last executing test programs:

8.650588747s ago: executing program 3 (id=1609):
r0 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = dup(r3)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
close_range(r0, 0xffffffffffffffff, 0x0)

8.446441765s ago: executing program 3 (id=1610):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d2, &(0x7f0000000340)=ANY=[@ANYBLOB="120100008b216740420709204661010203010902c002010000000009047500efd08de70009050201ff030c0207cb10407a382b84ff1b34cd2ee206df4454f2529eb325760bada00a71f67aefe45f30eb1a82ea2568d765ddf9c4f6cf9d15cdf7897994aae055d3f4654ab18eec5d2ff8f276191defe778db9f063699e57d00e9bd9aa03da6c10d298998004b93eaf6ca5c2a57018daf8e85392ce15baa386cfdf692b68fac0ede1e5313b09c9e13e40b67973376e559125fe4d64c2c3e4927f4ad48743ed8f5fca66abf95b6da7af76b89333470ad9808c6e3f64e87ff6ca2fdd8f9fbd5df7edf83dc9a106f39d89d5f70b43047081a08a86e0a6ccee3d0114be47cd02772f9397c837398d537d76775a2ea84aca894132f89411455354c7d32ca5e23ac1fdf7e052b486de0e97574ca0a751214c8689a25a573a50cdca9552447a34ad28c74cb934f2798a646ac694c7c"], 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000480)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00'])

7.127688096s ago: executing program 3 (id=1620):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x113081, 0x0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)={[&(0x7f0000000740)=',[\x00*\xf6Z\xb3\'\x98NU\xb6\x02\xe5\xfd\xed\x96\xf2.\x11\x1e\xf8\xe4\xba\xa9\xe2mD\x15\x9f\xdb\xe9_\xf9\x00oe\xbcm}\\\x06^\x0e<\x9c\x9cmM\xa0\x18z\xed\x05PC\xf5|#R\x18!\x88E\x9bt\xdeWr\xfb{\x87\xfeN\xa1\xe5\b\x01\xae-P\x1d\xc2k\x1cJ\x91\xc2h\xf5\x01\xc8\x14\xfe\xdd\xd7\xfc\xa6\xba//%{S+\xc6w;\x14\xae\xc1\x02\xfc\xd3\x98 \xb0R\xa68\xd3\x9a\xcd\xe0{\xff\x0fV\x8a\xdd\xf4]\xc8\xe3\xcc\xbav\x1e&\xf4\x9f\xb3n\xd2k\x92\xcd=\x03\xfc\x14x\xac\xe7\xd0cJ\xf1t\xc1\xce0\x19\bFs\x00\x17\x1e\xe1\xc7o\x96\r\xcdHD\x1c<\x11\xe3\x99v\xbc\xfb\xf3 \xe1\xf9\xa7\xab\xad\r\xe8', &(0x7f0000000040)='/dev/kvm\x00', &(0x7f0000000100)='#\x00', &(0x7f0000000380)='}\x00\xe3d\'I\x95g d\xfd\xc1\xc3\xb1\xd0\"\xe8_/\xae\'(\x9e\xea\xb9sx\xe6\x82s\x9e\xa3=\xfb\xb2z\xf6\xfa\a\xac\xef\x1b\xbb\xef\x94\x98', &(0x7f0000000180)='/dev/kvm\x00', &(0x7f00000003c0)='/dev/kvm\x00\xc7Bb\xa7\x7f\x141\xe5m(\x00\x00\x0f$|\xc8*\xd9VP\xe7%p\xaf\xa2\xf7\xb8J\xba\xaaa3rK\xcd\xbecHu\f\x1bk\xdb>DYbw\xe1E\x90E\r\x1c\xf4\x91\x88\xa4\xae\x15X\x1f\xad\xbdNq\x9aL\x90\x8c\xafz\xea\x89u\xc7\x1b\xb0`\xfdM\x89\x90\xde<h0\xb0:\x92\x00c\xa6\x8d\x16\xaf\xea\t*l\xf5\x8e6\x88\x17<\xf0\xc4(\x95\xb5BE\xb7\x8e\x1a\xf2Oo\xb9\xc1\x0e\\Ld\xba\b\xad\xc4\x0e\xc4.h\xb6\x85\x90\xf6\xef\xf3\xb6J\xb6\x18\x7fBNm\x90\xeb\xee\x01N\xa3\xc1\xd1\xac\xe6\xdd\x84\x84\x87\x8f\xf6\xb8y\xa0\xbc5\x1b\xfa\xb5i\xaa\x05\x1d\xb1\x85\xec\xde|\xa4\xff\x93V\x98\xe4\x8fCE\xa3\x1f\x94m\xdc\xec\xc4\xbe\x9e\xf0&\xbf\x9dH4|m\xa1a\x1b\xba\xabb\xf7\x18\xbf\xe6\x18\xd5\xfa\b\x7f% \'\xc9\xfc\x12\xef\xda\xd6R\x0f\xd8*\xe6Q\xbd\x85\x1f\xd7|x\xe5\xa6\xdc2\xec>\xb1\xd7\x14P\x17\xab0\x82\xf6\xef\xec\xdf_\xd3\xb4\xaa\xfd\x13\x00t\xc0\xf1\xa0S\xa2V\xba\x9c', &(0x7f0000000200)='\x0e\x04\\\xd0^', &(0x7f0000000240)='/dev/kvm\x00']}, &(0x7f0000000340)={[&(0x7f0000000300)='/dev/kvm\x00']})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES64=r1], 0x10)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[], 0x24}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
mremap(&(0x7f00004ed000/0x1000)=nil, 0x1000, 0xffffffffffdfffff, 0x3, &(0x7f000082a000/0x400000)=nil)
sendmsg$nl_xfrm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
syz_emit_vhci(0x0, 0x22)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRESOCT, @ANYRESOCT=r3, @ANYRES16=r0, @ANYRES32=r0, @ANYBLOB, @ANYRESHEX], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000600)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000a40)=ANY=[], 0x254}, 0x1, 0x0, 0x0, 0x20040080}, 0x40)
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r7 = syz_io_uring_setup(0xd1, &(0x7f0000000500)={0x0, 0x6994, 0x80, 0x5, 0x335}, &(0x7f0000000840)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/224, 0xe0}], 0x1})
io_uring_enter(r7, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r10, 0xc0505510, &(0x7f0000000100)={0xffffffff, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route(r2, 0x0, 0x4000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)

6.918635081s ago: executing program 3 (id=1622):
r0 = socket$tipc(0x1e, 0x2, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
r2 = syz_open_dev$video(0x0, 0x0, 0x0)
ioctl$VIDIOC_PREPARE_BUF(r2, 0xc0585611, 0x0)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040), 0x80c2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000240), 0x208e24b)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r4, 0x0)

6.414594563s ago: executing program 3 (id=1625):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) (async)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) (async)
io_uring_setup(0x5237, &(0x7f00000002c0)) (async, rerun: 64)
ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) (async, rerun: 64)
close_range(r0, 0xffffffffffffffff, 0x0) (async)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000c00)={{0x12, 0x1, 0x0, 0xe3, 0x3e, 0x50, 0x10, 0x2c42, 0x16f8, 0x468b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x69, 0x2d, 0xaf, 0x9, [], [{{0x9, 0x5, 0x4}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r1, &(0x7f0000000140)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) (async)
syz_usb_control_io(r1, 0x0, 0x0)

4.266439021s ago: executing program 0 (id=1638):
socket$nl_netfilter(0x10, 0x3, 0xc)
mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000481000/0x1000)=nil)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ptype\x00')
read$FUSE(r1, &(0x7f0000004300)={0x2020}, 0x2020)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000481000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/32, 0x20, 0x1, &(0x7f0000000040)=""/87, 0x57}, &(0x7f00000001c0)=0x40)
setsockopt$inet_mreq(r0, 0x0, 0x7, &(0x7f00000002c0)={@broadcast, @private=0xa010100}, 0x8)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
setrlimit(0x40000000000008, &(0x7f0000000000))
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, <r3=>0x0}, &(0x7f0000000280)=0x5)
setresuid(0x0, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = io_uring_setup(0x1694, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000100)=[{0x0}], 0x1)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000002700)=""/4096, 0x1a00}], 0x0, 0x1}, 0x20)

4.266099496s ago: executing program 0 (id=1639):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007ed, &(0x7f0000008400)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x43}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000400)='illinois\x00', 0x9)
write$binfmt_elf64(r1, &(0x7f0000000040)=ANY=[], 0xa89)
sendto$inet(r1, &(0x7f0000000300)="a3", 0x1, 0x2c091, 0x0, 0x0)
syz_emit_ethernet(0x52, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa4e9c4bc0626aa8cd8c2957d70f5a92001c0600fe8000000000001c00000000000000bbfe8000000008000000000000000000aa3b6de90c6af363ca4500462200"/82, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5408000090780000"], 0x0)

3.721253551s ago: executing program 4 (id=1645):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x49, &(0x7f00000001c0)=0x5, 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000001500)=ANY=[@ANYRES32=r0, @ANYRESOCT=r0, @ANYRES64=r0, @ANYRES16=<r1=>0xffffffffffffffff], 0x0)
r2 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl2\x00', <r3=>0x0, 0x700, 0x7800, 0x4d9, 0x0, {{0x13, 0x4, 0x0, 0x9, 0x4c, 0x67, 0x0, 0x0, 0x29, 0x0, @private=0xa010100, @broadcast, {[@cipso={0x86, 0x36, 0x0, [{0x0, 0x12, "951708634542e80f536d5fcc8f0579e0"}, {0x1, 0x8, "6d515365830b"}, {0x0, 0x4, "e54a"}, {0x1, 0x12, "3dba7e00df022c11b983fb4de63e8db7"}]}]}}}}})
sendto$packet(r2, &(0x7f0000000280)="f7d26f8ba93a3396c400f61eba454b715cb86fe373ed99ea268f29b9256f33deef2dc0d6bf19ecfdfe9bb467ffaffd7b7e514bb7eb1d903b7b9301406206d6e26aea38a77f843907eef34dea46d5c29fee74babf56cce77d9298cd8b8b511da18c38a64b76c60794d3bd44eb852ba87ec961c8d97db5306541ebe2e2bc30fb3cc87be49286bb4eb536bced53a52edfabbd1392e77605f67a11c88211e0797fc3d8e2525831d67989ccdd1122914b5575f3496e0be961dd64e8cedb5a6fe07f4fd83d0271fd51b3480df8e8406d53707c42ca2783da2fd3c39da4b7", 0xdb, 0x4, &(0x7f0000000380)={0x11, 0xfd, r3, 0x1, 0x80, 0x6, @local}, 0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000003840), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1, @ANYRES16], 0x14c}, 0x1, 0x0, 0x0, 0x24040014}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_XSAVE(r7, 0x5000aea5, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
msgctl$IPC_SET(0x0, 0x1, 0x0)
r8 = socket$inet6(0xa, 0x400000000001, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r8, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000440), 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xbc, 0x0, 0x7})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x4d, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

3.630382103s ago: executing program 2 (id=1647):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_usb_connect(0x0, 0x2d2, &(0x7f0000000340)=ANY=[@ANYBLOB="120100008b216740420709204661010203010902c002010000000009047500efd08de70009050201ff030c0207cb10407a382b84ff1b34cd2ee206df4454f2529eb325760bada00a71f67aefe45f30eb1a82ea2568d765ddf9c4f6cf9d15cdf7897994aae055d3f4654ab18eec5d2ff8f276191defe778db9f063699e57d00e9bd9aa03da6c10d298998004b93eaf6ca5c2a57018daf8e85392ce15baa386cfdf692b68fac0ede1e5313b09c9e13e40b67973376e559125fe4d64c2c3e4927f4ad48743ed8f5fca66abf95b6da7af76b89333470ad9808c6e3f64e87ff6ca2fdd8f9fbd5df7edf83dc9a106f39d89d5f70b43047081a08a86e0a6ccee3d0114be47cd02772f9397c837398d537d76775a2ea84aca894132f89411455354c7d32ca5e23ac1fdf7e052b486de0e97574ca0a751214c8689a25a573a50cdca9552447a34ad28c74cb934f2798a646ac694c7c"], 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000480)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00'])

3.451887747s ago: executing program 4 (id=1648):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x44, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}, @TCA_RATE={0x6, 0x5, {0xd, 0x4}}, @TCA_RATE={0x6}]}, 0x44}}, 0x4000001)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2051502}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x2, 0x9, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFCTH_STATUS={0x8, 0x6, 0x1, 0x0, 0x1}, @NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_QUEUE_NUM={0x8, 0x3, 0x1, 0x0, 0x8000}]}, 0x30}}, 0x4000)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
ioctl$KVM_SET_MSRS(r6, 0xc048aeca, &(0x7f0000000200)=ANY=[@ANYRES16])
setsockopt$TIPC_DEST_DROPPABLE(r6, 0x10f, 0x81, &(0x7f0000000000)=0xf8f8, 0x4)
sendto(r2, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r7, 0xc0cc5615, &(0x7f0000000100)={0x8})

3.403291296s ago: executing program 0 (id=1649):
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x8008000000010, &(0x7f00000000c0)="02000000020001000003be8c5ee1768810003c08030300ecff3f000000030000980000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfcceb", 0x90)
request_key(&(0x7f0000000080)='pkcs7_test\x00', &(0x7f0000000580)={'syz', 0x1}, &(0x7f00000005c0)='\x00', 0x0)
request_key(&(0x7f0000000540)='id_legacy\x00', &(0x7f0000000580)={'syz', 0x2}, 0x0, 0xffffffffffffffff)

3.306540564s ago: executing program 0 (id=1650):
io_setup(0x3, &(0x7f0000000140)=<r0=>0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000)
io_submit(r0, 0x1, &(0x7f0000000100)=[&(0x7f0000000840)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000000))

3.305624093s ago: executing program 4 (id=1651):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000340)={0x40, 0xf, 0x1, 'V'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000780)={0x2c, &(0x7f0000000580)={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) (async)
bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
recvmsg(r1, &(0x7f0000002840)={0x0, 0x0, &(0x7f0000002700)=[{&(0x7f00000004c0)=""/155, 0x9b}], 0x1, &(0x7f0000002780)=""/140, 0x8c}, 0x100)
r2 = socket$tipc(0x1e, 0x5, 0x0)
fchdir(0xffffffffffffffff)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
dup3(r3, 0xffffffffffffffff, 0x0)
syz_open_pts(0xffffffffffffffff, 0x1ab000)
sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)="e0", 0x1}], 0x1, 0x0, 0x0, 0x20048045}, 0x40)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000007c0)={0x1c, &(0x7f0000000900)={0x0, 0x9, 0x98, "2c1bdef06e68af1af43a74ed96221aa493620f1249a8212860ff1c2582e4783763ecdf9b1e6965d211a865eae4be57ebd74cd959905a8913f7eb147b42ffe465ab6d3280eecbdcea80b0b22a477dc3bc41c3887f0622a02c7ecef02ead53b6deca6584832370c6098acd0e7dd3d84f8b65c46941646e940ffe9bcaf0f4c2d97c261e4689ffd789bf1213a24bec8698ca0d56c72ab7bb219b"}, 0x0, 0x0})
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008000a00040e00000800090000a800000800070000000000080008"], 0x4c}}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x85ad, 0x0)

3.218443397s ago: executing program 0 (id=1652):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e0000000000000000001800028008000200110011"], 0x44}}, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, r3, 0x8, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_IRQ={0x8, 0x5, 0x2}, @ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x9c}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}, @ETHTOOL_A_COALESCE_PKT_RATE_HIGH={0x8, 0x12, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x40000c0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x58, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000010}, 0x80)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
sendto$inet6(r6, 0x0, 0x0, 0x20008845, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x18)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r6, 0x894b, &(0x7f0000000380))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(r10, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r9, @ANYBLOB="1400060064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0)
ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xc1)

3.043914956s ago: executing program 0 (id=1653):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0)
unshare(0x60400)
socket(0x40000000015, 0x5, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001280), 0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000003c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_KEY(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="210500000000000000004a00000008000300", @ANYRES32=r8], 0x28}, 0x1, 0x0, 0x0, 0x40050}, 0x4000)
read(r5, 0x0, 0x0)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x10000000000002)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
close(r10)
ioctl$KVM_X86_SET_MCE(r2, 0x4040ae9e, &(0x7f0000000100)={0x1400000000000000, 0x3000, 0x1, 0x7, 0xf})
syz_io_uring_complete(0x0)

