last executing test programs:

46.67223725s ago: executing program 3 (id=958):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/cgroup.procs\x00', 0x420400, 0xed)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r2, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x0, 0x0)
syz_clone3(&(0x7f0000000700)={0x2000a0080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58)
recvmmsg(r2, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000003a00)}}], 0x1, 0x0, 0x0)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
umount2(&(0x7f0000001540)='./file0\x00', 0x2)
socket$kcm(0x29, 0x7, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000020240), 0x10010)
r5 = socket(0x15, 0x2, 0x7)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = gettid()
io_setup(0x9, &(0x7f0000000080)=<r9=>0x0)
r10 = epoll_create1(0x0)
r11 = eventfd2(0x8000, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r11, &(0x7f0000000b80)={0xa0001011})
io_submit(r9, 0x2, &(0x7f0000000e40)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r10, 0x0}])
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
sendmsg$nl_generic(r7, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000005fc0)=ANY=[@ANYBLOB="802400001c00000228bd7000fddbdf2515000000610dcf25ade92462d9ff1c10a88008007500", @ANYRES32, @ANYBLOB='\b\x00[\x00', @ANYRES32, @ANYBLOB='\b\x00o\x00', @ANYRES32=r5, @ANYBLOB="78ccff0fcdfeb9e80deea413fa6ae8966d9c0decb9ad7031e67ed740ee532967e783ca774d5eaea5dd144bb7e8ec76db178da0b0909fab3665bde3e611176b7c74ab7156d7012ec7a330b9fe6aec1de8c3c5c59e0c7efaa79145fe8b3fe6f644066f2541c3c10d1821c375f3cb91a97f6fe6082bab20655514a84a553e943b0eb896cb1235ac02486e09513f9dec2b184892b7726468fc12ebdb2ce4c2680b867aba35281c8d27613ccb40e43d1e25580cb3928322dd3fa3d0d61fd74d0d76c7acf292bdf6588ebf1b45545c6ba440652821d5c986934730c5d5fac66e304f6957ba86ab2dc8f4b283b7baab26a5b3ad6eab5c1f1c6e895e08082b4c0124cc6c5656ca56d9f0e838277ba37c64b0341e56594933832796ac5404d20718d4ee5b84b5f61e19178a6ae5af378df1c9728e4ccd930d901f16a7bc29df67a4f46fb13972713c65bfbf04a17cf24945effce0a929b6f5903f3b993f24fbfe9defb60950973d8871331bbe9a0bbb025924830870a0345ee1a48320dd992f382dcbbef4b171f9971957348e318e944863a718cf6e8d9ca3af1f7e35399766ec7982d982dc7be80b9a1797d2dedcf7e38969676184c54239a150fa1b769d790826ab6267c1ea826440348efc70bec8f8a61443fa99dc3015057dadb10caf0f3a36f2b50158a22c3df1ce45d0c7a5c35496d85b7329845da70a30868f74971524f7b28f3f6fcb9675b2aa78eb6bd72dd8352586a56bf9f586aa3449ccdcc6675cee013c74ad00348dce4ad8d2e43cdac1688354de61eee82638e429a33a485e97d25ae324d2eeab5194481ae184c4ef7ba2b8109abb20a958e2f85afbe12b28f0b7f92775ada93983f44a284987e437f568868524a65d83f635e265013d714baa56838c6b8c3a1782bc8f4a613429501824a4a7d58151228a37c48d9a4c1575a560cf238d7adfe474a5dee62165f295d1d8966b9d48a119f48995be2918dd6737c97fae6dd1aa0605faaf681cdeeb914599cf2ad24eca152d85a689a3a5ba13078ce222fb9165ee65c108c51bbb5eeead27620bfd94101491a5ede131abf38a85bca15fd52d5eac79353291c25bb57b52421d0b9bf2014eb952f24d49c18baf7be5abed3398feb6ebde38f465123022d2012f66659583c9bb21157a9ea7de0348f2b8edab99e79915ee2c96ac5bf4f4853d850752d02e0dc7bf1ea722e9af10f0a06f2467f185778248ca30817685a88da1ec177dcef6dcbcaa8bf67c4d5aeb50ca57e109d99c7c9c0ec04c4ab174ff3d73c811d8381f48a7a1d337078a1490f50c9356e048f38e8749f6c92f173f5fbb945cafcdb730d574b3e078264561f032c08fa0bb34852a8a28a5535934d4e0c15c4c881e0e0508e8aa7ecf46b60e23bf1158c4db4347612f84ba35bb32390377aea5b190892d089e853f3dffb3214b682f01e4e8787c1baea83dc0c00da3d613ef2403e49a70984ec92f4d0760d5bda2fda484cc8674668fede1eebe078a83559029a6870fc814bc698cea0114216b59c5b630bf08c1c0bb8967e542446b3299214e2b1630f68fa34575bc0b447018eb37ccc4761e66a3bf72380912fa1788451626159060e60c21b792970d48dde1968ede60c57e0383ab06835edab9281c54d41e3543f8c2c2b481376386930f0cd19757ede3c6e371ddf0bbb4bbcb799033ad1d2d1101f24c707fa3f1ab5a402f17b4bcd15c76f0b4cabfdb29ff0a7d5759b846b34619b87b606d8da790cb7f7e3644e8b714592687c577f5df046f07264863b82e462d65d298f4125581d0a7df6346d2332c706da1ad7d6b61a3f248f223ff9a9e2d8a9171a5436766d89d75daa0939d92d48ea17693fd324c2cf2f21a57722776d2969ba2ec35768594791b911038b22437ecfd2dd6c52fa8a65f03cf92bbd1b4c5cf1d5266a86a989035cef0ef3b80235974dd70c4d6d73818c0bfc35b094268b6786d1ff6b1c081ca9da9926ef10459ad8f17d2eb5aabf8aa3d6ab0e3c6f444f54847bea4c0812206b9bd700e0dc1c9ce2a91d7b1e117e4bf7b87944a569faabd12d4ab30fb97dd9e6bdc6a30a3d2841f977975953bb025683002cdd003cb3aa05253ac5f55b5587759f6ce21b09a508de295558920b9d85805cabdf2fe56c0f034a1ce2998affc6a1800fc33dbb999763abbec1b8ebd426cc0306273c0f6a0ea5d46e2548ef592a604e37bb3b39f55d3b2b41c994a97c09aac7e3636ec1cbba0da97892011cd78023a16b12baf3603b91af8ca27a66b31b7cd7c9240b5e943ae64f59cb216032e5bc7aa6bfe93a0b92c41eacbfba3692aa6330ce1e0143f64bdca0d2b39f424de99ed7e62c0ff8d0fee2bdffc0dd8a07e895520ff2297978b6975a3d43b7845ad0ccca9c47599f6b44cb70903480ca5c36671ec57915c38d7fac4ba351d279e23282f9473cc161a16c824b5931d6804aad7b6f3228156b862e506a49b2c28d3bd6d4612995cae6391b8a4d6feb3e2b390129f754ba23fe6de484fa54ad6c1843f6b67129b5449eb3987d3a57ebfe44d6ac7e4a833a95009ca9b68862c6cbf80689cadf0471730925217da1110a130b7f49d235b3d34f966e56f8c2e158927f1288b1a2bb47b1ea43115c7625d0115f0d1e809615e14e4dd7c311fec90be3afbed025facdfd912e816b41b05a2191e77a721a4bace6b9932cd43beb2900f620941c81b0dac757da613f35f40a0296c4050d18b08d5d4e8755fa689cecb32835d34f7a4e63137d5bbcf7867a3799a6b20eb0d109b3c7f464ebb83690a70abb2a435f93562dc921180924cd7347f0bf55fb6e3e7f2ef7c0f7ed18e3544ac45ddeacf478148611385b066f2fdd890f6d8207efbd8f6f55f50f259da00627bbf3405b949cf1084586409b408d927562beea543bbf3fc5cf1f3f3a94b5b7ed67a56c2ecd6a44ed8d67bd5286215dd1b681de5e8999f7ac04ae36a32a56a87716557882f4e93f27deecf49f3c804e1b83543ff492e56d71db3d1df9465b6958bf5b0125aeae805943ace7e54b6ec0c081f7c7c68ad32c120a0cfb2d374fafe5a300eb11eac041f6d820aef057ff8db4cdaa622a4ee46524399913947ee8ae861b1f7e5438be83c33840aec2f7a9f54f6719db51402743726e621196a346d03568f9d9a7bb3b77c99cf1f007afd6e35051315dd4b69051742f0d2763e5c59036e742fd3f8a46149b3ee091e6cfd6d315184e65c732468806bf8ab1119dc95d114083b852d4aa59c6b8f56053f11e303ab8764f76c2b3626a1e1903c0379c30e457dc911ce724f66c8730c09bccd01ef9c3e7f0199a2cac6d02f8fdeba2e06b00a433cdb522eab38d66fae7422d67c693a5319e79bcec3df94bcd4ad91426d4eb879ba836bb141f12b679f0a66680b35546f431bda3e931bafe4439919bc3d1979c7a0e519159e79d9503222c9ad860a9f8ae8034e4208415466e8ef5e91ad0d6574cbcfaebf1afbcd623dc24e0e50e7ea76a2c9cd4cec47511862871d4f662f12316d8bb874af541139cf37cd853a0f1c750744bb1f6d86e73202ec4339b0fe44671d57a66677b28cbf96e5699d9cfa2ddbb580a583ac371e9c6469c5f6cc3964d5e21a53180b99b841b47b8980800f6b802826923de5e11bb2dd1188a81b53af5d2c9af0a18d12b9b3612288dbae421a3add80f5b6653fe3d7f1dd98f111ae357a294e491beb2cda55e0f5d0b70796a6e263bad72b25a1972762074e2239f7286e59d3316bde4837f9c589b66a6ac37aa71ffd3e5ead9de31f5b4856c2e6e2b0ab3130f17e8d6cf22bba6cfb2f9a588196ac887eb8905fc4bcba64c83435f76ff7131751e234852f23b0dcb862736642a87315fd049638ae9e41d12805a4dbdd9b89fdb3b55280811f96b63e0a5b6e4f8fadd538eb35d0f4e0eca2acc78494402b2625f0c03fdb08f122086c3b14fdd8eb8ac245ecb9bb4b1ef9ded4f486fdac25c0f80c8dc0dfbc298894e3644ac2aa028bf61dc74f3180d95a1faff684d79f091aa3d94aba7fb13bb2580ff7dd2067c43b7703f6b8cf028b299f7fe2de1db64a0ed5245700192eedf65edb062363331bd69c73b29c57258667fad266891c9ee26891047cc79131ed2da1193225e47e8d66c5fe6791802ac835c8037979af4144b9ed708ec57510ef28171658b283212fadcbd3bb445e9c810a759b02dfa49cbd72ffb72af067ce7230dd3b449e6f4a89deafe615c1c94104d1411e25b12ce0fd2bdfc73ef6c2a04ea9a83a343bf94b21b6633c47d10165c5b8b0737b23d536f074c7ebd7650f202603b55032d1241f282e7567f8029341f1e180991a487971a4ba388160e7861d88e048ed24dc70744eee8d44f8d511f81eb0a6e44a945df4178d436bcd1c606b501127a5e906a14ca64dd6c347d1a2b2b327f691bff52287851be1de7ba8458f9971933d1bdd0cf86bcab359d08f1eb59256bb54a73f873815362ab47e4b5498d901f07b5275f59cc708facee95de3430effb54a3486d542ab2757668b794b338bebbea3b1bb94e91ec4afa4d5cda84d02cdc1092806e7fd4a7df6e7bfe71fb47d77da2ca39886870077492bdccc888f317a7fff753bc7dea45c101ac55df9c2068d87ac89e82bd3fffa6a3d74dcd9e2fb97ff6a2016eba47d52a8e1c9b3c32c2032b4df0dd4a56be378f37f7b3629cbdb8bccea8529411b33407f589b7d32b7f1cd99e20d808b22e5bab83d179896245e5a094e9200ba0cfd4ba243967956318ed5efb140b9e4eca2edc62fa09d104157f2bdee297e46cc73cb3e960222da94d4bb9331a5bcce0d124761cd9736f36388784588c3198931b964d7411ab04b473e273a209e6aea8ac40c53f204b0cc2df3f9b0e7002914feb66ae24589690e1ef6660fad2854ed997d222b4e1f5a7cd65d2b6aa082cf72def7f4e907a4effb954360a8c72c8c3902d3e6f1a883170ca51b774941b6bf3768ef917cc5f36dfd76bcd293b1255aba5445695a77ac4587c1f7cf90002538296f8ced6af803eaedc90b13ad581da4371b5149266326284f453695cdb6bfb27063dde3301e70e2059cfcb9c71089f574cafae226941a64bf368833ecbf943960884dc481f733da38e4cd06943d898b4cdcc26187e91498df1ce93f496ad515f0d46169d89d94b0be36450d43efbf4d9d6ffbe93237989664cb755455ae7a1f2d73c84ac8c1b51e547c44d0656965348ed71f46a8d0162ba869f8e40b85b5fc5e01170877210e651b1c3e1a9e9aeda176ba4c8c2e29172b1bc146edf7cea34adc73b55e00a6f765e91548f169867d8ec7dea9ab4db996c2a48eecffb44f06b4c44e38fe9b6ff4d7b0e6a60bf39cb6ab5bff70ea606623d6b10b76721cc837fa9c667c9dd0e5f1f77913acb57242bcba2248343b9140c6ab37ef96cc1cd65e04a181984830e54b45dcccbd11c2714f453970da270e0deaf97136177bb83c4c51d318260afdecf21326c5c40fdf75a7bf0c6083b802f5d30dbc347bcd71b5547530c92e6a42519dd7c5ff4e9e1f573f7a80d44d55e953d4be7b9ac211f8c9180168d0af7a41ceb5cb4d56990f37622e0641132e8087e05a4c42b2d74d1ef76a1f408c23c1893f496d5c373fe7954b3f99e900efdd3718be1ea7720ffc08c718346eea868a23304cf1bfef7dda1f9d8b7158eeba162c98ddeac8728e8d792ca006bf804280ed6869e10ae2b6271f53b9f03e885a8cf0a01fc004a3e057f2f3c6cbaa126a5330e9cf31f5a872851f441c25941a88a8ebf0406dced63f1656f5112f98193c1d42362fc2417a503e934862b3fd58eaf7440753783087ad290156ec017ae76f2d08ab2dde9607a619828181a9317ad41e95551005add12f994dedb005dfc1d7c74729258e598b90811254ce6879ec1dfc941c54de09afdd5eb77d735936d95a7753892181be8ccb62b3d60f5b327401d58985cecb9c8f8f8fd7af77bbbb923110b96b8aa882b6fb03edaaab9dd7298a467788526a612f6e4b69c77bcbc87c55ec8052ebc815b5a369d4b9c2bcc6b0bd3544d28899bdb9e5213983d8e2b631670c42f3f7de612ededfc7eb500493124b02c7c1acd45018f25590d1adfe053bdd43bd7ef1e0943d86f69f987d4715eaf33b956a53c28ff9984979894f08008600", @ANYRES32=r4, @ANYBLOB="70129380e7407304f9e48aad3f910337a30a248b861e1362bc0fd82cf3e5a0257365d9336d22b6526772a0d40797cdbfcf1963d5df2e77b017b06d9463008493fb0d29ca423a19ae56b9da0d568da3234320b886c68b5e52a80f71f30cc56ed292a5f26db0c2026e593ac5e469fb768ba9ef1247d9a54bc978c7adde2b21df1eb37f296d30fc48759c28d8e496e091e5e203bba0521b4f89431617fd781c04ca7e8653e416877787130657b7a0fecc13a2c164322ff9e43e5a61eb61fea2bb01a1502a9a71f0498aea5c0dec6e3918e233c8e96c1dacaeec3fc645091403280cc938d4da7016b408df34e8e75360a6222ccd1e9c11a341d53cdb435a50c1b2f240ba03b706549959488b3ab042cc64a519a58f501fe8f62b6ad5ce9ef071434b8c41cdd4666abf6a8f8a6e4ef5cba243a8e06e81cc962bfca9fc57e9568118155e39f29201ac27ac621d9a7176b3baf63772994dfee261cfbe2bd16c220f72c70546c2d6181c20ea5c7578ab2774ee59f47c4378cf1af56ea948bb423d00f8df850ca0400ed604ba7b6aae34927e3b9976359398bdf53974e941c240bb3914ac5128e4bb6aa01ff9da9095e13a2af472baec89e98fdc1347d1462f8ea3c31a7c20c5600a9eaae4096e17f9a5a9ab4cee02c3fb37c0133cc76e1bdc8482a9af93b2e872992e3f2b8f5abfb86cfcc6437f8f7af6091e439e4ec598190921d73888d85e352bdf059a20366bb922213c12b6865205057ec8016ea9607d9041147a63aa5482d30e9ddad6c0a75cc43d88ef8a607735096ad0be81fa8923b7c77f1a8599d26484497533ff80820a99afe057f10e328a1f0c063ac2a88a04dae57bad9f80e5b22b5136866bf34ab1ef7f84cb82a0323aa8763d9085c490e29b627adb61fa9f09c34dd7b2c22e79621e181c2e6f909cbd0ed471d6884d7678d8ffd4b95547ccef6ea61482dd982d617bc681c473fff93855af76668dcc6d36884eeaecf6e014274ecef8d889d27a3542d57d686546988c0de8c9cbc32721972312d9a894649fecd41c56f3ceac501f9825d4c5ff1df6ff8a97a75b2f59d8460b51124dba07a3804d4e9a7856eec4642dabe23b6bb8d242748540f1fb1ed927bac37266ac28769c90f0dbd6eddde27860c409fee68057036f12d4e3e4eac3cf69450051b9c33551a51f1ed99db5e27176186da14753b76e76288b4a70dac3dc5b5b61d298ac11ea9174a65f834de33a46a74920c6451035d1134761f041c1e8a161c3d058c46d07a01335a81f1032ded86605bd83426921d65a78d45bbe8662b8a031328da9822ebebafc1e39a5e8e7ef8bb9cbf0c8e11aed5007e440086999848a3949cab9c1d05072d060c30245195dfc3c44e172248df669c36781d18dbd7242ce5ced72e6d89be4ec84472ed65629a24e721ecaf838aac955cbdd0f6f91dad13981172701b1692ab6a136c0efb98136458408a6908c102a62e1499c1e5208f0c55f5b3118dce11e6a4a5f13187ed0661061697024ae5da32da34409ba66fa09739cb0cff3f132af3e633ea3a330cc2f887fe133ba3f70e9be6d9e36cfeb924d51f67aa588e24d7bc2ac80db93e6fd976d1758ebb1176859751508e3cb747b5b22accb1bc8e3436fee1d22989d86252a504e30cff9777171d1b6a2a933eaa657808b5656a6ed6a4b8d7755dec81f1198f72241c033a13ac5f5bec6c3aac3cc6b38594cd57a0c6b24d673d78ab958190856bce9fcf46a468e02562553e5e07bd7d89e3e807ce7dace1c8596fa34acd58f713dec8a2ff4ad0dba75d1bda7af55fe5ba4baeab966debf4c32630a71ea585c95ac8011605761df90446da3f677086b223c651ccedf5a0902ebb4c4d2602886592ba5f4bd25c5abea2e7281aa3b91a90ea5c6085cf8cab497fb509528528bcfcf72baa6cf7d88d90b6ebc16eaaf81df7d428684b3078d0b61145c639bfd977489bcae4ce8fc678e6dbeca5a024eaa70fd1a40cf884208442f62f2eb5c2b398459092d231e37f61752d208e56806cb257c0a1166209f97904a6f6c841aaa0213f9c8de0ec51c16f695fd5218ba237b736b90ce53aac415e025780baafdf16a168bff9e5c0b4c20b385c7b499735bbadcd8ae815704947d7b3622665732bd4781955ce0a8a1524152a378431c5dec4c06c2fee66fb8eeafa92bf41bbaa5973a0fc94c6c9b04a6b7e6a38d3acda4f57592a5606642e1b0ca31405347b2bc547444b004ae89a9c4491d7084bd418145a2f6e2469d8ccd580ab22f315d48d7d4dde01b2c6fbe4107c22080750bbf260323c550e69abc5839a83e7a412eacd06be5c76385e91611c332f0ecabb17ab5a3ee5cd4e5edc629c91bd1d8ccd2e3d8d2b5bad1678a647de5e535e7746cac525735ad2109d8211451e7357b9175ab16343653a45d3dcca5918855fde9a53c70adf8540a746d67f01398d8a216d9e6ffb8bae98bc47b806a121e8bf52e5cd71e794c8dc3571a66404fbb0ed0a85f511f98850b2a097d7ace75064e32d8cb9a42d815c80cebb286950c9dcecaf8560c3c6f85442903be1911f3b4a468f1b8c57d720273681522e7a870ca8e5a7a17f426bdfecb4e8e5d5aac273fcd8766a72c93382b4ce2ef842a71849365a2067ef1ee57d41434cfd0cd817a65c52701ef04f72dd23984d51728241fc60e52e3807daa7f5fb972d1f7fb13b9193983e7e52523d8d70803c9a2b7f56bcc35dba16f83dbde29478879d9abecee7505ff4a4d7c1e6a7cc45f9770e75c489a7d31370995fedd270420dbb0a89e9c2af2a338a8605a9713b3962be1f0d4339ce96a594c403a07218110b8c1566458a105976d70dc34a929b803cb9303c273574deee819b90258fda596f07a399e37670ee0d98dc858ebbd01153c709e19650551be9f5de64445eb0f90ebfa77a3ac0333cc1c111130b7e2f0d5f85668de27d4d91d739cb6b6e8888e7307722d33c82350550e148a4fe09ad779cfe561ef29a375efeebed9eadab9c0a9c397267db2d636dde623dbde3b5e96121a3f89bb302391b943bb949c323c9b85f1711bcedc06699b8db0247320110519d913d8acddea598dca9aa279981d870cb1534c7c3e893db999e3f1c87ed40c8e2506a604f6a1a4375c932550fc4a97f0ce55b1ef1f681af33df7309822a377ebbb9708e146dba534d2e479cb405f77388042f3b4062389951bd402e42864f667fe7fea207f2a7ad2695049afea63fa208e2f11e9a8a83ec15a946b1038051eaf6e118e8a856ce29f5685a3fc8e3f625f52081530a1bb033a64dccd933c99f583fd52eb8b3c85a649a60210c9eba16db55079c17bfcb2ca087a4bbb2f02754be58e6eb27defd7f3f8b5603423d5ebc4e0f74ab4d6f678d54ebb8800b100a2c6ac5c492d321a81a02f33f35f4a6380889ad134507d70d58b82710838079fa6a5b1a7d8198b996a60e4b381d6e271eb60937733bf00ebaa72c034f72ddaa5e5007790dcc4d010a42c44378bd1499d9209dc5ef2872169bcc9a526618b522335cf6d08f67ad1b52dbbfd73baa2aff8db1548e2b6abc1fa805e8c19f70852a2486241db38375f813bff2a059fafe00e6fec7040a96cd995852ac420e66fb32baec39291768c5a8326d976cbef9349373d25fa5f16b02ab5780f1b47b6e03b1042d58e4043dc49cd8b255d87a516d4b5bea9ae4454b7432c411c13ba8237b9f2a4a43849543b34d249a0b221334e132ca70b3c60c70de9e4fdb7cd867db91fe1d6000151956319dc473775aba2cc469d0f32b2a6d4edd9364e4dbc404423172d545580f13a1377514af3ff1f27be20902e1aad23d50be2aeeac06ff83ed0b77c48652f79d823e9a3619a607e0ee10794658ec30fb75976a64781136813690da734a5231be8aeb845fa750c60bbfebe8fbebbc0de24c557d81fc949ae982ec2c0fdf5ef5cbb6288ac540d2827bb71a06f2a54149427b576e8bff5990df6682db51bfd1276e7ad637a39bc875845376cfdc39f91e84265abc39d19176dfb88b5edaf28e09167f8f7055aace1ffc082209a887b56d034f7e36d5621413289893e38ab25a82e2f74376ea61486640331211cedc533685b3de4dd110bfb478d4486184b57794eee529355c69d0e532a7a485e4436530966c605d5e0819b51783509df93933005925f295edc98f3be500e0fb89a09a6f9b3b50f291b526e4bda56c195db14a81cd552fbb9a2e275d02d62a5a241295c7a2daf196178af56e87ebfe1aa5b12ea0d3ce974f84776b506c85ecc8d2fce76586c651f8ed17de71499c29d6435706399f8af5fc139037dcb857aa0ad20916c231bbb4d331f14411f5596168570a2e4f158f7c51b15032c24df4005c0bef75c05fe09171f43dfe2e9e3985aa2cc31a78863141bd97f9b8dd20faa819003f80a963c29f27763e7c6d907122568fdc9568e0893781f6c8126e1e16998ae251b66519a0809bc986b346dd4b65dcfe08056aaf4b5c10ab787d6ebdad67cc33e45b690fe19080b64e1e5c533658b8a34d27696e6b09391fb3e0840674debc78942d884bcd58b6b7bf05276f60901b45dd352fa35e88859cace74a199ee8369a118747029bf37f8717069f3894d437ca3427af2dd478c6198ed5af9b5c45df1dc0db9befa1620c24503b7fa2adf8b21e2b0c0b06be3b66981d19d0fd3ba52cc7ee29339a5da5e4981a8fcbb9b3df7e913500b4546055eafce7f924f015c2b7c1433b19b4acf9e0d9c296b408dece73965e21345b3b64e12954f409de7a127195d8d10cb4ebaec3aa2c84a2500d26a7e86f255c5f9c5d646848c0e824aa88250bc125d7e437f7c3714058f1d490f1fb3ac37924dfefd8243781fc479a540b4206e716898109f785e24cef5d17390c32cec1ed71e88f51e62b846e1a647530013058aa3ab8dca1deab23c7092caa68697ed317007f8f344327f025555a81726ef79913bae381ac59a65c61501e61f06cec01a6662c2bc14fd967fc3936dd1ab88b2f64ce1b8e31c6ce3343fd32ebfa4f0840c124b1e2474fc5a39c207083a98262b88aa73667b0dd2bbef1c776694502ee026fe698ca093012cf778291d41e0391270ca38f46066d75e2568110fe206868eff41ee85bfc7e584522f339e5a7a1708db3b7faad3441f8f7c64d96085065c8ac126087bad7b253e1f93d0a0a0808b10f215708147f9f55ac6ac6319602ef2f2a103b576099a913b412a6f5d4ecfdeab093c9057151dc6225b08a71100e2805115facbac2b79f8fab1a0057cf421c625f7b514487b6c824a7e1fe9b96cbcfddc5c19ab3e06e98a6bd91e52fc6354abb353820a0f02afdc9eb36f290c05e6076fcf3b2f63f9247d223cb1f0d862e3441477ab647bcbc879df7c44f6f8f85ce05a298c33924b7517abeb75a6201a862d325c91cf21aa8ff0ecadb0b81109eef6f97e83e05cefd4d8a02f91b565e9fdf14654972828c399047295ea027661be837b8d62a88080c1ffc5b91e1ed66dd3e39447be3b04a6810ce93b4c5a132a7b5dc8c88ca663613cc6f12d8b3794b251853f1dfacbe2daf7fdce3bdb2f0d988993db1b375c76dff6c875ed16adc044dc4326a33d4e84141636baa781b75c458834c0bf4ef047a528b21562f9f049391a400e61e1498599661bc144d7a1d7e673a7b97abdaeda1ec1f00f590069923bbc780f3ada5d2aba3efd90fbf767611b1601e345a18108924528fc622c1469c0265579d7674ccfdc58494b170e24809b8ecf63eb95345a9a2d80c0c1228b4af90c616bfdd41afdb03528541b7e3f4ca6b1745fa36389c265dc0ef2410358d038f96787342cbbfa2189399eb63177d56cb8bd0cadb759e43dc12f84352958d422e9717ac86f1b8c9deda434048c4ddd7a5e58efa693dc6079a2dc46ac435494ac50a6e5733cf2217134f8b50da4f1cbe5e131ac3d87876b76dc24f44764f871edd19c03a5542cbcdcb654eeddfe2690c7cb6b426792c30d4bfa9a88eada2012d65c9110fb3ff9c48cc5b82f7a3c59755095a401346a5df601bea53b551577415771839aceeb3ef5d4131cb7bcbc19cac02eae1a13f05066c44c7a3fba6a54b631f9c20a20d6f8972658678405093e154c41776b73a31477faec1c8a19a162b3c618ffddb0c61d78fedfaadbf807f7e9bd85a91321e73aa101726e7aa2a15264c7e2ad738c72427ac1616b0f5db62f6836c3648fb51f9fab754fa609dab9b1cc34b8123224acb6a1acc82c0700080023212000b48076b486ef698f8af764555e82a24924695398e2f649d42847c30adbc9d628864365af4a047b4eb9df49db5a30714d2a664ed4ad7edc7b0d0cfbd59364aa5fb300a396698f58e3d5d444ee4a8e3325599ca2a25b0052b6e5bab1d10cc7d5d5c2fcff4d37eefe8ce016842310cbea4d9fd22a611dec9c8909cd697d5ea6035552576175647cfb0721c072c69a3f66b98108003f0011c19e2f3b61", @ANYRES32=r8, @ANYBLOB="a88e770832d1279d3faa371220269d92d43b387c446880f99f2464465dca8124ca38d41f186124a6adf294fa226609550412699a6f5ef07097b52628c268f31d4718094c421d6b7426eb535581aa1fcffb0471666fddc90e99e2609f2468263d24c3bbb02fd82684c8c4c58983fcfb6869e085152cbef9d894a582f70ebd0ba37d6c54f379e73c633c818b3d94418ef3216881be5684985e0c2035bf080056000700000093b91f90ae04f57b9271629322fabafeee37e0a795d03b652326debd46f135ca0a6fcf6bcfd60234b22d6d4c3a81a6b9abbc37453ffffdedf2a925626cc201337fdefa3c707d598663b9398e53221dad208e540e362e33375d04244941d339831fcb8d6a490bcffea6ad5a31403a38b6ff97c4c2f58ea286456822956c6c914e1c21b73a3deb1cf0fc653bbcab73986c5074675037406a7c1a43ec5ae7df1f6cf1c32b591b8580a10c35cb942de5e90a1f8be2e9d072581ee2833b0e958eb92b424820223643f21d035b7be25a76710468f092660000"], 0x2480}, 0x1, 0x0, 0x0, 0x1}, 0x0)

