b4723719db5d079295d9895ebb777ef70408ad9d2011a47892a6daf274622d7449db47104f8a91ea3ae633682fa432ddf5a4f21bafef16268c07b0a52b677082609050b140004070d0209050416200079a3090725018005ff7f09050d02ff03800808970b2d417d0bfa9c4cf4f9257305743a28059aa66998af3cb2080a7860cd9b75eeaa34fb622b9f862c2222120497a7ae56e633f2aa861f0de9e5e7ff2f9ef052c11d9f6fdb45419c48d6fe090192e5431de191c61142fc8fcd4aa49889a2606218584e51975554f5650993efdb00ddc2f46421cdcba016cecba190e374c283f4d9412824c18177b613f099c5d1f8e5aa3b5b7b7c6b59410725010200050009058c030800"], 0x0) (async)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe6, 0x35, 0x55, 0x40, 0x5ac, 0x290, 0xdc1b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0xbb, 0x2}}]}}]}}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000003340), 0x0)

15.07819952s ago: executing program 0 (id=1548):
sendmsg$alg(0xffffffffffffffff, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000005c0)="f4", 0x1}], 0x1}, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)="30a0", 0x2}], 0x1}, 0x4040001)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r1, 0x2}, 0x18)
connect$can_j1939(r0, &(0x7f0000000200)={0x1d, r1}, 0x18)
sendmmsg(r0, &(0x7f00000038c0)=[{{0x0, 0xfff5, 0x0}}], 0x3ffffffffffff06, 0x0)

14.80229136s ago: executing program 2 (id=1549):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00')
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2000005, 0x10012, r1, 0x0)
rt_sigtimedwait(&(0x7f0000000080)={[0x7fffffffffffffff]}, 0x0, 0x0, 0x8)
getdents64(r0, 0x0, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000200), 0x81, 0x6a00)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r3, &(0x7f0000000240)=ANY=[@ANYRES8=r3, @ANYBLOB="1c15f089914b328061f3daddf23b35e0fdb93844c36f9a3de43dd249bd18f5b0c0e234d1bd64adb70917d40969fd7ab28b38b1239a5b268719cad7f33df57854eaa7e04c29d1cd2d506942824ae7dc19f5333e8113ef9e94188d4d2b4c02a393a6320730babc38ecec7416d468a3d067a341edc760139bceef4fd834f7326ab8f8"], 0x1a3)
write$binfmt_misc(r3, &(0x7f0000001640)=ANY=[@ANYRESOCT, @ANYRES64=r2, @ANYBLOB="daa89af11498b8957f6cb3dc462c48f6e072368f1a98448a06ebdef39ebf4070245537a92cac8709813443eb17a646f39db900c847df70"], 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000000c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2803000000003ca4d9ee9276cecfc11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992800000000000046d32d8800", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6, 0x10]}})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), r0)

14.802085309s ago: executing program 0 (id=1550):
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)=0x28)
r1 = memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01', 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r1, 0x0)
fallocate(r1, 0x0, 0x0, 0x400)
fcntl$getownex(r1, 0x5, &(0x7f0000000000))
socket$igmp(0x2, 0x3, 0x2) (async)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000000)=ANY=[], &(0x7f0000000100)=0x28) (async)
memfd_create(&(0x7f0000000280)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8dR\xbb\xea5F\x00G\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\xf4\xcd\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01', 0x0) (async)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0xe, 0x12, r1, 0x0) (async)
fallocate(r1, 0x0, 0x0, 0x400) (async)
fcntl$getownex(r1, 0x5, &(0x7f0000000000)) (async)

14.663357433s ago: executing program 0 (id=1551):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
dup(r0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0xecf86c37d53048c3)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=@newlink={0x108, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xd8, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc8, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x1f}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x9, 0x2}}]}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x4, 0x2}}, @IFLA_VLAN_PROTOCOL={0x6, 0x5, 0x8100}, @IFLA_VLAN_INGRESS_QOS={0x1c, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0xfffffff8}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x9}}]}, @IFLA_VLAN_INGRESS_QOS={0x70, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x10000, 0x10010}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x68}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x5, 0x95ee}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x3, 0x8001}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0xb22, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x4, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x6, 0x2}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x81, 0x1}}, @IFLA_VLAN_QOS_MAPPING={0xc, 0x1, {0x18e7, 0x6}}]}]}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8}]}, 0x108}, 0x1, 0xba01}, 0x0)
execve(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x2c, 0x3b, 0x107, 0x0, 0x0, {0x4, 0x7c}, [@typed={0x4}, @nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x2, 0x0, 0x0, @u32}]}]}, 0x2c}}, 0x0)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8}, @NFTA_RT_KEY={0x8, 0x2, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000080))
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000002f00)={0x0, 0x10, &(0x7f0000002ec0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000002f40)=0x10)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
poll(&(0x7f0000000000)=[{r7}], 0x1, 0x0)
ioctl$sock_ifreq(r5, 0x89f0, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x20000000, 0x0, @cisco=0x0}})

14.648252183s ago: executing program 3 (id=1486):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000002c0)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded01007eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000200)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800c541d48e0000abfb6f051e0b50306d2e150dcaed3a3b3cac4da902913f94eb5cab291bb54a2abde66b6b2731456112a3212b86c818cfd37169c72445bed42a186291f6fa08756e7d09a576c24a6513fa7d8d1fea355345cdd0f1c615311a2bfb18c78e975d2134d4da25eead3ff5636d244b38c12f822633a7192fa348bceccd42dbb1e6c62b06064e64b262b2dd9f3e5f5830038900984935541b49aa72ee1b5e9af4d94b6ba98fdea46d82ea1f27161283458d1cabd0568df28771e0c833970538be0bae3ca56eebcd6bab12e0", @ANYRES16=r3, @ANYBLOB="000328bd7000fcdbdf250700000008001100010000001400080076657468305f76"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x44010)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x8, 0x1}, &(0x7f0000000400)=0x8)
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0xc0185500, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0})

14.390165491s ago: executing program 4 (id=1552):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28"], 0x50}}, 0x1)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2b, 0x4, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0xfffffffd}, {@remote}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x8}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@multicast2, 0x2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0xdc, [@rand_addr=0x64010101, @multicast1]}]}}}}})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000400), 0x1000, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_print_times', 0x149e80, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200))
ioctl$KVM_GET_MSRS(r4, 0xc048aeca, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0)
r5 = dup(r0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="021800001c000000000000000000000017000500000000000a000000000000000000000000000000000000000000000100000000000000000800120000000000000000000000000006000000000000000000000000000000ac1414bb0000000000000000800000002001000000000000000000000000000205000600000000000a0000000000000020010000000000000000000000000001000000000000000008001900000000000a004e2400000004fe80000000000000000000000000001e000100000a0000000000000000000000000000000000ffffac1414aa00000000"], 0xe0}}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0x7, &(0x7f0000002040), 0x0)
inotify_add_watch(r1, 0x0, 0x35c65f1740c9eeb4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

14.265625391s ago: executing program 4 (id=1553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, 0x0, 0x0)
socket$kcm(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = syz_io_uring_setup(0x118, &(0x7f0000000140)={0x0, 0xfffffffe}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x140, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f00000021c0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[], 0x5c}, 0x1, 0xb00}, 0x0)
write$FUSE_INIT(r5, &(0x7f0000000400)={0x50, 0x0, r6, {0x7, 0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r7, 0x40806685, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r8 = socket(0x1e, 0x1, 0x0)
connect$tipc(r8, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
r9 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r9, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)

14.026147177s ago: executing program 3 (id=1554):
syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd602abe0000181100000000000000700000000000000000415100000000000000000000000000000000004e21001890783826000000000000000000"], 0x0)
r0 = syz_io_uring_setup(0x24f9, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=<r1=>0x0)
r2 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
sync_file_range(r2, 0x2, 0x5, 0x2)
io_uring_enter(r0, 0x45a5, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYRESOCT=r1, @ANYRES32=r1, @ANYBLOB="000000000000002e24001280090001007866726d0000084214000280040003"], 0x44}}, 0x0)
r3 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x20}}, 0x0)
getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000000), 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)
sendto$inet(0xffffffffffffffff, &(0x7f0000000240)="94", 0xfffffff2, 0x61, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

13.782154061s ago: executing program 3 (id=1555):
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
syz_open_procfs(r0, &(0x7f00000000c0)='net/vlan/vlan0\x00')
r1 = syz_usb_connect$cdc_ecm(0x0, 0x5c, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024a00010100000009040000160202000005241b000a05240000000d240f010000000000000000000624070000000905810340000000000905820208000000000905"], 0x0)
syz_usb_ep_read(r1, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_ep_write(r1, 0x2, 0x44, &(0x7f0000000040)="5b0c93debc152e07039ab7f3842bf9414903e231ab23b00d1e42cd15196fcc56998b9cfac538ab61e8d3a0dc71da72302c31ba14221ec95b0331377ef5bee8d01ddfdf85")
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x6c, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x10, @dev={0xfe, 0x80, '\x00', 0x36}, 0x10a27}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x6c}}, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9) (async)
syz_open_procfs(r0, &(0x7f00000000c0)='net/vlan/vlan0\x00') (async)
syz_usb_connect$cdc_ecm(0x0, 0x5c, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024a00010100000009040000160202000005241b000a05240000000d240f010000000000000000000624070000000905810340000000000905820208000000000905"], 0x0) (async)
syz_usb_ep_read(r1, 0x0, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_usb_ep_write(r1, 0x2, 0x44, &(0x7f0000000040)="5b0c93debc152e07039ab7f3842bf9414903e231ab23b00d1e42cd15196fcc56998b9cfac538ab61e8d3a0dc71da72302c31ba14221ec95b0331377ef5bee8d01ddfdf85") (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), 0xffffffffffffffff) (async)
sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x6c, r3, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x10, @dev={0xfe, 0x80, '\x00', 0x36}, 0x10a27}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x6c}}, 0x0) (async)

13.78189427s ago: executing program 2 (id=1556):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000020000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000060090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000b640000000c0a03000000000000000000070000000900020073797a31000000000900010073797a300000000038000380340000800800034000000002"], 0xf8}}, 0x0)

13.640853923s ago: executing program 0 (id=1557):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000001a00000a000000001500000002000000000000000000000005001b60d48c2fb462a10c64158b0011000000"], 0x24}}, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
r1 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x1})
syz_usb_connect(0x3, 0x36, &(0x7f00000005c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r5, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x2]})
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b700000000000000c3000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f26019e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22e9bc162bcc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd80102fc9ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b639767c609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e989986dcbc900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb083fb0a7e607452d8d335fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f64949680000000000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x2, &(0x7f0000000440)=0x82, 0x49)
ioctl$int_in(r6, 0x5452, &(0x7f0000000040)=0x401)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = add_key$keyring(&(0x7f0000000240), &(0x7f00000008c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000100)='rxrpc\x00', 0x0, &(0x7f0000000080)="000000000000004088fae7df591fe6f51d37ce5f9084ff6943b8000000f80000a101b28a9c680028e200000100864104bfeacd1f63dd65dd530700a2e99f1f9c856d24196a983326f58afa9fa492bf8cec4529e4", 0x54, r7)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0)
recvmsg(r6, &(0x7f00000033c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/178, 0xb2}, 0x120)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x141102, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

13.590708003s ago: executing program 2 (id=1558):
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000700)=ANY=[@ANYBLOB="5401000010001307000000000000000020010000000000000ee79a89000000001c00000002ac1414bb00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa0000000000000000000000000000000032000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00040002"], 0x154}}, 0x0)

13.446253969s ago: executing program 2 (id=1559):
sendmsg$NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x20}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002500)=@delchain={0x270, 0x65, 0x0, 0x0, 0x20, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x40, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x8c}, @TCA_U32_INDEV={0x14, 0x8, 'vxcan1\x00'}, @TCA_U32_HASH={0x8}, @TCA_U32_MARK={0x10}, @TCA_U32_FLAGS={0x8}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_matchall={{0xd}, {0x1e4, 0x2, [@TCA_MATCHALL_ACT={0x1d8, 0x2, [@m_connmark={0x14c, 0x1, 0x0, 0x0, {{0xd}, {0x74, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0x80000001, 0x1, 0x5, 0xe8}, 0xfef}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x7, 0x3, 0x6, 0x3ff}, 0x4}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x2, 0xc7, 0x10000000, 0x4, 0x66}, 0x6000}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x7, 0xa72e}, 0x3}}]}, {0xa9, 0x6, "017ac6f70a7d72bdd2ebb9c37cd51e3731940a8c3962ec16f26c0acd9621d0955c722dbc3bd6821808165aba58e4e627b5d96f75ee35cfe6cb2376301fc8f38a1b1029d21cf29011024ac0fea61bd80451495bb4ce2432b5b67640b70fa5ba3bf358e4bcfdf1f3507c6ecd8972c496b925478fa8852aea56be370a314f0f76794fdf6c52ae7e72b409df5da4ddb8b5ad499436d40ced6122247cdfe1cd0778e1a9da82ec3e"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_skbmod={0x88, 0x16, 0x0, 0x0, {{0xb}, {0x5c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_ETYPE={0x6, 0x5, 0xfff8}, @TCA_SKBMOD_SMAC={0xa, 0x4, @local}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xfffffffc, 0x6, 0x6, 0x4, 0x8}, 0x4}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x1}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}, @TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8}]}}]}, 0x270}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x59616d61, 0x1, 0x0, 0x0, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000080), r0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

12.78534516s ago: executing program 2 (id=1560):
r0 = gettid()
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) (async)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0) (rerun: 32)
bind$inet(r1, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) (async)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000040)=0x1b3a, 0x4) (async, rerun: 32)
setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000140)=0x9, 0x4) (rerun: 32)
sendto$inet(r1, &(0x7f0000000080)='m', 0x1, 0x0, 0x0, 0x0) (async)
recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x2000)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0xaf02, 0x0) (async)
madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) (async)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x1ba42c6702384f1a, 0x0)
ioctl$SNDCTL_SEQ_CTRLRATE(r2, 0xc0045103, &(0x7f0000000180)=0x6b96)

12.646578251s ago: executing program 3 (id=1561):
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="8c00000010001fff000000001200000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800b000100697036677265000030000280140007002001000000000000000000000000000014000600fc020000000000000000000000000000040012000800280070cf00000c0019800500060014000000080004"], 0x8c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

12.219360535s ago: executing program 3 (id=1562):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0xffff, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x10, 0x1, 0x0, 0x1100}}}}}}, 0x0)

12.178507647s ago: executing program 1 (id=1563):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28"], 0x50}}, 0x1)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2b, 0x4, 0x0, 0x0, 0xac, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1, 0xfffffffd}, {@remote}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x8}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@multicast2, 0x2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0xdc, [@rand_addr=0x64010101, @multicast1]}]}}}}})
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000400), 0x1000, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_print_times', 0x149e80, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200))
ioctl$KVM_GET_MSRS(r4, 0xc048aeca, &(0x7f0000000200))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0)
r5 = dup(r0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="021800001c000000000000000000000017000500000000000a000000000000000000000000000000000000000000000100000000000000000800120000000000000000000000000006000000000000000000000000000000ac1414bb0000000000000000800000002001000000000000000000000000000205000600000000000a0000000000000020010000000000000000000000000001000000000000000008001900000000000a004e2400000004fe80000000000000000000000000001e000100000a0000000000000000000000000000000000ffffac1414aa00000000"], 0xe0}}, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
prlimit64(0x0, 0x7, &(0x7f0000002040), 0x0)
inotify_add_watch(r1, 0x0, 0x35c65f1740c9eeb4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_RUN(r7, 0xae80, 0x0)