2.257396443s ago: executing program 1 (id=1656):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000dc0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070000000850000009e000000"], &(0x7f0000000d80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r1}, 0x10) (async)
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0) (async)
ioctl$USBDEVFS_FORBID_SUSPEND(r2, 0x5521) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x8, 0x8, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000840)=@mangle={'mangle\x00', 0x10, 0x6, 0x660, 0x3f8, 0x3f8, 0x300, 0x0, 0x0, 0x608, 0x608, 0x608, 0x608, 0x300, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x4e8}}, {{@uncond, 0x0, 0x208, 0x230, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@remote, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast1, @private1, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, @loopback, @mcast1]}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x4e8}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00'}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@broadcast}}}, {{@ipv6={@mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'wg1\x00', 'vxcan1\x00'}, 0x0, 0xa8, 0xd0}, @HL={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6c0)
pidfd_getfd(0xffffffffffffffff, r2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x6}, 0x0) (async)
r4 = socket(0x10, 0x803, 0x4) (async)
timer_create(0x3, &(0x7f0000000080)={0x0, 0x0, 0x1}, &(0x7f0000000200)) (async)
clock_gettime(0x1, &(0x7f0000000100)={0x0, <r5=>0x0})
setitimer(0x1, &(0x7f00000001c0)={{0x77359400}, {0x0, r5/1000+10000}}, 0x0) (async)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x77359400}, {0x0, 0x989680}}, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4)
r6 = socket$nl_route(0x10, 0x3, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="f800000010000100"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000d0001a800c000a80050008000000000068000a8014000700fc01000000000000000000000000000014000700fe8000000000000000000000000000bb05000800000000000500080000000000050008000000000014000700fe8800000000000000000000000000010500080000000000050008000000000058000a80050008"], 0xf8}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2409c0, 0x0) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000406a0515030000000000010902"], 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="080000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/12], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r9, 0x0, 0x0}, 0x20)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

2.225584139s ago: executing program 2 (id=1657):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_group_source_req(r0, 0x0, 0x2a, &(0x7f00000002c0)={0x1, {{0x2, 0x0, @multicast2}}, {{0x2, 0x8001, @initdev={0xac, 0x1e, 0xfd, 0x0}}}}, 0x108)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000180)={0x6, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000440)={0x6, {{0x2, 0x4e24, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, 0x0, 0x0)

2.126392554s ago: executing program 2 (id=1658):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x49, &(0x7f00000001c0)=0x5, 0x4)
syz_emit_ethernet(0x4a, &(0x7f0000001500)=ANY=[@ANYRES32=r0, @ANYRESOCT=r0, @ANYRES64=r0, @ANYRES16=<r1=>0xffffffffffffffff], 0x0)
r2 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000140)={'syztnl2\x00', <r3=>0x0, 0x700, 0x7800, 0x4d9, 0x0, {{0x13, 0x4, 0x0, 0x9, 0x4c, 0x67, 0x0, 0x0, 0x29, 0x0, @private=0xa010100, @broadcast, {[@cipso={0x86, 0x36, 0x0, [{0x0, 0x12, "951708634542e80f536d5fcc8f0579e0"}, {0x1, 0x8, "6d515365830b"}, {0x0, 0x4, "e54a"}, {0x1, 0x12, "3dba7e00df022c11b983fb4de63e8db7"}]}]}}}}})
sendto$packet(r2, &(0x7f0000000280)="f7d26f8ba93a3396c400f61eba454b715cb86fe373ed99ea268f29b9256f33deef2dc0d6bf19ecfdfe9bb467ffaffd7b7e514bb7eb1d903b7b9301406206d6e26aea38a77f843907eef34dea46d5c29fee74babf56cce77d9298cd8b8b511da18c38a64b76c60794d3bd44eb852ba87ec961c8d97db5306541ebe2e2bc30fb3cc87be49286bb4eb536bced53a52edfabbd1392e77605f67a11c88211e0797fc3d8e2525831d67989ccdd1122914b5575f3496e0be961dd64e8cedb5a6fe07f4fd83d0271fd51b3480df8e8406d53707c42ca2783da2fd3c39da4b7", 0xdb, 0x4, &(0x7f0000000380)={0x11, 0xfd, r3, 0x1, 0x80, 0x6, @local}, 0x14)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000003840), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f0000000400)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1, @ANYRES16], 0x14c}, 0x1, 0x0, 0x0, 0x24040014}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_XSAVE(r7, 0x5000aea5, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
msgctl$IPC_SET(0x0, 0x1, 0x0)
r8 = socket$inet6(0xa, 0x400000000001, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(r8, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, 0x0, 0x0, 0x20000008, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000440), 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xbc, 0x0, 0x7})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x4d, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)

2.125945457s ago: executing program 1 (id=1659):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x33, 0x4, 0x0, 0x0, 0xcc, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x401, 0x5, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x5}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x658}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x80}, 0x20000}, {@remote}, {@multicast2, 0x7}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x1040000)

1.871889807s ago: executing program 2 (id=1660):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0xd1, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x1, {[@local=@item_012={0x0, 0x2, 0x9}]}}, 0x0}, 0x0)

1.777290441s ago: executing program 1 (id=1661):
syz_emit_ethernet(0x32, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2b}, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x2, 0x14, 0x24, 0x66, 0x0, 0x2, 0x11, 0x0, @broadcast, @broadcast, {[@noop]}}, {0x4e25, 0x4e22, 0xc, 0x0, @opaque="9ebf40b2"}}}}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x0, 0x1}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0x810}, 0x10, 0x0)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f00000029c0)={0xc, {"a2e3ad214fc7529b1b23090787f70e06d038e7ff7fc6e5539b3273078b089b3b083841090890e0878f0e1ac6e70a9b334a959b689a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31340d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ed30c000000000000040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85824056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000007008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07845754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f5d6d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9ef6d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcdddd754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfbb655548cf99c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad03f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a12810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de0ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac34b308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2dd9bb96e222d8e904f6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39e3313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb9957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
landlock_create_ruleset(&(0x7f0000000100)={0x441}, 0x10, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r6, 0x0, 0x0)
sendmsg$inet6(r6, &(0x7f0000000b00)={&(0x7f0000000840)={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000980)=[{&(0x7f0000000880)="ab7c9ee9caabb396e0299505eb3779372a83105dd7fa259ce91052729aaf71984442e9c146661e784ac1cc0e5259bd5540b67902e17295ca76920b4de25b4ba87850683d8ffa07c935df7c24c43920a35cd2d08b5640e222941774f14efc48e0bc460fadf4801de4bdd4e773adf2d379e1acd786717de6927c98dec7bd9f2dba5150e126e4e32c8980bd2ed45380084976512387d3bac2f2753c0d7d0c06daa70f92585f8ccfd4be9eb5e3a14246c72249d390a76ff07e3564da94d3ae3e0706d0e68a0a", 0xc4}], 0x1, &(0x7f0000000a40)=[@hopopts_2292={{0x88, 0x29, 0x36, {0x2f, 0xd, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @generic={0xff, 0x66, "7cade1e7fd94d8c9ac417b988995c439312cf0c87390358f13b70b2a9849a603b3d820de7939c0ca718a87ed076e71d034e4fea914fe7086938517183bb292350e2550541779fec109fc4b9f06d7cef5b31a0be23ea8447a7f7819503b84f6a87833538a3a84"}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x1}}, @flowinfo={{0x14, 0x29, 0xb, 0x6}}], 0xb8}, 0x8000)
landlock_restrict_self(r6, 0x0)
bind$unix(r3, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x9, 0x3, 0x2d0, 0x0, 0xffffffff, 0xffffffff, 0x148, 0xffffffff, 0x2c8, 0xffffffff, 0xffffffff, 0x2c8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private2={0xfc, 0x2, '\x00', 0x1}, @local, [0xffffffff, 0xffffff00, 0xff000000, 0xff000000], [0xffffff00, 0xff000000, 0xffffff, 0xffffffff], 'bond_slave_0\x00', 'geneve1\x00', {0xff}, {}, 0x0, 0x4, 0xe, 0x42}, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x0, 0x2, 0x1, '\x00', {0x3}}}}, {{@uncond, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xc, 0x8, 0x3, 0xe8b4, 'pptp\x00', 'syz0\x00', {0xaf1}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x330)

1.626565747s ago: executing program 1 (id=1662):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @host}, 0x10)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendto(r2, &(0x7f0000000180)='+', 0x1, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000005cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000004400)=""/211, 0xd3}}, {{0x0, 0x0, &(0x7f0000004600)}}, {{0x0, 0x0, &(0x7f0000005c40)=[{0x0, 0x7}], 0x1}}], 0x3, 0x0, &(0x7f0000005ec0)={0x0, 0x3938700})
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@newqdisc={0x2c, 0x24, 0x800, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xe, 0xf}, {0xd, 0x8}, {0xd, 0x6}}, [@TCA_RATE={0x6, 0x5, {0x5, 0xf2}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40040}, 0x40)
write$binfmt_misc(r1, &(0x7f0000004500), 0x4)

1.584824476s ago: executing program 1 (id=1663):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x3, 0x0, {0x3, 0x3}})
r3 = openat(0xffffffffffffffff, 0x0, 0x501000, 0x0)
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0)
splice(r3, &(0x7f0000000040)=0x9, 0xffffffffffffffff, 0x0, 0x808, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x40)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x40000000, @loopback}}}, 0x108)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
unshare(0x40000000)
syz_usb_connect(0x0, 0x3b, &(0x7f0000000080)=ANY=[@ANYBLOB="120100001b3ebd40d80483009c83010203010902"], 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r5, 0x890b, &(0x7f0000000840)={0x0, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x4, 0x4e22, @rand_addr=0x64010101}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}, 0x184, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)='lo\x00', 0xffffffff})
fanotify_init(0x40, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet6_buf(r4, 0x29, 0x30, 0x0, &(0x7f0000001000))
syz_emit_vhci(&(0x7f0000000500)=ANY=[@ANYBLOB="042c112724000000000000000000000000000000fec5400d3a0b108f96330674f2aeebefe2bf11c96a9dccd137ae2f2dd0bc8a9eca4e680a5cb069c416ca840fe9169eec4955846b959a0e873d"], 0x35)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
mmap(&(0x7f00009fc000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xa1222000)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a98000000060a0b040000000000000000020000006c000480680001800a000100696e6e65720000005800028008000240000000840800034000000007080004400000000f0800014000000000340005800c0001007061796c6f61640024000280080004400000005608000340000000b9080001400000000a08000240000000000900010073797a30000000000900020073797a320000000014004a001100010000000000000000000300000a"], 0xc0}}, 0x0)

1.541249719s ago: executing program 4 (id=1664):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff})
pipe(&(0x7f00000002c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
tee(r1, r2, 0x3, 0x0)
vmsplice(r1, &(0x7f0000000380)=[{&(0x7f0000000000)='*', 0x1}], 0x1, 0x0)
r3 = syz_io_uring_setup(0xd3f, &(0x7f0000000880)={0x0, 0x0, 0x80}, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000300)=<r5=>0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newlink={0x38, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_LINKAT={0x27, 0x50, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x400})
io_uring_enter(r3, 0x6a8d, 0x0, 0xa, 0x0, 0x0)

632.881211ms ago: executing program 4 (id=1665):
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
syz_open_dev$usbmon(0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg2\x00'})
bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$kcm(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)='\r', 0x1}], 0x1}, 0x8010)
sendmmsg$alg(r1, &(0x7f00000000c0)=[{0x0, 0x0, 0x0}], 0x1, 0x0)
openat$sw_sync_info(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000800)=""/231, 0xe7}], 0x1}}], 0x1, 0x0, 0x0)

194.550053ms ago: executing program 4 (id=1666):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DESTROY(r0, 0x0, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000780)=ANY=[], 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {}, 0xa}}, 0x26)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000000a00)=""/4096, 0x1000, 0x0, 0x0, 0x2}}, 0x48)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0)

193.946834ms ago: executing program 3 (id=1667):
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0x2, 0x8, 0x0, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x9}, {}, {}, {0x5}, {0x18, 0x8}, {}, {0x14, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x5, 0x8}}}, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r2=>0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@x86={0xb, 0x10, 0x1, 0x0, 0x2, 0x7, 0x3, 0x82, 0x8, 0x37, 0x1, 0x1, 0x0, 0x5, 0x8, 0x0, 0x1, 0xff, 0x8, '\x00', 0x7, 0x5})
r6 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r2, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}])
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
ppoll(&(0x7f0000000680)=[{r7, 0x10}], 0x1, 0x0, 0x0, 0x0)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r8, 0xffffffffffffffff, 0x0)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x953a, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
pipe(&(0x7f0000000140))

88.470607ms ago: executing program 1 (id=1668):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@delchain={0x660, 0x65, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff2}}, [@filter_kind_options=@f_route={{0xa}, {0x630, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0xa, 0xe}}, @TCA_ROUTE4_ACT={0x624, 0x6, [@m_simple={0x184, 0x1f, 0x0, 0x0, {{0xb}, {0x88, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x401, 0x2, 0x1, 0x2, 0x8}}, @TCA_DEF_DATA={0xd, 0x3, '@-^[\xa5&,.\x00'}, @TCA_DEF_DATA={0x7, 0x3, 'lo\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x80000001, 0xfffffffffffffffe, 0x6, 0x2}}, @TCA_DEF_PARMS={0x18, 0x2, {0x401, 0x495, 0x20000000, 0xc6, 0x62c}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x1, 0x10000000, 0x4, 0x8}}, @TCA_DEF_DATA={0xb, 0x3, 'j\xbf!*{$\x00'}]}, {0xd4, 0x6, "bb56072c27c5e2984fb9b39740c7dea2e6372a168bf1fdb8ecb6019c9f5db834fcaca18620641b7aab2922f69d2f9b062f5ec4be8a5a603fe7236ffd67f60e9e007b34e0f9cb58fc8855dae5289e4e856559f64bc5a1c5683263937fdd088e5f34874e0d2d2273a7a09810d9042b32fb69223c74e88c41fda5268c22a3107d32ee49d3a99665178abfde24d27a872b23ece9d09c9560070a6e3cca383ccb4d1a6d7c302ab3ee820e67d26e78f72566a2f9765698d783e6c14d8da6156473bc39143eaba66c1921f94f19f65bc88b127c"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_vlan={0x134, 0x3, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xb7e}]}, {0xf5, 0x6, "b4f5f8a000aed611d1e3ee1aaa84601c97299db7511af811242f5e599e70462ff947d7fce8171ca76d6272e5926e4bcc41c5f2a45eda585981ca0de6f00b6a83a630a32eb3d933702dde61376ab26952f74f090fb6858f97715363bfca363004ef43db3a48e84090d7517b700dc6a2a2f94e7329147f25670ca37779fb3bb34630b673bfa93845abd7c41a11e2c7d51cd033af07fdedab1b0a4fd3289168734a438364c97d0791494427d5c5c48b1f99b2933a263cfb4ca5c4ae41bb0d4ad806597b90b1569a91f0af9997eb0a37a98b616eeb9b0e0d88e3faa90e480ed36ed0731503f2a4bda6e9158fad7756a073b2ce"}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_csum={0x104, 0x8, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xfffff800, 0xdd, 0x10000000, 0x4}, 0x2b}}]}, {0xb9, 0x6, "4c8530b4f61970da689c06a26312df6c492da62a443b3e60d222e666e87033e2acd998073932893a4243abe9e871015575017360a9830ecfb2232d104190c1680b2d7935db3e98eeb8fda548b5bb513959cfd9a3f35a136542121b41bf2eb5641dcf351162a085dc2dd873e5ec7b1fdb28b6602a6e7433e2f05c89ca536a736514819f81c14d1c7e4e62cd25c809a1b38716d82e2b023799c6fc2f08ae6e74a26bcce4f200ce8668bcfdb65e7787481db1ee75ef04"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_ife={0x84, 0x7, 0x0, 0x0, {{0x8}, {0x38, 0x2, 0x0, 0x1, [@TCA_IFE_SMAC={0xa, 0x4, @broadcast}, @TCA_IFE_SMAC={0xa, 0x4, @multicast}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x5, 0x1, 0xffffffffffffffff, 0x5, 0xfffffff2}}}]}, {0x25, 0x6, "3c4d628f307b84d62ea02c2a83d6801f55d9f79db5283d58343d431b68a6d23b01"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x5}}}}, @m_nat={0x178, 0xc, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x6, 0xff, 0x1, 0x8, 0x6}, @broadcast, @rand_addr=0x64010100, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x2, 0x1, 0x20000000, 0x1ff, 0x800}, @broadcast, @multicast1, 0x0, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x4, 0x2, 0x6, 0x5}, @empty, @multicast1, 0xff000000, 0x1}}]}, {0xd5, 0x6, "256c3eb62a3c42cccec027988ad7149d48e69552fccd245cb90ebe3ebe6f36a14b83b65bb651bed880b4bf769cb0b5b18dabcc7d7a108e10124a104ef74333b28537655fecc96352477fe91863d2bd9822da8b57752f8d22cb68e4c4a79e0bba55acd2df7f410043b083dc74a0d99332f2ace4931a9efd89f8b8628f63b4791715c76fbcd195be1b8852f5b1f1e7b1296b3dd78041c0da1131303d605504dce4f02686d6875be1f7027e6e45a30376aff6097249b0111683261e334758927ff3e22f0a847fd35c396b7a43571a3d5b77aa"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}, @m_bpf={0x2c, 0x1b, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}, @m_connmark={0x3c, 0x19, 0x0, 0x0, {{0xd}, {0x4}, {0xc, 0x6, "28478f395823e673"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x660}}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001780)={0x34, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="b3"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1590}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}]]}, 0x34}}, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x7e}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41, 0xb00}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

67.27668ms ago: executing program 2 (id=1669):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85512, 0x0)