37.868483759s ago: executing program 0 (id=987):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000280)=ANY=[@ANYBLOB="1b0204"], 0x18)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)

37.715571068s ago: executing program 0 (id=989):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-384-generic\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0xf0ff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)

37.131912277s ago: executing program 0 (id=991):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f00000056c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000700)="cc9cb558ae1395784c6f2ed71df18911", 0x10}], 0x1}}], 0x1, 0x0)
read$alg(r1, &(0x7f0000002580)=""/4096, 0x1000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x48882, 0x0)
r4 = dup(r3)
fallocate(r4, 0x11, 0x0, 0x4000000000052000)
r5 = userfaultfd(0x80801)
unshare(0x22020400)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fstatfs(0xffffffffffffffff, 0x0)
r6 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000100))
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0)
write$binfmt_register(r9, &(0x7f0000000000)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x0, 0x3a, '!]+[\xfc#', 0x3a, '$', 0x3a, './file0', 0x3a, [0x46, 0x46]}, 0x30)
r10 = dup(r8)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000044d564b"])

16.009332914s ago: executing program 3 (id=993):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt_acct\x00')
r1 = socket(0x18, 0x0, 0x0)
connect$pppoe(r1, &(0x7f0000000240)={0x18, 0x0, {0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, 'veth0_virt_wifi\x00'}}, 0x1e)
sendfile(r1, r0, 0x0, 0x5ea)