0s ago: executing program 4 (id=1564):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f00000002c0)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded01007eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000200)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_MODIFY(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800c541d48e0000abfb6f051e0b50306d2e150dcaed3a3b3cac4da902913f94eb5cab291bb54a2abde66b6b2731456112a3212b86c818cfd37169c72445bed42a186291f6fa08756e7d09a576c24a6513fa7d8d1fea355345cdd0f1c615311a2bfb18c78e975d2134d4da25eead3ff5636d244b38c12f822633a7192fa348bceccd42dbb1e6c62b06064e64b262b2dd9f3e5f5830038900984935541b49aa72ee1b5e9af4d94b6ba98fdea46d82ea1f27161283458d1cabd0568df28771e0c833970538be0bae3ca56eebcd6bab12e0", @ANYRES16=r3, @ANYBLOB="000328bd7000fcdbdf250700000008001100010000001400080076657468305f76"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x44010)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x8, 0x1}, &(0x7f0000000400)=0x8)
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0xc0185500, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0})

kernel console output (not intermixed with test programs):

evice number 72
[  757.453832][T11077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  758.301178][T11127] netlink: 'syz.3.1348': attribute type 21 has an invalid length.
[  758.309448][ T5992] usb 3-1: new full-speed USB device number 75 using dummy_hcd
[  758.485241][   T52] usbhid 5-1:0.0: can't add hid device: -71
[  758.506123][   T52] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  758.521763][ T5992] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  758.545964][ T5992] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.559568][   T52] usb 5-1: USB disconnect, device number 69
[  758.585954][ T5992] usb 3-1: Product: syz
[  758.606224][ T5992] usb 3-1: Manufacturer: syz
[  758.613583][ T5992] usb 3-1: SerialNumber: syz
[  758.616406][ T5992] usb 3-1: config 0 descriptor??
[  758.825279][ T5992] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  758.825334][ T5992] usb 3-1: setting power ON
[  758.825988][ T5992] dvb-usb: bulk message failed: -22 (2/0)
[  758.835440][ T5992] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  758.866550][T11146] fuse: Unknown parameter 'roTtmode'
[  758.883886][ T5992] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19)
[  758.894245][T11146] fuse: Unknown parameter '0x000000000000000a'
[  758.900430][ T5992] dvb_usb_cxusb 3-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  758.903945][T11146] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1353'.
[  758.918306][ T5992] usb 3-1: USB disconnect, device number 75
[  759.116688][T11152] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.1355'.
[  759.145477][T11152] xt_hashlimit: invalid rate
[  759.252292][T11155] pimreg: entered allmulticast mode
[  759.346744][T11157] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1357'.
[  759.368978][ T5992] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  759.515780][T11166] FAULT_INJECTION: forcing a failure.
[  759.515780][T11166] name failslab, interval 1, probability 0, space 0, times 0
[  759.529142][T11166] CPU: 0 UID: 0 PID: 11166 Comm: syz.4.1360 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  759.539619][T11166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  759.548655][ T5992] usb 2-1: Using ep0 maxpacket: 8
[  759.549700][T11166] Call Trace:
[  759.558242][T11166]  <TASK>
[  759.561207][T11166]  dump_stack_lvl+0x241/0x360
[  759.565906][T11166]  ? __pfx_dump_stack_lvl+0x10/0x10
[  759.574177][T11166]  ? __pfx__printk+0x10/0x10
[  759.579125][T11166]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  759.584662][T11166]  ? __pfx___might_resched+0x10/0x10
[  759.589996][T11166]  should_fail_ex+0x3b0/0x4e0
[  759.594704][T11166]  should_failslab+0xac/0x100
[  759.599526][T11166]  ? sctp_association_new+0x8a/0x2400
[  759.604926][T11166]  __kmalloc_cache_noprof+0x6c/0x2c0
[  759.610270][T11166]  ? __asan_memcpy+0x40/0x70
[  759.614884][T11166]  sctp_association_new+0x8a/0x2400
[  759.620442][T11166]  ? sctp_do_bind+0x679/0x950
[  759.625135][T11166]  ? __ipv6_addr_type+0x146/0x2f0
[  759.630339][T11166]  sctp_connect_new_asoc+0x2d8/0x6c0
[  759.635729][T11166]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  759.641732][T11166]  ? sctp_sendmsg+0xbb9/0x3520
[  759.646725][T11166]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  759.652562][T11166]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  759.658153][T11166]  sctp_sendmsg+0x219a/0x3520
[  759.662955][T11166]  ? __pfx_sctp_sendmsg+0x10/0x10
[  759.668050][T11166]  ? __pfx_aa_sk_perm+0x10/0x10
[  759.672971][T11166]  ? inet_sendmsg+0x330/0x390
[  759.677714][T11166]  __sock_sendmsg+0x1a6/0x270
[  759.682437][T11166]  ____sys_sendmsg+0x52a/0x7e0
[  759.687299][T11166]  ? __pfx_____sys_sendmsg+0x10/0x10
[  759.692718][T11166]  __sys_sendmmsg+0x3ac/0x730
[  759.697436][T11166]  ? __pfx___sys_sendmmsg+0x10/0x10
[  759.702679][T11166]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  759.708602][T11166]  ? ksys_write+0x23e/0x2c0
[  759.713217][T11166]  ? __pfx_lock_release+0x10/0x10
[  759.718258][T11166]  ? vfs_write+0x7bf/0xc90
[  759.722699][T11166]  ? __mutex_unlock_slowpath+0x21d/0x750
[  759.728345][T11166]  ? __pfx_vfs_write+0x10/0x10
[  759.733262][T11166]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  759.739266][T11166]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  759.745620][T11166]  ? do_syscall_64+0x100/0x230
[  759.750414][T11166]  __x64_sys_sendmmsg+0xa0/0xb0
[  759.755555][T11166]  do_syscall_64+0xf3/0x230
[  759.760098][T11166]  ? clear_bhb_loop+0x35/0x90
[  759.764818][T11166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.770722][T11166] RIP: 0033:0x7f4f8717def9
[  759.775158][T11166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  759.794898][T11166] RSP: 002b:00007f4f87ff7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  759.803346][T11166] RAX: ffffffffffffffda RBX: 00007f4f87335f80 RCX: 00007f4f8717def9
[  759.811431][T11166] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 0000000000000003
[  759.819611][T11166] RBP: 00007f4f87ff7090 R08: 0000000000000000 R09: 0000000000000000
[  759.827713][T11166] R10: 0000000004008040 R11: 0000000000000246 R12: 0000000000000001
[  759.835715][T11166] R13: 0000000000000000 R14: 00007f4f87335f80 R15: 00007f4f8745fa28
[  759.843713][T11166]  </TASK>
[  759.889606][ T5992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  759.901114][ T5992] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  759.921863][ T5992] usb 2-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  759.998688][ T5992] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.036211][ T5992] usb 2-1: config 0 descriptor??
[  760.159624][T11170] vlan0: entered promiscuous mode
[  760.620955][T11181] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1366'.
[  760.736898][ T5992] logitech 0003:046D:C20E.002B: rdesc size test failed for formula gp
[  760.788717][ T5275] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  760.828315][ T5992] logitech 0003:046D:C20E.002B: unbalanced collection at end of report description
[  760.853385][ T5992] logitech 0003:046D:C20E.002B: parse failed
[  760.872223][ T5992] logitech 0003:046D:C20E.002B: probe with driver logitech failed with error -22
[  760.970538][ T5275] usb 1-1: config 1 has an invalid descriptor of length 240, skipping remainder of the config
[  761.014260][ T5275] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  761.060621][ T5275] usb 1-1: New USB device found, idVendor=0403, idProduct=0008, bcdDevice= 0.40
[  761.082520][ T5275] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.094395][ T5275] usb 1-1: Product: syz
[  761.110915][ T5275] usb 1-1: Manufacturer: syz
[  761.116155][ T5275] usb 1-1: SerialNumber: syz
[  761.238802][ T5992] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  761.364054][T11177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.390948][T11177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.408651][ T5992] usb 3-1: device descriptor read/64, error -71
[  761.416860][T11177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.442967][T11177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.484398][T11177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.520036][T11177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.670973][ T5992] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  761.828778][ T5992] usb 3-1: device descriptor read/64, error -71
[  761.901817][T11204] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  761.958974][ T5992] usb usb3-port1: attempt power cycle
[  762.154974][ T5229] usb 2-1: USB disconnect, device number 53
[  762.308857][ T5992] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  762.340359][ T5992] usb 3-1: device descriptor read/8, error -71
[  762.588855][ T5992] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  762.629762][ T5992] usb 3-1: device descriptor read/8, error -71
[  762.739626][ T5992] usb usb3-port1: unable to enumerate USB device
[  762.868450][T11217] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1380'.
[  763.139096][T11231] dccp_invalid_packet: P.type (SYNCACK) not Data || [Data]Ack, while P.X == 0
[  763.205041][T11231] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1386'.
[  763.515183][   T52] usb 1-1: USB disconnect, device number 61
[  763.598808][ T5275] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  763.652667][T11255] fuse: Bad value for 'user_id'
[  763.657644][T11255] fuse: Bad value for 'user_id'
[  763.791029][ T5275] usb 4-1: too many configurations: 191, using maximum allowed: 8
[  763.800511][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.812719][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.823060][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.833540][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.843761][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.856352][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.858780][ T5992] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  763.867168][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.886208][ T5275] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  763.909340][ T5275] usb 4-1: string descriptor 0 read error: -71
[  763.915876][ T5275] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  763.925886][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.936166][ T5275] usb 4-1: can't set config #1, error -71
[  763.944110][ T5275] usb 4-1: USB disconnect, device number 73
[  764.028970][ T5992] usb 5-1: Using ep0 maxpacket: 16
[  764.040601][ T5992] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  764.052581][ T5992] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  764.073996][ T5992] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  764.084326][ T5992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.107811][ T5992] usb 5-1: config 0 descriptor??
[  764.467961][T11269] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.1399'.
[  764.482757][T11269] xt_hashlimit: invalid rate
[  764.540646][T11254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  764.579531][T11254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  764.604024][T11254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  764.621941][T11254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  764.642872][ T5992] hid (null): bogus close delimiter
[  764.651321][ T5992] hid (null): report_id 1459769513 is invalid
[  764.657526][ T5992] hid (null): global environment stack underflow
[  764.669535][ T5992] hid (null): unknown global tag 0xd
[  764.801280][T11282] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1404'.
[  764.842711][ T5992] usb 5-1: string descriptor 0 read error: -71
[  764.897198][ T5992] usb 5-1: Max retries (5) exceeded reading string descriptor 200
[  764.918740][ T5992] letsketch 0003:6161:4D15.002C: probe with driver letsketch failed with error -32
[  764.975982][ T5992] usb 5-1: USB disconnect, device number 70
[  779.138671][ T5992] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  794.419505][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  794.436767][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  794.445815][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  794.456631][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  794.464627][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  794.473343][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  795.179348][ T8198] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  795.195723][ T8198] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  795.205409][ T8198] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  795.214387][ T8198] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  795.222391][ T8198] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  795.231937][ T8198] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  795.301002][   T52] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  795.508828][   T52] usb 1-1: Using ep0 maxpacket: 32
[  795.539997][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  795.594323][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  796.538857][ T8198] Bluetooth: hci3: command tx timeout
[  797.338720][ T8198] Bluetooth: hci4: command tx timeout
[  798.028563][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  798.248562][   T52] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  798.346121][   T52] usb 1-1: string descriptor 0 read error: -71
[  798.411697][   T52] usb 1-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  798.508310][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  798.577374][   T52] usb 1-1: config 0 descriptor??
[  798.614404][   T52] usb 1-1: can't set config #0, error -71
[  798.622907][ T8198] Bluetooth: hci3: command tx timeout
[  799.418712][ T8198] Bluetooth: hci4: command tx timeout
[  802.142665][ T8198] Bluetooth: hci3: command tx timeout
[  802.148187][ T8198] Bluetooth: hci4: command tx timeout
[  802.564545][ T8170] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  802.603362][   T52] usb 1-1: USB disconnect, device number 62
[  802.817678][T11333] chnl_net:caif_netlink_parms(): no params data found
[  803.196162][   T52] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  803.284821][ T8170] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.412456][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  803.466837][   T52] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  803.497072][   T52] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00
[  803.512258][   T52] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.531480][   T52] usb 4-1: config 0 descriptor??
[  803.620116][T11376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1436'.
[  803.755542][T11366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  803.809818][ T8170] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  803.824388][T11366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  804.064084][T11333] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.087643][   T52] samsung 0003:0419:0600.002D: unknown main item tag 0x0
[  804.114053][T11333] bridge0: port 1(bridge_slave_0) entered disabled state
[  804.131711][   T52] samsung 0003:0419:0600.002D: unknown main item tag 0x0
[  804.147848][T11333] bridge_slave_0: entered allmulticast mode
[  804.168572][   T52] samsung 0003:0419:0600.002D: unknown main item tag 0x0
[  804.188266][T11333] bridge_slave_0: entered promiscuous mode
[  804.217294][   T52] samsung 0003:0419:0600.002D: unknown main item tag 0x0
[  804.224830][ T5234] Bluetooth: hci4: command tx timeout
[  804.230467][ T8198] Bluetooth: hci3: command tx timeout
[  804.245180][   T52] samsung 0003:0419:0600.002D: unknown main item tag 0x0
[  804.264151][   T52] samsung 0003:0419:0600.002D: hidraw0: USB HID v0.00 Device [HID 0419:0600] on usb-dummy_hcd.3-1/input0
[  804.289502][T11366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  804.331733][T11366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  804.386579][   T52] usb 4-1: USB disconnect, device number 74
[  804.546575][ T8170] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  804.596921][T11347] chnl_net:caif_netlink_parms(): no params data found
[  804.618354][T11333] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.648023][T11333] bridge0: port 2(bridge_slave_1) entered disabled state
[  804.663549][T11333] bridge_slave_1: entered allmulticast mode
[  804.676970][T11333] bridge_slave_1: entered promiscuous mode
[  805.087833][T11333] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  805.102290][T11333] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  805.134041][T11398] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1443'.
[  806.331190][T11333] team0: Port device team_slave_0 added
[  806.992931][T11333] team0: Port device team_slave_1 added
[  807.044782][T11414] FAULT_INJECTION: forcing a failure.
[  807.044782][T11414] name failslab, interval 1, probability 0, space 0, times 0
[  807.228758][T11414] CPU: 1 UID: 0 PID: 11414 Comm: syz.0.1448 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  807.239262][T11414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  807.249364][T11414] Call Trace:
[  807.252675][T11414]  <TASK>
[  807.255636][T11414]  dump_stack_lvl+0x241/0x360
[  807.260370][T11414]  ? __pfx_dump_stack_lvl+0x10/0x10
[  807.265619][T11414]  ? __pfx__printk+0x10/0x10
[  807.270261][T11414]  ? kmem_cache_alloc_noprof+0x44/0x2a0
[  807.275861][T11414]  ? __pfx___might_resched+0x10/0x10
[  807.281203][T11414]  should_fail_ex+0x3b0/0x4e0
[  807.285934][T11414]  ? vm_area_alloc+0x24/0x1d0
[  807.290654][T11414]  should_failslab+0xac/0x100
[  807.295370][T11414]  ? vm_area_alloc+0x24/0x1d0
[  807.300089][T11414]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  807.305507][T11414]  ? mas_find+0x950/0xbb0
[  807.309882][T11414]  vm_area_alloc+0x24/0x1d0
[  807.314430][T11414]  mmap_region+0xc3a/0x2080
[  807.318999][T11414]  ? mark_lock+0x9a/0x360
[  807.323406][T11414]  ? __pfx_mmap_region+0x10/0x10
[  807.328431][T11414]  ? thp_get_unmapped_area_vmflags+0x269/0x380
[  807.334631][T11414]  ? cap_mmap_addr+0x163/0x2c0
[  807.339451][T11414]  ? security_mmap_addr+0x6f/0x250
[  807.344613][T11414]  ? __get_unmapped_area+0x2ed/0x350
[  807.349946][T11414]  do_mmap+0x8f0/0x1000
[  807.354153][T11414]  ? __pfx_do_mmap+0x10/0x10
[  807.358795][T11414]  ? __pfx_down_write_killable+0x10/0x10
[  807.364474][T11414]  ? common_file_perm+0x1a6/0x210
[  807.369544][T11414]  vm_mmap_pgoff+0x1dd/0x3d0