0s ago: executing program 2 (id=1670):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000006, 0x31, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000003d7000000000000020000652c0000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x8, 0xf, &(0x7f0000000140)=@ringbuf={{}, {{}, {}, {}, {0x85, 0x0, 0x0, 0xba}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a000100000000000000000081"], 0x30}}, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x9, 0x9, 0x0)
remap_file_pages(&(0x7f000051c000/0x400000)=nil, 0x400d10, 0x0, 0x51c, 0x0)
syz_usb_connect(0x53315bdaff6127aa, 0x4ba, &(0x7f0000000ac0)={{0x12, 0x1, 0x200, 0x74, 0x32, 0xf5, 0xd7, 0x403, 0xe002, 0x1e46, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x4a8, 0x2, 0x1, 0x3, 0xc0, 0x7, [{{0x9, 0x4, 0xa6, 0x4, 0x4, 0xb8, 0x7d, 0x42, 0x2, [@cdc_ecm={{0x6, 0x24, 0x6, 0x0, 0x0, "e5"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x81, 0xd4, 0x53}, [@acm={0x4, 0x24, 0x2, 0xa}, @country_functional={0x6, 0x24, 0x7, 0x2, 0x7}, @network_terminal={0x7, 0x24, 0xa, 0x8, 0xa7, 0x7, 0x6}, @ncm={0x6, 0x24, 0x1a, 0xffc0, 0x1}]}], [{{0x9, 0x5, 0x0, 0x8, 0x20, 0x0, 0xa6, 0x8, [@generic={0xfc, 0x21, "87afdb19e3bd849a6654c205d969d95264358febd44d996244f1c89775bdf3dc161cf6e267c0c0bd9a31bcc264f4419d280636420c13ffa6260fe37826bf00126c8fd0aed9fbfb26ccb6fde87c1e2e544c5f4777ab63d785a3c97d1c5840cf1829272b49bd48784eb23ddf877d14eb733076a7c4d4d2dd04c4635592e3dc95bbdea62cee1bf26e7449773e1137f934c76e2b9474ca3c98e92e4ecf595430690d9381fa5399d992667a1cfab1269669385a8709e2f773c2836e7db32ae180a8c9a5c34e7bd86e084146ef7dcc3da0e9b757fd3284e726e5ab2d76aa5f2f25a0a8aeecb608b2e4dae6994c16077e1cda6bad380f4e01437310d55a"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x400, 0x5, 0x0, 0x6}}, {{0x9, 0x5, 0xc, 0x3, 0x200, 0xb1, 0x7, 0xa6}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0x0, 0x3, 0xfd, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x8}, @generic={0x3b, 0xd, "086d5d8952edf14755e24419458bda17764fb8ae96a9491d1e522b6b32b17336a5cac4d6de12deb3c99ab0c86ee5663d5392cb85e187d2c591"}]}}]}}, {{0x9, 0x4, 0xd, 0x80, 0xc, 0xff, 0x1, 0x7a, 0x28, [], [{{0x9, 0x5, 0xa, 0x0, 0x400, 0x2, 0xd, 0xc, [@generic={0xd5, 0x6, "862c179531da75e4fa2c6cf15c88de828eeaa6f82dd71dfbf5ae9d61844a72185f836e73e1c267a1540d3f117ad48c0bb1d9f7536cd6a626b2a9037047679ed149041a51cb75071a09ff62692eb6a2044e8d857632fad4ce4bde57da7f29cb8e022f702420b9b8da4d5b407726452994fc0fa0da8bf01092afe4e3ac93c93bd21b0fc20ac09b6b6791e6f0668705a6c45739efe56ea72cbcc52fc17d948b1a4d8b24502c4431012659c7de6d96bcb6adee0105672dd840eca2b241f50c662b1310125c2b466b0a07d1ae23c6b09ffbedbd1a9d"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x9}]}}, {{0x9, 0x5, 0x1, 0xc, 0x8, 0x2, 0x63, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x9}]}}, {{0x9, 0x5, 0xd, 0x10, 0x10, 0xd0, 0x81, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0xfa, 0x15b}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x1, 0x4c}]}}, {{0x9, 0x5, 0x6, 0x0, 0x200, 0x6, 0x2d, 0x8}}, {{0x9, 0x5, 0xe, 0x0, 0x8, 0xde, 0xf5, 0x5, [@generic={0x74, 0x5, "33f534ea8b2f13414be3371f1cf6882f53e90e7bddad6b0b085a106cc51ff6e66cb7cba9f14f01cd399452bc35598279424c5658005375e2c98737ab06f7ba0c6ee86c8c32569b4232c157e3140f513f4920cc3b441015b831bfb8d437e2430e88a19036b4833de410e3d2a9a73db6c72214"}, @generic={0x12, 0xe, "c8473ce90f4505bc473b170ac7375f7c"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0x9, 0xa2, 0x8, [@generic={0x29, 0xa, "7e057e9cb79fe7e8d9a0970a819e02da07221cf2c5ba96bca0073ec5dd1108510eea650b89eace"}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0x5, 0x16, 0x7, [@generic={0x55, 0x7, "83a14aae503b4243ea3f71a21070515834b31fff798d5e84656c9cf0f96a51c8a77a2f3710d9bc0be6934b21fe7403d992ff80067b0c5fc4d7f92fbd24c74072dfc952fd1d578d65c7372f6468cb277c8a0373"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x3ff, 0x3a, 0x2, 0x50, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x10, 0x87}]}}, {{0x9, 0x5, 0xb, 0x0, 0x0, 0x40, 0x2, 0x9, [@generic={0x7f, 0x22, "f15944e9d4fabad8737e46c0cb2be2807bcf667b05767d900f802e3276b6d4a15d6fe988a863a7d5516de5a3eee56d2f129ffe1fcde6e5c749b423d355af814e459186cfb37937626f27e9b2d4f76cb9e6c39b946afac8933cf4a423d03b2226c73bad8964d9d10cd48241d183171e1dac00ca05f4e80fdb7a01d61828"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x3ff, 0x2, 0x40, 0xf8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x4}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x5, 0x9}]}}, {{0x9, 0x5, 0xf, 0x10, 0x0, 0x6, 0x0, 0x9}}, {{0x9, 0x5, 0xa, 0x0, 0x40, 0x2, 0x9, 0x93, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x9}]}}]}}]}}]}}, &(0x7f0000000a40)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x300, 0x81, 0x4c, 0x4, 0x0, 0x7}, 0x18e, &(0x7f0000000540)={0x5, 0xf, 0x18e, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x9, 0x8}, @wireless={0xb, 0x10, 0x1, 0x4, 0x10, 0x7f, 0x7, 0x81, 0x9}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0xb, 0x9, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x2, 0x0, 0x4}, @generic={0xfe, 0x10, 0x4, "617c06f18a2589db18796f1c7a07106554509b667af41eb5d94d3788c429c15a0f91be678c137264326c96907aa15a45a549f26c93ec5f25adc152cad21b915201bdd6ba046b0f6ac85d1f374c76a5d1f878e2480b1ff7f9d5a927b74573db577667b2b18a8d1af1a1b366189dbd0c6942a228ea96df6794918db13e1c3ccb6669e6d771d25ec0c760ed87cd9e70502020aa01c7b2f4c3759d65adfa7c1d4d7b072ba52cc6ec4e95ee3ec3cdd764771b5387ea96c9ff7d86996a37cf2410c1b9114aed8b1ed946f9f5e143057cfeea6583099d6747afc99bf1319b0f016579109b6b17720003f6f3c0fa927fafeb1bc3320e29b633bc74a6005719"}, @generic={0x6b, 0x10, 0xb, "770c8083036096e91e495c0cd59524189b5c85ee1c180c1e93ecb529372c8ffe25ca53c62a8a5b8e080cdb47de06105cc45b75234ddf3443aeb91ed8aaa6880cc7c94e4c7bfb1e405e56aba9884f119eeaafcf41f30a46ae82a02d29abbd0db89423d7b9d38f4dfe"}]}, 0x8, [{0x2d, &(0x7f0000000700)=@string={0x2d, 0x3, "6467679f8953ea9838c2b6aa3be827249d5b583ed5f9dcc45debc9f6dc3e0736a7dfe3bd652dee297372bd"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0xf0fb}}, {0xe8, &(0x7f0000000780)=@string={0xe8, 0x3, "499041a7def8b75a49160ea3fd6da9a994c63dc054ecb7e23d31723f16adde1686e4a0d43958b6b3d6e3e4a41207c77c0e4ce0282e6cbd3831a9bcf448eeb352bc200af934f20cc2e0c51adf0355de51f27983f1911d28fdbaaed319cd27dd4dbc34bf8ed77311042e02e600a547bd262e65460d816650e766679f89f598cd385af3266516e79e74e9c253d7661d94b7a1fbb7099c7733523a2cc543d66da8fd500d70554ee112126a40bc7b6793a6fd715a0b055603290f38ab5a6d79632989b1937efc59743289428d9220c7d6c228e2c6dedfd4ccf37b11ee86562ec83c5704808d701609"}}, {0x2f, &(0x7f0000000880)=@string={0x2f, 0x3, "9e1727bde5882e3fc50d62e34ecccff64c48aabe33a56196f0e6946bb151df67e75ea5256c34a007a959908345"}}, {0x8b, &(0x7f00000008c0)=@string={0x8b, 0x3, "160a67b6fd08dfe83e839749d1c300f154c91be1ed4d87acab2a14739e44d12cdfa537cd2f6c8b29f61fb2fba74722a2426bd19f3828369f60b8f81076b458a3d12c42c80ecc0bdb28e6287b41473d519d4ced0f7545097c6392eb4a27f8c743aac3bc1093e94fabe9ad00b10159d025059932b16b8e917d88e8a16add834e69e5cc80d3652dc63352"}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x480a}}, {0x2d, &(0x7f00000009c0)=@string={0x2d, 0x3, "35439a88c6ee93966da0536585dc030947f02f1df15faefe55c3678c0c4fdeb3e8bf0efa7e3e864f6d17ee"}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0xf0ff}}]})

kernel console output (not intermixed with test programs):