15.607513056s ago: executing program 3 (id=1033):
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
creat(&(0x7f0000000280)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{}]}})
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000013c0)='mountinfo\x00')
preadv(r2, &(0x7f0000000c80)=[{&(0x7f0000000480)=""/187, 0xbb}], 0x1, 0x4b6, 0x0)
readv(r0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/182, 0xb6}], 0x1)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x28, 0x4, 0x0, 0x0, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0x39}, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x5, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@remote}, {@rand_addr=0x64010100}, {@private=0xa010102, 0x6}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@loopback}, {@remote}, {@multicast2, 0xb}, {@private=0xa010100}, {}, {@multicast2}]}, @noop, @noop, @noop, @rr={0x7, 0xb, 0x0, [@remote, @multicast1]}]}}}}})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r5, 0x0)
r6 = dup(r4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r7, 0xae9a)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002fc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9e09000000000000000a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a42a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a175e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436c101040000f73902ebcf0200822775985b231f000000ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521b3ebb0cc52f49129b204eb99b6150e320c9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d255be1ed66d9051f22614d1f62734d6780393e783df8b8a17e3aa9fe9c502f9acee4f1b56e1f231200743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcd7cd6dfc06b02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069fbff63a06578d6d184f5de7bfb6aa800016996d536256c02294cb1d3a6fb8eae87691fae365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca6a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c6e6f80d215c9e16e0c4736c81936315418f26770cca4e2f89800d18c89d7f46f679df6c9e7005f209dda94302a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41df7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea8a1850c4f83306dbca02ee3686da707b6d85db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09834b4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde3885b06548862de809d3dae3cccf109f7c78e8479a345e805e47dfa82caed44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c2061d22156b1bfeb51f5c65a907f2217d5f80c580dc31b0963ff953ce09148e8dfe3a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e97c247b6025d4376067e25357d3b521a5b927d3392a7503718aea24179528f6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0655bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905925e611be56e9ebe20cab20ab2b5baa1b07b16e81f278e54a479f1a068658e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6a4657b741eb66c9179ffd097d61fcfd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce798c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b41dd0843cf3d85bb820656a88a9e52a4cd7b3eeadfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f7c6294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b13287615b972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1bc225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf067fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b1331ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d9479c5bde0beb38030d0c0ce0590000130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57b5f4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80c4014ff11d9dbceba41d8dfce410333a054e82b1d050331c5bc4acb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6b93d28db8ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70cea5fc1083a169a82632ff3a9a48ff805202ae9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd7d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e661f4b6d430adad1e2116bc385f888405d48f0d386da0cc6747b33395772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8955076578f44ffb8895f11bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dae1028d1bc68b6336eb1a5d18f6148354df7e60a489dc543ccdee1fff9d8f8d78844f0c6a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d6410000000000008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3be5f9329dcaf33bf2c87cc510557460d14421e1d26322ab64388f2cea0d6269ffc8580a01e9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168eabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d91134927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2835d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997c83e178be287eb6e8c95bad8f8ed85cd5b03a7352a0fb83398566d1bc133582ce2d95636cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e00debbf9f623f75bfd4d83c4859ca9b652cea33daeeef47b60c78a21965bcf91919071c7ded19317dc0b7587d9322f8cec9e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e6442c32f5fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538bccd48a0325aa9b151855c800000000881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8ba35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406bdb59acbc997e8fd3d53b4c2c2a1b3145bf54a851f3c08931d4c2c32bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da86460f45c9e99d43264c929e7de4e9620000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b000000000afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c1713000000000000bb1ff447d6e12da208e9f0422a84f361684861169f498909c4841f4d5a0f5807a3b7d833075fdcd9c1d169b03d7df7f4150fad8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb71042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45a4450753b5d2b8b8414a7fe6a17661bdb5b1d080cfd974811e1d60763d8d9509c75aa729a334b55ee76b0c2d50270a1deec1a6d7441d0b5b8d7a4d048d156ebcff102e45c15d2a73b40d74807f5182a319d50edbf430f00b1c29a9e4bd92111caacbb1d4541545c2d262646070da42f76e3f3c6d139eed89cc9300000000000000000000000000000000000072d7e605eb8e978d76796d9d3a728c51a3145da8e1ca4973aa8fed855328e9d2509335c5386cac74e862eac50e9ba95b6a2a29e8ef08a9ae29792e77fb9952b1ac5c816db5c23a656db528f81f6a9465d2c94d701ee8646b30650c84b9510a337e82702baf368d29281d3d54b39014756ca5a1be1881000000000000006fbac0b9c9f97c920dfac7e2379ef6bb076118aa9bb24ee12e64aa530f852bf4f970a08a55531934e39fbae483129949a918115571d76740ca6a1cea59df290f2e63675ca30a289775825fe3e5d6f206f3f395346c0738035dc74368bb035fc65a40f8124369b8950ded31af64855c5c95ef5c83b18b23517ca935a0fa1b630d70c4ca4029a90d47701102045fff90675adb3c83983d125ae730b9497c681a912a6bb70300a2d7fba051f82b9d6f710426b5bd0d0bc0b08a0f801276789613da406905011bd6ebbac91ff17a21d1ed0882e73394025772f31dc8a3048789c703f920c55746f6fc955046f9332d72150be23c26cbb08d1b438e84b83fefc6a16958fd46dc7b8cbea1da2d541324e373e9157696d698a0b4bc84d7cc2fdb069db8a5a491a9d2bbc0a61b73f75d81d07d778a1577db3b06d20a21b19ea17e0000815a42318151feaad37f7abf9bfa0bcac3c1934854b3f6dc6de835952ebdda297dd3b29c07c69888cf029271449e035edc8a4459705f222bda537481e66ce3c665129f9829524eca8b5bef27adde96bd3ee95da4a176deff3408da050fe8d512e5a19379b403ee11d010bf86d0af4ac5c2057709b18cff438d0d58810670b222dfeb317bb935f925d2a070e68a701fd4316a677bb513c9476f25969097c165ca1705473341ea03f259dc5bee6a2d2e05176965192941abfae36b3a1e30784e6532c96ab971c5706a88b6f66860e31098b5b788788aad67507ffab2184a950065c1337259b63135fa060fc5ce3e4f6cdfb64f40e1a90351a01fd3d70f9dde03c335a931e58b8570316590ae22c7de567260849049e963ee15db15f592abb24111a219f0d128ceaf19764d92755abc9c313f65e7a220e64bb0d7139ce59da85bc710cea0c6553b336763bd3e39c2374b86885a32cdfae817196a7850257ead09f3e30e676b51062bb9000000000000000000000000000000000000000000000000000000aefb12dd3507c8dd24490bf9de062cd166a4dad6b9f2e53bad342546e546f6dece81d53cf717bd91ad72f4da82018f43259899e53e0b69a92180f1345699045fd23689e66d21d13be1a2d20eb1ce23eda84a63855173ca7f51d436306c"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000540)={r10, 0x0, 0xe40, 0x5e, &(0x7f0000000100)="5c71f91b05c413550230b4c817a628", 0x0, 0x8, 0x0, 0x302, 0x0, &(0x7f0000000180)='\x00', 0x0}, 0x48)
sendmsg$NL80211_CMD_JOIN_IBSS(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)={0x60, r8, 0x101, 0xfffffffe, 0x0, {{}, {@void, @val={0xc, 0x99, {0x0, 0x11}}}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x2c, 0x51, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "02d0e86cbe4d68f75ce39f0dab"}, @NL80211_KEY_MODE={0x5}, @NL80211_KEY_IDX={0x5}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x60}}, 0x10)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000002c0)={0x7, 0x6, 0x1, 0x0, 0x4})

14.741396741s ago: executing program 3 (id=1034):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0xed)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x220)
move_mount(0xffffffffffffff9c, 0x0, r1, &(0x7f00000000c0)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10)
recvmmsg(r3, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000003a00)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)
openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000020240), 0x10010)
socket(0x15, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0xe0ff, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10)
socket$nl_route(0x10, 0x3, 0x0)

14.159923055s ago: executing program 3 (id=1036):
r0 = syz_open_dev$vim2m(&(0x7f0000000240), 0xa0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x2, @pix_mp={0x7, 0xe76, 0x3631564e, 0x4, 0xa, [{0x9, 0x400000}, {0x10001, 0x3}, {0x6, 0x1}, {0x1, 0x800}, {0x3ff, 0xc97}, {0x2, 0x8}, {0x90000000, 0xf}, {0xe8fb, 0x23}], 0xf5, 0x8, 0x0, 0x0, 0x5}})
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)

6.307658072s ago: executing program 0 (id=1013):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000))
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000280)=[@register_looper={0x40106308}], 0x0, 0x1000000, 0x0})
r1 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_disconnect(r1)
r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x88, &(0x7f0000000040)=ANY=[])
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r3, &(0x7f00000008c0)=""/206, 0xce)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = openat$nci(0xffffff9c, &(0x7f0000000700), 0x2, 0x0)
preadv(r5, &(0x7f0000001c00)=[{&(0x7f0000000740)=""/109, 0x6d}, {0x0}], 0x2, 0x1a, 0x10)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000140)={0x3c, r8, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x38cefc6e}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x6}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8, 0x1, 0x7ff}, @NL80211_ATTR_COALESCE_RULE_CONDITION={0x8}]}, 0x3c}, 0x1, 0x6c00}, 0x0)

5.804027625s ago: executing program 4 (id=1055):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, 0x0, {0x7, 0x27}}, 0x50)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0xc81, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x194)
r2 = socket$inet6(0xa, 0x3, 0xff)
write$binfmt_aout(r2, &(0x7f00000034c0)=ANY=[], 0x28)
listen(0xffffffffffffffff, 0x2)
socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000ac0)="ee", 0xffffff1f}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb71658bda99b49720fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x20040000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r7=>0x0})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c070054001280080001006873720048000280050003000800000005000300050000", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8], 0x90}}, 0x0)

5.487963754s ago: executing program 1 (id=1057):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r2=>0x0})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x10010)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014800000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b702000000000000850000008500"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x8, 0x2, [@TCA_FLOW_EMATCHES={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8091}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)

4.968055119s ago: executing program 4 (id=1058):
openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00')
r2 = dup(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file1\x00', 0x2)
sendto$inet6(r2, &(0x7f0000000140)='E', 0x1, 0x0, 0x0, 0x0)
sendmsg$kcm(r2, &(0x7f0000002f80)={0x0, 0x0, 0x0}, 0x44004)
preadv(r1, &(0x7f0000000700)=[{&(0x7f0000000280)=""/124, 0x7c}], 0x1, 0x17d, 0x0)
userfaultfd(0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x22e881, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000052000100ffffffff000000000a000000140006"], 0x28}}, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 00004093'], 0x2a, 0xfffffffffffffffc)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r3, 0x0, 0x48b, &(0x7f00000000c0)={0x2, 'veth1_macvtap\x00'}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r5, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'ip_vti0\x00'}, 0x18)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000040), &(0x7f0000000000), &(0x7f00000019c0)='s', 0x1, 0xfffffffffffffffe)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0c000000190a01020000000000000000000000000900010073797a30000000000900020073797a3200000000"], 0x2c}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, &(0x7f0000000400))
syz_open_dev$tty1(0xc, 0x4, 0x1)

4.539723209s ago: executing program 4 (id=1059):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2d, 0x4, 0x0, 0x0, 0xb4, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x4, 0x0, 0x0, 0x9}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x65c}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev={0xac, 0x14, 0x14, 0xf}}, {@remote}, {@multicast2}, {@private=0xa010100}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @end, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_RUN(r4, 0xae80, 0x2040000)

4.073417801s ago: executing program 4 (id=1061):
syz_emit_ethernet(0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000"])
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, &(0x7f0000000080))
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
poll(&(0x7f00000031c0)=[{r0}], 0x1, 0x0)
utimensat(0xffffffffffffffff, 0x0, &(0x7f0000000140)={{}, {0x77359400}}, 0x100)
r1 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)="8f", 0x1, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000280)={r1, r2, r2}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={'sha384\x00'}})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "f896e404"}, @local=@item_012={0x1, 0x2, 0x0, 'e'}, @main=@item_012={0x2, 0x0, 0x0, "f792"}, @main=@item_4={0x3, 0x0, 0x0, "9ef12d19"}]}}, 0x0}, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r5, 0x400c4808, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x0, 0x2}}, 0x20)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000080)=0x3)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)