[  807.374182][T11414]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  807.379337][T11414]  ? __fget_files+0x29/0x470
[  807.383978][T11414]  ? __fget_files+0x3f3/0x470
[  807.388710][T11414]  ? __fget_files+0x29/0x470
[  807.393354][T11414]  ksys_mmap_pgoff+0x4eb/0x720
[  807.398157][T11414]  ? __x64_sys_mmap+0x7f/0x140
[  807.402982][T11414]  do_syscall_64+0xf3/0x230
[  807.407532][T11414]  ? clear_bhb_loop+0x35/0x90
[  807.412266][T11414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  807.418201][T11414] RIP: 0033:0x7fda50f7def9
[  807.422658][T11414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  807.442315][T11414] RSP: 002b:00007fda51e15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  807.450795][T11414] RAX: ffffffffffffffda RBX: 00007fda51135f80 RCX: 00007fda50f7def9
[  807.458823][T11414] RDX: 0000000000000002 RSI: 0000000000030000 RDI: 0000000020000000
[  807.466835][T11414] RBP: 00007fda51e15090 R08: 0000000000000003 R09: 0000000000000000
[  807.474846][T11414] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000001
[  807.482856][T11414] R13: 0000000000000000 R14: 00007fda51135f80 R15: 00007fda5125fa28
[  807.490921][T11414]  </TASK>
[  807.493998][    C1] vkms_vblank_simulate: vblank timer overrun
[  807.820668][ T8172] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  809.349043][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  809.355394][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  809.426609][T11347] bridge0: port 1(bridge_slave_0) entered blocking state
[  811.240963][T11347] bridge0: port 1(bridge_slave_0) entered disabled state
[  811.248294][T11347] bridge_slave_0: entered allmulticast mode
[  811.388180][T11347] bridge_slave_0: entered promiscuous mode
[  811.517955][T11333] batman_adv: batadv0: Adding interface: batadv_slave_0
[  811.548632][T11333] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.686466][T11333] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  811.728699][ T8170] bridge_slave_1: left allmulticast mode
[  811.735055][ T8170] bridge_slave_1: left promiscuous mode
[  811.761444][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  811.809620][ T8170] bridge_slave_0: left allmulticast mode
[  811.828353][T11427] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1451'.
[  811.838039][ T8170] bridge_slave_0: left promiscuous mode
[  811.869010][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.188614][ T8198] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  817.199787][ T8198] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  817.208446][ T8198] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  817.217009][ T8198] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  817.229294][ T8198] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  817.236712][ T8198] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  817.414530][ T8172] usb 3-1: device descriptor read/64, error -110
[  817.584809][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  817.673889][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  817.723510][ T8170] bond0 (unregistering): Released all slaves
[  817.761359][T11347] bridge0: port 2(bridge_slave_1) entered blocking state
[  817.792412][T11347] bridge0: port 2(bridge_slave_1) entered disabled state
[  817.821728][T11347] bridge_slave_1: entered allmulticast mode
[  817.841536][T11347] bridge_slave_1: entered promiscuous mode
[  817.849567][T11333] batman_adv: batadv0: Adding interface: batadv_slave_1
[  817.853975][ T8172] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  817.856634][T11333] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  817.927217][T11333] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  819.258746][ T8198] Bluetooth: hci5: command tx timeout
[  821.338643][ T8198] Bluetooth: hci5: command tx timeout
[  823.419120][ T8198] Bluetooth: hci5: command tx timeout
[  824.999778][ T5234] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  825.000988][ T8172] usb 3-1: device descriptor read/64, error -110
[  825.011520][ T5234] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  825.023329][ T5234] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  825.034529][ T5234] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  825.046583][ T5234] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  825.058846][ T5234] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  825.349568][ T8172] usb usb3-port1: attempt power cycle
[  825.499118][ T8198] Bluetooth: hci5: command tx timeout
[  825.626844][T11333] hsr_slave_0: entered promiscuous mode
[  825.673543][T11333] hsr_slave_1: entered promiscuous mode
[  825.700083][T11333] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  825.707716][T11333] Cannot create hsr debugfs directory
[  825.745996][T11347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  825.801892][T11347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  826.186558][ T8172] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  826.277745][ T8170] hsr_slave_0: left promiscuous mode
[  826.308850][ T8170] hsr_slave_1: left promiscuous mode
[  826.354624][ T8172] usb 3-1: device descriptor read/8, error -32
[  826.356710][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  826.395193][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  826.551411][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  826.586418][ T8172] raw-gadget.0 gadget.2: failed to queue resume event
[  826.615917][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  827.455645][ T8198] Bluetooth: hci6: command tx timeout
[  827.517884][ T8170] veth1_macvtap: left promiscuous mode
[  827.568733][ T8170] veth0_macvtap: left promiscuous mode
[  827.574500][ T8170] veth1_vlan: left promiscuous mode
[  827.608728][ T8170] veth0_vlan: left promiscuous mode
[  827.651340][T11472] FAULT_INJECTION: forcing a failure.
[  827.651340][T11472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  827.709539][ T8172] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  827.729444][T11472] CPU: 1 UID: 0 PID: 11472 Comm: syz.3.1458 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  827.739930][T11472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  827.750029][T11472] Call Trace:
[  827.753352][T11472]  <TASK>
[  827.756309][T11472]  dump_stack_lvl+0x241/0x360
[  827.761042][T11472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  827.766309][T11472]  ? __pfx__printk+0x10/0x10
[  827.770956][T11472]  ? __pfx_lock_release+0x10/0x10
[  827.776042][T11472]  should_fail_ex+0x3b0/0x4e0
[  827.780788][T11472]  _copy_from_user+0x2f/0xe0
[  827.785426][T11472]  copy_msghdr_from_user+0xae/0x680
[  827.790671][T11472]  ? __pfx___might_resched+0x10/0x10
[  827.796006][T11472]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  827.801953][T11472]  ? __might_fault+0xaa/0x120
[  827.806694][T11472]  __sys_sendmmsg+0x36e/0x730
[  827.811466][T11472]  ? __pfx___sys_sendmmsg+0x10/0x10
[  827.816751][T11472]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  827.822688][T11472]  ? ksys_write+0x23e/0x2c0
[  827.827239][T11472]  ? __pfx_lock_release+0x10/0x10
[  827.832325][T11472]  ? vfs_write+0x7bf/0xc90
[  827.836787][T11472]  ? __mutex_unlock_slowpath+0x21d/0x750
[  827.842465][T11472]  ? __pfx_vfs_write+0x10/0x10
[  827.847296][T11472]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  827.853348][T11472]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  827.859736][T11472]  ? do_syscall_64+0x100/0x230
[  827.864581][T11472]  __x64_sys_sendmmsg+0xa0/0xb0
[  827.869508][T11472]  do_syscall_64+0xf3/0x230
[  827.874080][T11472]  ? clear_bhb_loop+0x35/0x90
[  827.878832][T11472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  827.884789][T11472] RIP: 0033:0x7f182f57def9
[  827.889244][T11472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  827.908898][T11472] RSP: 002b:00007f183041a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  827.917546][T11472] RAX: ffffffffffffffda RBX: 00007f182f735f80 RCX: 00007f182f57def9
[  827.925565][T11472] RDX: 03ffffffffffff06 RSI: 00000000200038c0 RDI: 0000000000000003
[  827.933677][T11472] RBP: 00007f183041a090 R08: 0000000000000000 R09: 0000000000000000
[  827.941698][T11472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  827.949801][T11472] R13: 0000000000000000 R14: 00007f182f735f80 R15: 00007f182f85fa28
[  827.957829][T11472]  </TASK>
[  828.484248][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  828.496123][ T8172] usb 3-1: device descriptor read/8, error -32
[  828.995131][ T8172] raw-gadget.0 gadget.2: failed to queue suspend event
[  829.518213][ T8198] Bluetooth: hci6: command tx timeout
[  829.778252][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  829.931375][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  831.581265][ T8198] Bluetooth: hci6: command tx timeout
[  831.615333][ T8172] usb usb3-port1: unable to enumerate USB device
[  831.649922][T11347] team0: Port device team_slave_0 added
[  833.662670][ T8198] Bluetooth: hci6: command tx timeout
[  835.651022][ T5234] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  835.662636][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  835.672266][ T5234] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  835.682619][ T5234] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  835.694202][ T5234] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  835.704421][ T5234] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  838.635202][ T5234] Bluetooth: hci0: command tx timeout
[  840.698778][ T5234] Bluetooth: hci0: command tx timeout
[  842.199362][ T8198] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  842.211280][ T8198] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  842.219787][ T8198] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  842.231152][ T8198] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  842.243675][ T8198] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  842.251160][ T8198] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  842.778796][ T5234] Bluetooth: hci0: command tx timeout
[  843.915259][ T8198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  843.971637][ T8198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  843.981788][ T8198] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  843.992399][ T8198] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  844.000145][ T8198] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  844.008250][ T8198] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  844.299160][ T8198] Bluetooth: hci2: command tx timeout
[  844.867059][ T8198] Bluetooth: hci0: command tx timeout
[  847.001044][ T5234] Bluetooth: hci2: command tx timeout
[  847.008028][ T8198] Bluetooth: hci1: command tx timeout
[  847.311830][T11347] team0: Port device team_slave_1 added
[  847.563479][T11407] raw-gadget.0 gadget.2: failed to queue disconnect event
[  849.019372][ T8198] Bluetooth: hci1: command tx timeout
[  849.024955][ T8198] Bluetooth: hci2: command tx timeout
[  849.492546][T11439] chnl_net:caif_netlink_parms(): no params data found
[  849.542420][T11452] chnl_net:caif_netlink_parms(): no params data found
[  850.232078][T11483] chnl_net:caif_netlink_parms(): no params data found
[  850.562205][T11492] chnl_net:caif_netlink_parms(): no params data found
[  850.907529][T11439] bridge0: port 1(bridge_slave_0) entered blocking state
[  850.928636][T11439] bridge0: port 1(bridge_slave_0) entered disabled state
[  850.935977][T11439] bridge_slave_0: entered allmulticast mode
[  850.969910][T11439] bridge_slave_0: entered promiscuous mode
[  851.097884][T11452] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.105475][T11452] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.108313][ T8198] Bluetooth: hci1: command tx timeout
[  851.113093][T11452] bridge_slave_0: entered allmulticast mode
[  851.119687][ T5234] Bluetooth: hci2: command tx timeout
[  851.126645][T11452] bridge_slave_0: entered promiscuous mode
[  851.137709][T11452] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.145364][T11452] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.155182][T11452] bridge_slave_1: entered allmulticast mode
[  851.177026][T11452] bridge_slave_1: entered promiscuous mode
[  851.207815][T11439] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.218786][T11439] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.226125][T11439] bridge_slave_1: entered allmulticast mode
[  851.234013][T11439] bridge_slave_1: entered promiscuous mode
[  851.374783][ T8170] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.412045][T11488] chnl_net:caif_netlink_parms(): no params data found
[  851.512561][T11439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  851.549856][ T8170] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.599053][T11452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  851.629485][ T8170] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.645315][T11439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  851.706611][T11483] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.713934][T11483] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.722697][T11483] bridge_slave_0: entered allmulticast mode
[  851.731524][T11483] bridge_slave_0: entered promiscuous mode
[  851.740230][T11483] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.747449][T11483] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.754797][T11483] bridge_slave_1: entered allmulticast mode
[  851.761876][T11483] bridge_slave_1: entered promiscuous mode
[  851.772121][T11452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  851.807337][T11439] team0: Port device team_slave_0 added
[  851.833933][ T8170] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  851.917097][T11452] team0: Port device team_slave_0 added
[  851.925730][T11439] team0: Port device team_slave_1 added
[  851.943665][T11492] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.951848][T11492] bridge0: port 1(bridge_slave_0) entered disabled state
[  851.960608][T11492] bridge_slave_0: entered allmulticast mode
[  851.969863][T11492] bridge_slave_0: entered promiscuous mode
[  851.977847][T11492] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.985716][T11492] bridge0: port 2(bridge_slave_1) entered disabled state
[  851.993205][T11492] bridge_slave_1: entered allmulticast mode
[  852.000702][T11492] bridge_slave_1: entered promiscuous mode
[  852.026142][T11483] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  852.039057][T11483] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  852.055598][T11452] team0: Port device team_slave_1 added
[  852.250549][T11439] batman_adv: batadv0: Adding interface: batadv_slave_0
[  852.257678][T11439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.302727][T11439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  852.349344][T11492] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  852.372004][T11492] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  852.397940][T11488] bridge0: port 1(bridge_slave_0) entered blocking state
[  852.405995][T11488] bridge0: port 1(bridge_slave_0) entered disabled state
[  852.414129][T11488] bridge_slave_0: entered allmulticast mode
[  852.421957][T11488] bridge_slave_0: entered promiscuous mode
[  852.430596][T11488] bridge0: port 2(bridge_slave_1) entered blocking state
[  852.437830][T11488] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.445640][T11488] bridge_slave_1: entered allmulticast mode
[  852.453179][T11488] bridge_slave_1: entered promiscuous mode
[  852.487608][T11483] team0: Port device team_slave_0 added
[  852.499435][T11452] batman_adv: batadv0: Adding interface: batadv_slave_0
[  852.506538][T11452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.533642][T11452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  852.547936][T11452] batman_adv: batadv0: Adding interface: batadv_slave_1
[  852.555568][T11452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.582902][T11452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  852.596597][T11439] batman_adv: batadv0: Adding interface: batadv_slave_1
[  852.604566][T11439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  852.631200][T11439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  852.680059][T11483] team0: Port device team_slave_1 added
[  852.761537][T11492] team0: Port device team_slave_0 added
[  852.772753][T11492] team0: Port device team_slave_1 added
[  852.793099][T11488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  852.884384][T11439] hsr_slave_0: entered promiscuous mode
[  852.892545][T11439] hsr_slave_1: entered promiscuous mode
[  852.899828][T11439] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  852.907459][T11439] Cannot create hsr debugfs directory
[  852.934768][T11488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  852.996020][ T8170] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.017438][T11483] batman_adv: batadv0: Adding interface: batadv_slave_0
[  853.024653][T11483] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.051100][T11483] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  853.076132][T11492] batman_adv: batadv0: Adding interface: batadv_slave_0
[  853.092288][T11492] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.122399][T11492] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  853.146553][T11483] batman_adv: batadv0: Adding interface: batadv_slave_1
[  853.153849][T11483] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.180218][ T5234] Bluetooth: hci1: command tx timeout
[  853.185725][T11483] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  853.219883][T11452] hsr_slave_0: entered promiscuous mode
[  853.226815][T11452] hsr_slave_1: entered promiscuous mode
[  853.233546][T11452] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  853.241655][T11452] Cannot create hsr debugfs directory
[  853.323735][ T8170] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.339489][T11492] batman_adv: batadv0: Adding interface: batadv_slave_1
[  853.346492][T11492] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.372985][T11492] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  853.403948][T11488] team0: Port device team_slave_0 added
[  853.424324][T11483] hsr_slave_0: entered promiscuous mode
[  853.431676][T11483] hsr_slave_1: entered promiscuous mode
[  853.437797][T11483] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  853.445912][T11483] Cannot create hsr debugfs directory
[  853.484017][ T8170] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.506260][T11488] team0: Port device team_slave_1 added