  330.819946][T10658] bridge_slave_1: entered promiscuous mode
[  330.920915][   T47] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  330.939540][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.941184][T10718] sctp: [Deprecated]: syz.3.1252 (pid 10718) Use of int in max_burst socket option.
[  330.941184][T10718] Use struct sctp_assoc_value instead
[  330.978333][   T47] usb 1-1: config 0 descriptor??
[  330.994184][   T47] cp210x 1-1:0.0: cp210x converter detected
[  331.010634][T10658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  331.065881][T10658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.150383][   T35] hsr_slave_0: left promiscuous mode
[  331.183540][   T35] hsr_slave_1: left promiscuous mode
[  331.208438][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  331.215238][   T47] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -32
[  331.216025][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  331.223332][   T47] cp210x 1-1:0.0: querying part number failed
[  331.245073][   T47] usb 1-1: cp210x converter now attached to ttyUSB0
[  331.308252][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  331.322125][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  331.374025][T10730] kvm: pic: single mode not supported
[  331.374052][T10730] kvm: pic: level sensitive irq not supported
[  331.375048][   T35] veth1_macvtap: left promiscuous mode
[  331.390632][T10730] kvm: pic: non byte read
[  331.403971][T10730] kvm: pic: non byte read
[  331.413149][T10730] kvm: pic: non byte read
[  331.419951][   T35] veth0_macvtap: left promiscuous mode
[  331.423720][T10730] kvm: pic: non byte read
[  331.432369][   T35] veth1_vlan: left promiscuous mode
[  331.439196][T10730] kvm: pic: non byte read
[  331.447966][   T35] veth0_vlan: left promiscuous mode
[  331.456349][T10730] kvm: pic: non byte read
[  331.502413][T10730] kvm: pic: non byte read
[  331.525425][T10730] kvm: pic: non byte read
[  331.542894][T10730] kvm: pic: non byte read
[  331.561264][T10730] kvm: pic: non byte read
[  331.665157][T10739] FAULT_INJECTION: forcing a failure.
[  331.665157][T10739] name failslab, interval 1, probability 0, space 0, times 0
[  331.697225][T10739] CPU: 0 UID: 0 PID: 10739 Comm: syz.1.1255 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  331.707697][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  331.717778][T10739] Call Trace:
[  331.721081][T10739]  <TASK>
[  331.724034][T10739]  dump_stack_lvl+0x241/0x360
[  331.728741][T10739]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.733957][T10739]  ? __pfx__printk+0x10/0x10
[  331.738560][T10739]  ? fs_reclaim_acquire+0x93/0x140
[  331.743674][T10739]  ? __pfx___might_resched+0x10/0x10
[  331.748962][T10739]  ? dynamic_dname+0x141/0x1b0
[  331.753735][T10739]  should_fail_ex+0x3b0/0x4e0
[  331.758416][T10739]  ? tomoyo_encode+0x26f/0x540
[  331.763183][T10739]  should_failslab+0xac/0x100
[  331.767926][T10739]  ? tomoyo_encode+0x26f/0x540
[  331.772709][T10739]  __kmalloc_noprof+0xd8/0x400
[  331.777481][T10739]  tomoyo_encode+0x26f/0x540
[  331.782088][T10739]  ? __pfx_anon_inodefs_dname+0x10/0x10
[  331.787642][T10739]  tomoyo_realpath_from_path+0x59e/0x5e0
[  331.793285][T10739]  tomoyo_path_number_perm+0x23a/0x880
[  331.798746][T10739]  ? tomoyo_path_number_perm+0x208/0x880
[  331.804377][T10739]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  331.810396][T10739]  ? __fget_files+0x29/0x470
[  331.815016][T10739]  ? __fget_files+0x3f3/0x470
[  331.819703][T10739]  security_file_ioctl+0xc6/0x2a0
[  331.824737][T10739]  __se_sys_ioctl+0x47/0x170
[  331.829353][T10739]  do_syscall_64+0xf3/0x230
[  331.833871][T10739]  ? clear_bhb_loop+0x35/0x90
[  331.838547][T10739]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.844445][T10739] RIP: 0033:0x7f04dbb7dff9
[  331.848864][T10739] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.868472][T10739] RSP: 002b:00007f04dc8c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  331.876888][T10739] RAX: ffffffffffffffda RBX: 00007f04dbd35f80 RCX: 00007f04dbb7dff9
[  331.884859][T10739] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  331.892855][T10739] RBP: 00007f04dc8c1090 R08: 0000000000000000 R09: 0000000000000000
[  331.900822][T10739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.908820][T10739] R13: 0000000000000000 R14: 00007f04dbd35f80 R15: 00007f04dbe5fa28
[  331.916802][T10739]  </TASK>
[  331.932062][T10739] ERROR: Out of memory at tomoyo_realpath_from_path.
[  332.476411][   T35] team0 (unregistering): Port device team_slave_1 removed
[  332.483917][   T47] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  332.534643][   T35] team0 (unregistering): Port device team_slave_0 removed
[  332.577630][ T5235] Bluetooth: hci3: command tx timeout
[  332.662781][   T47] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  332.681001][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  332.691226][   T47] usb 3-1: config 0 has no interface number 0
[  332.697396][   T47] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  332.708518][   T47] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  332.761113][   T47] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  332.772216][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.780319][   T47] usb 3-1: Product: syz
[  332.784535][   T47] usb 3-1: Manufacturer: syz
[  332.789692][   T47] usb 3-1: SerialNumber: syz
[  332.808705][   T47] usb 3-1: config 0 descriptor??
[  332.828602][   T47] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  333.124137][ T5276] usb 3-1: USB disconnect, device number 55
[  333.420178][T10658] team0: Port device team_slave_0 added
[  333.449628][T10658] team0: Port device team_slave_1 added
[  333.484895][ T5278] usb 1-1: USB disconnect, device number 38
[  333.519900][ T5278] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  333.555028][ T5278] cp210x 1-1:0.0: device disconnected
[  333.576825][T10658] batman_adv: batadv0: Adding interface: batadv_slave_0
[  333.615684][T10658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.670405][T10761] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1261'.
[  333.688844][T10658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  333.733913][T10658] batman_adv: batadv0: Adding interface: batadv_slave_1
[  333.798422][T10658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  333.890070][T10658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.013031][T10776] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1265'.
[  334.043831][T10658] hsr_slave_0: entered promiscuous mode
[  334.050350][   T47] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  334.074123][T10658] hsr_slave_1: entered promiscuous mode
[  334.080396][T10763] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1262'.
[  334.094186][T10658] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  334.109676][T10658] Cannot create hsr debugfs directory
[  334.227856][   T47] usb 3-1: Using ep0 maxpacket: 8
[  334.259735][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.303081][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.338376][   T47] usb 3-1: New USB device found, idVendor=046c, idProduct=c20e, bcdDevice= 0.00
[  334.366602][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.410863][   T47] usb 3-1: config 0 descriptor??
[  334.581814][T10791] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1267'.
[  334.663210][ T5235] Bluetooth: hci3: command tx timeout
[  335.008567][T10795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  335.061376][T10795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  335.281017][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.500044][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.605609][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.706921][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.723315][ T5228] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  335.734265][ T5228] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  335.744531][ T5228] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  335.756915][ T5228] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  335.764925][ T5228] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  335.773512][ T5228] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  335.804632][T10658] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  335.814564][T10658] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  335.835718][T10658] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  335.854669][T10658] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  336.065275][   T35] bridge_slave_1: left allmulticast mode
[  336.071470][   T35] bridge_slave_1: left promiscuous mode
[  336.077247][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.102052][   T35] bridge_slave_0: left allmulticast mode
[  336.108255][   T35] bridge_slave_0: left promiscuous mode
[  336.114074][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.207954][T10828] FAULT_INJECTION: forcing a failure.
[  336.207954][T10828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.239675][T10828] CPU: 1 UID: 0 PID: 10828 Comm: syz.3.1274 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  336.250151][T10828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  336.260233][T10828] Call Trace:
[  336.263513][T10828]  <TASK>
[  336.266440][T10828]  dump_stack_lvl+0x241/0x360
[  336.271153][T10828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.276352][T10828]  ? __pfx__printk+0x10/0x10
[  336.280945][T10828]  ? __kvm_gfn_to_hva_cache_init+0x5d1/0x690
[  336.286930][T10828]  should_fail_ex+0x3b0/0x4e0
[  336.291618][T10828]  kvm_write_guest_offset_cached+0x2ef/0x470
[  336.297603][T10828]  kvm_lapic_sync_to_vapic+0x67a/0xbb0
[  336.303070][T10828]  ? __pfx_kvm_lapic_sync_to_vapic+0x10/0x10
[  336.309052][T10828]  ? vmx_update_cr8_intercept+0x99/0x230
[  336.314687][T10828]  vcpu_run+0x5489/0x88b0
[  336.319074][T10828]  ? __pfx_vcpu_run+0x10/0x10
[  336.323748][T10828]  ? __local_bh_enable_ip+0x168/0x200
[  336.329117][T10828]  ? lockdep_hardirqs_on+0x99/0x150
[  336.334317][T10828]  ? __pfx_lock_acquire+0x10/0x10
[  336.339340][T10828]  ? fpu_swap_kvm_fpstate+0x82/0x460
[  336.344625][T10828]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  336.350343][T10828]  ? xfd_validate_state+0x6e/0x150
[  336.355456][T10828]  ? rcu_is_watching+0x15/0xb0
[  336.360227][T10828]  ? rcu_is_watching+0x15/0xb0
[  336.364991][T10828]  kvm_arch_vcpu_ioctl_run+0xa73/0x19d0
[  336.370539][T10828]  ? mark_lock+0x9a/0x360
[  336.374868][T10828]  ? kvm_arch_vcpu_ioctl_run+0x1c9/0x19d0
[  336.380585][T10828]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  336.386579][T10828]  ? __pfx_lock_acquire+0x10/0x10
[  336.391610][T10828]  ? get_task_pid+0x23/0x310
[  336.396195][T10828]  ? __pfx_lock_release+0x10/0x10
[  336.401219][T10828]  ? kvm_vcpu_ioctl+0x1da/0xea0
[  336.406095][T10828]  ? get_task_pid+0x23/0x310
[  336.410694][T10828]  kvm_vcpu_ioctl+0x91a/0xea0
[  336.415381][T10828]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  336.420598][T10828]  ? __fget_files+0x29/0x470
[  336.425192][T10828]  ? __fget_files+0x3f3/0x470
[  336.429873][T10828]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  336.435072][T10828]  __se_sys_ioctl+0xf9/0x170
[  336.439666][T10828]  do_syscall_64+0xf3/0x230
[  336.444175][T10828]  ? clear_bhb_loop+0x35/0x90
[  336.448847][T10828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.454736][T10828] RIP: 0033:0x7f4eda77dff9
[  336.459151][T10828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.478759][T10828] RSP: 002b:00007f4edb4f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  336.487193][T10828] RAX: ffffffffffffffda RBX: 00007f4eda936058 RCX: 00007f4eda77dff9
[  336.495177][T10828] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  336.503156][T10828] RBP: 00007f4edb4f5090 R08: 0000000000000000 R09: 0000000000000000
[  336.511133][T10828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.519103][T10828] R13: 0000000000000000 R14: 00007f4eda936058 R15: 00007f4edaa5fa28
[  336.527083][T10828]  </TASK>
[  336.742815][ T5235] Bluetooth: hci3: command tx timeout
[  336.749767][T10836] FAULT_INJECTION: forcing a failure.
[  336.749767][T10836] name failslab, interval 1, probability 0, space 0, times 0
[  336.782288][T10836] CPU: 1 UID: 0 PID: 10836 Comm: syz.1.1276 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  336.792786][T10836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  336.802874][T10836] Call Trace:
[  336.806184][T10836]  <TASK>
[  336.809144][T10836]  dump_stack_lvl+0x241/0x360
[  336.813864][T10836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.819106][T10836]  ? __pfx__printk+0x10/0x10
[  336.823729][T10836]  ? fs_reclaim_acquire+0x93/0x140
[  336.828895][T10836]  ? __pfx___might_resched+0x10/0x10
[  336.834200][T10836]  should_fail_ex+0x3b0/0x4e0
[  336.838903][T10836]  ? tomoyo_encode+0x26f/0x540
[  336.843678][T10836]  should_failslab+0xac/0x100
[  336.848366][T10836]  ? tomoyo_encode+0x26f/0x540
[  336.853143][T10836]  __kmalloc_noprof+0xd8/0x400
[  336.857918][T10836]  tomoyo_encode+0x26f/0x540
[  336.862538][T10836]  tomoyo_realpath_from_path+0x59e/0x5e0
[  336.868195][T10836]  tomoyo_path_number_perm+0x23a/0x880
[  336.873668][T10836]  ? tomoyo_path_number_perm+0x208/0x880
[  336.879300][T10836]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  336.885336][T10836]  ? __fget_files+0x29/0x470
[  336.889927][T10836]  ? __fget_files+0x3f3/0x470
[  336.894610][T10836]  security_file_ioctl+0xc6/0x2a0
[  336.899644][T10836]  __se_sys_ioctl+0x47/0x170
[  336.904237][T10836]  do_syscall_64+0xf3/0x230
[  336.908746][T10836]  ? clear_bhb_loop+0x35/0x90
[  336.913423][T10836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.919321][T10836] RIP: 0033:0x7f04dbb7dff9
[  336.923730][T10836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.943353][T10836] RSP: 002b:00007f04dc8a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  336.951768][T10836] RAX: ffffffffffffffda RBX: 00007f04dbd36058 RCX: 00007f04dbb7dff9
[  336.959746][T10836] RDX: 0000000020000180 RSI: 0000000000003b86 RDI: 0000000000000007
[  336.967713][T10836] RBP: 00007f04dc8a0090 R08: 0000000000000000 R09: 0000000000000000
[  336.976030][T10836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.984520][T10836] R13: 0000000000000000 R14: 00007f04dbd36058 R15: 00007f04dbe5fa28
[  336.992504][T10836]  </TASK>
[  337.034533][T10836] ERROR: Out of memory at tomoyo_realpath_from_path.
[  337.160971][ T5276] usb 3-1: USB disconnect, device number 56
[  337.299919][T10852] loop8: detected capacity change from 0 to 6
[  337.329474][T10852] Dev loop8: unable to read RDB block 6
[  337.335105][T10852]  loop8: unable to read partition table
[  337.358066][T10852] loop8: partition table beyond EOD, truncated
[  337.379807][T10852] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  337.379807][T10852] 
) failed (rc=-5)
[  337.712822][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  337.743543][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  337.765066][   T35] bond0 (unregistering): Released all slaves
[  337.813566][T10859] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1279'.
[  337.857808][ T5235] Bluetooth: hci0: command tx timeout
[  338.418095][   T35] hsr_slave_0: left promiscuous mode
[  338.472012][   T35] hsr_slave_1: left promiscuous mode
[  338.517531][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  338.524995][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  338.583351][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  338.606620][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  338.705902][   T35] veth1_macvtap: left promiscuous mode
[  338.725348][   T35] veth0_macvtap: left promiscuous mode
[  338.744140][   T35] veth1_vlan: left promiscuous mode
[  338.760077][   T35] veth0_vlan: left promiscuous mode
[  339.329844][T10912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1285'.
[  339.707523][    T8] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  339.716257][   T35] team0 (unregistering): Port device team_slave_1 removed
[  339.784876][   T35] team0 (unregistering): Port device team_slave_0 removed
[  339.855529][    T8] usb 2-1: device descriptor read/64, error -71
[  339.942555][ T5235] Bluetooth: hci0: command tx timeout
[  340.107535][    T8] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[  340.248267][    T8] usb 2-1: device descriptor read/64, error -71
[  340.360900][    T8] usb usb2-port1: attempt power cycle
[  340.465140][T10814] chnl_net:caif_netlink_parms(): no params data found
[  340.552464][T10658] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.667107][T10814] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.699282][T10814] bridge0: port 1(bridge_slave_0) entered disabled state
[  340.706501][T10814] bridge_slave_0: entered allmulticast mode
[  340.707537][    T8] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[  340.728563][T10814] bridge_slave_0: entered promiscuous mode
[  340.736426][T10814] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.743678][T10814] bridge0: port 2(bridge_slave_1) entered disabled state
[  340.748397][    T8] usb 2-1: device descriptor read/8, error -71
[  340.751599][T10814] bridge_slave_1: entered allmulticast mode
[  340.765021][T10814] bridge_slave_1: entered promiscuous mode
[  340.829555][T10814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  340.905729][T10658] 8021q: adding VLAN 0 to HW filter on device team0
[  340.917220][T10814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  340.966870][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.974080][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  341.005532][T10814] team0: Port device team_slave_0 added
[  341.018148][    T8] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  341.031295][T10814] team0: Port device team_slave_1 added
[  341.051628][    T8] usb 2-1: device descriptor read/8, error -71
[  341.059081][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  341.066243][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  341.114767][T10814] batman_adv: batadv0: Adding interface: batadv_slave_0
[  341.124371][T10814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  341.151233][T10814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  341.164643][T10814] batman_adv: batadv0: Adding interface: batadv_slave_1
[  341.175916][T10814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  341.202405][    T8] usb usb2-port1: unable to enumerate USB device
[  341.214245][ T5308] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  341.223942][T10814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  341.305579][T10814] hsr_slave_0: entered promiscuous mode
[  341.312678][T10814] hsr_slave_1: entered promiscuous mode
[  341.321271][T10814] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  341.330453][T10814] Cannot create hsr debugfs directory
[  341.378310][ T5308] usb 3-1: Using ep0 maxpacket: 16
[  341.385237][ T5308] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  341.397183][ T5308] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  341.416222][ T5308] usb 3-1: New USB device found, idVendor=061d, idProduct=c170, bcdDevice= 8.55
[  341.425904][ T5308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.443457][ T5308] usb 3-1: Product: syz
[  341.447847][ T5308] usb 3-1: Manufacturer: syz
[  341.452481][ T5308] usb 3-1: SerialNumber: syz
[  341.470040][ T5308] usb 3-1: config 0 descriptor??
[  341.496387][ T5308] quatech2 3-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  341.520192][T10658] 8021q: adding VLAN 0 to HW filter on device batadv0
[  341.621343][T10658] veth0_vlan: entered promiscuous mode
[  341.665568][T10658] veth1_vlan: entered promiscuous mode
[  341.817962][T10658] veth0_macvtap: entered promiscuous mode
[  341.863598][T10658] veth1_macvtap: entered promiscuous mode
[  342.006070][ T5308] usb 3-1: qt2_attach - failed to power on unit: -71
[  342.017679][ T5235] Bluetooth: hci0: command tx timeout
[  342.035432][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.046289][ T5308] quatech2 3-1:0.0: probe with driver quatech2 failed with error -71
[  342.060970][ T5308] usb 3-1: USB disconnect, device number 57
[  342.074746][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.097742][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.109347][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.130747][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  342.141302][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.154030][T10658] batman_adv: batadv0: Interface activated: batadv_slave_0
[  342.199856][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.214941][    T8] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  342.224958][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.236757][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.248919][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.273254][T10658] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  342.284127][T10658] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  342.305241][T10658] batman_adv: batadv0: Interface activated: batadv_slave_1
[  342.331596][T10658] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  342.341998][T10658] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  342.351488][T10658] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  342.360661][T10658] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  342.397595][    T8] usb 4-1: Using ep0 maxpacket: 8
[  342.409047][    T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  342.437659][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  342.465851][    T8] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  342.477775][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  342.504040][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  342.561434][    T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  342.578445][  T748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.586276][  T748] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  342.597784][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  342.613114][    T8] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  342.653076][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  342.666464][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  342.680470][ T2987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.707741][T10814] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  342.715643][ T2987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  342.725199][T10814] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  342.744642][    T8] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  342.763010][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  342.776501][T10814] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  342.792504][    T8] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  342.809089][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  342.827547][T10814] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  342.857469][    T8] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  342.940862][    T8] usb 4-1: string descriptor 0 read error: -22