3.789787968s ago: executing program 1 (id=1062):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$TUNGETVNETBE(r2, 0x800454df, &(0x7f0000000200)=0x1)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

3.419537507s ago: executing program 1 (id=1064):
socket(0x11, 0x800000003, 0x0)
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x60, &(0x7f0000000780)={&(0x7f0000001480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001480)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}}, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x34, r4, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'team0\x00'}}}}}, 0x34}}, 0x0)

3.12313723s ago: executing program 2 (id=1065):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac1414aa00000000000000001400020002000000e000000200000000000004000d0001007564703a73"], 0x54}}, 0x0)

3.027711718s ago: executing program 0 (id=1066):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4c831, 0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r0 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r0, 0x0, 0x14)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000400)={0x9, {{0x2, 0x0, @multicast2}}, 0x1}, 0x90)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r2, 0x0, 0x2f, &(0x7f0000000080)={0x9, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}}, {{0x2, 0x1, @empty}}}, 0x108)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000800)=ANY=[@ANYBLOB="090000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000002000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e000000000000000000000000000000000000000000000000000000000000000000020000007f00000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x290)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000009c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x470, 0x0, 0x130, 0x26010000, 0x288, 0x130, 0x3a0, 0x220, 0x220, 0x3a0, 0x220, 0x3, 0x0, {[{{@uncond, 0x0, 0x160, 0x288, 0x0, {0x0, 0x25e}, [@common=@unspec=@connlabel={{0x28}, {0x7f00}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @private}, @mcast1, [], [], [], 0x4000}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:fsadm_log_t:s0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d0)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000004c0)={0x9, {{0x2, 0x0, @multicast2}}, 0x1, 0x1, [{{0x2, 0x0, @loopback}}]}, 0x110)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x9)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing', 0x0, 0x52)
getdents(r5, 0x0, 0x18)
r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(r6, 0x40046104, &(0x7f0000000080))
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

2.796900284s ago: executing program 1 (id=1067):
gettid()
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000780), 0xee280, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x0, "83e624170a2005004d5e9ac5be09e4bae4ffffffe900000000000000001300", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f0000000280)={"840d6042cee820000028000000e8ff0000002000000000000000000f00", r1, <r2=>0xffffffffffffffff})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000003100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x5c}}, 0x0)
ioctl$SYNC_IOC_MERGE(r2, 0xc0383e04, &(0x7f0000000140)={"e3fe98873d275ac4650da6ff0d7ee4c0cda5a703827becb26eba2497c5271959", 0xffffffffffffffff, 0xffffffffffffffff, 0x2})
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02020409100000000000004c9e00000002001300027f0000000000000000004105000600200000000a000000000000000005000201080f00e0001f080000000000092000000000000200010020e9ffeeffff0702000098a805000500ea0000000a"], 0x80}}, 0x0)
sendmmsg(r3, &(0x7f0000000180), 0x393, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000003140), 0x3, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
unshare(0x22020600)
r7 = socket$unix(0x1, 0x1, 0x0)
connect$unix(r7, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
sendto$inet6(r6, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
recvmmsg(r6, &(0x7f0000003000)=[{{&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000000440)=[{&(0x7f00000000c0)=""/150, 0x96}, {&(0x7f0000000180)=""/216, 0xd8}, {&(0x7f0000000280)=""/148, 0x94}, {&(0x7f0000000340)=""/250, 0xfa}], 0x4, &(0x7f0000000480)=""/30, 0x1e}}, {{&(0x7f00000004c0)=@tipc, 0x80, &(0x7f0000002ec0)=[{&(0x7f0000000540)=""/62, 0x3e}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f00000005c0)=""/175, 0xaf}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f0000000680)=""/243, 0xf3}, {&(0x7f0000003180)=""/137, 0x89}, {&(0x7f0000000800)=""/16, 0x10}, {&(0x7f0000000840)=""/110, 0x6e}], 0x8}}, {{&(0x7f00000029c0)=@llc, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000002a40)=""/183, 0xb7}, {&(0x7f0000002b00)=""/121, 0x79}, {&(0x7f0000002b80)=""/208, 0xd0}, {&(0x7f0000002c80)=""/162, 0xa2}, {&(0x7f0000002d40)=""/93, 0x5d}], 0x5}}, {{&(0x7f0000002e40)=@in={0x2, 0x0, @private}, 0x80, &(0x7f00000008c0), 0x0, &(0x7f0000002f40)=""/160, 0xa0}}], 0x4, 0x0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000580)={0x7, 0x0, 0x9})

2.595631354s ago: executing program 2 (id=1068):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.38431395s ago: executing program 2 (id=1069):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f00000005c0)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000300)={0xe0001, 0x0, [0xfffffffffffffffc, 0x0, 0x2, 0x0, 0x0, 0x2, 0x7]})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x13, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="660a000000000000611185000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="f20f1c0166b864912c870f23c80f21f866350c0080000f23f80f01fc0f20e06635000010000f22e066f30fa7c00f1c9700000f01c566b9a001000066b80400000066ba000000000f30c0dbb6660f3adf932700de", 0x54}], 0x1, 0x0, 0x0, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x0, @vifc_lcl_addr=@remote, @multicast2}, 0x10)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.236382306s ago: executing program 4 (id=1070):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f0000006f00)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x009\x00\x00\x00'], 0x40}}], 0x2, 0x0)

2.019610607s ago: executing program 4 (id=1071):
r0 = open(&(0x7f0000000080)='./file0\x00', 0x96d37da9ff0ac0e1, 0x9)
syz_emit_ethernet(0x5a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000008004500004c0000000000069078ac1414bbac1414aa00000400", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
fcntl$setlease(r0, 0x400, 0x1)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x8000000, {{0x20, 0x4, 0x0, 0x0, 0x80, 0x67, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x24, 0xc8, 0x3, 0x1, [{@private=0xa010102}, {@multicast1, 0x4000}, {@dev={0xac, 0x14, 0x14, 0x33}}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x65c}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x8, [{@remote}, {@multicast2}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @rr={0x7, 0x3}]}}}}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x30, r3, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000380)=0x5, r5, 0x0, 0x0, 0x1}}, 0x20)
r6 = dup(r4)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r9 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r11 = dup(r10)
syz_usb_control_io(r9, 0x0, 0x0)
write$UHID_INPUT(r11, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b07333b6c1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ppoll(&(0x7f0000000100)=[{r8}], 0x1, &(0x7f00000001c0)={0x0, 0x989680}, 0x0, 0x0)
ioctl$KVM_NMI(r7, 0xae9a)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c0001000004000904000001c6cbea00090587033b"], 0x0)
r12 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r12, &(0x7f0000000440)=[{&(0x7f00000000c0)='[', 0x1}], 0x1)

1.995745673s ago: executing program 0 (id=1072):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201b704842f3d8ef7fa0000000000102f17370000000000000400000103000000092100000001220600090581030000000000000000"], 0x0)
socket$netlink(0x10, 0x3, 0x9)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000061e80d76ad4e2118cab4d8cc0ffbf0f12d3aa55191ef25f0d67b006a5064943d6a8c64f7469f2da2f819dd97daf4cf40698208ada8887968ec5e3d15c12effadab365bcb2dd8fc542b4a8"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201b704842f3d8ef7fa0000000000102f17370000000000000400000103000000092100000001220600090581030000000000000000"], 0x0) (async)
socket$netlink(0x10, 0x3, 0x9) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000061e80d76ad4e2118cab4d8cc0ffbf0f12d3aa55191ef25f0d67b006a5064943d6a8c64f7469f2da2f819dd97daf4cf40698208ada8887968ec5e3d15c12effadab365bcb2dd8fc542b4a8"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async)

1.668723272s ago: executing program 1 (id=1073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c1000003e0007012ebd700004101c000100000004000002041001"], 0x101c}}, 0x0)

1.436856034s ago: executing program 1 (id=1074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x20800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
eventfd(0x0)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x400}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
dup(0xffffffffffffffff)
read$eventfd(0xffffffffffffffff, 0x0, 0x0)
r6 = eventfd(0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000180)={r6, 0x9, 0x2, r6})
r7 = inotify_init()
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f0000000040)={0x0, <r10=>0x0}, &(0x7f0000000080)=0xc)
sendmsg$netlink(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)={0x3c, 0x2e, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @uid=r10}, @nested={0xb, 0x0, 0x0, 0x1, [@generic="976b6408686030"]}, @nested={0x15, 0x1, 0x0, 0x1, [@generic="3fb3ebf5f9cbd1185eeba9c895d0e5001a"]}]}, 0x3c}], 0x1}, 0x0)
quotactl_fd$Q_GETNEXTQUOTA(r7, 0xffffffff80000901, r10, &(0x7f0000000100))
ioctl$KVM_IRQFD(r4, 0x4020ae76, &(0x7f0000000000)={r6, 0x9, 0x3})

1.184358856s ago: executing program 2 (id=1075):
r0 = fspick(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, 0x0)
setpgid(0x0, 0x0)
io_setup(0x8, &(0x7f00000004c0))
r3 = syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x0, 0xfffffffc}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000040)=ANY=[@ANYBLOB='5'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_FADVISE)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000240)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000005c00000008000300", @ANYRES32=r9, @ANYBLOB="08006b0000000000551497e0fd25aade6db7b71eb0d7295c1d220bfa201d7ca179aaa642c7f0cf5ad61ca98d7b7bed548b5ea726a247f2d867c235bae697f7b1a34513b96fd4fedfdc65a861b7"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f000000e0c0), 0x10010)
io_uring_enter(r3, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x2280800, 0x0, 0x0, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89f1, 0x0)
io_uring_setup(0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

131.998656ms ago: executing program 2 (id=1076):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, 0x0, 0x0)

130.768866ms ago: executing program 3 (id=1037):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x0)
ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x2000, &(0x7f0000006680))
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$IOCTL_VMCI_GET_CONTEXT_ID(0xffffffffffffffff, 0x7b3, &(0x7f0000000280))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7bfa}]})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x40040, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f0000000240)="660f2b5e000f32f30fc77600b805000000b9630000000f01c10f79bd0f000000f340af48b813e20000000000000f23c00f21f835000002000f23f80f01c52e0f01cb64ab", 0x44}], 0x1, 0x0, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000440)=@gettaction={0x164, 0x32, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x960}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x0, 0x1}}, @action_gd=@TCA_ACT_TAB={0x38, 0x1, [{0xc, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x401}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_gd=@TCA_ACT_TAB={0x78, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x80000001}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x10, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xa}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x81}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}]}, @action_gd=@TCA_ACT_TAB={0x80, 0x1, [{0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0x10, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'skbmod\x00'}}, {0xc, 0xc, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0xc, 0x15, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe31}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8001}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7ff}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9bf0}}]}]}, 0x164}, 0x1, 0x0, 0x0, 0x5}, 0x4044000)
fgetxattr(r6, 0xffffffffffffffff, 0x0, 0x0)
ioctl$RTC_WKALM_SET(r4, 0x4028700f, &(0x7f00000000c0)={0x0, 0x1, {0xb, 0x3, 0x0, 0x19, 0x3, 0x9, 0x1}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