[  853.608626][ T8170] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  853.671026][T11492] hsr_slave_0: entered promiscuous mode
[  853.677869][T11492] hsr_slave_1: entered promiscuous mode
[  853.684860][T11492] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  853.692812][T11492] Cannot create hsr debugfs directory
[  853.701084][T11488] batman_adv: batadv0: Adding interface: batadv_slave_0
[  853.709521][T11488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.736208][T11488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  853.749453][T11488] batman_adv: batadv0: Adding interface: batadv_slave_1
[  853.756519][T11488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  853.782917][T11488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  853.955782][T11488] hsr_slave_0: entered promiscuous mode
[  853.962632][T11488] hsr_slave_1: entered promiscuous mode
[  853.969571][T11488] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  853.977159][T11488] Cannot create hsr debugfs directory
[  854.412421][ T8170] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.561531][ T8170] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.639215][ T8170] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.735605][ T8170] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.013875][ T8170] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.130870][ T8170] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.194769][T11439] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  855.307378][ T8170] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.325608][T11439] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  855.336717][T11439] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  855.374116][T11439] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  855.400895][ T8170] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  855.576485][T11439] 8021q: adding VLAN 0 to HW filter on device bond0
[  855.692146][T11439] 8021q: adding VLAN 0 to HW filter on device team0
[  855.714471][ T8170] bridge_slave_1: left allmulticast mode
[  855.729213][ T8170] bridge_slave_1: left promiscuous mode
[  855.735009][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.760966][ T8170] bridge_slave_0: left allmulticast mode
[  855.766695][ T8170] bridge_slave_0: left promiscuous mode
[  855.772737][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.790433][ T8170] bridge_slave_1: left allmulticast mode
[  855.796149][ T8170] bridge_slave_1: left promiscuous mode
[  855.816777][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.827080][ T8170] bridge_slave_0: left allmulticast mode
[  855.847506][ T8170] bridge_slave_0: left promiscuous mode
[  855.869653][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.891499][ T8170] bridge_slave_1: left allmulticast mode
[  855.897213][ T8170] bridge_slave_1: left promiscuous mode
[  855.917268][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.945124][ T8170] bridge_slave_0: left allmulticast mode
[  855.950970][ T8170] bridge_slave_0: left promiscuous mode
[  855.956716][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.979914][ T8170] bridge_slave_1: left allmulticast mode
[  855.985609][ T8170] bridge_slave_1: left promiscuous mode
[  855.993031][ T8170] bridge0: port 2(bridge_slave_1) entered disabled state
[  856.002434][ T8170] bridge_slave_0: left allmulticast mode
[  856.008119][ T8170] bridge_slave_0: left promiscuous mode
[  856.014269][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  856.024718][ T8170] bridge_slave_0: left allmulticast mode
[  856.030777][ T8170] bridge_slave_0: left promiscuous mode
[  856.036543][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  856.047449][ T8170] bridge_slave_0: left allmulticast mode
[  856.054192][ T8170] bridge_slave_0: left promiscuous mode
[  856.060426][ T8170] bridge0: port 1(bridge_slave_0) entered disabled state
[  856.103889][ T8170] bond_slave_0: left promiscuous mode
[  856.109920][ T8170] bond_slave_1: left promiscuous mode
[  857.604563][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  857.616231][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  857.629044][ T8170] bond0 (unregistering): Released all slaves
[  857.644438][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  857.656438][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  857.670489][ T8170] bond0 (unregistering): Released all slaves
[  857.842010][ T8170] bond0 (unregistering): left allmulticast mode
[  857.848346][ T8170] bond_slave_0: left allmulticast mode
[  857.854558][ T8170] bond_slave_1: left allmulticast mode
[  857.860399][ T8170] bond0 (unregistering): left promiscuous mode
[  857.866603][ T8170] bond_slave_0: left promiscuous mode
[  857.872570][ T8170] bond_slave_1: left promiscuous mode
[  857.895833][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  857.909819][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  857.922014][ T8170] bond0 (unregistering): Released all slaves
[  857.937347][ T8170] bond1 (unregistering): Released all slaves
[  858.098423][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  858.110706][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  858.122474][ T8170] bond0 (unregistering): Released all slaves
[  858.136343][ T8170] bond1 (unregistering): Released all slaves
[  858.304907][ T8170] bond0 (unregistering): left allmulticast mode
[  858.311696][ T8170] bond_slave_0: left allmulticast mode
[  858.318115][ T8170] bond_slave_1: left allmulticast mode
[  858.352321][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  858.364390][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  858.376288][ T8170] bond0 (unregistering): Released all slaves
[  858.545071][ T8170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  858.559246][ T8170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  858.571269][ T8170] bond0 (unregistering): Released all slaves
[  858.586120][ T8170] bond1 (unregistering): Released all slaves
[  858.598207][ T8170] bond2 (unregistering): Released all slaves
[  858.640156][ T8168] bridge0: port 1(bridge_slave_0) entered blocking state
[  858.647295][ T8168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  858.675694][ T8168] bridge0: port 2(bridge_slave_1) entered blocking state
[  858.682991][ T8168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  858.884769][T11452] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  859.117075][T11452] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  859.159070][T11452] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  859.328082][T11452] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  859.726432][T11439] 8021q: adding VLAN 0 to HW filter on device batadv0
[  860.033939][T11483] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  860.143669][T11483] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  860.177846][T11483] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  860.202276][T11452] 8021q: adding VLAN 0 to HW filter on device bond0
[  860.268931][T11483] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  860.283346][T11439] veth0_vlan: entered promiscuous mode
[  860.367145][T11452] 8021q: adding VLAN 0 to HW filter on device team0
[  860.434085][T11439] veth1_vlan: entered promiscuous mode
[  860.561113][ T8168] bridge0: port 1(bridge_slave_0) entered blocking state
[  860.568265][ T8168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  860.627832][ T8168] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.634994][ T8168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  860.803281][ T8170] hsr_slave_0: left promiscuous mode
[  860.809571][ T8170] hsr_slave_1: left promiscuous mode
[  860.815662][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  860.824056][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  860.833676][ T8170] hsr_slave_0: left promiscuous mode
[  860.840779][ T8170] hsr_slave_1: left promiscuous mode
[  860.846787][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  860.854870][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  860.867132][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  860.879952][ T8170] hsr_slave_0: left promiscuous mode
[  860.885804][ T8170] hsr_slave_1: left promiscuous mode
[  860.892169][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  860.900091][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  860.907868][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  860.917070][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  860.929341][ T8170] hsr_slave_0: left promiscuous mode
[  860.935398][ T8170] hsr_slave_1: left promiscuous mode
[  860.942258][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  860.950745][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  860.960819][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  860.968260][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  860.980587][ T8170] hsr_slave_0: left promiscuous mode
[  860.986600][ T8170] hsr_slave_1: left promiscuous mode
[  860.993436][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  861.001099][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_0
[  861.009163][ T8170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  861.016619][ T8170] batman_adv: batadv0: Removing interface: batadv_slave_1
[  861.097144][ T8170] veth1_macvtap: left promiscuous mode
[  861.103392][ T8170] veth0_macvtap: left promiscuous mode
[  861.114940][ T8170] veth1_macvtap: left promiscuous mode
[  861.120651][ T8170] veth0_macvtap: left promiscuous mode
[  861.126246][ T8170] veth1_vlan: left promiscuous mode
[  861.134713][ T8170] veth0_vlan: left promiscuous mode
[  861.141215][ T8170] veth1_macvtap: left promiscuous mode
[  861.146750][ T8170] veth0_macvtap: left promiscuous mode
[  861.152822][ T8170] veth1_vlan: left promiscuous mode
[  861.158123][ T8170] veth0_vlan: left promiscuous mode
[  861.164967][ T8170] veth1_macvtap: left promiscuous mode
[  861.170748][ T8170] veth0_macvtap: left promiscuous mode
[  861.176309][ T8170] veth1_vlan: left promiscuous mode
[  861.183517][ T8170] veth0_vlan: left promiscuous mode
[  861.606407][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  861.650325][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  861.947411][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  861.995089][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  862.197547][ T8170] pimreg (unregistering): left allmulticast mode
[  862.593444][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  862.658338][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  863.817244][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  863.892738][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  865.085482][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  865.147717][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  866.284082][ T8170] team0 (unregistering): Port device team_slave_1 removed
[  866.342796][ T8170] team0 (unregistering): Port device team_slave_0 removed
[  866.984221][T11439] veth0_macvtap: entered promiscuous mode
[  867.037628][T11439] veth1_macvtap: entered promiscuous mode
[  867.084149][T11492] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  867.195868][T11492] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  867.264438][T11439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  867.275362][T11439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  867.291852][T11439] batman_adv: batadv0: Interface activated: batadv_slave_0
[  867.304954][T11492] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  867.321079][T11492] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  867.367413][T11483] 8021q: adding VLAN 0 to HW filter on device bond0
[  867.386983][T11439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  867.399308][T11439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  867.423741][T11439] batman_adv: batadv0: Interface activated: batadv_slave_1
[  867.492304][T11483] 8021q: adding VLAN 0 to HW filter on device team0
[  867.535717][ T2582] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.542994][ T2582] bridge0: port 1(bridge_slave_0) entered forwarding state
[  867.578087][T11452] 8021q: adding VLAN 0 to HW filter on device batadv0
[  867.596347][T11439] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  867.607955][T11439] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  867.625870][T11439] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  867.635459][T11439] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  867.657227][ T8173] bridge0: port 2(bridge_slave_1) entered blocking state
[  867.664450][ T8173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  868.021388][T11452] veth0_vlan: entered promiscuous mode
[  868.046102][T11452] veth1_vlan: entered promiscuous mode
[  868.070766][ T2582] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  868.088775][ T2582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  868.170126][T11483] 8021q: adding VLAN 0 to HW filter on device batadv0
[  868.181699][T11492] 8021q: adding VLAN 0 to HW filter on device bond0
[  868.244590][T11488] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  868.272554][T11488] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  868.294504][T11492] 8021q: adding VLAN 0 to HW filter on device team0
[  868.319134][T11488] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  868.349208][T11488] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  868.403334][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  868.417271][T11452] veth0_macvtap: entered promiscuous mode
[  868.423768][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  868.435373][ T8173] bridge0: port 1(bridge_slave_0) entered blocking state
[  868.442644][ T8173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  868.455262][ T8173] bridge0: port 2(bridge_slave_1) entered blocking state
[  868.462523][ T8173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  868.523642][T11452] veth1_macvtap: entered promiscuous mode
[  868.591292][T11492] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  868.639541][T11483] veth0_vlan: entered promiscuous mode
[  868.648897][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.669295][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.689068][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  868.702387][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.715074][T11452] batman_adv: batadv0: Interface activated: batadv_slave_0
[  868.776625][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  868.799956][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.813554][T11452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  868.824767][T11452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  868.847105][T11452] batman_adv: batadv0: Interface activated: batadv_slave_1
[  868.886845][T11483] veth1_vlan: entered promiscuous mode
[  868.980771][T11452] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  868.993476][T11452] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  869.003009][T11452] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  869.016292][T11452] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.080190][T11483] veth0_macvtap: entered promiscuous mode
[  869.156565][T11483] veth1_macvtap: entered promiscuous mode
[  869.194212][T11492] 8021q: adding VLAN 0 to HW filter on device batadv0
[  869.334078][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  869.372747][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.399197][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  869.409837][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.422411][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  869.436231][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.459150][T11483] batman_adv: batadv0: Interface activated: batadv_slave_0
[  869.477898][T11488] 8021q: adding VLAN 0 to HW filter on device bond0
[  869.541983][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.565943][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.578538][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.596835][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.607860][T11483] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  869.623080][T11483] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  869.659673][T11483] batman_adv: batadv0: Interface activated: batadv_slave_1
[  869.716479][T11483] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  869.726373][T11483] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  869.740996][T11483] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  869.752201][T11483] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.796531][T11488] 8021q: adding VLAN 0 to HW filter on device team0
[  869.846895][ T8168] bridge0: port 1(bridge_slave_0) entered blocking state
[  869.854085][ T8168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  870.093763][T11649] fuse: Unknown parameter 'rootmodk'
[  870.156130][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  870.163437][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  870.163626][ T8173] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.180066][ T8173] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.237323][T11492] veth0_vlan: entered promiscuous mode
[  870.302831][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  870.310355][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  870.333904][ T2499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.343019][ T2499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.353548][T11492] veth1_vlan: entered promiscuous mode
[  870.473573][ T2510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.510420][ T2510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.693855][ T2499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  870.727852][T11492] veth0_macvtap: entered promiscuous mode
[  870.736758][ T2499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  870.776070][T11488] 8021q: adding VLAN 0 to HW filter on device batadv0
[  870.832362][T11492] veth1_macvtap: entered promiscuous mode
[  870.952126][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  870.983635][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.008552][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.050223][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.078141][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.128118][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.145108][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  871.198339][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.230226][T11492] batman_adv: batadv0: Interface activated: batadv_slave_0