[  342.947149][    T8] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  342.987052][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.049147][    T8] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  343.101235][T10814] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.162729][T10814] 8021q: adding VLAN 0 to HW filter on device team0
[  343.179755][   T47] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  343.208809][ T1111] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.215959][ T1111] bridge0: port 1(bridge_slave_0) entered forwarding state
[  343.239383][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.246639][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.349051][   T47] usb 5-1: Using ep0 maxpacket: 16
[  343.366026][T10996] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1296'.
[  343.382171][   T47] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  343.391493][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.427449][   T47] usb 5-1: config 0 descriptor??
[  343.444583][   T47] gspca_main: sonixj-2.14.0 probing 0471:0327
[  343.519748][T11002] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1297'.
[  343.616461][T10814] 8021q: adding VLAN 0 to HW filter on device batadv0
[  343.845797][T10814] veth0_vlan: entered promiscuous mode
[  343.901367][T10814] veth1_vlan: entered promiscuous mode
[  344.039441][T10814] veth0_macvtap: entered promiscuous mode
[  344.057031][T10814] veth1_macvtap: entered promiscuous mode
[  344.097661][ T5235] Bluetooth: hci0: command tx timeout
[  344.120821][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.165548][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.209386][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.243988][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.274266][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.303959][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.334121][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  344.334147][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.336824][T10814] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.364935][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  344.365058][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.365074][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  344.365087][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.365096][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  344.365104][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.365113][T10814] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  344.365121][T10814] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  344.366447][T10814] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.463326][T10814] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.463373][T10814] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.463402][T10814] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.463507][T10814] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  344.704041][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.704066][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  344.816045][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  344.816070][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.248566][    T8] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  345.411631][    T8] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  345.429605][    T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.444183][    T8] usb 1-1: config 0 has no interface number 0
[  345.454640][    T8] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  345.469306][    T8] usb 1-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  345.486675][    T8] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  345.496437][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.504872][    T8] usb 1-1: Product: syz
[  345.511084][    T8] usb 1-1: Manufacturer: syz
[  345.515706][    T8] usb 1-1: SerialNumber: syz
[  345.528221][    T8] usb 1-1: config 0 descriptor??
[  345.552527][    T8] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5
[  345.688435][T10981] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.744599][T10981] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  345.791993][   T47] gspca_sonixj: reg_w1 err -71
[  345.796969][   T47] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  345.817656][   T47] usb 5-1: USB disconnect, device number 57
[  345.908802][ T5291] usb 1-1: USB disconnect, device number 39
[  346.579802][T11065] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1313'.
[  346.708737][T11069] FAULT_INJECTION: forcing a failure.
[  346.708737][T11069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  346.746696][T11069] CPU: 1 UID: 0 PID: 11069 Comm: syz.4.1314 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  346.757163][T11069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  346.767241][T11069] Call Trace:
[  346.770525][T11069]  <TASK>
[  346.773461][T11069]  dump_stack_lvl+0x241/0x360
[  346.778146][T11069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.783371][T11069]  ? __pfx__printk+0x10/0x10
[  346.787962][T11069]  ? __pfx_lock_release+0x10/0x10
[  346.792993][T11069]  should_fail_ex+0x3b0/0x4e0
[  346.797671][T11069]  _copy_from_user+0x2f/0xe0
[  346.802267][T11069]  copy_msghdr_from_user+0xae/0x680
[  346.807477][T11069]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  346.813295][T11069]  __sys_sendmsg+0x22d/0x380
[  346.817890][T11069]  ? __pfx___sys_sendmsg+0x10/0x10
[  346.823008][T11069]  ? __pfx_vfs_write+0x10/0x10
[  346.827791][T11069]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  346.834119][T11069]  ? do_syscall_64+0x100/0x230
[  346.838886][T11069]  ? do_syscall_64+0xb6/0x230
[  346.843563][T11069]  do_syscall_64+0xf3/0x230
[  346.848067][T11069]  ? clear_bhb_loop+0x35/0x90
[  346.852778][T11069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.858673][T11069] RIP: 0033:0x7f11b3f7dff9
[  346.863083][T11069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.882771][T11069] RSP: 002b:00007f11b4d22038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  346.891230][T11069] RAX: ffffffffffffffda RBX: 00007f11b4135f80 RCX: 00007f11b3f7dff9
[  346.899204][T11069] RDX: 0000000004000000 RSI: 0000000020000280 RDI: 0000000000000003
[  346.907182][T11069] RBP: 00007f11b4d22090 R08: 0000000000000000 R09: 0000000000000000
[  346.915149][T11069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.923118][T11069] R13: 0000000000000000 R14: 00007f11b4135f80 R15: 00007f11b425fa28
[  346.931100][T11069]  </TASK>
[  347.068215][    T8] usb 4-1: USB disconnect, device number 51
[  347.242634][T11081] net_ratelimit: 13 callbacks suppressed
[  347.242651][T11081] netlink: zone id is out of range
[  347.314958][T11081] netlink: zone id is out of range
[  347.350637][T11081] netlink: zone id is out of range
[  347.375229][T11081] netlink: zone id is out of range
[  347.381510][T11083] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1321'.
[  347.397580][ T1165] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  347.427468][T11081] netlink: zone id is out of range
[  347.444327][T11081] netlink: zone id is out of range
[  347.456869][T11081] netlink: zone id is out of range
[  347.483637][T11081] netlink: zone id is out of range
[  347.510662][T11081] netlink: zone id is out of range
[  347.533244][T11081] netlink: zone id is out of range
[  347.569650][ T1165] usb 5-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  347.601837][ T1165] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.630561][ T1165] usb 5-1: config 0 descriptor??
[  347.653728][ T1165] gspca_main: spca508-2.14.0 probing 8086:0110
[  347.854409][ T1165] gspca_spca508: reg_read err -32
[  347.894493][ T1165] gspca_spca508: reg_read err -71
[  347.906464][ T1165] gspca_spca508: reg_read err -71
[  347.919809][ T1165] gspca_spca508: reg_read err -71
[  347.927489][    T9] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  347.943394][ T1165] gspca_spca508: reg_read err -71
[  347.955516][ T1165] gspca_spca508: reg write: error -71
[  347.967447][ T1165] spca508 5-1:0.0: probe with driver spca508 failed with error -71
[  347.987152][ T1165] usb 5-1: USB disconnect, device number 58
[  348.092311][    T9] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  348.107461][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.129234][    T9] usb 1-1: config 0 has no interface number 0
[  348.136427][    T9] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  348.149164][    T9] usb 1-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  348.185361][    T9] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  348.199807][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.225442][    T9] usb 1-1: Product: syz
[  348.253275][    T9] usb 1-1: Manufacturer: syz
[  348.274125][    T9] usb 1-1: SerialNumber: syz
[  348.299062][    T9] usb 1-1: config 0 descriptor??
[  348.321759][    T9] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5
[  348.410379][T11103] picdev_read: 112 callbacks suppressed
[  348.410400][T11103] kvm: pic: non byte read
[  348.665014][   T47] usb 1-1: USB disconnect, device number 40
[  349.157887][T11133] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  349.164945][T11133] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  349.214368][T11133] vhci_hcd vhci_hcd.0: Device attached
[  349.315100][T11135] vhci_hcd: connection closed
[  349.327520][   T35] vhci_hcd: stop threads
[  349.340215][   T35] vhci_hcd: release socket
[  349.357972][   T35] vhci_hcd: disconnect device
[  349.378348][ T5308] vhci_hcd: vhci_device speed not set
[  350.118612][T11157] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1343'.
[  351.177436][ T5278] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  351.380175][ T5278] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  351.398859][ T5278] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.445805][ T5278] usb 1-1: config 0 has no interface number 0
[  351.468918][ T5278] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  351.495607][ T5278] usb 1-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  351.513047][ T5278] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  351.546398][ T5278] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.585011][ T5278] usb 1-1: Product: syz
[  351.610885][ T5278] usb 1-1: Manufacturer: syz
[  351.626987][ T5278] usb 1-1: SerialNumber: syz
[  351.644266][ T5278] usb 1-1: config 0 descriptor??
[  351.669736][ T5278] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5
[  351.931108][ T5308] usb 1-1: USB disconnect, device number 41
[  352.084593][T11195] FAULT_INJECTION: forcing a failure.
[  352.084593][T11195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  352.116091][T11195] CPU: 1 UID: 0 PID: 11195 Comm: syz.1.1354 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  352.126525][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  352.136583][T11195] Call Trace:
[  352.139865][T11195]  <TASK>
[  352.142790][T11195]  dump_stack_lvl+0x241/0x360
[  352.147518][T11195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.152738][T11195]  ? __pfx__printk+0x10/0x10
[  352.157339][T11195]  ? vfs_write+0x7bf/0xc90
[  352.161779][T11195]  ? __pfx_lock_release+0x10/0x10
[  352.167065][T11195]  ? kmem_cache_free+0x1a2/0x420
[  352.172005][T11195]  should_fail_ex+0x3b0/0x4e0
[  352.176687][T11195]  _copy_from_user+0x2f/0xe0
[  352.181372][T11195]  do_seccomp+0x20b/0xf90
[  352.185714][T11195]  ? __pfx_do_seccomp+0x10/0x10
[  352.190567][T11195]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  352.196547][T11195]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  352.202875][T11195]  ? do_syscall_64+0x100/0x230
[  352.207645][T11195]  ? do_syscall_64+0xb6/0x230
[  352.212319][T11195]  do_syscall_64+0xf3/0x230
[  352.216845][T11195]  ? clear_bhb_loop+0x35/0x90
[  352.221549][T11195]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.227453][T11195] RIP: 0033:0x7f04dbb7dff9
[  352.231876][T11195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.251566][T11195] RSP: 002b:00007f04dc8c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000013d
[  352.259981][T11195] RAX: ffffffffffffffda RBX: 00007f04dbd35f80 RCX: 00007f04dbb7dff9
[  352.267950][T11195] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000001
[  352.275914][T11195] RBP: 00007f04dc8c1090 R08: 0000000000000000 R09: 0000000000000000
[  352.283875][T11195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.291923][T11195] R13: 0000000000000001 R14: 00007f04dbd35f80 R15: 00007f04dbe5fa28
[  352.299928][T11195]  </TASK>
[  352.468778][T11202] fuse: Bad value for 'user_id'
[  352.473700][T11202] fuse: Bad value for 'user_id'
[  352.560429][T11204] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1359'.
[  353.067854][T11220] xt_policy: output policy not valid in PREROUTING and INPUT
[  353.090338][   T29] audit: type=1326 audit(1727520827.426:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11219 comm="syz.2.1363" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f934397dff9 code=0x0
[  353.194509][T11221] netlink: 'syz.2.1363': attribute type 6 has an invalid length.
[  353.203683][T11221] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1363'.
[  353.323087][T11223] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1364'.
[  353.474937][T11227] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1366'.
[  353.649539][T11229] loop8: detected capacity change from 0 to 7
[  353.670888][T11229] Dev loop8: unable to read RDB block 7
[  353.676522][T11229]  loop8: unable to read partition table
[  353.697658][T11229] loop8: partition table beyond EOD, truncated
[  353.704077][T11229] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  353.704077][T11229] 
) failed (rc=-5)
[  353.830318][T11238] fuse: Bad value for 'fd'
[  353.946532][T11242] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1373'.
[  353.971705][T11244] netlink: 120 bytes leftover after parsing attributes in process `syz.2.1374'.
[  354.068321][ T5308] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  354.137540][ T5291] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  354.237604][ T5308] usb 1-1: Using ep0 maxpacket: 32
[  354.244319][ T5308] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 255
[  354.256870][ T5308] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5
[  354.266417][ T5308] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.274963][ T5308] usb 1-1: Product: syz
[  354.279382][ T5308] usb 1-1: Manufacturer: syz
[  354.284017][ T5308] usb 1-1: SerialNumber: syz
[  354.290608][ T5308] usb 1-1: config 0 descriptor??
[  354.296313][T11236] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  354.309463][ T5308] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  354.319943][ T5291] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  354.335521][ T5291] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.359130][ T5291] usb 2-1: config 0 has no interface number 0
[  354.365347][ T5291] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  354.378322][ T5291] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  354.401265][ T5291] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  354.413822][ T5291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.423355][ T5291] usb 2-1: Product: syz
[  354.428215][ T5291] usb 2-1: Manufacturer: syz
[  354.432874][ T5291] usb 2-1: SerialNumber: syz
[  354.439592][ T5291] usb 2-1: config 0 descriptor??
[  354.446838][ T5291] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[  354.533792][ T5291] usb 1-1: USB disconnect, device number 42
[  354.626930][T11251] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1376'.
[  354.682794][T11254] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1377'.
[  354.730824][ T5277] usb 2-1: USB disconnect, device number 65
[  355.471923][T11277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1384'.
[  355.503495][T11277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1384'.
[  355.807881][ T5277] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  355.963353][T11296] kvm: pic: non byte read
[  355.978208][ T5277] usb 1-1: Using ep0 maxpacket: 8
[  355.991180][ T5277] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  356.000055][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  356.040314][ T5277] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  356.071188][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  356.086873][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  356.116091][ T5277] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  356.124315][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  356.139616][ T5277] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  356.152200][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  356.163842][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  356.176702][ T5277] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  356.184320][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  356.195788][ T5277] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  356.207590][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  356.218751][ T5277] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  356.241020][ T5277] usb 1-1: string descriptor 0 read error: -22
[  356.247302][ T5277] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  356.259107][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.301852][ T5277] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  356.347480][ T5308] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  356.571358][ T5308] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  356.571380][ T5308] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.571392][ T5308] usb 3-1: config 0 has no interface number 0
[  356.571407][ T5308] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  356.571431][ T5308] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  356.573056][ T5308] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  356.573076][ T5308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.573088][ T5308] usb 3-1: Product: syz
[  356.573098][ T5308] usb 3-1: Manufacturer: syz
[  356.573107][ T5308] usb 3-1: SerialNumber: syz
[  356.574627][ T5308] usb 3-1: config 0 descriptor??
[  356.577205][ T5308] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  357.132070][ T1165] usb 3-1: USB disconnect, device number 58
[  357.836465][T11342] __nla_validate_parse: 4 callbacks suppressed
[  357.836484][T11342] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1400'.
[  358.691725][T11354] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1405'.
[  358.710623][T11354] vlan0: entered promiscuous mode
[  358.717001][T11354] bond0: entered promiscuous mode
[  358.733627][T11354] bond_slave_0: entered promiscuous mode
[  358.746872][ T5291] usb 1-1: USB disconnect, device number 43
[  358.762563][T11354] bond_slave_1: entered promiscuous mode
[  358.781387][T11354] vlan0: entered allmulticast mode
[  358.791239][T11354] bond0: entered allmulticast mode
[  358.801366][T11354] bond_slave_0: entered allmulticast mode
[  358.823969][T11354] bond_slave_1: entered allmulticast mode
[  358.948852][T11354] bond0: left allmulticast mode
[  358.953978][T11354] bond_slave_0: left allmulticast mode
[  358.961960][T11354] bond_slave_1: left allmulticast mode
[  358.967727][T11354] bond0: left promiscuous mode
[  358.973182][T11354] bond_slave_0: left promiscuous mode
[  358.979313][T11354] bond_slave_1: left promiscuous mode
[  359.176650][T11361] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1406'.
[  359.388261][ T5291] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  359.495465][T11372] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1412'.
[  359.569176][ T5291] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  359.577802][ T5291] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.597410][ T5291] usb 3-1: config 0 has no interface number 0
[  359.605482][ T5291] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  359.645548][ T5291] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  359.647487][ T1165] usb 1-1: new full-speed USB device number 44 using dummy_hcd
[  359.669122][ T5291] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  359.681113][ T5291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.692797][ T5291] usb 3-1: Product: syz
[  359.697005][ T5291] usb 3-1: Manufacturer: syz
[  359.705318][ T5291] usb 3-1: SerialNumber: syz
[  359.715340][ T5291] usb 3-1: config 0 descriptor??
[  359.743415][ T5291] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  359.848887][ T1165] usb 1-1: config 0 interface 0 altsetting 253 has an endpoint descriptor with address 0xB8, changing to 0x88
[  359.860878][ T1165] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x88 has an invalid bInterval 0, changing to 10
[  359.872258][ T1165] usb 1-1: config 0 interface 0 altsetting 253 endpoint 0x88 has invalid wMaxPacketSize 0
[  359.882427][ T1165] usb 1-1: config 0 interface 0 altsetting 253 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  359.902272][ T1165] usb 1-1: config 0 interface 0 has no altsetting 0
[  359.913062][ T1165] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00
[  359.932246][ T1165] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.959608][ T1165] usb 1-1: config 0 descriptor??
[  360.153377][ T5291] usb 3-1: USB disconnect, device number 59
[  362.633199][ T1165] usbhid 1-1:0.0: can't add hid device: -71
[  362.639355][ T1165] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  362.676924][ T1165] usb 1-1: USB disconnect, device number 44
[  364.198201][T11318] syz.4.1395 (11318) used greatest stack depth: 16504 bytes left
[  364.595165][T11312] syz.4.1395 (11312) used greatest stack depth: 16096 bytes left
[  368.627891][T11403] net_ratelimit: 56 callbacks suppressed
[  368.627906][T11403] netlink: zone id is out of range
[  368.659708][T11403] netlink: zone id is out of range
[  368.693676][T11403] netlink: zone id is out of range
[  368.721954][T11403] netlink: zone id is out of range
[  368.727956][T11403] netlink: zone id is out of range
[  368.740393][T11403] netlink: zone id is out of range
[  368.755000][T11403] netlink: zone id is out of range
[  368.771853][T11403] netlink: zone id is out of range
[  368.779212][T11403] netlink: zone id is out of range
[  368.784942][T11403] netlink: zone id is out of range
[  368.904423][T11419] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1425'.
[  369.101772][T11426] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1428'.
[  369.269497][T11432] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1431'.