0s ago: executing program 2 (id=1077):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000440)=[@transaction_sg={0x400c6313, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40}], 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

_1): Releasing backup interface
[  195.710082][   T53] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  195.728989][   T53] bond0 (unregistering): Released all slaves
[  195.749894][   T53] bond1 (unregistering): Released all slaves
[  195.769407][   T53] bond2 (unregistering): Released all slaves
[  195.794046][   T53] bond3 (unregistering): Released all slaves
[  195.809652][   T53] bond4 (unregistering): Released all slaves
[  195.824684][ T5303] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  195.897179][   T53] tipc: Disabling bearer <eth:team0>
[  195.904037][   T53] tipc: Left network mode
[  196.003195][ T5303] usb 4-1: Using ep0 maxpacket: 32
[  196.041043][ T5303] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  196.062995][ T5303] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  196.094725][ T5303] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  196.125698][ T5303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  196.156410][ T5303] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  196.196701][ T5303] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  196.283386][ T5303] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  196.303754][ T5303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.331247][ T5303] usb 4-1: config 0 descriptor??
[  196.392291][ T8150] netlink: 40 bytes leftover after parsing attributes in process `syz.0.783'.
[  196.411647][ T8155] netlink: 116 bytes leftover after parsing attributes in process `syz.0.783'.
[  196.420954][ T8155] bridge_slave_1: left allmulticast mode
[  196.430801][ T8155] bridge_slave_1: left promiscuous mode
[  196.439534][ T8155] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.458254][ T8155] bridge_slave_0: left allmulticast mode
[  196.464823][ T8155] bridge_slave_0: left promiscuous mode
[  196.472297][ T8155] bridge0: port 1(bridge_slave_0) entered disabled state
[  196.583183][   T53] hsr_slave_0: left promiscuous mode
[  196.588827][ T5245] Bluetooth: hci0: command tx timeout
[  196.602185][ T5303] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 24 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  196.653796][   T53] hsr_slave_1: left promiscuous mode
[  196.722416][ T5303] usb 4-1: USB disconnect, device number 24
[  196.827697][ T5303] usblp0: removed
[  196.883252][   T53] veth1_macvtap: left promiscuous mode
[  196.898375][   T53] veth0_macvtap: left promiscuous mode
[  196.918796][   T53] veth1_vlan: left promiscuous mode
[  196.926651][   T53] veth0_vlan: left promiscuous mode
[  197.139944][ T5303] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  197.297273][ T5303] usb 4-1: Using ep0 maxpacket: 32
[  197.311938][ T5303] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  197.330778][ T5303] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  197.341837][ T5303] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  197.371231][ T5303] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  197.393934][ T5303] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  197.416623][ T5303] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  197.439479][ T5303] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  197.451636][ T5303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.469606][ T5303] usb 4-1: config 0 descriptor??
[  197.741067][ T5303] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  197.935857][   T53] team0 (unregistering): Port device team_slave_1 removed
[  198.048161][   T53] team0 (unregistering): Port device team_slave_0 removed
[  198.665408][ T5245] Bluetooth: hci0: command tx timeout
[  198.858547][ T5276] usb 4-1: USB disconnect, device number 25
[  198.878009][ T5276] usblp0: removed
[  198.939548][ T8178] netlink: 8 bytes leftover after parsing attributes in process `syz.2.786'.
[  199.002636][ T8178] vlan2: entered promiscuous mode
[  199.037955][ T8124] chnl_net:caif_netlink_parms(): no params data found
[  199.617294][ T8195] netlink: 16 bytes leftover after parsing attributes in process `syz.3.792'.
[  199.683346][ T8199] netlink: 132 bytes leftover after parsing attributes in process `syz.3.792'.
[  199.909601][ T8195] netlink: 'syz.3.792': attribute type 64 has an invalid length.
[  200.039442][ T8124] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.056495][ T8124] bridge0: port 1(bridge_slave_0) entered disabled state
[  200.074370][ T8124] bridge_slave_0: entered allmulticast mode
[  200.083043][ T8124] bridge_slave_0: entered promiscuous mode
[  200.102527][   T53] IPVS: stop unused estimator thread 0...
[  200.127149][ T8124] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.159956][ T8124] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.190690][ T8124] bridge_slave_1: entered allmulticast mode
[  200.217198][ T8124] bridge_slave_1: entered promiscuous mode
[  200.297391][ T8124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  200.318650][ T8124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  200.374716][ T5276] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  200.405869][ T8124] team0: Port device team_slave_0 added
[  200.413937][ T8124] team0: Port device team_slave_1 added
[  200.534711][ T5276] usb 3-1: Using ep0 maxpacket: 8
[  200.541422][ T5276] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  200.555878][ T5276] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83
[  200.567474][ T5276] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  200.637138][ T5276] usb 3-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10
[  200.646301][ T5276] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.654277][ T5276] usb 3-1: Product: syz
[  200.669067][ T5276] usb 3-1: Manufacturer: syz
[  200.673680][ T5276] usb 3-1: SerialNumber: syz
[  200.698224][ T8124] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.705481][ T8124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.706879][ T5276] usb 3-1: config 0 descriptor??
[  200.731369][    C1] vkms_vblank_simulate: vblank timer overrun
[  200.731866][ T8124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  200.755565][ T8124] batman_adv: batadv0: Adding interface: batadv_slave_1
[  200.761921][ T5245] Bluetooth: hci0: command tx timeout
[  200.762545][ T8124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.773319][ T5276] radioshark2 3-1:0.0: Invalid radioSHARK2 device
[  200.794063][ T8124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  200.811206][ T5276] radioshark2 3-1:0.0: probe with driver radioshark2 failed with error -22
[  200.819977][ T5276] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  200.999310][ T8194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  201.060067][ T8194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  201.089257][ T5276] usb 3-1: USB disconnect, device number 31
[  201.215189][ T8124] hsr_slave_0: entered promiscuous mode
[  201.240754][ T8124] hsr_slave_1: entered promiscuous mode
[  201.267438][ T8124] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  201.279072][ T8124] Cannot create hsr debugfs directory
[  202.270341][ T8124] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  202.288187][ T8124] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  202.309322][ T8124] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  202.341027][ T8124] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  202.540080][ T8124] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.568532][ T8124] 8021q: adding VLAN 0 to HW filter on device team0
[  202.581923][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.589143][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.632328][ T2893] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.639485][ T2893] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.827019][ T5245] Bluetooth: hci0: command tx timeout
[  202.860229][ T8124] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.875467][ T8272] trusted_key: syz.4.803 sent an empty control message without MSG_MORE.
[  202.898951][ T8270] netlink: 20 bytes leftover after parsing attributes in process `syz.3.801'.
[  203.037978][ T8124] veth0_vlan: entered promiscuous mode
[  203.063661][ T8124] veth1_vlan: entered promiscuous mode
[  203.104503][ T8124] veth0_macvtap: entered promiscuous mode
[  203.128591][ T8124] veth1_macvtap: entered promiscuous mode
[  203.187641][ T8124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.200344][ T8124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.222611][ T8124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.233722][ T8124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.245805][ T8124] batman_adv: batadv0: Interface activated: batadv_slave_0
[  203.263512][ T8284] netlink: 16 bytes leftover after parsing attributes in process `syz.2.806'.
[  203.281463][ T8280] syzkaller0: tun_chr_ioctl cmd 1074025678
[  203.309875][ T8280] syzkaller0: group set to 0
[  203.349547][ T8124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.369063][ T8124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.385859][ T8124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.405980][ T8124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.432597][ T8124] batman_adv: batadv0: Interface activated: batadv_slave_1
[  203.479862][ T8124] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.511135][ T8124] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.547704][ T8124] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.579585][ T8124] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.631731][ T8296] FAULT_INJECTION: forcing a failure.
[  203.631731][ T8296] name failslab, interval 1, probability 0, space 0, times 0
[  203.706378][ T8296] CPU: 0 UID: 0 PID: 8296 Comm: syz.3.807 Not tainted 6.12.0-rc1-syzkaller #0
[  203.715329][ T8296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  203.725412][ T8296] Call Trace:
[  203.728712][ T8296]  <TASK>
[  203.731662][ T8296]  dump_stack_lvl+0x241/0x360
[  203.736371][ T8296]  ? __pfx_dump_stack_lvl+0x10/0x10
[  203.741598][ T8296]  ? __pfx__printk+0x10/0x10
[  203.746227][ T8296]  ? fs_reclaim_acquire+0x93/0x140
[  203.751364][ T8296]  ? __pfx___might_resched+0x10/0x10
[  203.756674][ T8296]  ? dynamic_dname+0x141/0x1b0
[  203.761471][ T8296]  should_fail_ex+0x3b0/0x4e0
[  203.766158][ T8296]  ? tomoyo_encode+0x26f/0x540
[  203.770944][ T8296]  should_failslab+0xac/0x100
[  203.775645][ T8296]  ? tomoyo_encode+0x26f/0x540
[  203.780430][ T8296]  __kmalloc_noprof+0xd8/0x400
[  203.785229][ T8296]  tomoyo_encode+0x26f/0x540
[  203.789858][ T8296]  ? __pfx_sockfs_dname+0x10/0x10
[  203.794911][ T8296]  tomoyo_realpath_from_path+0x59e/0x5e0
[  203.800433][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.800551][ T8296]  tomoyo_path_number_perm+0x23a/0x880
[  203.813813][ T8296]  ? tomoyo_path_number_perm+0x208/0x880
[  203.819454][ T8296]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  203.819514][ T8296]  ? __fget_files+0x29/0x470
[  203.830056][ T8296]  ? __fget_files+0x3f3/0x470
[  203.834743][ T8296]  security_file_ioctl+0xc6/0x2a0
[  203.839769][ T8296]  __se_sys_ioctl+0x47/0x170
[  203.844364][ T8296]  do_syscall_64+0xf3/0x230
[  203.848861][ T8296]  ? clear_bhb_loop+0x35/0x90
[  203.853534][ T8296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  203.859427][ T8296] RIP: 0033:0x7f386557dbfb
[  203.863836][ T8296] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00
[  203.883450][ T8296] RSP: 002b:00007f38662f8490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  203.891866][ T8296] RAX: ffffffffffffffda RBX: 00007f38662f8be0 RCX: 00007f386557dbfb