[  871.256014][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.297715][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.328978][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.377519][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.408586][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.441761][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.468618][T11492] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  871.493874][T11492] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  871.521553][T11492] batman_adv: batadv0: Interface activated: batadv_slave_1
[  871.575052][T11492] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  871.606858][T11492] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  871.622783][T11492] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  871.636625][T11492] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  871.655075][   T29] audit: type=1326 audit(1726613770.560:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11680 comm="syz.1.1467" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd11bf7def9 code=0x0
[  872.104422][T11488] veth0_vlan: entered promiscuous mode
[  872.116274][T11698] program syz.0.1468 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  872.154532][ T8170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.193243][ T8170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.229492][T11488] veth1_vlan: entered promiscuous mode
[  872.358785][ T2510] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  872.383277][ T2510] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  872.412382][T11488] veth0_macvtap: entered promiscuous mode
[  872.450659][T11488] veth1_macvtap: entered promiscuous mode
[  872.550573][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  872.569260][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.609350][ T5277] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  872.628406][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  872.668141][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.687808][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  872.706290][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.730569][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  872.757670][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.810446][ T5277] usb 3-1: Using ep0 maxpacket: 16
[  872.822889][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  872.847773][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  872.870162][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  872.896405][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  872.940517][T11488] batman_adv: batadv0: Interface activated: batadv_slave_0
[  872.946081][ T5277] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  872.962837][ T5277] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  872.972374][ T5277] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  872.982670][T11707] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  873.015148][ T5277] usb 3-1: config 0 descriptor??
[  873.053461][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.098908][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.128733][   T25] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  873.149484][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.184631][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.213671][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.237861][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.266039][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.286134][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.314753][T11488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  873.325775][   T25] usb 4-1: Using ep0 maxpacket: 8
[  873.346035][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  873.370997][T11488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  873.391446][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  873.444865][T11488] batman_adv: batadv0: Interface activated: batadv_slave_1
[  873.454727][   T25] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  873.475033][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.492877][T11488] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  873.508658][   T25] usb 4-1: New USB device found, idVendor=04fc, idProduct=05d8, bcdDevice= 0.00
[  873.518108][T11488] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  873.538571][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  873.544889][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.546949][T11488] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  873.585828][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.605035][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.618415][   T25] usb 4-1: config 0 descriptor??
[  873.625360][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.665739][T11488] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  873.725014][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.801681][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.830525][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.859578][ T5992] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  873.894553][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  873.925008][T11731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  873.959817][T11731] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  873.961144][ T5277] microsoft 0003:045E:07DA.002E: unknown main item tag 0x0
[  874.060892][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.076790][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  874.120123][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.120202][ T5277] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.002E/input/input26
[  874.138216][ T5992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  874.182587][ T5992] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  874.240302][ T5277] microsoft 0003:045E:07DA.002E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  874.322615][ T5992] usb 1-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.00
[  874.368714][ T5992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  874.430245][ T5277] usb 3-1: USB disconnect, device number 86
[  874.455337][ T5992] usb 1-1: config 0 descriptor??
[  874.492365][ T8170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.571689][ T8170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.868592][    T8] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  874.991910][ T5992] waltop 0003:172F:0038.002F: hidraw0: USB HID v0.00 Device [HID 172f:0038] on usb-dummy_hcd.0-1/input0
[  875.083282][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  875.145986][    T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  875.176347][    T8] usb 2-1: New USB device found, idVendor=5032, idProduct=0bc7, bcdDevice=9c.bb
[  875.204683][T11751] netdevsim netdevsim2: Direct firmware load for ng failed with error -2
[  875.219233][T11751] netdevsim netdevsim2: Falling back to sysfs fallback for: ng
[  875.228694][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  875.304171][T11726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  875.313883][    T8] usb 2-1: config 0 descriptor??
[  875.325673][T11726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  875.358177][    T8] dvb-usb: found a 'GRAND - USB2.0 DVB-T adapter' in warm state.
[  875.405697][    T8] dvb-usb: bulk message failed: -90 (3/0)
[  875.446716][    T8] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  875.486823][    T8] dvbdev: DVB: registering new adapter (GRAND - USB2.0 DVB-T adapter)
[  875.535691][    T8] usb 2-1: media controller created
[  875.707479][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  875.886211][    T8] dvb-usb: bulk message failed: -90 (6/0)
[  875.932872][    T8] dvb-usb: bulk message failed: -90 (6/0)
[  875.971853][    T8] dvb-usb: no frontend was attached by 'GRAND - USB2.0 DVB-T adapter'
[  876.121858][    T8] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input27
[  876.147335][   T25] usbhid 4-1:0.0: can't add hid device: -71
[  876.166293][    T8] dvb-usb: schedule remote query interval to 150 msecs.
[  876.196543][   T25] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  876.198788][    T8] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully initialized and connected.
[  876.271241][   T25] usb 4-1: USB disconnect, device number 75
[  876.320139][    T8] usb 2-1: USB disconnect, device number 54
[  876.351976][T11767] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  876.362614][ T5276] dvb-usb: bulk message failed: -19 (1/0)
[  876.424682][ T5276] dvb-usb: error while querying for an remote control event.
[  876.479238][ T5275] usb 1-1: reset high-speed USB device number 63 using dummy_hcd
[  876.813393][    T8] dvb-usb: GRAND - USB2.0 DVB-T adapter successfully deinitialized and disconnected.
[  877.274314][  T129] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  877.370928][ T5277] usb 1-1: USB disconnect, device number 63
[  877.532383][  T129] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  877.862382][  T129] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  877.869042][T11820] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1492'.
[  877.975544][T11820] xt_hashlimit: invalid rate
[  877.998617][ T5296] usb 2-1: new full-speed USB device number 55 using dummy_hcd
[  878.071421][  T129] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  878.144411][ T8198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  878.154621][ T8198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  878.164462][ T8198] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  878.174137][ T8198] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  878.184345][ T5296] usb 2-1: config 254 has an invalid interface number: 93 but max is 0
[  878.193105][ T5296] usb 2-1: config 254 has no interface number 0
[  878.200441][ T5296] usb 2-1: config 254 interface 93 has no altsetting 0
[  878.215148][ T5296] usb 2-1: New USB device found, idVendor=0979, idProduct=0280, bcdDevice= d.38
[  878.224534][ T8198] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  878.234068][ T8198] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  878.249731][ T5296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  878.288875][ T5296] usb 2-1: Product: syz
[  878.298808][ T5296] usb 2-1: Manufacturer: syz
[  878.303474][ T5296] usb 2-1: SerialNumber: syz
[  878.364502][T11832] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  878.424867][T11835] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  878.616923][ T5296] gspca_main: jeilinj-2.14.0 probing 0979:0280
[  878.621284][T11845] netlink: 'syz.4.1497': attribute type 16 has an invalid length.
[  878.641244][ T5296] usb 2-1: USB disconnect, device number 55
[  878.668174][T11846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1499'.
[  878.871491][  T129] bridge_slave_1: left allmulticast mode
[  878.871525][  T129] bridge_slave_1: left promiscuous mode
[  878.871691][  T129] bridge0: port 2(bridge_slave_1) entered disabled state
[  878.919519][  T129] bridge_slave_0: left allmulticast mode
[  878.919552][  T129] bridge_slave_0: left promiscuous mode
[  878.919763][  T129] bridge0: port 1(bridge_slave_0) entered disabled state
[  879.432607][T11867] FAULT_INJECTION: forcing a failure.
[  879.432607][T11867] name failslab, interval 1, probability 0, space 0, times 0
[  879.452805][T11867] CPU: 0 UID: 0 PID: 11867 Comm: syz.1.1503 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  879.463295][T11867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  879.473393][T11867] Call Trace:
[  879.476702][T11867]  <TASK>
[  879.479672][T11867]  dump_stack_lvl+0x241/0x360
[  879.484401][T11867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  879.489687][T11867]  ? __pfx__printk+0x10/0x10
[  879.494338][T11867]  should_fail_ex+0x3b0/0x4e0
[  879.499071][T11867]  should_failslab+0xac/0x100
[  879.503805][T11867]  ? sctp_add_bind_addr+0x89/0x3a0
[  879.508972][T11867]  __kmalloc_cache_noprof+0x6c/0x2c0
[  879.514314][T11867]  sctp_add_bind_addr+0x89/0x3a0
[  879.519310][T11867]  sctp_copy_local_addr_list+0x311/0x500
[  879.524996][T11867]  ? sctp_copy_local_addr_list+0xab/0x500
[  879.530767][T11867]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  879.536971][T11867]  ? sctp_v6_is_any+0x60/0x70
[  879.541695][T11867]  sctp_bind_addr_copy+0xad/0x3b0
[  879.546768][T11867]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  879.553131][T11867]  sctp_connect_new_asoc+0x2f3/0x6c0
[  879.558557][T11867]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  879.564411][T11867]  ? sctp_sendmsg+0xbb9/0x3520
[  879.569219][T11867]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  879.575180][T11867]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  879.580797][T11867]  sctp_sendmsg+0x219a/0x3520
[  879.585516][T11867]  ? __pfx_sctp_sendmsg+0x10/0x10
[  879.590565][T11867]  ? __pfx_aa_sk_perm+0x10/0x10
[  879.595440][T11867]  ? inet_sendmsg+0x330/0x390
[  879.600148][T11867]  __sock_sendmsg+0x1a6/0x270
[  879.604863][T11867]  ____sys_sendmsg+0x52a/0x7e0
[  879.609652][T11867]  ? __pfx_____sys_sendmsg+0x10/0x10
[  879.614983][T11867]  __sys_sendmmsg+0x3ac/0x730
[  879.619688][T11867]  ? __pfx___sys_sendmmsg+0x10/0x10
[  879.624932][T11867]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  879.630923][T11867]  ? ksys_write+0x23e/0x2c0
[  879.635440][T11867]  ? __pfx_lock_release+0x10/0x10
[  879.640484][T11867]  ? vfs_write+0x7bf/0xc90
[  879.644935][T11867]  ? __mutex_unlock_slowpath+0x21d/0x750
[  879.650632][T11867]  ? __pfx_vfs_write+0x10/0x10
[  879.655576][T11867]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  879.661616][T11867]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  879.668076][T11867]  ? do_syscall_64+0x100/0x230
[  879.672891][T11867]  __x64_sys_sendmmsg+0xa0/0xb0
[  879.677805][T11867]  do_syscall_64+0xf3/0x230
[  879.682364][T11867]  ? clear_bhb_loop+0x35/0x90
[  879.687104][T11867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  879.693048][T11867] RIP: 0033:0x7fd11bf7def9
[  879.697505][T11867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  879.699242][ T5296] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  879.717168][T11867] RSP: 002b:00007fd11cca9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  879.717282][T11867] RAX: ffffffffffffffda RBX: 00007fd11c135f80 RCX: 00007fd11bf7def9
[  879.717302][T11867] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 0000000000000003
[  879.749463][T11867] RBP: 00007fd11cca9090 R08: 0000000000000000 R09: 0000000000000000
[  879.757486][T11867] R10: 0000000004008040 R11: 0000000000000246 R12: 0000000000000002
[  879.765515][T11867] R13: 0000000000000000 R14: 00007fd11c135f80 R15: 00007fd11c25fa28
[  879.773593][T11867]  </TASK>
[  879.895037][ T5296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  879.927098][ T5296] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  879.937095][ T5296] usb 5-1: New USB device found, idVendor=056a, idProduct=032c, bcdDevice= 0.00
[  879.946872][ T5296] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.988974][ T5296] usb 5-1: config 0 descriptor??
[  880.308935][ T5234] Bluetooth: hci1: command tx timeout
[  880.472613][   T52] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  880.484914][  T129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  880.504596][  T129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  880.517618][  T129] bond0 (unregistering): Released all slaves
[  880.557405][T11880] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  880.606433][ T5296] usbhid 5-1:0.0: can't add hid device: -71
[  880.634287][ T5296] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  880.673308][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  880.702716][ T5296] usb 5-1: USB disconnect, device number 71
[  880.740964][   T52] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  880.814420][   T52] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  880.880638][   T52] usb 3-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  880.899574][   T52] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  880.929380][   T52] usb 3-1: config 0 descriptor??
[  881.028013][T11907] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  881.036172][T11909] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.1514'.
[  881.087737][T11909] xt_hashlimit: invalid rate
[  881.111548][T11831] chnl_net:caif_netlink_parms(): no params data found
[  881.359698][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.391616][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.408678][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.429155][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.446687][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.495343][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.555511][   T52] playstation 0003:054C:0BA0.0030: unknown main item tag 0x0
[  881.593964][   T52] playstation 0003:054C:0BA0.0030: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.2-1/input0
[  881.734331][   T52] playstation 0003:054C:0BA0.0030: Failed to retrieve feature with reportID 18: -71
[  881.784366][   T52] playstation 0003:054C:0BA0.0030: Failed to retrieve DualShock4 pairing info: -71
[  881.794367][   T52] playstation 0003:054C:0BA0.0030: Failed to get MAC address from DualShock4
[  881.804715][T11928] vivid-004: =================  START STATUS  =================
[  881.814367][   T52] playstation 0003:054C:0BA0.0030: Failed to create dualshock4.
[  881.837963][   T52] playstation 0003:054C:0BA0.0030: probe with driver playstation failed with error -71
[  881.858358][  T129] hsr_slave_0: left promiscuous mode
[  881.863393][   T52] usb 3-1: USB disconnect, device number 87
[  881.871232][T11928] vivid-004: Radio HW Seek Mode: Bounded
[  881.892899][T11928] vivid-004: Radio Programmable HW Seek: false
[  881.902396][  T129] hsr_slave_1: left promiscuous mode
[  881.915869][T11928] vivid-004: RDS Rx I/O Mode: Block I/O
[  881.926274][T11928] vivid-004: Generate RBDS Instead of RDS: false
[  881.934242][T11928] vivid-004: RDS Reception: true
[  881.943048][T11928] vivid-004: RDS Program Type: 0 inactive
[  881.950258][T11928] vivid-004: RDS PS Name:  inactive
[  881.955810][  T129] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  881.964682][T11928] vivid-004: RDS Radio Text:  inactive
[  881.985749][T11928] vivid-004: RDS Traffic Announcement: false inactive
[  881.996372][  T129] batman_adv: batadv0: Removing interface: batadv_slave_0
[  882.006921][T11928] vivid-004: RDS Traffic Program: false inactive