[  369.364486][T11437] netlink: 'syz.1.1432': attribute type 25 has an invalid length.
[  369.381329][T11437] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1432'.
[  369.395713][T11437] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1432'.
[  369.527461][ T5308] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  369.701341][ T5308] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  369.710036][ T5308] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.726724][ T5308] usb 3-1: config 0 has no interface number 0
[  369.757499][ T5308] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  369.782237][ T5308] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  369.822249][ T5308] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  369.831460][ T5308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.844247][ T5308] usb 3-1: Product: syz
[  369.848528][ T5308] usb 3-1: Manufacturer: syz
[  369.853203][ T5308] usb 3-1: SerialNumber: syz
[  369.862480][ T5308] usb 3-1: config 0 descriptor??
[  369.873874][ T5308] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  370.201245][ T5308] usb 3-1: USB disconnect, device number 60
[  370.515433][T11464] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1438'.
[  370.647754][T11471] ɶƣ0GCTw
�: entered promiscuous mode
[  370.657279][T11472] tipc: Started in network mode
[  370.672627][T11472] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  370.683351][T11472] tipc: Enabled bearer <eth:vlan0>, priority 10
[  370.696545][T11473] openvswitch: ɶƣ0GCTw
�: Dropping previously announced user features
[  370.720249][T11472] tipc: Resetting bearer <eth:vlan0>
[  370.782569][T11480] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1440'.
[  370.809905][T11472] tipc: Disabling bearer <eth:vlan0>
[  370.830869][T11479] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.838553][T11479] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.852737][T11479] bridge0: entered allmulticast mode
[  370.866340][T11483] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1444'.
[  370.911423][T11484] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.918719][T11484] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.926146][T11484] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.933346][T11484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.952690][T11484] bridge0: entered promiscuous mode
[  371.004154][T11479] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  371.280773][T11496] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1451'.
[  371.441623][ T2987] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.663401][ T2987] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.740934][T11509] fuse: Unknown parameter '���^�~�7!�y�ʭ�D]��fE��{�}�p����?�JV�#��'
[  371.854123][ T2987] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  371.982127][   T29] audit: type=1326 audit(1727520846.306:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11504 comm="syz.0.1456" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f80d4d7dff9 code=0x0
[  372.116991][ T2987] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.313829][ T5228] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  372.332728][ T5228] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  372.350147][ T5228] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  372.358185][ T5228] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  372.365758][ T5228] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  372.373270][ T5228] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  372.618795][ T2987] bridge_slave_1: left allmulticast mode
[  372.624516][ T2987] bridge_slave_1: left promiscuous mode
[  372.631146][ T2987] bridge0: port 2(bridge_slave_1) entered disabled state
[  372.649231][ T2987] bridge_slave_0: left allmulticast mode
[  372.695983][ T2987] bridge_slave_0: left promiscuous mode
[  372.736970][ T2987] bridge0: port 1(bridge_slave_0) entered disabled state
[  372.969084][T11541] fuse: Unknown parameter '&$��������'
[  373.313692][ T5278] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  373.372455][ T2987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  373.383461][ T2987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  373.394483][ T2987] bond0 (unregistering): Released all slaves
[  373.416617][T11541] netlink: 'syz.3.1463': attribute type 10 has an invalid length.
[  373.467647][ T5278] usb 2-1: Using ep0 maxpacket: 32
[  373.486149][ T5278] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.524303][ T5278] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  373.545959][ T5278] usb 2-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  373.579688][ T5278] usb 2-1: config 0 interface 0 has no altsetting 1
[  373.588902][ T5278] usb 2-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57
[  373.614638][ T5278] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.633670][ T5278] usb 2-1: Product: syz
[  373.651595][ T5278] usb 2-1: Manufacturer: syz
[  373.656245][ T5278] usb 2-1: SerialNumber: syz
[  373.663132][ T5278] usb 2-1: config 0 descriptor??
[  373.760164][T11560] net_ratelimit: 57 callbacks suppressed
[  373.760184][T11560] netlink: zone id is out of range
[  373.793923][T11560] netlink: zone id is out of range
[  373.833417][T11560] netlink: zone id is out of range
[  373.870697][T11560] netlink: zone id is out of range
[  373.876515][T11560] netlink: zone id is out of range
[  373.882990][T11560] netlink: zone id is out of range
[  373.905500][T11560] netlink: zone id is out of range
[  373.913128][T11560] netlink: zone id is out of range
[  373.914085][T11531] chnl_net:caif_netlink_parms(): no params data found
[  373.935553][T11560] netlink: zone id is out of range
[  373.939390][T11548] tipc: Started in network mode
[  373.945788][T11560] netlink: zone id is out of range
[  373.946288][T11548] tipc: Node identity 7f000001, cluster identity 4711
[  373.978051][T11548] tipc: Enabled bearer <udp:syz1>, priority 10
[  374.099646][ T2987] hsr_slave_0: left promiscuous mode
[  374.108814][ T2987] hsr_slave_1: left promiscuous mode
[  374.115220][ T2987] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  374.123437][ T2987] batman_adv: batadv0: Removing interface: batadv_slave_0
[  374.132146][ T2987] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  374.140544][ T2987] batman_adv: batadv0: Removing interface: batadv_slave_1
[  374.197276][ T2987] veth1_macvtap: left promiscuous mode
[  374.203847][ T2987] veth0_macvtap: left promiscuous mode
[  374.219325][ T2987] veth1_vlan: left promiscuous mode
[  374.224830][ T2987] veth0_vlan: left promiscuous mode
[  374.420636][ T5235] Bluetooth: hci2: command tx timeout
[  374.981094][ T2987] team0 (unregistering): Port device team_slave_1 removed
[  375.061246][ T2987] team0 (unregistering): Port device team_slave_0 removed
[  375.097534][ T5277] tipc: Node number set to 2130706433
[  375.579472][   T29] audit: type=1326 audit(1727520849.896:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11592 comm="syz.3.1474" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eda77dff9 code=0x0
[  376.218701][ T5278] usb 2-1: USB disconnect, device number 66
[  376.311268][T11536] udevd[11536]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  376.505426][ T5235] Bluetooth: hci2: command tx timeout
[  376.517244][T11531] bridge0: port 1(bridge_slave_0) entered blocking state
[  376.537945][T11531] bridge0: port 1(bridge_slave_0) entered disabled state
[  376.595707][T11531] bridge_slave_0: entered allmulticast mode
[  376.605133][T11531] bridge_slave_0: entered promiscuous mode
[  376.618220][T11531] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.625650][T11531] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.633044][T11531] bridge_slave_1: entered allmulticast mode
[  376.656538][T11531] bridge_slave_1: entered promiscuous mode
[  376.735942][T11531] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  376.748086][ T5278] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  376.780936][T11531] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.867886][T11531] team0: Port device team_slave_0 added
[  376.878038][T11531] team0: Port device team_slave_1 added
[  376.947598][ T5278] usb 5-1: Using ep0 maxpacket: 16
[  376.958443][ T5278] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  376.992733][ T5278] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76
[  377.019710][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.047506][ T5278] usb 5-1: Product: syz
[  377.057123][ T5278] usb 5-1: Manufacturer: syz
[  377.059104][ T2987] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.072245][ T5278] usb 5-1: SerialNumber: syz
[  377.076892][ T5278] usb 5-1: config 0 descriptor??
[  377.135886][T11531] batman_adv: batadv0: Adding interface: batadv_slave_0
[  377.155596][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  377.191356][T11531] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  377.299881][ T2987] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.362943][T11531] batman_adv: batadv0: Adding interface: batadv_slave_1
[  377.381971][ T5278] usb 5-1: ignoring: not an USB2CAN converter
[  377.415442][T11531] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  377.488073][T11636] FAULT_INJECTION: forcing a failure.
[  377.488073][T11636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.494292][T11531] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  377.528360][ T5228] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  377.540049][ T5228] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  377.551835][ T5228] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  377.566818][T11636] CPU: 0 UID: 0 PID: 11636 Comm: syz.0.1482 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  377.577285][T11636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  377.587373][T11636] Call Trace:
[  377.590661][T11636]  <TASK>
[  377.593586][T11636]  dump_stack_lvl+0x241/0x360
[  377.598275][T11636]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.603478][T11636]  ? __pfx__printk+0x10/0x10
[  377.608073][T11636]  ? snprintf+0xda/0x120
[  377.612317][T11636]  should_fail_ex+0x3b0/0x4e0
[  377.616995][T11636]  _copy_to_user+0x2f/0xb0
[  377.621413][T11636]  simple_read_from_buffer+0xca/0x150
[  377.626792][T11636]  proc_fail_nth_read+0x1e9/0x250
[  377.631820][T11636]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  377.637374][T11636]  ? rw_verify_area+0x55e/0x6f0
[  377.642227][T11636]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  377.647795][T11636]  vfs_read+0x201/0xbc0
[  377.651951][T11636]  ? __pfx_lock_release+0x10/0x10
[  377.656979][T11636]  ? __pfx_vfs_read+0x10/0x10
[  377.661659][T11636]  ? __fget_files+0x3f3/0x470
[  377.666335][T11636]  ? fdget_pos+0x24e/0x320
[  377.670747][T11636]  ksys_read+0x183/0x2b0
[  377.674993][T11636]  ? __pfx_ksys_read+0x10/0x10
[  377.679754][T11636]  ? do_syscall_64+0x100/0x230
[  377.684519][T11636]  ? do_syscall_64+0xb6/0x230
[  377.689197][T11636]  do_syscall_64+0xf3/0x230
[  377.693726][T11636]  ? clear_bhb_loop+0x35/0x90
[  377.698423][T11636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.704345][T11636] RIP: 0033:0x7f80d4d7ca3c
[  377.708774][T11636] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  377.728393][T11636] RSP: 002b:00007f80d5b32030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  377.736899][T11636] RAX: ffffffffffffffda RBX: 00007f80d4f36058 RCX: 00007f80d4d7ca3c
[  377.744871][T11636] RDX: 000000000000000f RSI: 00007f80d5b320a0 RDI: 0000000000000005
[  377.752838][T11636] RBP: 00007f80d5b32090 R08: 0000000000000000 R09: 0000000000000000
[  377.760801][T11636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.768764][T11636] R13: 0000000000000000 R14: 00007f80d4f36058 R15: 00007f80d505fa28
[  377.776739][T11636]  </TASK>
[  377.785180][ T5228] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  377.794147][ T5228] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  377.801652][ T5228] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  377.841613][    T9] usb 5-1: USB disconnect, device number 59
[  377.894053][ T2987] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.116587][ T2987] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  378.136712][T11531] hsr_slave_0: entered promiscuous mode
[  378.151078][T11531] hsr_slave_1: entered promiscuous mode
[  378.159883][T11531] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  378.168319][T11531] Cannot create hsr debugfs directory
[  378.307617][ T5278] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  378.416527][ T2987] bridge_slave_1: left allmulticast mode
[  378.432526][ T2987] bridge_slave_1: left promiscuous mode
[  378.442746][ T2987] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.456255][ T2987] bridge_slave_0: left allmulticast mode
[  378.457658][ T5278] usb 4-1: Using ep0 maxpacket: 32
[  378.463642][ T2987] bridge_slave_0: left promiscuous mode
[  378.487971][ T2987] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.496203][ T5278] usb 4-1: config 0 has an invalid interface number: 35 but max is 0
[  378.505442][ T5278] usb 4-1: config 0 has no interface number 0
[  378.519951][T11660] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1489'.
[  378.537716][ T5278] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  378.558684][ T5278] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.587506][ T5278] usb 4-1: Product: syz
[  378.587550][ T5228] Bluetooth: hci2: command tx timeout
[  378.591686][ T5278] usb 4-1: Manufacturer: syz
[  378.591706][ T5278] usb 4-1: SerialNumber: syz
[  378.593476][ T5278] usb 4-1: config 0 descriptor??
[  378.739528][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  378.745852][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  378.842470][ T5278] radio-si470x 4-1:0.35: this is not a si470x device.
[  378.893578][ T5278] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  379.090539][T11667] FAULT_INJECTION: forcing a failure.
[  379.090539][T11667] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  379.104924][T11667] CPU: 0 UID: 0 PID: 11667 Comm: syz.0.1491 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  379.115379][T11667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  379.125461][T11667] Call Trace:
[  379.128759][T11667]  <TASK>
[  379.131703][T11667]  dump_stack_lvl+0x241/0x360
[  379.136409][T11667]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.141632][T11667]  ? __pfx__printk+0x10/0x10
[  379.146251][T11667]  ? __pfx_lock_release+0x10/0x10
[  379.151307][T11667]  should_fail_ex+0x3b0/0x4e0
[  379.156006][T11667]  _copy_from_user+0x2f/0xe0
[  379.160623][T11667]  copy_msghdr_from_user+0xae/0x680
[  379.165850][T11667]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  379.171686][T11667]  __sys_sendmsg+0x22d/0x380
[  379.176296][T11667]  ? __pfx___sys_sendmsg+0x10/0x10
[  379.181436][T11667]  ? __pfx_vfs_write+0x10/0x10
[  379.186243][T11667]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  379.192596][T11667]  ? do_syscall_64+0x100/0x230
[  379.197380][T11667]  ? do_syscall_64+0xb6/0x230
[  379.202076][T11667]  do_syscall_64+0xf3/0x230
[  379.206602][T11667]  ? clear_bhb_loop+0x35/0x90
[  379.211349][T11667]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.217265][T11667] RIP: 0033:0x7f80d4d7dff9
[  379.221695][T11667] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.241320][T11667] RSP: 002b:00007f80d5b53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  379.249762][T11667] RAX: ffffffffffffffda RBX: 00007f80d4f35f80 RCX: 00007f80d4d7dff9
[  379.257753][T11667] RDX: 0000000000000000 RSI: 0000000020000700 RDI: 0000000000000003
[  379.265750][T11667] RBP: 00007f80d5b53090 R08: 0000000000000000 R09: 0000000000000000
[  379.273743][T11667] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.281740][T11667] R13: 0000000000000000 R14: 00007f80d4f35f80 R15: 00007f80d505fa28
[  379.289752][T11667]  </TASK>
[  379.309589][T11668] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.320920][ T2987] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  379.333006][T11668] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  379.345618][ T2987] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  379.363511][ T2987] bond0 (unregistering): Released all slaves
[  379.545190][ T2987] ɶƣ0GCTw
�: left promiscuous mode
[  379.704190][ T2987] tipc: Disabling bearer <udp:syz1>
[  379.707677][ T5278] radio-raremono 4-1:0.35: raremono_cmd_main failed (-71)
[  379.731958][ T2987] tipc: Left network mode
[  379.744323][ T5278] radio-raremono 4-1:0.35: V4L2 device registered as radio32
[  379.817289][ T5278] usb 4-1: USB disconnect, device number 52
[  379.839702][ T5278] radio-raremono 4-1:0.35: Thanko's Raremono disconnected
[  379.857848][ T5228] Bluetooth: hci1: command tx timeout
[  380.084079][T11643] chnl_net:caif_netlink_parms(): no params data found
[  380.280014][   T47] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  380.327673][ T2987] hsr_slave_0: left promiscuous mode
[  380.354576][ T2987] hsr_slave_1: left promiscuous mode
[  380.364428][ T2987] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  380.378640][ T2987] batman_adv: batadv0: Removing interface: batadv_slave_0
[  380.393574][ T2987] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  380.407472][ T2987] batman_adv: batadv0: Removing interface: batadv_slave_1
[  380.449164][   T47] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.467379][ T2987] veth1_macvtap: left promiscuous mode
[  380.467582][   T47] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  380.479697][ T2987] veth0_macvtap: left promiscuous mode
[  380.487527][ T2987] veth1_vlan: left promiscuous mode
[  380.493049][ T2987] veth0_vlan: left promiscuous mode
[  380.499785][   T47] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  380.509247][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  380.517262][   T47] usb 1-1: SerialNumber: syz
[  380.651667][T11706] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1498'.
[  380.661337][ T5228] Bluetooth: hci2: command tx timeout
[  380.730175][   T47] usb 1-1: 0:2 : does not exist
[  380.746722][   T47] usb 1-1: USB disconnect, device number 45
[  380.775261][T11536] udevd[11536]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  381.274489][ T2987] team0 (unregistering): Port device team_slave_1 removed
[  381.378374][ T2987] team0 (unregistering): Port device team_slave_0 removed
[  381.947268][ T5228] Bluetooth: hci1: command tx timeout
[  382.005423][T11531] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  382.027594][T11531] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  382.077172][T11643] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.107812][T11643] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.126713][T11643] bridge_slave_0: entered allmulticast mode
[  382.138666][T11643] bridge_slave_0: entered promiscuous mode
[  382.164204][T11531] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  382.215440][T11531] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  382.255267][T11643] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.257666][T11724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1503'.
[  382.262876][T11643] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.280183][T11643] bridge_slave_1: entered allmulticast mode
[  382.287192][T11643] bridge_slave_1: entered promiscuous mode
[  382.325561][T11643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  382.410663][T11643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  382.457502][   T47] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  382.571603][T11643] team0: Port device team_slave_0 added
[  382.588701][T11643] team0: Port device team_slave_1 added
[  382.639867][   T47] usb 1-1: Using ep0 maxpacket: 32
[  382.652009][   T47] usb 1-1: config index 0 descriptor too short (expected 2210, got 1175)
[  382.670331][   T47] usb 1-1: config 0 has an invalid interface number: 241 but max is 2
[  382.694825][T11643] batman_adv: batadv0: Adding interface: batadv_slave_0
[  382.708973][T11643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.735326][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.752642][   T47] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[  382.763766][   T47] usb 1-1: config 0 has no interface number 0
[  382.775032][T11643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  382.787149][   T47] usb 1-1: config 0 interface 241 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  382.809994][   T47] usb 1-1: config 0 interface 241 altsetting 4 has an endpoint descriptor with address 0xAE, changing to 0x8E
[  382.827418][T11643] batman_adv: batadv0: Adding interface: batadv_slave_1
[  382.834401][T11643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.866686][   T47] usb 1-1: config 0 interface 241 altsetting 4 endpoint 0x8E has an invalid bInterval 0, changing to 7
[  382.879742][   T47] usb 1-1: config 0 interface 241 altsetting 4 endpoint 0x8E has invalid wMaxPacketSize 0
[  382.889888][   T47] usb 1-1: config 0 interface 241 altsetting 4 has 3 endpoint descriptors, different from the interface descriptor's value: 14
[  382.917506][T11643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  382.947485][   T47] usb 1-1: config 0 interface 241 has no altsetting 0
[  382.961182][   T47] usb 1-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=e0.70
[  382.985950][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.015695][   T47] usb 1-1: Product: syz
[  383.037255][T11531] 8021q: adding VLAN 0 to HW filter on device bond0
[  383.047474][   T47] usb 1-1: Manufacturer: syz
[  383.052121][   T47] usb 1-1: SerialNumber: syz
[  383.085459][   T47] usb 1-1: config 0 descriptor??
[  383.249039][T11643] hsr_slave_0: entered promiscuous mode
[  383.270783][T11750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  383.288067][T11643] hsr_slave_1: entered promiscuous mode
[  383.313387][T11643] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  383.326333][T11750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  383.350992][T11643] Cannot create hsr debugfs directory
[  383.425418][T11531] 8021q: adding VLAN 0 to HW filter on device team0
[  383.494934][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.495015][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  383.507945][    T9] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  383.535866][T11756] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1507'.
[  383.572043][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.572131][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  383.690350][T11758] xt_CT: You must specify a L4 protocol and not use inversions on it
[  383.735789][T11758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1508'.
[  383.967883][T11531] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.017882][ T5235] Bluetooth: hci1: command tx timeout
[  384.167519][T11531] veth0_vlan: entered promiscuous mode