[  203.899854][ T8296] RDX: 00007f38662f8be0 RSI: 000000004020ae46 RDI: 0000000000000003
[  203.907821][ T8296] RBP: 0000000000000003 R08: 0000000000000001 R09: 0000000000000000
[  203.915797][ T8296] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000005
[  203.923794][ T8296] R13: 0000000020005000 R14: 0000000020000000 R15: 00000000fec00000
[  203.931868][ T8296]  </TASK>
[  203.944952][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.958321][ T8296] ERROR: Out of memory at tomoyo_realpath_from_path.
[  204.014366][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  204.022664][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.159772][ T8313] netlink: 28 bytes leftover after parsing attributes in process `syz.0.810'.
[  204.454890][ T5284] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  204.616224][ T5284] usb 2-1: config 0 has no interfaces?
[  204.624679][ T5284] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  204.635435][ T8342] netlink: 20 bytes leftover after parsing attributes in process `syz.4.815'.
[  204.637675][ T5284] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.656023][ T5284] usb 2-1: config 0 descriptor??
[  204.890096][ T8316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.939626][ T8316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  204.998990][ T8316] syzkaller1: entered promiscuous mode
[  205.036383][ T8316] syzkaller1: entered allmulticast mode
[  205.140203][ T8354] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  205.177493][ T8354] kvm: pic: level sensitive irq not supported
[  205.177872][ T8354] kvm: pic: non byte read
[  205.259082][ T8354] kvm: pic: level sensitive irq not supported
[  205.259415][ T8354] kvm: pic: non byte read
[  205.272291][ T8354] kvm: pic: level sensitive irq not supported
[  205.272374][ T8354] kvm: pic: non byte read
[  205.290627][ T8354] kvm: pic: level sensitive irq not supported
[  205.290692][ T8354] kvm: pic: non byte read
[  205.303685][ T8354] kvm: pic: level sensitive irq not supported
[  205.304158][ T8354] kvm: pic: non byte read
[  205.582000][ T8380] netlink: 'syz.2.821': attribute type 1 has an invalid length.
[  205.670676][ T8380] bond1: entered promiscuous mode
[  205.756075][ T8386] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  205.790939][ T8390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.823'.
[  206.078576][ T8401] syz_tun: entered promiscuous mode
[  206.083935][ T8401] macvtap1: entered promiscuous mode
[  206.096038][ T8409] VFS: Lookup of 'file0' in fuse fuse would have caused loop
[  206.104528][ T8401] macvtap1: entered allmulticast mode
[  206.112076][ T8401] syz_tun: entered allmulticast mode
[  206.138564][ T8401] syz_tun: left allmulticast mode
[  206.153541][ T8401] syz_tun: left promiscuous mode
[  206.230579][ T8413] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  206.436534][ T8421] netlink: 'syz.0.829': attribute type 1 has an invalid length.
[  206.599061][ T5284] usb 2-1: USB disconnect, device number 31
[  207.192061][ T8459] FAULT_INJECTION: forcing a failure.
[  207.192061][ T8459] name failslab, interval 1, probability 0, space 0, times 0
[  207.240359][ T8459] CPU: 0 UID: 0 PID: 8459 Comm: syz.1.837 Not tainted 6.12.0-rc1-syzkaller #0
[  207.249271][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  207.259356][ T8459] Call Trace:
[  207.262660][ T8459]  <TASK>
[  207.265610][ T8459]  dump_stack_lvl+0x241/0x360
[  207.270314][ T8459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  207.275543][ T8459]  ? __pfx__printk+0x10/0x10
[  207.280169][ T8459]  ? fs_reclaim_acquire+0x93/0x140
[  207.285306][ T8459]  ? __pfx___might_resched+0x10/0x10
[  207.289300][ T8463] netlink: 'syz.2.838': attribute type 1 has an invalid length.
[  207.290602][ T8459]  should_fail_ex+0x3b0/0x4e0
[  207.303028][ T8459]  ? tomoyo_encode+0x26f/0x540
[  207.307821][ T8459]  should_failslab+0xac/0x100
[  207.312531][ T8459]  ? tomoyo_encode+0x26f/0x540
[  207.317318][ T8459]  __kmalloc_noprof+0xd8/0x400
[  207.322105][ T8459]  tomoyo_encode+0x26f/0x540
[  207.326700][ T8459]  tomoyo_realpath_from_path+0x59e/0x5e0
[  207.332373][ T8459]  tomoyo_path_number_perm+0x23a/0x880
[  207.337864][ T8459]  ? tomoyo_path_number_perm+0x208/0x880
[  207.343608][ T8459]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  207.349742][ T8459]  ? __fget_files+0x29/0x470
[  207.354363][ T8459]  ? __fget_files+0x3f3/0x470
[  207.356657][ T8463] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  207.359051][ T8459]  security_file_ioctl+0xc6/0x2a0
[  207.372659][ T8459]  __se_sys_ioctl+0x47/0x170
[  207.377282][ T8459]  do_syscall_64+0xf3/0x230
[  207.381807][ T8459]  ? clear_bhb_loop+0x35/0x90
[  207.386509][ T8459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.392433][ T8459] RIP: 0033:0x7fe9a5b7dff9
[  207.396871][ T8459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.416505][ T8459] RSP: 002b:00007fe9a6a29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.424955][ T8459] RAX: ffffffffffffffda RBX: 00007fe9a5d35f80 RCX: 00007fe9a5b7dff9
[  207.432950][ T8459] RDX: 0000000020000180 RSI: 0000000080045519 RDI: 0000000000000003
[  207.440922][ T8459] RBP: 00007fe9a6a29090 R08: 0000000000000000 R09: 0000000000000000
[  207.448898][ T8459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  207.456881][ T8459] R13: 0000000000000000 R14: 00007fe9a5d35f80 R15: 00007fe9a5e5fa28
[  207.464854][ T8459]  </TASK>
[  207.468020][    C0] vkms_vblank_simulate: vblank timer overrun
[  207.493556][ T8459] ERROR: Out of memory at tomoyo_realpath_from_path.
[  207.620958][ T2893] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.736801][ T2893] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.878363][ T2893] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  207.993638][ T2893] team0: Port device netdevsim0 removed
[  208.021162][ T2893] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.065893][ T4625] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  208.081928][ T4625] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  208.092722][ T4625] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  208.102098][ T4625] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  208.110587][ T4625] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  208.119308][ T4625] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  208.220640][ T8489] netlink: 4 bytes leftover after parsing attributes in process `syz.0.846'.
[  208.244730][ T5276] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  208.311014][ T8491] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  208.393352][ T2893] bridge_slave_0: left allmulticast mode
[  208.406861][ T2893] bridge_slave_0: left promiscuous mode
[  208.413155][ T2893] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.416203][ T5276] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.437750][ T5276] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  208.448212][ T5276] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.464047][ T5276] usb 2-1: Product: syz
[  208.464070][ T5276] usb 2-1: Manufacturer: syz
[  208.464087][ T5276] usb 2-1: SerialNumber: syz
[  208.794693][   T29] audit: type=1326 audit(1727696272.347:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8500 comm="syz.3.850" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f386557dff9 code=0x0
[  208.908640][ T2893] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  208.921166][ T2893] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  208.932960][ T2893] bond0 (unregistering): Released all slaves
[  208.945713][ T2893] bond1 (unregistering): Released all slaves
[  208.959029][ T8496] bridge0: port 3(erspan0) entered blocking state
[  208.967320][ T8496] bridge0: port 3(erspan0) entered disabled state
[  208.973988][ T8496] erspan0: entered allmulticast mode
[  208.980441][ T8496] erspan0: entered promiscuous mode
[  208.986205][ T8496] bridge0: port 3(erspan0) entered blocking state
[  208.992716][ T8496] bridge0: port 3(erspan0) entered forwarding state
[  209.018709][ T2893] : left promiscuous mode
[  209.116895][ T8505] netlink: 4 bytes leftover after parsing attributes in process `syz.2.851'.
[  209.191480][ T2893] tipc: Disabling bearer <eth:team0>
[  209.199573][ T2893] tipc: Left network mode
[  209.320739][ T8487] chnl_net:caif_netlink_parms(): no params data found
[  209.499252][ T5276] cdc_ncm 2-1:1.0: failed to get mac address
[  209.700012][ T5276] cdc_ncm 2-1:1.0: bind() failure
[  209.724447][ T5276] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71
[  209.745336][ T5276] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71
[  209.756336][ T5276] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  209.771104][ T5276] usb 2-1: USB disconnect, device number 32
[  209.837808][ T8535] usb usb1: usbfs: process 8535 (syz.3.855) did not claim interface 0 before use
[  209.856377][ T2893] hsr_slave_0: left promiscuous mode
[  209.863380][ T2893] hsr_slave_1: left promiscuous mode
[  209.883376][ T2893] veth1_macvtap: left promiscuous mode
[  209.889321][ T2893] veth0_macvtap: left promiscuous mode
[  209.895209][ T2893] veth1_vlan: left promiscuous mode
[  209.900610][ T2893] veth0_vlan: left promiscuous mode
[  210.185253][ T4625] Bluetooth: hci3: command tx timeout
[  210.622550][ T2893] team0 (unregistering): Port device team_slave_1 removed
[  210.663786][ T2893] team0 (unregistering): Port device team_slave_0 removed
[  210.960850][ T8487] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.969254][ T8487] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.977162][ T8487] bridge_slave_0: entered allmulticast mode
[  210.984024][ T8487] bridge_slave_0: entered promiscuous mode
[  211.002652][ T8553] tipc: Enabled bearer <eth:team0>, priority 0
[  211.010750][ T8561] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.863'.
[  211.024250][ T8487] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.053569][ T8487] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.075148][ T8487] bridge_slave_1: entered allmulticast mode
[  211.102643][ T8487] bridge_slave_1: entered promiscuous mode
[  211.195137][ T8568] FAULT_INJECTION: forcing a failure.
[  211.195137][ T8568] name failslab, interval 1, probability 0, space 0, times 0
[  211.215582][ T8560] netlink: 16402 bytes leftover after parsing attributes in process `syz.1.863'.
[  211.246655][ T8568] CPU: 1 UID: 0 PID: 8568 Comm: syz.0.867 Not tainted 6.12.0-rc1-syzkaller #0
[  211.255600][ T8568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  211.265701][ T8568] Call Trace:
[  211.268977][ T8568]  <TASK>
[  211.271895][ T8568]  dump_stack_lvl+0x241/0x360
[  211.276573][ T8568]  ? __pfx_dump_stack_lvl+0x10/0x10
[  211.281781][ T8568]  ? __pfx__printk+0x10/0x10
[  211.286386][ T8568]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  211.292369][ T8568]  ? __pfx___might_resched+0x10/0x10
[  211.297657][ T8568]  should_fail_ex+0x3b0/0x4e0
[  211.302339][ T8568]  should_failslab+0xac/0x100
[  211.307026][ T8568]  ? __alloc_skb+0x1c3/0x440
[  211.311613][ T8568]  kmem_cache_alloc_node_noprof+0x71/0x320
[  211.317421][ T8568]  __alloc_skb+0x1c3/0x440
[  211.321838][ T8568]  ? __pfx___alloc_skb+0x10/0x10
[  211.326809][ T8568]  ? netlink_autobind+0xd6/0x2f0
[  211.331739][ T8568]  ? netlink_autobind+0x2b0/0x2f0
[  211.336770][ T8568]  netlink_sendmsg+0x638/0xcb0
[  211.341630][ T8568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.346913][ T8568]  ? aa_sock_msg_perm+0x91/0x160
[  211.351870][ T8568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  211.357163][ T8568]  __sock_sendmsg+0x221/0x270
[  211.361847][ T8568]  ____sys_sendmsg+0x52a/0x7e0
[  211.366635][ T8568]  ? __pfx_____sys_sendmsg+0x10/0x10
[  211.371919][ T8568]  __sys_sendmsg+0x292/0x380