[  882.017572][T11928] vivid-004: RDS Music: false inactive
[  882.024551][T11928] vivid-004: ==================  END STATUS  ==================
[  882.033299][  T129] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  882.049943][  T129] batman_adv: batadv0: Removing interface: batadv_slave_1
[  882.092208][  T129] veth1_macvtap: left promiscuous mode
[  882.104027][  T129] veth0_macvtap: left promiscuous mode
[  882.114552][  T129] veth1_vlan: left promiscuous mode
[  882.121257][  T129] veth0_vlan: left promiscuous mode
[  882.388769][ T5234] Bluetooth: hci1: command tx timeout
[  882.399249][   T29] audit: type=1326 audit(1726613781.300:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  882.429770][   T29] audit: type=1326 audit(1726613781.300:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  882.496078][   T29] audit: type=1326 audit(1726613781.350:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd55c97c890 code=0x7ffc0000
[  882.539290][T11949] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  882.637964][   T29] audit: type=1326 audit(1726613781.350:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  882.756533][   T29] audit: type=1326 audit(1726613781.350:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  882.784955][    T8] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  882.816826][   T29] audit: type=1326 audit(1726613781.370:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  882.918565][   T29] audit: type=1326 audit(1726613781.370:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  882.960144][    T8] usb 3-1: Using ep0 maxpacket: 8
[  882.975600][    T8] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  883.025230][    T8] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  883.048612][   T29] audit: type=1326 audit(1726613781.490:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  883.083666][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  883.117092][    T8] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  883.121105][   T29] audit: type=1326 audit(1726613781.610:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  883.159540][    T8] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  883.182778][    T8] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  883.196841][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.237671][   T29] audit: type=1326 audit(1726613781.720:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11944 comm="syz.2.1521" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd55c97dafb code=0x7ffc0000
[  883.259985][    C1] vkms_vblank_simulate: vblank timer overrun
[  883.437250][    T8] usb 3-1: usb_control_msg returned -32
[  883.448256][    T8] usbtmc 3-1:16.0: can't read capabilities
[  883.797943][T11975] usbtmc 3-1:16.0: usb_bulk_msg returned -71
[  884.005059][    T8] usb 3-1: USB disconnect, device number 88
[  884.266666][  T129] team0 (unregistering): Port device team_slave_1 removed
[  884.365984][  T129] team0 (unregistering): Port device team_slave_0 removed
[  884.458628][ T5234] Bluetooth: hci1: command tx timeout
[  885.258618][ T5277] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  885.427546][ T5277] usb 5-1: config 0 has an invalid interface number: 122 but max is 0
[  885.435985][ T5277] usb 5-1: config 0 has no interface number 0
[  885.442469][ T5277] usb 5-1: config 0 interface 122 has no altsetting 0
[  885.452624][ T5277] usb 5-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67
[  885.462135][ T5277] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  885.477596][ T5277] usb 5-1: Product: syz
[  885.487347][ T5277] usb 5-1: Manufacturer: syz
[  885.505346][ T5277] usb 5-1: SerialNumber: syz
[  885.519563][ T5277] usb 5-1: config 0 descriptor??
[  885.614586][T11831] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.634777][T11831] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.652718][T11831] bridge_slave_0: entered allmulticast mode
[  885.670882][T11831] bridge_slave_0: entered promiscuous mode
[  885.728902][T11831] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.746478][T11831] bridge0: port 2(bridge_slave_1) entered disabled state
[  885.788702][T11831] bridge_slave_1: entered allmulticast mode
[  885.806180][T11831] bridge_slave_1: entered promiscuous mode
[  885.812423][ T5296] usb 1-1: new full-speed USB device number 64 using dummy_hcd
[  885.989550][T11831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  886.030715][ T5296] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  886.034531][ T5277] usb 5-1: USB disconnect, device number 72
[  886.042854][ T5296] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  886.049992][T11831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  886.078823][ T5296] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4
[  886.080312][ T5277] dvb-usb: generic DVB-USB module successfully deinitialized and disconnected.
[  886.102467][ T5296] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  886.119979][ T5296] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  886.134142][ T5296] usb 1-1: Product: syz
[  886.182237][ T5296] hub 1-1:1.0: bad descriptor, ignoring hub
[  886.188233][ T5296] hub 1-1:1.0: probe with driver hub failed with error -5
[  886.240610][ T5296] cdc_wdm 1-1:1.0: skipping garbage
[  886.276015][ T5296] cdc_wdm 1-1:1.0: skipping garbage
[  886.282294][T11831] team0: Port device team_slave_0 added
[  886.308663][ T5296] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  886.324933][T11831] team0: Port device team_slave_1 added
[  886.528884][ T5296] usb 1-1: USB disconnect, device number 64
[  886.539171][ T5234] Bluetooth: hci1: command tx timeout
[  886.557761][T11831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  886.560650][T12026] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  886.571478][T12026] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  886.571762][T11831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.620601][T11831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  886.651167][T11831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  886.658376][T11831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.678821][T12026] vhci_hcd vhci_hcd.0: Device attached
[  886.734248][T11831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  886.858314][T11831] hsr_slave_0: entered promiscuous mode
[  886.882690][T12039] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1535'.
[  886.892724][T11831] hsr_slave_1: entered promiscuous mode
[  886.918015][T12039] xt_hashlimit: invalid rate
[  886.933075][ T5275] usb 11-1: new high-speed USB device number 3 using vhci_hcd
[  886.949927][ T5296] usb 1-1: new low-speed USB device number 65 using dummy_hcd
[  886.969109][ T5277] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  887.062491][T12028] vhci_hcd: connection reset by peer
[  887.069898][ T2582] vhci_hcd: stop threads
[  887.077504][ T2582] vhci_hcd: release socket
[  887.094787][ T2582] vhci_hcd: disconnect device
[  887.132935][ T5296] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  887.157990][ T5277] usb 5-1: config 0 has an invalid interface number: 250 but max is 0
[  887.166408][ T5296] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  887.171547][ T5277] usb 5-1: config 0 has no interface number 0
[  887.193614][ T5296] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 4
[  887.203082][ T5277] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice=4f.2c
[  887.241485][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  887.257609][ T5277] usb 5-1: config 0 descriptor??
[  887.434947][ T5277] usb 5-1: reset high-speed USB device number 73 using dummy_hcd
[  887.761510][T11831] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  887.805149][T11831] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  887.821231][T11831] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  887.833520][T11831] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  888.100587][T11831] 8021q: adding VLAN 0 to HW filter on device bond0
[  888.119872][ T5277] usb 5-1: device descriptor read/64, error -71
[  888.153697][T11831] 8021q: adding VLAN 0 to HW filter on device team0
[  888.181382][  T129] bridge0: port 1(bridge_slave_0) entered blocking state
[  888.188645][  T129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  888.259842][T12075] FAULT_INJECTION: forcing a failure.
[  888.259842][T12075] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  888.291848][ T8168] bridge0: port 2(bridge_slave_1) entered blocking state
[  888.299109][ T8168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  888.308820][T12075] CPU: 1 UID: 0 PID: 12075 Comm: syz.2.1543 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[  888.319379][T12075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  888.329482][T12075] Call Trace:
[  888.332894][T12075]  <TASK>
[  888.335853][T12075]  dump_stack_lvl+0x241/0x360
[  888.340569][T12075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.345792][T12075]  ? __pfx__printk+0x10/0x10
[  888.350401][T12075]  ? __pfx_lock_release+0x10/0x10
[  888.355440][T12075]  ? sched_clock+0x4a/0x70
[  888.359902][T12075]  ? sched_clock_cpu+0x76/0x490
[  888.364766][T12075]  should_fail_ex+0x3b0/0x4e0
[  888.369475][T12075]  _copy_from_user+0x2f/0xe0
[  888.374169][T12075]  __x64_sys_signalfd4+0x131/0x1b0
[  888.379302][T12075]  ? __pfx___x64_sys_signalfd4+0x10/0x10
[  888.384956][T12075]  ? do_syscall_64+0x100/0x230
[  888.389829][T12075]  ? do_syscall_64+0xb6/0x230
[  888.394609][T12075]  do_syscall_64+0xf3/0x230
[  888.399154][T12075]  ? clear_bhb_loop+0x35/0x90
[  888.403853][T12075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.409764][T12075] RIP: 0033:0x7fd55c97def9
[  888.414189][T12075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  888.433817][T12075] RSP: 002b:00007fd55d7fb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121
[  888.442249][T12075] RAX: ffffffffffffffda RBX: 00007fd55cb35f80 RCX: 00007fd55c97def9
[  888.450236][T12075] RDX: 0000000000000008 RSI: 0000000020000140 RDI: 0000000000000003
[  888.458220][T12075] RBP: 00007fd55d7fb090 R08: 0000000000000000 R09: 0000000000000000
[  888.466208][T12075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  888.474187][T12075] R13: 0000000000000000 R14: 00007fd55cb35f80 R15: 00007fd55cc5fa28
[  888.482181][T12075]  </TASK>
[  888.485334][    C1] vkms_vblank_simulate: vblank timer overrun
[  888.550045][ T5296] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  888.559293][ T5277] usb 5-1: reset high-speed USB device number 73 using dummy_hcd
[  888.588407][ T5296] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0
[  888.596765][T11831] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  888.625499][ T5296] usb 1-1: can't set config #1, error -71
[  888.642232][ T5296] usb 1-1: USB disconnect, device number 65
[  888.666528][T11831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  888.767363][T11831] veth0_vlan: entered promiscuous mode
[  888.798323][T11831] veth1_vlan: entered promiscuous mode
[  888.896944][T12080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1545'.
[  888.921796][T11831] veth0_macvtap: entered promiscuous mode
[  888.924561][T12083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  888.938294][T11831] veth1_macvtap: entered promiscuous mode
[  888.945231][T12083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  888.975714][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  888.986818][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.997262][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.007978][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.018123][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.036797][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.048299][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.063627][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.073741][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.084537][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.096064][T11831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  889.103944][T12080] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1545'.
[  889.122808][T12080] geneve2: entered promiscuous mode
[  889.145492][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.157574][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.168063][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.181189][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.189273][   T25] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  889.208527][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.230597][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.244033][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.254890][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.273201][T11831] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.286063][T11831] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.302911][T11831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  889.329481][T11831] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  889.370888][T11831] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  889.389240][T11831] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  889.393469][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  889.398195][T11831] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  889.440712][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  889.464265][T12091] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  889.478210][   T25] usb 2-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  889.521830][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  889.566564][   T25] usb 2-1: config 0 descriptor??
[  889.581878][ T8168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  889.601305][ T5296] usb 3-1: new full-speed USB device number 89 using dummy_hcd
[  889.620540][ T8168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  889.694127][  T129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  889.702448][  T129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  889.726912][   T29] kauditd_printk_skb: 24 callbacks suppressed
[  889.726933][   T29] audit: type=1326 audit(1726613788.630:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12093 comm="syz.2.1549" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd55c97def9 code=0x0
[  889.853761][T12100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1551'.
[  889.994961][ T5277] usb 5-1: USB disconnect, device number 73
[  890.490601][T12111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  890.507380][T12111] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  890.978686][ T5296] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  890.993222][   T29] audit: type=1326 audit(1726613789.900:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.036978][   T29] audit: type=1326 audit(1726613789.900:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.062883][   T29] audit: type=1326 audit(1726613789.900:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.087911][   T29] audit: type=1326 audit(1726613789.900:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.112174][   T29] audit: type=1326 audit(1726613789.900:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.148395][   T29] audit: type=1326 audit(1726613789.900:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.183467][   T29] audit: type=1326 audit(1726613789.900:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.208771][ T5296] usb 4-1: Using ep0 maxpacket: 16
[  891.215529][   T29] audit: type=1326 audit(1726613789.900:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.245721][   T29] audit: type=1326 audit(1726613789.900:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.2.1559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd55c97def9 code=0x7ffc0000
[  891.269033][  T941] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  891.280038][ T5296] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  891.299354][ T5296] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  891.310490][ T5296] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  891.323380][ T5296] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  891.339381][ T5296] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  891.349420][ T5296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  891.357546][ T5296] usb 4-1: SerialNumber: syz
[  891.371072][T12121] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  891.451870][  T941] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  891.464653][  T941] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  891.475083][  T941] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  891.484674][  T941] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.507587][T12124] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  891.525336][  T941] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  891.587244][T12121] tipc: Started in network mode
[  891.612810][T12121] tipc: Node identity fe800000000000000000000000000036, cluster identity 4711
[  891.639718][T12121] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  891.670277][T12121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  891.710631][T12121] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  891.755776][ T5296] usb 4-1: USB disconnect, device number 76
[  891.842512][T12135] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1561'.
[  892.077416][   T25] usbhid 2-1:0.0: can't add hid device: -71
[  892.178628][ T5275] vhci_hcd: vhci_device speed not set
[  892.330429][   T25] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  892.422180][   T25] usb 2-1: USB disconnect, device number 56
[  892.533242][T12136] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  932.381060][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  932.393973][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[  944.946914][ T8198] Bluetooth: hci5: command 0x0406 tx timeout
[  959.759078][T12154] Bluetooth: hci6: command tx timeout
[  961.155700][T12154] Bluetooth: hci0: command 0x0406 tx timeout
[  967.702221][ T8198] Bluetooth: hci2: command tx timeout
[  997.952947][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[  997.971067][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[ 1004.005726][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[ 1056.160492][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 1056.173442][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[ 1062.286913][    C0] kworker/0:11: page allocation failure: order:0, mode:0x40820(GFP_ATOMIC|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1062.301476][    C0] CPU: 0 UID: 0 PID: 11480 Comm: kworker/0:11 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[ 1062.310610][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.312086][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1062.321078][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.331347][    C0] Workqueue: events_power_efficient neigh_periodic_work