[  384.198794][T11531] veth1_vlan: entered promiscuous mode
[  384.320966][T11531] veth0_macvtap: entered promiscuous mode
[  384.371870][T11531] veth1_macvtap: entered promiscuous mode
[  384.435694][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  384.457507][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.468242][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  384.480253][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.491783][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  384.502961][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.524982][T11770] fuse: Bad value for 'group_id'
[  384.531505][T11531] batman_adv: batadv0: Interface activated: batadv_slave_0
[  384.539055][T11770] fuse: Bad value for 'group_id'
[  384.544355][T11643] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  384.584748][T11643] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  384.597197][T11643] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  384.607283][T11643] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  384.631349][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  384.659034][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.676440][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  384.690991][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.701011][T11531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  384.715345][T11531] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  384.733252][T11531] batman_adv: batadv0: Interface activated: batadv_slave_1
[  384.775426][T11531] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  384.792065][T11531] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  384.804652][T11531] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.819497][T11531] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  385.072099][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.106541][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.173634][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  385.204512][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.256431][T11643] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.363527][T11643] 8021q: adding VLAN 0 to HW filter on device team0
[  385.415292][  T748] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.422456][  T748] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.447518][   T47] usb 1-1: USB disconnect, device number 46
[  385.502598][ T1111] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.511430][ T1111] bridge0: port 2(bridge_slave_1) entered forwarding state
[  385.672077][T11643] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.784544][T11643] veth0_vlan: entered promiscuous mode
[  385.819842][T11643] veth1_vlan: entered promiscuous mode
[  385.827737][    T9] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  385.881934][T11643] veth0_macvtap: entered promiscuous mode
[  385.899616][T11643] veth1_macvtap: entered promiscuous mode
[  385.934018][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  385.937890][ T5235] Bluetooth: hci4: command 0x0406 tx timeout
[  385.949999][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  385.964062][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  385.975068][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  385.985894][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.002110][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.012367][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.014304][    T9] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  386.025373][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.045537][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.047227][T11643] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.072384][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.083379][    T9] usb 3-1: config 0 has no interface number 0
[  386.090494][    T9] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  386.099323][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.102411][ T5228] Bluetooth: hci1: command tx timeout
[  386.118402][    T9] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  386.134815][    T9] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  386.144232][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.152342][    T9] usb 3-1: Product: syz
[  386.152818][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.156584][    T9] usb 3-1: Manufacturer: syz
[  386.173628][    T9] usb 3-1: SerialNumber: syz
[  386.188738][    T9] usb 3-1: config 0 descriptor??
[  386.199207][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.209617][    T9] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  386.227210][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.244098][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.255839][T11643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.274320][T11643] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.286089][T11643] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.312371][T11643] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.362640][T11643] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.400134][T11643] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.437624][T11643] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.622491][T11813] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1516'.
[  386.714635][    T9] usb 3-1: USB disconnect, device number 61
[  386.889732][T11827] tipc: Started in network mode
[  386.895843][ T2987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  386.917540][T11827] tipc: Node identity 7f000001, cluster identity 4711
[  386.924964][T11827] tipc: Enabled bearer <udp:syz1>, priority 10
[  386.941427][ T2987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.042080][ T1111] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.059191][T11827] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  387.066906][T11827] IPv6: NLM_F_CREATE should be set when creating new route
[  387.079805][ T1111] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.527510][T11776] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  387.542400][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.712081][T11776] usb 4-1: Using ep0 maxpacket: 32
[  387.754067][T11776] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  387.781903][T11776] usb 4-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  387.783693][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.796358][T11776] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.849734][T11776] usb 4-1: Product: syz
[  387.867531][T11776] usb 4-1: Manufacturer: syz
[  387.897580][T11776] usb 4-1: SerialNumber: syz
[  387.922278][T11776] usb 4-1: config 0 descriptor??
[  387.953356][T11776] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  387.994966][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.037587][ T5274] tipc: Node number set to 2130706433
[  388.203014][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  388.433018][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  388.457637][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  388.487583][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  388.495443][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  388.504104][   T12] bridge_slave_1: left allmulticast mode
[  388.510504][ T5235] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  388.522954][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  388.581708][   T12] bridge_slave_1: left promiscuous mode
[  388.637758][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.704148][   T12] bridge_slave_0: left allmulticast mode
[  388.720325][   T12] bridge_slave_0: left promiscuous mode
[  388.742810][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.570975][T11776] gspca_sunplus: reg_w_1 err -71
[  389.589346][T11776] sunplus 4-1:0.0: probe with driver sunplus failed with error -71
[  389.686289][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  389.712474][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  389.727607][T11776] usb 4-1: USB disconnect, device number 53
[  389.739568][   T12] bond0 (unregistering): Released all slaves
[  389.853276][   T12] tipc: Disabling bearer <udp:syz1>
[  389.858917][   T12] tipc: Left network mode
[  390.050170][T11887] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1528'.
[  390.438309][   T12] hsr_slave_0: left promiscuous mode
[  390.462606][   T12] hsr_slave_1: left promiscuous mode
[  390.470002][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  390.483078][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  390.509915][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  390.518645][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  390.569356][   T12] veth1_macvtap: left promiscuous mode
[  390.578137][ T5228] Bluetooth: hci3: command tx timeout
[  390.591466][   T12] veth0_macvtap: left promiscuous mode
[  390.621351][   T12] veth1_vlan: left promiscuous mode
[  390.627424][   T12] veth0_vlan: left promiscuous mode
[  391.129961][ T5291] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  391.329965][ T5291] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  391.353992][ T5291] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  391.380749][ T5291] usb 2-1: config 0 has no interface number 0
[  391.402418][ T5291] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  391.428564][ T5291] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  391.464740][ T5291] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  391.496901][ T5291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.525668][ T5291] usb 2-1: Product: syz
[  391.535781][ T5291] usb 2-1: Manufacturer: syz
[  391.563816][ T5291] usb 2-1: SerialNumber: syz
[  391.585914][ T5291] usb 2-1: config 0 descriptor??
[  391.607927][ T5291] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[  391.948953][ T1165] usb 2-1: USB disconnect, device number 67
[  392.189365][   T12] team0 (unregistering): Port device team_slave_1 removed
[  392.257430][   T12] team0 (unregistering): Port device team_slave_0 removed
[  392.665521][ T5228] Bluetooth: hci3: command tx timeout
[  393.243694][T11908] tipc: Started in network mode
[  393.249028][T11908] tipc: Node identity 7f000001, cluster identity 4711
[  393.263816][T11908] tipc: Enabled bearer <udp:syz1>, priority 10
[  393.274625][T11912] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  393.281950][T11912] IPv6: NLM_F_CREATE should be set when creating new route
[  393.507956][T11874] chnl_net:caif_netlink_parms(): no params data found
[  393.543955][T11954] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1539'.
[  393.556988][T11933] syz.3.1534 (11933): drop_caches: 1
[  394.023716][T11874] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.036676][T11874] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.071808][T11874] bridge_slave_0: entered allmulticast mode
[  394.093256][T11874] bridge_slave_0: entered promiscuous mode
[  394.145666][T11874] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.157301][T11874] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.165041][T11874] bridge_slave_1: entered allmulticast mode
[  394.202480][T11874] bridge_slave_1: entered promiscuous mode
[  394.280303][T11874] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.318494][T11874] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.372669][T11874] team0: Port device team_slave_0 added
[  394.378604][   T47] tipc: Node number set to 2130706433
[  394.396324][T11874] team0: Port device team_slave_1 added
[  394.452338][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.586956][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.610892][T11874] batman_adv: batadv0: Adding interface: batadv_slave_0
[  394.619971][T11874] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.654559][ T5235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  394.665523][ T5235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  394.674925][T11874] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  394.695626][ T5235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  394.704267][ T5235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  394.723511][ T5235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  394.731925][ T5235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  394.745506][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.756001][ T5235] Bluetooth: hci3: command tx timeout
[  394.785786][T11874] batman_adv: batadv0: Adding interface: batadv_slave_1
[  394.832783][T11874] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  394.894835][T11874] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  394.958448][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.082771][T11874] hsr_slave_0: entered promiscuous mode
[  395.120371][T11874] hsr_slave_1: entered promiscuous mode
[  395.133621][T11874] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  395.162797][T11874] Cannot create hsr debugfs directory
[  395.276638][T12005] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1551'.
[  395.441169][   T12] bridge_slave_1: left allmulticast mode
[  395.446848][   T12] bridge_slave_1: left promiscuous mode
[  395.467896][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  395.478184][   T12] bridge_slave_0: left allmulticast mode
[  395.483943][   T12] bridge_slave_0: left promiscuous mode
[  395.494839][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.903962][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  395.914901][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  395.926069][   T12] bond0 (unregistering): Released all slaves
[  396.217567][   T12] tipc: Disabling bearer <udp:syz1>
[  396.227617][   T12] tipc: Left network mode
[  396.247482][ T5277] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  396.441058][ T5277] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  396.462689][ T5277] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  396.493358][ T5277] usb 2-1: config 0 has no interface number 0
[  396.511918][ T5277] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  396.538000][ T5277] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  396.539904][T11991] chnl_net:caif_netlink_parms(): no params data found
[  396.575537][ T5277] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  396.588377][ T5277] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.610806][ T5277] usb 2-1: Product: syz
[  396.628149][ T5277] usb 2-1: Manufacturer: syz
[  396.671287][ T5277] usb 2-1: SerialNumber: syz
[  396.709648][ T5277] usb 2-1: config 0 descriptor??
[  396.731858][ T5277] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[  396.822182][ T5228] Bluetooth: hci3: command tx timeout
[  396.830121][ T5228] Bluetooth: hci2: command tx timeout
[  397.048706][ T5277] usb 2-1: USB disconnect, device number 68
[  397.125612][   T12] hsr_slave_0: left promiscuous mode
[  397.135955][   T12] hsr_slave_1: left promiscuous mode
[  397.154234][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.163339][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.185915][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.193507][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.212969][   T12] veth1_macvtap: left promiscuous mode
[  397.218937][   T12] veth0_macvtap: left promiscuous mode
[  397.224545][   T12] veth1_vlan: left promiscuous mode
[  397.230377][   T12] veth0_vlan: left promiscuous mode
[  397.757489][   T12] team0 (unregistering): Port device team_slave_1 removed
[  397.822350][   T12] team0 (unregistering): Port device team_slave_0 removed
[  398.275782][T11991] bridge0: port 1(bridge_slave_0) entered blocking state
[  398.299195][T11991] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.307304][T11991] bridge_slave_0: entered allmulticast mode
[  398.319603][T11991] bridge_slave_0: entered promiscuous mode
[  398.334802][T11991] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.342544][T11991] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.362438][T11991] bridge_slave_1: entered allmulticast mode
[  398.377703][T11991] bridge_slave_1: entered promiscuous mode
[  398.539082][T11991] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  398.563391][T11991] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  398.672855][T11874] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  398.695182][T11874] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  398.737114][T11991] team0: Port device team_slave_0 added
[  398.768472][T11991] team0: Port device team_slave_1 added
[  398.780634][T11874] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  398.855145][T11874] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  398.897457][ T5235] Bluetooth: hci2: command tx timeout
[  398.908895][T11991] batman_adv: batadv0: Adding interface: batadv_slave_0
[  398.945881][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.973511][T11991] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  399.025673][T11991] batman_adv: batadv0: Adding interface: batadv_slave_1
[  399.036843][T11991] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.063704][T11991] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  399.165673][T11991] hsr_slave_0: entered promiscuous mode
[  399.179519][T11991] hsr_slave_1: entered promiscuous mode
[  399.185861][T11991] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  399.226710][T11991] Cannot create hsr debugfs directory
[  399.507782][ T5308] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  399.555751][T11874] 8021q: adding VLAN 0 to HW filter on device bond0
[  399.652401][T11874] 8021q: adding VLAN 0 to HW filter on device team0
[  399.683875][ T5308] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  399.719098][ T5308] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.743060][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  399.750252][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  399.768107][ T5308] usb 2-1: config 0 has no interface number 0
[  399.774233][ T5308] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  399.837820][ T5308] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  399.896668][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[  399.903880][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[  399.909184][ T5308] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  399.957523][ T5308] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.965563][ T5308] usb 2-1: Product: syz
[  400.004547][ T5308] usb 2-1: Manufacturer: syz
[  400.022658][ T5308] usb 2-1: SerialNumber: syz
[  400.048630][ T5308] usb 2-1: config 0 descriptor??
[  400.051425][T11874] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  400.079328][ T5308] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[  400.175058][T11874] 8021q: adding VLAN 0 to HW filter on device batadv0
[  400.202270][T11991] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  400.229879][T11991] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  400.257630][T11991] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  400.277167][T11991] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  400.371483][T11874] veth0_vlan: entered promiscuous mode
[  400.384109][ T5308] usb 2-1: USB disconnect, device number 69
[  400.423175][T11874] veth1_vlan: entered promiscuous mode
[  400.505503][T11874] veth0_macvtap: entered promiscuous mode
[  400.524205][T11874] veth1_macvtap: entered promiscuous mode
[  400.541154][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  400.552070][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.562030][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  400.572551][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.582483][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  400.593012][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.604315][T11874] batman_adv: batadv0: Interface activated: batadv_slave_0
[  400.614361][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  400.625085][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.635108][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  400.645580][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.655514][T11874] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  400.666064][T11874] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  400.677787][T11874] batman_adv: batadv0: Interface activated: batadv_slave_1
[  400.687953][T11874] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.696677][T11874] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.705646][T11874] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.714495][T11874] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  400.751205][T11991] 8021q: adding VLAN 0 to HW filter on device bond0
[  400.770901][T11991] 8021q: adding VLAN 0 to HW filter on device team0
[  400.785224][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.792389][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  400.840980][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.848166][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  400.982367][ T5235] Bluetooth: hci2: command tx timeout
[  401.177776][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  401.186071][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  401.211906][T11991] 8021q: adding VLAN 0 to HW filter on device batadv0
[  401.287428][T11991] veth0_vlan: entered promiscuous mode
[  401.298496][T11991] veth1_vlan: entered promiscuous mode
[  401.321061][T11991] veth0_macvtap: entered promiscuous mode
[  401.330120][T11991] veth1_macvtap: entered promiscuous mode
[  401.351886][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.362690][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.372794][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.383836][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.393927][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.404692][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.414740][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  401.425510][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.436795][T11991] batman_adv: batadv0: Interface activated: batadv_slave_0
[  401.478646][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.489765][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.494344][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  401.499940][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.499964][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.499981][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.511703][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  401.518791][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.556906][T11991] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  401.567410][T11991] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  401.578580][T11991] batman_adv: batadv0: Interface activated: batadv_slave_1