[ 1062.341226][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.341236][    C0] 
[ 1062.341253][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.348257][    C0] Call Trace:
[ 1062.354379][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.356542][    C0]  <IRQ>
[ 1062.362633][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.365863][    C0]  dump_stack_lvl+0x241/0x360
[ 1062.374913][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.377747][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1062.387559][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.392188][    C0]  ? __pfx__printk+0x10/0x10
[ 1062.398304][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.403456][    C0]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[ 1062.409498][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.414032][    C0]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[ 1062.422978][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.429459][    C0]  warn_alloc+0x278/0x410
[ 1062.439306][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.445773][    C0]  ? __pfx_warn_alloc+0x10/0x10
[ 1062.452982][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.456149][    C0]  ? wakeup_kswapd+0x390/0x890
[ 1062.462208][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.467065][    C0]  __alloc_pages_slowpath+0x2383/0x23d0
[ 1062.476232][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.481208][    C0]  ? __pfx___alloc_pages_slowpath+0x10/0x10
[ 1062.491160][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.496663][    C0]  ? __lock_acquire+0x1384/0x2050
[ 1062.502986][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.508976][    C0]  __alloc_pages_noprof+0x43e/0x6c0
[ 1062.509018][    C0]  ? __pfx___alloc_pages_noprof+0x10/0x10
[ 1062.514997][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.520020][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1062.520066][    C0]  alloc_slab_page+0x5f/0x120
[ 1062.528998][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.534171][    C0]  allocate_slab+0x1c0/0x2f0
[ 1062.540213][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.549946][    C0]  ___slab_alloc+0xcd1/0x14b0
[ 1062.556064][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.560603][    C0]  ? __alloc_skb+0x1c3/0x440
[ 1062.566643][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.571231][    C0]  ? __alloc_skb+0x1c3/0x440
[ 1062.571264][    C0]  __slab_alloc+0x58/0xa0
[ 1062.577228][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.581892][    C0]  ? __alloc_skb+0x1c3/0x440
[ 1062.581928][    C0]  kmem_cache_alloc_node_noprof+0x1fe/0x320
[ 1062.591003][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.595554][    C0]  __alloc_skb+0x1c3/0x440
[ 1062.605876][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.610287][    C0]  ? __pfx___alloc_skb+0x10/0x10
[ 1062.610335][    C0]  synproxy_send_client_synack+0x1ba/0xf30
[ 1062.614653][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.620645][    C0]  ? kasan_quarantine_put+0xdc/0x230
[ 1062.625944][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.631939][    C0]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[ 1062.631979][    C0]  ? synproxy_pernet+0x45/0x270
[ 1062.638111][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.642782][    C0]  nft_synproxy_eval_v4+0x3ca/0x610
[ 1062.642824][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[ 1062.652080][ T8168] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.656760][    C0]  ? nf_ip_checksum+0x13a/0x500
[ 1062.663778][ T8168]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.672371][    C0]  nft_synproxy_do_eval+0x362/0xa60
[ 1062.672425][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[ 1062.672453][    C0]  ? seqcount_lockdep_reader_access+0x1c1/0x220
[ 1062.672495][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.672496][    C0]  ? __pfx_validate_chain+0x10/0x10
[ 1062.672520][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.672521][    C0]  ? seqcount_lockdep_reader_access+0x1c1/0x220
[ 1062.672545][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.672565][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.672568][    C0]  nft_do_chain+0x4ad/0x1da0
[ 1062.672614][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[ 1062.672665][    C1] SLUB: Unable to allocate memory on node -1, gfp=0x920(GFP_ATOMIC|__GFP_ZERO)
[ 1062.672686][    C1]   cache: kmalloc-96, object size: 96, buffer size: 128, default order: 0, min order: 0
[ 1062.672643][    C0]  ? __local_bh_enable_ip+0x168/0x200
[ 1062.672709][    C1]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.672729][    C1]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.672745][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[ 1062.672834][    C0]  nft_do_chain_inet+0x418/0x6b0
[ 1062.672897][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 1062.672926][    C0]  ? ipt_do_table+0x312/0x1860
[ 1062.678252][ T8168]   node 0: slabs: 494, objs: 15808, free: 0
[ 1062.684246][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 1062.684283][    C0]  nf_hook_slow+0xc3/0x220
[ 1062.690630][ T8168]   node 1: slabs: 315, objs: 10080, free: 0
[ 1062.695445][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1062.890889][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1062.896931][    C0]  NF_HOOK+0x29e/0x450
[ 1062.901044][    C0]  ? NF_HOOK+0x9a/0x450
[ 1062.905324][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[ 1062.909943][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1062.915964][    C0]  ? ip_rcv_finish+0x406/0x560
[ 1062.920813][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1062.925941][    C0]  NF_HOOK+0x3a4/0x450
[ 1062.930042][    C0]  ? __lock_acquire+0x1384/0x2050
[ 1062.935105][    C0]  ? NF_HOOK+0x9a/0x450
[ 1062.939284][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[ 1062.944163][    C0]  ? ip_rcv_core+0x801/0xd10
[ 1062.948764][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1062.953898][    C0]  ? __pfx_ip_rcv+0x10/0x10
[ 1062.958520][    C0]  __netif_receive_skb+0x2bf/0x650
[ 1062.963729][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1062.968795][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[ 1062.974445][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1062.980463][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1062.985601][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1062.990893][    C0]  process_backlog+0x662/0x15b0
[ 1062.995768][    C0]  ? process_backlog+0x33b/0x15b0
[ 1063.000837][    C0]  ? __pfx_process_backlog+0x10/0x10
[ 1063.006133][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1063.012255][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1063.018633][    C0]  __napi_poll+0xcb/0x490
[ 1063.023030][    C0]  net_rx_action+0x89b/0x1240
[ 1063.027746][    C0]  ? __pfx_net_rx_action+0x10/0x10
[ 1063.032898][    C0]  ? sched_balance_domains+0x91b/0xa90
[ 1063.038493][    C0]  ? sched_balance_domains+0x1b2/0xa90
[ 1063.044139][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1063.050583][    C0]  handle_softirqs+0x2c5/0x980
[ 1063.055477][    C0]  ? do_softirq+0x11b/0x1e0
[ 1063.060010][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1063.065370][    C0]  do_softirq+0x11b/0x1e0
[ 1063.069724][    C0]  </IRQ>
[ 1063.072665][    C0]  <TASK>
[ 1063.075603][    C0]  ? __pfx_do_softirq+0x10/0x10
[ 1063.080483][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[ 1063.086150][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1063.090946][    C0]  __local_bh_enable_ip+0x1bb/0x200
[ 1063.096162][    C0]  ? neigh_periodic_work+0xb35/0xd50
[ 1063.101634][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1063.107374][    C0]  ? neigh_destroy+0x423/0x580
[ 1063.112691][    C0]  neigh_periodic_work+0xb35/0xd50
[ 1063.117849][    C0]  ? process_scheduled_works+0x945/0x1830
[ 1063.123611][    C0]  process_scheduled_works+0xa2c/0x1830
[ 1063.129304][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1063.135313][    C0]  ? assign_work+0x364/0x3d0
[ 1063.139973][    C0]  worker_thread+0x870/0xd30
[ 1063.144637][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1063.150572][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1063.155668][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1063.160808][    C0]  kthread+0x2f0/0x390
[ 1063.164988][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1063.170127][    C0]  ? __pfx_kthread+0x10/0x10
[ 1063.174740][    C0]  ret_from_fork+0x4b/0x80
[ 1063.179222][    C0]  ? __pfx_kthread+0x10/0x10
[ 1063.183852][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1063.188668][    C0]  </TASK>
[ 1063.192020][    C0] Mem-Info:
[ 1063.195276][    C0] active_anon:2008 inactive_anon:2189 isolated_anon:0
[ 1063.195276][    C0]  active_file:14597 inactive_file:1066 isolated_file:0
[ 1063.195276][    C0]  unevictable:768 dirty:3 writeback:0
[ 1063.195276][    C0]  slab_reclaimable:5062 slab_unreclaimable:1476927
[ 1063.195276][    C0]  mapped:17368 shmem:1261 pagetables:615
[ 1063.195276][    C0]  sec_pagetables:0 bounce:0
[ 1063.195276][    C0]  kernel_misc_reclaimable:0
[ 1063.195276][    C0]  free:19443 free_pcp:242 free_cma:0
[ 1063.240567][    C0] Node 0 active_anon:8032kB inactive_anon:8756kB active_file:58368kB inactive_file:4248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:69472kB dirty:12kB writeback:0kB shmem:3508kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10320kB pagetables:2448kB sec_pagetables:0kB all_unreclaimable? no
[ 1063.273021][    C0] Node 1 active_anon:0kB inactive_anon:0kB active_file:20kB inactive_file:16kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:12kB sec_pagetables:0kB all_unreclaimable? no
[ 1063.303389][    C0] Node 0 DMA free:9952kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:100kB local_pcp:52kB free_cma:0kB
[ 1063.331127][    C0] lowmem_reserve[]: 0 2467 2468 0 0
[ 1063.336479][    C0] Node 0 DMA32 free:39496kB boost:77008kB min:111236kB low:119792kB high:128348kB reserved_highatomic:26624KB active_anon:8032kB inactive_anon:8916kB active_file:57872kB inactive_file:4240kB unevictable:1536kB writepending:12kB present:3129332kB managed:2554500kB mlocked:0kB bounce:0kB free_pcp:332kB local_pcp:192kB free_cma:0kB
[ 1063.367560][    C0] lowmem_reserve[]: 0 0 0 0 0
[ 1063.372439][    C0] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:480kB inactive_file:8kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1063.399239][    C0] lowmem_reserve[]: 0 0 0 0 0
[ 1063.404129][    C0] Node 1 Normal free:93884kB boost:0kB min:55660kB low:69572kB high:83484kB reserved_highatomic:43008KB active_anon:0kB inactive_anon:0kB active_file:20kB inactive_file:16kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:676kB local_pcp:512kB free_cma:0kB
[ 1063.433640][    C0] lowmem_reserve[]: 0 0 0 0 0
[ 1063.438467][    C0] Node 0 DMA: 0*4kB 2*8kB (M) 1*16kB (U) 2*32kB (UM) 2*64kB (UM) 2*128kB (UM) 1*256kB (M) 2*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 1*4096kB (M) = 9952kB
[ 1063.454161][    C0] Node 0 DMA32: 30*4kB (UH) 84*8kB (UH) 88*16kB (UH) 143*32kB (UH) 79*64kB (UH) 110*128kB (UH) 10*256kB (UH) 6*512kB (UH) 11*1024kB (UH) 6*2048kB (UH) 0*4096kB = 55096kB
[ 1063.471594][    C0] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1063.483270][    C0] Node 1 Normal: 115*4kB (U) 123*8kB (U) 98*16kB (U) 233*32kB (U) 136*64kB (U) 70*128kB (UH) 24*256kB (U) 23*512kB (U) 17*1024kB (U) 16*2048kB (UH) 5*4096kB (H) = 116708kB
[ 1063.500977][    C0] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1063.510636][    C0] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[ 1063.520009][    C0] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1063.529658][    C0] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1063.539041][    C0] 16926 total pagecache pages
[ 1063.543767][    C0] 0 pages in swap cache
[ 1063.548046][    C0] Free swap  = 124544kB
[ 1063.552302][    C0] Total swap = 124996kB
[ 1063.556496][    C0] 2097051 pages RAM
[ 1063.560395][    C0] 0 pages HighMem/MovableOnly
[ 1063.565099][    C0] 427088 pages reserved
[ 1063.569328][    C0] 0 pages cma reserved
[ 1076.070520][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1076.244956][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1076.255087][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1076.264567][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1076.273289][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1076.281053][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1076.780149][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1076.798597][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1076.809726][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1076.819495][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1076.827404][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1076.835144][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1077.009416][T12154] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1077.021400][T12154] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1077.030045][T12154] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1077.039420][T12154] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1077.049282][T12154] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1077.056838][T12154] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1077.423012][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1077.436162][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1077.445444][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1077.458077][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1077.467089][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1077.475825][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1078.242331][   T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1078.253994][   T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1078.263236][   T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1078.274882][   T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1078.289153][   T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1078.299414][   T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1078.468533][   T55] Bluetooth: hci0: command tx timeout
[ 1078.938753][   T55] Bluetooth: hci1: command tx timeout
[ 1079.178609][   T55] Bluetooth: hci2: command tx timeout
[ 1079.578821][   T55] Bluetooth: hci3: command tx timeout
[ 1080.379062][   T55] Bluetooth: hci4: command tx timeout
[ 1080.538591][   T55] Bluetooth: hci0: command tx timeout
[ 1081.018603][   T55] Bluetooth: hci1: command tx timeout
[ 1081.258580][   T55] Bluetooth: hci2: command tx timeout
[ 1081.658767][   T55] Bluetooth: hci3: command tx timeout
[ 1082.330324][T12154] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1082.342751][T12154] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1082.351628][T12154] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1082.363985][T12154] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1082.378717][T12154] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1082.390051][T12154] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1082.458732][T12154] Bluetooth: hci4: command tx timeout
[ 1082.618555][T12154] Bluetooth: hci0: command tx timeout
[ 1083.098517][T12154] Bluetooth: hci1: command tx timeout
[ 1083.338661][T12154] Bluetooth: hci2: command tx timeout
[ 1083.741601][T12154] Bluetooth: hci3: command tx timeout
[ 1084.458742][T12154] Bluetooth: hci5: command tx timeout
[ 1084.543201][T12154] Bluetooth: hci4: command tx timeout
[ 1084.698747][T12154] Bluetooth: hci0: command tx timeout
[ 1085.178519][T12154] Bluetooth: hci1: command tx timeout
[ 1085.418588][T12154] Bluetooth: hci2: command tx timeout
[ 1085.828475][T12154] Bluetooth: hci3: command tx timeout
[ 1086.538609][T12154] Bluetooth: hci5: command tx timeout
[ 1086.619249][T12154] Bluetooth: hci4: command tx timeout
[ 1088.618496][T12154] Bluetooth: hci5: command tx timeout
[ 1090.698739][T12154] Bluetooth: hci5: command tx timeout
[ 1111.578974][   T30] INFO: task syz-executor:11488 blocked for more than 143 seconds.
[ 1111.586964][   T30]       Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[ 1111.648406][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1111.698442][   T30] task:syz-executor    state:D stack:20816 pid:11488 tgid:11488 ppid:1      flags:0x00004002
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1111.811425][   T30] Call Trace:
[ 1111.814861][   T30]  <TASK>
[ 1111.817919][   T30]  __schedule+0x1800/0x4a60
[ 1111.878886][   T30]  ? __pfx___schedule+0x10/0x10
[ 1111.883844][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1111.938434][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[ 1111.944001][   T30]  ? schedule+0x90/0x320
[ 1111.948294][   T30]  schedule+0x14b/0x320
[ 1112.035209][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1112.068617][   T30]  __mutex_lock+0x6a4/0xd70
[ 1112.073232][   T30]  ? __mutex_lock+0x527/0xd70
[ 1112.077968][   T30]  ? tun_chr_close+0x3b/0x1b0
[ 1112.173499][   T30]  ? __pfx___mutex_lock+0x10/0x10
[ 1112.218429][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1112.224876][   T30]  tun_chr_close+0x3b/0x1b0
[ 1112.288504][   T30]  ? __pfx_tun_chr_close+0x10/0x10
[ 1112.293725][   T30]  __fput+0x23f/0x880
[ 1112.297837][   T30]  task_work_run+0x24f/0x310
[ 1112.365656][   T30]  ? __pfx_task_work_run+0x10/0x10
[ 1112.398420][   T30]  ? do_exit+0xa2a/0x27f0
[ 1112.402836][   T30]  ? kmem_cache_free+0x145/0x350
[ 1112.407926][   T30]  do_exit+0xa2f/0x27f0
[ 1112.458481][   T30]  ? __pfx_do_exit+0x10/0x10
[ 1112.463157][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1112.518431][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1112.524868][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1112.576287][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1112.603021][   T30]  do_group_exit+0x207/0x2c0
[ 1112.607747][   T30]  __x64_sys_exit_group+0x3f/0x40
[ 1112.638666][   T30]  x64_sys_call+0x2634/0x2640
[ 1112.643471][   T30]  do_syscall_64+0xf3/0x230
[ 1112.648033][   T30]  ? clear_bhb_loop+0x35/0x90
[ 1112.699580][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.705716][   T30] RIP: 0033:0x7fefd8b7def9
[ 1112.748468][   T30] RSP: 002b:00007fefd8e5ebb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[ 1112.756984][   T30] RAX: ffffffffffffffda RBX: 00007fefd8bf0a39 RCX: 00007fefd8b7def9
[ 1112.818434][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[ 1112.826668][   T30] RBP: 000000000000006b R08: 00007fefd8e5c955 R09: 00007fefd8e5fe00
[ 1112.881721][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fefd8e5fe00
[ 1112.927588][   T30] R13: 00007fefd8bf0a14 R14: 00000000000d9538 R15: 00007fefd8e5fe40
[ 1112.950285][   T30]  </TASK>
[ 1112.965917][   T30] 
[ 1112.965917][   T30] Showing all locks held in the system:
[ 1112.988518][   T30] 4 locks held by kworker/0:0/8:
[ 1112.993540][   T30] 4 locks held by kworker/u8:0/11:
[ 1113.027007][   T30]  #0: ffff88802524c148 ((wq_completion)wg-kex-wg2#47){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.058626][   T30]  #1: ffffc90000107d00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1113.118456][   T30]  #2: ffff8880590e9248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x120/0xf30
[ 1113.151015][   T30]  #3: ffff88805faa1f58 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x132/0xf30
[ 1113.179175][   T30] 4 locks held by kworker/1:0/25:
[ 1113.184279][   T30]  #0: ffff888032801948 ((wq_completion)wg-kex-wg0#42){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.215109][   T30]  #1: ffffc900001f7d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1113.270509][   T30]  #2: ffff888071eb1248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x156/0xf70
[ 1113.305166][   T30]  #3: ffff8880392b1f58 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x8e3/0xf70
[ 1113.333103][   T30] 1 lock held by khungtaskd/30:
[ 1113.338029][   T30]  #0: ffffffff8e938a60 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1113.358483][   T30] 4 locks held by kworker/1:1/52:
[ 1113.363636][   T30]  #0: ffff88806060d148 ((wq_completion)wg-kex-wg2#38){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.401460][   T30]  #1: ffffc90000bc7d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1113.458221][   T30]  #2: ffff888068f99248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x156/0xf70
[ 1113.492208][   T30]  #3: ffff888032a4d798 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x8e3/0xf70
[ 1113.518477][   T30] 4 locks held by kworker/0:2/944:
[ 1113.523701][   T30] 4 locks held by kworker/u8:7/2499:
[ 1113.555915][   T30]  #0: ffff88805b842148 ((wq_completion)wg-kex-wg2#41){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.586655][   T30]  #1: ffffc90009527d00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1113.621316][   T30]  #2: ffff888068211248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x120/0xf30
[ 1113.643070][   T30]  #3: ffff8880392b3b78 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x132/0xf30
[ 1113.683091][   T30] 3 locks held by kworker/u8:9/2528:
[ 1113.688685][   T30]  #0: ffff88802fcad148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.723332][   T30]  #1: ffffc90009877d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1113.737634][   T30]  #2: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[ 1113.767753][   T30] 1 lock held by klogd/4672:
[ 1113.778500][   T30] 2 locks held by getty/4985:
[ 1113.783245][   T30]  #0: ffff8880239900a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1113.815750][   T30]  #1: ffffc900031232f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[ 1113.845348][   T30] 2 locks held by kworker/0:3/5229:
[ 1113.857578][   T30] 4 locks held by kworker/0:4/5275:
[ 1113.875656][   T30] 7 locks held by kworker/0:5/5276:
[ 1113.888302][   T30] 4 locks held by kworker/0:6/5277:
[ 1113.893712][   T30] 3 locks held by kworker/0:7/5280:
[ 1113.918481][   T30] 4 locks held by kworker/1:5/5296:
[ 1113.928427][   T30]  #0: ffff8880670f0948 ((wq_completion)wg-kex-wg2#42){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1113.965687][   T30]  #1: ffffc900048d7d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.027241][   T30]  #2: ffff888068211248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x156/0xf70
[ 1114.054546][   T30]  #3: ffff8880392b3b78 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x844/0xf70
[ 1114.108482][   T30] 3 locks held by kworker/1:7/5992:
[ 1114.128937][   T30]  #0: ffff88806e6ab948 ((wq_completion)wg-kex-wg2#48){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1114.164332][   T30]  #1: ffffc900047d7d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.205033][   T30]  #2: ffff88805faa1f58 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_begin_session+0x36/0xb80
[ 1114.236408][   T30] 4 locks held by kworker/u8:12/8168:
[ 1114.244719][   T30]  #0: ffff88807582c148 ((wq_completion)wg-kex-wg2#37){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1114.276360][   T30]  #1: ffffc90003f97d00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.297056][   T30]  #2: ffff888068f99248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x120/0xf30
[ 1114.328425][   T30]  #3: ffff888032a4d798 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x132/0xf30
[ 1114.355762][   T30] 4 locks held by kworker/u8:15/8730:
[ 1114.368469][   T30]  #0: ffff88808b8a3948 ((wq_completion)wg-kex-wg2#45){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1114.404362][   T30]  #1: ffffc90004befd00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.427733][   T30]  #2: ffff88804b629248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x120/0xf30
[ 1114.455513][   T30]  #3: ffff888032a4b218 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x132/0xf30
[ 1114.480643][   T30] 4 locks held by kworker/0:9/8733:
[ 1114.486012][   T30] 1 lock held by syz-executor/11439:
[ 1114.508446][   T30]  #0: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[ 1114.517578][   T30] 4 locks held by kworker/0:10/11479:
[ 1114.548536][   T30] 2 locks held by kworker/0:11/11480:
[ 1114.553989][   T30] 1 lock held by syz-executor/11483:
[ 1114.578573][   T30]  #0: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[ 1114.603915][   T30] 1 lock held by syz-executor/11488:
[ 1114.609430][   T30]  #0: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[ 1114.644807][   T30] 1 lock held by syz-executor/11831:
[ 1114.650298][   T30]  #0: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[ 1114.675535][   T30] 1 lock held by syz.0.1557/12123:
[ 1114.695891][   T30]  #0: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[ 1114.724395][   T30] 4 locks held by kworker/1:4/12151:
[ 1114.731545][   T30]  #0: ffff888027e56d48 ((wq_completion)wg-kex-wg0#46){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1114.758592][   T30]  #1: ffffc90003d8fd00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.827173][   T30]  #2: ffff88807e141248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x156/0xf70
[ 1114.856718][   T30]  #3: ffff888032fe28b8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x844/0xf70
[ 1114.884787][   T30] 4 locks held by kworker/u8:1/12152:
[ 1114.898419][   T30]  #0: ffff8880257c8948 ((wq_completion)wg-kex-wg0#45){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1114.927072][   T30]  #1: ffffc90003d7fd00 ((work_completion)(&peer->transmit_handshake_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1114.954966][   T30]  #2: ffff88807e141248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x120/0xf30
[ 1114.985830][   T30]  #3: ffff888032fe28b8 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_create_initiation+0x132/0xf30
[ 1114.998675][   T30] 4 locks held by kworker/1:9/12153:
[ 1115.004055][   T30]  #0: ffff88805f602948 ((wq_completion)wg-kex-wg2#46){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1115.052183][   T30]  #1: ffffc90003d57d00 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1115.095323][   T30]  #2: ffff88804b629248 (&wg->static_identity.lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x156/0xf70
[ 1115.150130][   T30]  #3: ffff888032a4b218 (&handshake->lock){++++}-{3:3}, at: wg_noise_handshake_consume_initiation+0x844/0xf70
[ 1115.182388][   T30] 2 locks held by syz-executor/12170:
[ 1115.187931][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.217746][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.232748][   T30] 2 locks held by syz-executor/12174:
[ 1115.253435][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.284564][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.312304][   T30] 2 locks held by syz-executor/12175:
[ 1115.317764][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.327702][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.362051][   T30] 2 locks held by syz-executor/12177:
[ 1115.367521][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.399215][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.427344][   T30] 2 locks held by syz-executor/12179:
[ 1115.433130][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.466375][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.487920][   T30] 2 locks held by syz-executor/12183:
[ 1115.507189][   T30]  #0: ffffffff8fcb5e50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[ 1115.535770][   T30]  #1: ffffffff8fcc2948 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[ 1115.556741][   T30] 
[ 1115.568401][   T30] =============================================
[ 1115.568401][   T30] 
[ 1115.576886][   T30] NMI backtrace for cpu 1
[ 1115.581261][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[ 1115.591456][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1115.601555][   T30] Call Trace:
[ 1115.604872][   T30]  <TASK>
[ 1115.607839][   T30]  dump_stack_lvl+0x241/0x360
[ 1115.612598][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1115.617850][   T30]  ? __pfx__printk+0x10/0x10
[ 1115.622502][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1115.627598][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1115.633103][   T30]  ? _printk+0xd5/0x120
[ 1115.637324][   T30]  ? __pfx__printk+0x10/0x10
[ 1115.641978][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 1115.646993][   T30]  ? __pfx__printk+0x10/0x10
[ 1115.651674][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 1115.656845][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1115.662931][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1115.668975][   T30]  watchdog+0xff4/0x1040
[ 1115.673314][   T30]  ? watchdog+0x1ea/0x1040
[ 1115.677789][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1115.682504][   T30]  kthread+0x2f0/0x390
[ 1115.686614][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1115.691375][   T30]  ? __pfx_kthread+0x10/0x10
[ 1115.696093][   T30]  ret_from_fork+0x4b/0x80
[ 1115.700558][   T30]  ? __pfx_kthread+0x10/0x10
[ 1115.705198][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1115.710120][   T30]  </TASK>
[ 1115.714229][   T30] Sending NMI from CPU 1 to CPUs 0:
[ 1115.720103][    C0] NMI backtrace for cpu 0
[ 1115.720120][    C0] CPU: 0 UID: 0 PID: 5276 Comm: kworker/0:5 Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[ 1115.720142][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1115.720155][    C0] Workqueue: events nsim_dev_trap_report_work
[ 1115.720284][    C0] RIP: 0010:ipt_do_table+0xcaf/0x1860
[ 1115.720310][    C0] Code: b6 04 38 84 c0 0f 85 0b 07 00 00 8b 1b 49 8d 7c 24 08 48 89 f8 48 c1 e8 03 42 80 3c 38 00 74 05 e8 86 22 b6 f7 49 01 5c 24 08 <4c> 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df 80 3c 08 00 74
[ 1115.720328][    C0] RSP: 0018:ffffc90000007520 EFLAGS: 00000212
[ 1115.720344][    C0] RAX: 1ffffd1ffff8ec01 RBX: 0000000000000028 RCX: dffffc0000000000
[ 1115.720358][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffe8ffffc76008
[ 1115.720371][    C0] RBP: ffffc90000007708 R08: ffffffff8a44fb43 R09: 0000000000000000
[ 1115.720385][    C0] R10: ffffc90000007680 R11: fffff52000000ed4 R12: ffffe8ffffc76000
[ 1115.720400][    C0] R13: 1ffff1100bfdee13 R14: ffff88805fef7040 R15: dffffc0000000000
[ 1115.720414][    C0] FS:  0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000
[ 1115.720430][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1115.720443][    C0] CR2: 00005555897115c8 CR3: 000000000e734000 CR4: 00000000003526f0
[ 1115.720460][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1115.720471][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1115.720483][    C0] Call Trace:
[ 1115.720490][    C0]  <NMI>
[ 1115.720500][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[ 1115.720518][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1115.720546][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1115.720564][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1115.720589][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1115.720614][    C0]  ? nmi_handle+0x14f/0x5a0
[ 1115.720631][    C0]  ? nmi_handle+0x2a/0x5a0
[ 1115.720650][    C0]  ? ipt_do_table+0xcaf/0x1860
[ 1115.720672][    C0]  ? default_do_nmi+0x63/0x160
[ 1115.720691][    C0]  ? exc_nmi+0x123/0x1f0
[ 1115.720708][    C0]  ? end_repeat_nmi+0xf/0x53
[ 1115.720734][    C0]  ? ipt_do_table+0xc23/0x1860
[ 1115.720758][    C0]  ? ipt_do_table+0xcaf/0x1860
[ 1115.720780][    C0]  ? ipt_do_table+0xcaf/0x1860
[ 1115.720804][    C0]  ? ipt_do_table+0xcaf/0x1860
[ 1115.720826][    C0]  </NMI>
[ 1115.720832][    C0]  <IRQ>
[ 1115.720852][    C0]  ? ipt_do_table+0x312/0x1860
[ 1115.720875][    C0]  ? __pfx_ipt_do_table+0x10/0x10
[ 1115.720901][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[ 1115.720928][    C0]  ? __pfx_ipt_do_table+0x10/0x10
[ 1115.720949][    C0]  nf_hook_slow+0xc3/0x220
[ 1115.720970][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1115.720998][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1115.721027][    C0]  NF_HOOK+0x29e/0x450
[ 1115.721055][    C0]  ? NF_HOOK+0x9a/0x450
[ 1115.721088][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[ 1115.721115][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 1115.721146][    C0]  ? ip_rcv_finish+0x406/0x560
[ 1115.721164][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1115.721180][    C0]  NF_HOOK+0x3a4/0x450
[ 1115.721206][    C0]  ? __lock_acquire+0x1384/0x2050
[ 1115.721232][    C0]  ? NF_HOOK+0x9a/0x450
[ 1115.721258][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[ 1115.721283][    C0]  ? ip_rcv_core+0x801/0xd10
[ 1115.721300][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1115.721321][    C0]  ? __pfx_ip_rcv+0x10/0x10
[ 1115.721348][    C0]  __netif_receive_skb+0x2bf/0x650
[ 1115.721370][    C0]  ? __pfx_lock_acquire+0x10/0x10
[ 1115.721395][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[ 1115.721413][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1115.721439][    C0]  ? __pfx_lock_release+0x10/0x10
[ 1115.721464][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[ 1115.721498][    C0]  process_backlog+0x662/0x15b0
[ 1115.721521][    C0]  ? process_backlog+0x33b/0x15b0
[ 1115.721546][    C0]  ? __pfx_process_backlog+0x10/0x10
[ 1115.721565][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1115.721591][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1115.721618][    C0]  __napi_poll+0xcb/0x490
[ 1115.721638][    C0]  net_rx_action+0x89b/0x1240
[ 1115.721668][    C0]  ? __pfx_net_rx_action+0x10/0x10
[ 1115.721688][    C0]  ? __pfx_tmigr_handle_remote+0x10/0x10
[ 1115.721725][    C0]  handle_softirqs+0x2c5/0x980
[ 1115.721751][    C0]  ? do_softirq+0x11b/0x1e0
[ 1115.721775][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[ 1115.721825][    C0]  do_softirq+0x11b/0x1e0
[ 1115.721847][    C0]  </IRQ>
[ 1115.721853][    C0]  <TASK>
[ 1115.721860][    C0]  ? __pfx_do_softirq+0x10/0x10
[ 1115.721883][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[ 1115.721910][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1115.721929][    C0]  __local_bh_enable_ip+0x1bb/0x200
[ 1115.721953][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[ 1115.721979][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1115.722003][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[ 1115.722025][    C0]  ? nsim_dev_trap_report_work+0x6a7/0xaa0
[ 1115.722054][    C0]  nsim_dev_trap_report_work+0x75d/0xaa0
[ 1115.722092][    C0]  ? process_scheduled_works+0x945/0x1830
[ 1115.722116][    C0]  process_scheduled_works+0xa2c/0x1830
[ 1115.722153][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1115.722182][    C0]  ? assign_work+0x364/0x3d0
[ 1115.722207][    C0]  worker_thread+0x870/0xd30
[ 1115.722237][    C0]  ? __kthread_parkme+0x169/0x1d0
[ 1115.722264][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1115.722288][    C0]  kthread+0x2f0/0x390
[ 1115.722304][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1115.722329][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.722346][    C0]  ret_from_fork+0x4b/0x80
[ 1115.722372][    C0]  ? __pfx_kthread+0x10/0x10
[ 1115.722388][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1115.722421][    C0]  </TASK>
[ 1116.331556][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.337912][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[ 1116.352270][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1116.359185][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-04557-g2f27fce67173 #0
[ 1116.369379][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[ 1116.379564][   T30] Call Trace:
[ 1116.382878][   T30]  <TASK>
[ 1116.385938][   T30]  dump_stack_lvl+0x241/0x360
[ 1116.390674][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1116.395925][   T30]  ? __pfx__printk+0x10/0x10
[ 1116.400557][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1116.406687][   T30]  ? vscnprintf+0x5d/0x90
[ 1116.411065][   T30]  panic+0x349/0x870
[ 1116.415097][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1116.421296][   T30]  ? __pfx_panic+0x10/0x10
[ 1116.425757][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1116.431268][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1116.436908][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1116.442344][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1116.448560][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1116.454762][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1116.461413][   T30]  watchdog+0x1033/0x1040
[ 1116.465883][   T30]  ? watchdog+0x1ea/0x1040
[ 1116.470368][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1116.475176][   T30]  kthread+0x2f0/0x390
[ 1116.479384][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1116.484122][   T30]  ? __pfx_kthread+0x10/0x10
[ 1116.488766][   T30]  ret_from_fork+0x4b/0x80
[ 1116.493427][   T30]  ? __pfx_kthread+0x10/0x10
[ 1116.498067][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1116.502915][   T30]  </TASK>
[ 1116.506275][   T30] Kernel Offset: disabled
[ 1116.510752][   T30] Rebooting in 86400 seconds..