[  401.591876][T11991] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  401.600907][T11991] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  401.609845][T11991] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  401.618987][T11991] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  401.760893][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  401.806484][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  401.892997][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  401.908097][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  402.506783][T12189] binder: 12188:12189 ioctl c018620c 20000000 returned -22
[  402.526172][T12189] fuse: Bad value for 'fd'
[  402.537495][   T47] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  402.562902][T12191] netlink: 260 bytes leftover after parsing attributes in process `syz.0.1587'.
[  402.699729][   T47] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  402.710157][   T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.731182][   T47] usb 2-1: config 0 has no interface number 0
[  402.737313][   T47] usb 2-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  402.766005][   T47] usb 2-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  402.779604][ T5291] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  402.800442][   T47] usb 2-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  402.809698][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.824985][   T47] usb 2-1: Product: syz
[  402.830004][   T47] usb 2-1: Manufacturer: syz
[  402.834632][   T47] usb 2-1: SerialNumber: syz
[  402.850114][   T47] usb 2-1: config 0 descriptor??
[  402.870833][   T47] HFC-S_USB 2-1:0.117: probe with driver HFC-S_USB failed with error -5
[  402.947617][ T5291] usb 3-1: Using ep0 maxpacket: 8
[  402.961433][ T5291] usb 3-1: unable to get BOS descriptor or descriptor too short
[  402.979416][ T5291] usb 3-1: unable to read config index 0 descriptor/start: -61
[  402.990879][ T5291] usb 3-1: can't read configurations, error -61
[  403.027621][ T5277] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  403.059939][ T5235] Bluetooth: hci2: command tx timeout
[  403.138601][ T5291] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  403.183406][ T1165] usb 2-1: USB disconnect, device number 70
[  403.196450][ T5277] usb 1-1: config 0 has no interfaces?
[  403.215463][ T5277] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  403.233186][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  403.261746][ T5277] usb 1-1: Product: syz
[  403.268048][ T5277] usb 1-1: Manufacturer: syz
[  403.282980][ T5277] usb 1-1: config 0 descriptor??
[  403.307412][ T5291] usb 3-1: Using ep0 maxpacket: 8
[  403.326497][ T5291] usb 3-1: unable to get BOS descriptor or descriptor too short
[  403.340474][ T5291] usb 3-1: unable to read config index 0 descriptor/start: -61
[  403.349312][ T5291] usb 3-1: can't read configurations, error -61
[  403.355961][ T5291] usb usb3-port1: attempt power cycle
[  403.506792][T12191] netlink: 596 bytes leftover after parsing attributes in process `syz.0.1587'.
[  403.535120][    T9] usb 1-1: USB disconnect, device number 47
[  403.698256][ T5291] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  403.738357][ T5291] usb 3-1: Using ep0 maxpacket: 8
[  403.754888][ T5291] usb 3-1: unable to get BOS descriptor or descriptor too short
[  403.766282][ T5291] usb 3-1: unable to read config index 0 descriptor/start: -61
[  403.777320][ T5291] usb 3-1: can't read configurations, error -61
[  403.833092][ T5235] Bluetooth: hci4: unexpected event for opcode 0x1003
[  403.907581][ T5291] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  403.939586][ T5291] usb 3-1: Using ep0 maxpacket: 8
[  403.952734][ T5291] usb 3-1: unable to get BOS descriptor or descriptor too short
[  403.966121][ T5291] usb 3-1: unable to read config index 0 descriptor/start: -61
[  403.976225][ T5291] usb 3-1: can't read configurations, error -61
[  403.987930][ T5291] usb usb3-port1: unable to enumerate USB device
[  404.052799][T12235] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1602'.
[  404.062021][T12235] net_ratelimit: 12 callbacks suppressed
[  404.062040][T12235] openvswitch: netlink: Actions may not be safe on all matching packets
[  404.584703][T12254] openvswitch: netlink: Flow key attr not present in new flow.
[  404.592669][T12253] openvswitch: netlink: Flow key attr not present in new flow.
[  405.147723][ T5278] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  405.267454][ T5291] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  405.308917][ T5278] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[  405.317099][ T5278] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  405.327811][ T5278] usb 4-1: config 0 has no interface number 0
[  405.333932][ T5278] usb 4-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  405.345182][ T5278] usb 4-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  405.360695][ T5278] usb 4-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  405.369899][ T5278] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.378561][ T5278] usb 4-1: Product: syz
[  405.382735][ T5278] usb 4-1: Manufacturer: syz
[  405.387306][ T5278] usb 4-1: SerialNumber: syz
[  405.393606][ T5278] usb 4-1: config 0 descriptor??
[  405.404556][ T5278] HFC-S_USB 4-1:0.117: probe with driver HFC-S_USB failed with error -5
[  405.439624][ T5291] usb 5-1: config 0 has no interfaces?
[  405.446683][ T5291] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  405.455903][ T5291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.464503][ T5291] usb 5-1: Product: syz
[  405.468792][ T5291] usb 5-1: Manufacturer: syz
[  405.473831][ T5291] usb 5-1: SerialNumber: syz
[  405.481774][ T5291] usb 5-1: config 0 descriptor??
[  405.527514][T12272] netlink: 'syz.2.1614': attribute type 9 has an invalid length.
[  405.660825][ T5291] usb 4-1: USB disconnect, device number 54
[  405.724602][ T5235] Bluetooth: hci3: unexpected event 0x2c length: 50 > 17
[  405.731702][   T47] usb 5-1: USB disconnect, device number 61
[  405.890521][T12282] fuse: Bad value for 'fd'
[  406.328373][    T8] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[  406.548456][    T8] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  406.581579][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.615276][    T8] usb 3-1: config 0 descriptor??
[  406.831893][ T5291] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  407.003698][ T5291] usb 5-1: config 0 has an invalid interface number: 117 but max is 0
[  407.012986][ T5291] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  407.054357][ T5291] usb 5-1: config 0 has no interface number 0
[  407.066171][ T5291] usb 5-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  407.084660][ T5291] usb 5-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  407.118829][    T8] [drm:udl_init] *ERROR* Selecting channel failed
[  407.123131][ T5291] usb 5-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  407.160004][ T5291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.180677][    T8] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2
[  407.186467][ T5291] usb 5-1: Product: syz
[  407.202527][ T5291] usb 5-1: Manufacturer: syz
[  407.207248][    T8] [drm] Initialized udl on minor 2
[  407.220635][    T8] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  407.222734][ T5291] usb 5-1: SerialNumber: syz
[  407.261334][    T8] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  407.272920][ T5291] usb 5-1: config 0 descriptor??
[  407.278089][ T1165] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  407.286551][ T1165] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[  407.298775][    T8] usb 3-1: USB disconnect, device number 66
[  407.329526][ T5291] HFC-S_USB 5-1:0.117: probe with driver HFC-S_USB failed with error -5
[  407.611321][ T5278] usb 5-1: USB disconnect, device number 62
[  407.767554][ T1165] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  407.857523][ T5235] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  407.867634][ T5235] Bluetooth: hci4: Injecting HCI hardware error event
[  407.875360][ T5235] Bluetooth: hci4: hardware error 0x00
[  407.938324][    T9] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  407.948627][ T1165] usb 1-1: config 0 has an invalid interface number: 117 but max is 0
[  407.956800][ T1165] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  407.967292][ T1165] usb 1-1: config 0 has no interface number 0
[  407.973494][ T1165] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  407.984992][ T1165] usb 1-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  408.000288][ T1165] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  408.009389][ T1165] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.017759][ T1165] usb 1-1: Product: syz
[  408.022375][ T1165] usb 1-1: Manufacturer: syz
[  408.026980][ T1165] usb 1-1: SerialNumber: syz
[  408.038118][ T1165] usb 1-1: config 0 descriptor??
[  408.045620][ T1165] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5
[  408.117463][    T9] usb 2-1: Using ep0 maxpacket: 16
[  408.124575][    T9] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  408.133112][    T9] usb 2-1: config 0 has no interface number 0
[  408.147426][    T9] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  408.169513][    T9] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  408.185591][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.195556][    T9] usb 2-1: Product: syz
[  408.208103][    T9] usb 2-1: Manufacturer: syz
[  408.217434][    T9] usb 2-1: SerialNumber: syz
[  408.224058][    T9] usb 2-1: config 0 descriptor??
[  408.368174][    T8] usb 1-1: USB disconnect, device number 48
[  408.471133][T12332] xt_l2tp: missing protocol rule (udp|l2tpip)
[  408.849602][    T9] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.214/input/input38
[  408.962416][T12339] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1637'.
[  409.061587][    T8] usb 2-1: USB disconnect, device number 71
[  409.503241][T12354] netlink: zone id is out of range
[  409.511988][T12356] xt_CT: You must specify a L4 protocol and not use inversions on it
[  409.512251][T12354] netlink: zone id is out of range
[  409.527178][T12354] netlink: zone id is out of range
[  409.547319][T12354] netlink: set zone limit has 4 unknown bytes
[  409.940756][ T5235] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  409.951101][   T47] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  410.108940][   T47] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  410.126433][   T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.140719][   T47] usb 3-1: config 0 has no interface number 0
[  410.147018][   T47] usb 3-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30
[  410.160297][   T47] usb 3-1: config 0 interface 117 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 239
[  410.176541][   T47] usb 3-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46
[  410.186277][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.194451][   T47] usb 3-1: Product: syz
[  410.198781][   T47] usb 3-1: Manufacturer: syz
[  410.204012][   T47] usb 3-1: SerialNumber: syz
[  410.211501][T12382] netlink: 'syz.0.1652': attribute type 11 has an invalid length.
[  410.222000][   T47] usb 3-1: config 0 descriptor??
[  410.234309][   T47] HFC-S_USB 3-1:0.117: probe with driver HFC-S_USB failed with error -5
[  410.257563][ T1165] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  410.422788][ T1165] usb 5-1: Using ep0 maxpacket: 16
[  410.429676][ T1165] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  410.441369][ T1165] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  410.458229][ T1165] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  410.467308][ T1165] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.478434][ T1165] usb 5-1: Product: syz
[  410.482624][ T1165] usb 5-1: Manufacturer: syz
[  410.487224][ T1165] usb 5-1: SerialNumber: syz
[  410.508098][ T1165] usb 5-1: config 0 descriptor??
[  410.516053][ T1165] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  410.525692][ T1165] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  410.542300][   T47] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  410.542569][    T9] usb 3-1: USB disconnect, device number 67
[  410.682807][T12388] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1654'.
[  410.694591][   T29] audit: type=1326 audit(1727520885.036:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.707498][   T47] usb 1-1: Using ep0 maxpacket: 8
[  410.725418][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  410.738362][   T47] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  410.760734][   T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  410.773910][   T29] audit: type=1326 audit(1727520885.036:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.799650][   T47] usb 1-1: config 0 descriptor??
[  410.812899][   T29] audit: type=1326 audit(1727520885.036:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.820800][   T47] gspca_main: vc032x-2.14.0 probing 046d:0892
[  410.843531][   T29] audit: type=1326 audit(1727520885.036:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.870604][   T29] audit: type=1326 audit(1727520885.116:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.904212][   T29] audit: type=1326 audit(1727520885.116:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12387 comm="syz.1.1654" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcce797dff9 code=0x7ffc0000
[  410.954638][ T1165] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  410.966179][ T1165] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  410.973930][ T1165] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  410.982860][ T1165] em28xx 5-1:0.0: No AC97 audio processor
[  411.011072][T12394] netlink: zone id is out of range
[  411.016429][T12394] netlink: zone id is out of range
[  411.022830][T12394] netlink: zone id is out of range
[  411.034053][T12394] netlink: set zone limit has 4 unknown bytes
[  411.306042][T12409] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1653'.
[  411.557110][   T47] gspca_vc032x: reg_w err -110
[  411.563254][   T47] vc032x 1-1:0.0: probe with driver vc032x failed with error -110
[  411.727543][    T8] usb 5-1: USB disconnect, device number 63
[  411.733566][ T1165] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  411.753967][    T8] em28xx 5-1:0.0: Disconnecting em28xx
[  411.791717][    T8] em28xx 5-1:0.0: Freeing device
[  411.939423][ T1165] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.968638][ T1165] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  411.987827][ T1165] usb 3-1: New USB device found, idVendor=056a, idProduct=00d1, bcdDevice= 0.00
[  412.006994][ T1165] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.022880][ T1165] usb 3-1: config 0 descriptor??
[  412.117865][   T47] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  412.299259][   T47] usb 2-1: config 0 has no interfaces?
[  412.309123][   T47] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  412.343954][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.355109][   T47] usb 2-1: Product: syz
[  412.362104][   T47] usb 2-1: Manufacturer: syz
[  412.370662][   T47] usb 2-1: SerialNumber: syz
[  412.379840][   T47] usb 2-1: config 0 descriptor??
[  412.621129][ T5235] Bluetooth: hci1: unexpected event 0x2c length: 50 > 17
[  412.624620][   T47] usb 2-1: USB disconnect, device number 72
[  412.658359][ T1165] usbhid 3-1:0.0: can't add hid device: -71
[  412.691014][ T1165] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  412.777771][ T1165] usb 3-1: USB disconnect, device number 68
[  413.268813][T12436] netlink: zone id is out of range
[  413.287570][T12436] netlink: zone id is out of range
[  413.390949][T12443] 
[  413.393300][T12443] ======================================================
[  413.400300][T12443] WARNING: possible circular locking dependency detected
[  413.407299][T12443] 6.11.0-syzkaller-11728-gad46e8f95e93 #0 Not tainted
[  413.414038][T12443] ------------------------------------------------------
[  413.421037][T12443] syz.2.1670/12443 is trying to acquire lock:
[  413.427081][T12443] ffff888063f87858 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: process_measurement+0x439/0x1fb0
[  413.437777][T12443] 
[  413.437777][T12443] but task is already holding lock:
[  413.439860][ T1165] usb 1-1: USB disconnect, device number 49
[  413.445127][T12443] ffff888069ed9498 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x22d/0xa50
[  413.461110][T12443] 
[  413.461110][T12443] which lock already depends on the new lock.
[  413.461110][T12443] 
[  413.471495][T12443] 
[  413.471495][T12443] the existing dependency chain (in reverse order) is:
[  413.480486][T12443] 
[  413.480486][T12443] -> #1 (&mm->mmap_lock){++++}-{3:3}:
[  413.488025][T12443]        lock_acquire+0x1ed/0x550
[  413.493032][T12443]        down_read_killable+0xca/0xd30
[  413.498557][T12443]        mmap_read_lock_killable+0x1d/0x70
[  413.504339][T12443]        lock_mm_and_find_vma+0x29c/0x2f0
[  413.510039][T12443]        exc_page_fault+0x1bf/0x8c0
[  413.515218][T12443]        asm_exc_page_fault+0x26/0x30
[  413.520569][T12443]        fault_in_readable+0x108/0x2b0
[  413.526007][T12443]        fault_in_iov_iter_readable+0x229/0x280
[  413.532312][T12443]        generic_perform_write+0x259/0x6d0
[  413.538107][T12443]        shmem_file_write_iter+0xf9/0x120
[  413.543827][T12443]        vfs_write+0xa6d/0xc90
[  413.548575][T12443]        ksys_write+0x183/0x2b0
[  413.553404][T12443]        do_syscall_64+0xf3/0x230
[  413.558410][T12443]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.564809][T12443] 
[  413.564809][T12443] -> #0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}:
[  413.573479][T12443]        validate_chain+0x18ef/0x5920
[  413.578830][T12443]        __lock_acquire+0x1384/0x2050
[  413.584183][T12443]        lock_acquire+0x1ed/0x550
[  413.589190][T12443]        down_write+0x99/0x220
[  413.593932][T12443]        process_measurement+0x439/0x1fb0
[  413.599628][T12443]        ima_file_mmap+0x13d/0x2b0
[  413.604721][T12443]        security_mmap_file+0x7e7/0xa40
[  413.610246][T12443]        __se_sys_remap_file_pages+0x6e6/0xa50
[  413.616377][T12443]        do_syscall_64+0xf3/0x230
[  413.621382][T12443]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.627777][T12443] 
[  413.627777][T12443] other info that might help us debug this:
[  413.627777][T12443] 
[  413.637981][T12443]  Possible unsafe locking scenario:
[  413.637981][T12443] 
[  413.645456][T12443]        CPU0                    CPU1
[  413.651060][T12443]        ----                    ----
[  413.656415][T12443]   lock(&mm->mmap_lock);
[  413.660767][T12443]                                lock(&sb->s_type->i_mutex_key#12);
[  413.668732][T12443]                                lock(&mm->mmap_lock);
[  413.675560][T12443]   lock(&sb->s_type->i_mutex_key#12);
[  413.681000][T12443] 
[  413.681000][T12443]  *** DEADLOCK ***
[  413.681000][T12443] 
[  413.689134][T12443] 1 lock held by syz.2.1670/12443:
[  413.694219][T12443]  #0: ffff888069ed9498 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x22d/0xa50
[  413.704646][T12443] 
[  413.704646][T12443] stack backtrace:
[  413.710512][T12443] CPU: 1 UID: 0 PID: 12443 Comm: syz.2.1670 Not tainted 6.11.0-syzkaller-11728-gad46e8f95e93 #0
[  413.720897][T12443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  413.730929][T12443] Call Trace:
[  413.734184][T12443]  <TASK>
[  413.737095][T12443]  dump_stack_lvl+0x241/0x360
[  413.741769][T12443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  413.746979][T12443]  ? __pfx__printk+0x10/0x10
[  413.751567][T12443]  print_circular_bug+0x13a/0x1b0
[  413.756575][T12443]  check_noncircular+0x36a/0x4a0
[  413.761497][T12443]  ? __pfx_validate_chain+0x10/0x10
[  413.766765][T12443]  ? __pfx_check_noncircular+0x10/0x10
[  413.772211][T12443]  ? lockdep_lock+0x123/0x2b0
[  413.776876][T12443]  validate_chain+0x18ef/0x5920
[  413.781706][T12443]  ? mark_lock+0x9a/0x360
[  413.786030][T12443]  ? __pfx_validate_chain+0x10/0x10
[  413.791217][T12443]  ? mark_lock+0x9a/0x360
[  413.795531][T12443]  ? __lock_acquire+0x1384/0x2050
[  413.800542][T12443]  ? look_up_lock_class+0x77/0x170
[  413.805639][T12443]  ? register_lock_class+0x102/0x980
[  413.810911][T12443]  ? __pfx_register_lock_class+0x10/0x10
[  413.816533][T12443]  ? mark_lock+0x9a/0x360
[  413.820841][T12443]  ? ima_match_policy+0x115/0x22f0
[  413.825933][T12443]  __lock_acquire+0x1384/0x2050
[  413.830772][T12443]  lock_acquire+0x1ed/0x550
[  413.835257][T12443]  ? process_measurement+0x439/0x1fb0
[  413.840611][T12443]  ? __pfx_lock_acquire+0x10/0x10
[  413.845617][T12443]  ? __pfx___might_resched+0x10/0x10
[  413.850881][T12443]  ? ima_match_policy+0x115/0x22f0
[  413.855971][T12443]  ? __pfx_ima_match_policy+0x10/0x10
[  413.861318][T12443]  ? __pfx___schedule+0x10/0x10
[  413.866150][T12443]  down_write+0x99/0x220
[  413.870380][T12443]  ? process_measurement+0x439/0x1fb0
[  413.875753][T12443]  ? __pfx_down_write+0x10/0x10
[  413.880581][T12443]  ? ima_get_action+0x75/0xb0
[  413.885238][T12443]  process_measurement+0x439/0x1fb0
[  413.890417][T12443]  ? __pfx_process_measurement+0x10/0x10
[  413.896028][T12443]  ? __pfx_lock_acquire+0x10/0x10
[  413.901034][T12443]  ? aa_file_perm+0x137/0xf50
[  413.905697][T12443]  ? apparmor_current_getsecid_subj+0xde/0x1b0
[  413.911831][T12443]  ima_file_mmap+0x13d/0x2b0
[  413.916400][T12443]  ? __pfx_ima_file_mmap+0x10/0x10
[  413.921490][T12443]  ? end_current_label_crit_section+0x151/0x180
[  413.927706][T12443]  ? common_file_perm+0x1a6/0x210
[  413.932705][T12443]  security_mmap_file+0x7e7/0xa40
[  413.937722][T12443]  __se_sys_remap_file_pages+0x6e6/0xa50
[  413.943359][T12443]  ? __pfx_do_futex+0x10/0x10
[  413.948026][T12443]  ? __pfx___se_sys_remap_file_pages+0x10/0x10
[  413.954165][T12443]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  413.960476][T12443]  ? do_syscall_64+0x100/0x230
[  413.965242][T12443]  ? __x64_sys_remap_file_pages+0x20/0xc0
[  413.970945][T12443]  do_syscall_64+0xf3/0x230
[  413.975433][T12443]  ? clear_bhb_loop+0x35/0x90
[  413.980089][T12443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.985962][T12443] RIP: 0033:0x7fed0b37dff9
[  413.990357][T12443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.009949][T12443] RSP: 002b:00007fed0c162038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8
[  414.018515][T12443] RAX: ffffffffffffffda RBX: 00007fed0b535f80 RCX: 00007fed0b37dff9
[  414.026473][T12443] RDX: 0000000000000000 RSI: 0000000000400d10 RDI: 000000002051c000
[  414.034428][T12443] RBP: 00007fed0b3f0296 R08: 0000000000000000 R09: 0000000000000000
[  414.042387][T12443] R10: 000000000000051c R11: 0000000000000246 R12: 0000000000000000
[  414.050349][T12443] R13: 0000000000000000 R14: 00007fed0b535f80 R15: 00007fed0b65fa28
[  414.058313][T12443]  </TASK>