[  211.376506][ T8568]  ? __pfx___sys_sendmsg+0x10/0x10
[  211.381628][ T8568]  ? __pfx_vfs_write+0x10/0x10
[  211.386422][ T8568]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  211.392779][ T8568]  ? do_syscall_64+0x100/0x230
[  211.397540][ T8568]  ? do_syscall_64+0xb6/0x230
[  211.402213][ T8568]  do_syscall_64+0xf3/0x230
[  211.406710][ T8568]  ? clear_bhb_loop+0x35/0x90
[  211.411380][ T8568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.417272][ T8568] RIP: 0033:0x7f8af437dff9
[  211.421694][ T8568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.441296][ T8568] RSP: 002b:00007f8af50bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  211.449740][ T8568] RAX: ffffffffffffffda RBX: 00007f8af4535f80 RCX: 00007f8af437dff9
[  211.457710][ T8568] RDX: 0000000000000000 RSI: 0000000020001ac0 RDI: 0000000000000003
[  211.464712][ T5284] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  211.465664][ T8568] RBP: 00007f8af50bb090 R08: 0000000000000000 R09: 0000000000000000
[  211.465680][ T8568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  211.465693][ T8568] R13: 0000000000000000 R14: 00007f8af4535f80 R15: 00007f8af465fa28
[  211.465720][ T8568]  </TASK>
[  211.527960][ T8487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.554061][ T8487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.682961][ T8487] team0: Port device team_slave_0 added
[  211.705624][ T8574] netlink: 28 bytes leftover after parsing attributes in process `syz.0.869'.
[  211.726277][ T5284] usb 3-1: unable to read config index 0 descriptor/start: -71
[  211.744212][ T5284] usb 3-1: can't read configurations, error -71
[  211.755910][ T8487] team0: Port device team_slave_1 added
[  211.883037][ T2893] IPVS: stop unused estimator thread 0...
[  211.890919][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.901375][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.924780][ T8582] libceph: resolve '0' (ret=-3): failed
[  211.933247][ T8487] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.000075][ T8487] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.014411][ T8487] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.073922][ T8487] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.265092][ T4625] Bluetooth: hci3: command tx timeout
[  212.310582][ T8487] hsr_slave_0: entered promiscuous mode
[  212.364955][ T8487] hsr_slave_1: entered promiscuous mode
[  212.390903][ T8487] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.411081][ T8487] Cannot create hsr debugfs directory
[  212.433672][ T5276] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  212.615283][ T5276] usb 2-1: no configurations
[  212.630951][ T5276] usb 2-1: can't read configurations, error -22
[  212.795593][ T5276] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  212.823896][ T8610] netlink: zone id is out of range
[  212.843850][ T8610] netlink: zone id is out of range
[  212.860487][ T8610] netlink: zone id is out of range
[  212.873750][ T8610] netlink: zone id is out of range
[  212.885113][ T8610] netlink: zone id is out of range
[  212.914740][ T8610] netlink: zone id is out of range
[  212.920545][ T8610] netlink: zone id is out of range
[  212.927212][ T8610] netlink: zone id is out of range
[  212.935396][ T8610] netlink: zone id is out of range
[  212.966252][ T5276] usb 2-1: no configurations
[  212.973499][ T5276] usb 2-1: can't read configurations, error -22
[  213.015537][ T5276] usb usb2-port1: attempt power cycle
[  213.364769][ T5276] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  213.386758][ T8630] FAULT_INJECTION: forcing a failure.
[  213.386758][ T8630] name failslab, interval 1, probability 0, space 0, times 0
[  213.396220][ T8487] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  213.411101][ T8630] CPU: 1 UID: 0 PID: 8630 Comm: syz.0.881 Not tainted 6.12.0-rc1-syzkaller #0
[  213.419996][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  213.430055][ T8630] Call Trace:
[  213.433338][ T8630]  <TASK>
[  213.436290][ T8630]  dump_stack_lvl+0x241/0x360
[  213.441062][ T8630]  ? __pfx_dump_stack_lvl+0x10/0x10
[  213.446259][ T8630]  ? __pfx__printk+0x10/0x10
[  213.450858][ T8630]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  213.456876][ T8630]  ? __pfx___might_resched+0x10/0x10
[  213.462158][ T8630]  ? aa_label_sk_perm+0x4f3/0x6c0
[  213.467187][ T8630]  should_fail_ex+0x3b0/0x4e0
[  213.471892][ T8630]  should_failslab+0xac/0x100
[  213.476587][ T8630]  ? __alloc_skb+0x1c3/0x440
[  213.481174][ T8630]  kmem_cache_alloc_node_noprof+0x71/0x320
[  213.486989][ T8630]  __alloc_skb+0x1c3/0x440
[  213.491406][ T8630]  ? __pfx___alloc_skb+0x10/0x10
[  213.496346][ T8630]  netlink_sendmsg+0x638/0xcb0
[  213.501113][ T8630]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.506398][ T8630]  ? aa_sock_msg_perm+0x91/0x160
[  213.511336][ T8630]  ? __pfx_netlink_sendmsg+0x10/0x10
[  213.516613][ T8630]  __sock_sendmsg+0x221/0x270
[  213.521319][ T8630]  ____sys_sendmsg+0x52a/0x7e0
[  213.526097][ T8630]  ? __pfx_____sys_sendmsg+0x10/0x10
[  213.531386][ T8630]  ? rcu_is_watching+0x15/0xb0
[  213.536154][ T8630]  ? __might_fault+0xaa/0x120
[  213.540833][ T8630]  __sys_sendmmsg+0x3ab/0x730
[  213.545522][ T8630]  ? __pfx___sys_sendmmsg+0x10/0x10
[  213.550727][ T8630]  ? __pfx_lock_release+0x10/0x10
[  213.555764][ T8630]  ? kstrtouint_from_user+0x128/0x190
[  213.561166][ T8630]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  213.567060][ T8630]  ? ksys_write+0x229/0x2b0
[  213.571557][ T8630]  ? __pfx_lock_release+0x10/0x10
[  213.576587][ T8630]  ? vfs_write+0x7bf/0xc90
[  213.581000][ T8630]  ? kmem_cache_free+0x1a2/0x420
[  213.585937][ T8630]  ? __mutex_unlock_slowpath+0x21d/0x750
[  213.591572][ T8630]  ? __fget_files+0x3f3/0x470
[  213.596267][ T8630]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  213.602253][ T8630]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  213.608585][ T8630]  ? do_syscall_64+0x100/0x230
[  213.613348][ T8630]  __x64_sys_sendmmsg+0xa0/0xb0
[  213.618199][ T8630]  do_syscall_64+0xf3/0x230
[  213.622700][ T8630]  ? clear_bhb_loop+0x35/0x90
[  213.627374][ T8630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.633303][ T8630] RIP: 0033:0x7f8af437dff9
[  213.637721][ T8630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.657459][ T8630] RSP: 002b:00007f8af50bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  213.665884][ T8630] RAX: ffffffffffffffda RBX: 00007f8af4535f80 RCX: 00007f8af437dff9
[  213.673856][ T8630] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000003
[  213.681824][ T8630] RBP: 00007f8af50bb090 R08: 0000000000000000 R09: 0000000000000000
[  213.689876][ T8630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  213.697842][ T8630] R13: 0000000000000000 R14: 00007f8af4535f80 R15: 00007f8af465fa28
[  213.705825][ T8630]  </TASK>
[  213.708935][    C1] vkms_vblank_simulate: vblank timer overrun
[  213.739951][ T5276] usb 2-1: no configurations
[  213.747447][ T5276] usb 2-1: can't read configurations, error -22
[  213.765285][ T8487] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  213.809579][ T8487] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  213.826736][ T8487] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  213.895045][ T5276] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  213.956228][ T5276] usb 2-1: no configurations
[  213.960878][ T5276] usb 2-1: can't read configurations, error -22
[  213.983128][ T5276] usb usb2-port1: unable to enumerate USB device
[  214.058973][ T8487] 8021q: adding VLAN 0 to HW filter on device bond0
[  214.118872][ T8487] 8021q: adding VLAN 0 to HW filter on device team0
[  214.246497][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  214.253672][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  214.280155][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.287286][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.317223][ T8653] netlink: 28 bytes leftover after parsing attributes in process `syz.2.884'.
[  214.345847][ T4625] Bluetooth: hci3: command tx timeout
[  214.610002][ T8487] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  214.886340][ T8487] 8021q: adding VLAN 0 to HW filter on device batadv0
[  214.917054][ T8668] loop2: detected capacity change from 0 to 7
[  214.929544][ T8668] Dev loop2: unable to read RDB block 7
[  214.943567][ T8668]  loop2: AHDI p1 p2
[  214.947990][ T8668] loop2: partition table partially beyond EOD, truncated
[  214.955565][ T8668] loop2: p1 start 3496449972 is beyond EOD, truncated
[  214.979365][ T8487] veth0_vlan: entered promiscuous mode
[  214.990618][ T8487] veth1_vlan: entered promiscuous mode
[  215.007867][ T8487] veth0_macvtap: entered promiscuous mode
[  215.016282][ T8487] veth1_macvtap: entered promiscuous mode
[  215.182031][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.201899][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.223815][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.246389][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.269434][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  215.322875][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.356145][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_0
[  215.445862][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.496513][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.533822][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.567938][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.594772][ T8487] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  215.628803][ T8487] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  215.643343][ T8487] batman_adv: batadv0: Interface activated: batadv_slave_1
[  215.679870][ T8487] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  215.711095][ T8487] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  215.744650][ T8487] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  215.770603][   T29] audit: type=1326 audit(1727696279.327:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.3.892" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f386557dff9 code=0x0
[  215.792374][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.801698][ T8487] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  216.017497][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.027506][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  216.094401][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.114133][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  216.218184][ T8711] netlink: 'syz.4.841': attribute type 10 has an invalid length.
[  216.301611][ T8711] 8021q: adding VLAN 0 to HW filter on device batadv0
[  216.354240][ T8711] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  216.424729][ T4625] Bluetooth: hci3: command tx timeout
[  216.516167][ T8716] bond0: entered promiscuous mode
[  216.521298][ T8716] bond_slave_0: entered promiscuous mode
[  216.555580][ T8716] bond_slave_1: entered promiscuous mode
[  216.578427][ T8716] batadv0: entered promiscuous mode
[  216.681808][ T8722] netlink: 20 bytes leftover after parsing attributes in process `syz.2.893'.
[  217.472297][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.563190][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.654971][   T25] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  217.669319][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.768437][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  217.848927][   T25] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  217.904272][ T5245] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  217.924945][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.933868][   T25] usb 3-1: Product: syz
[  217.941681][   T25] usb 3-1: Manufacturer: syz
[  217.946369][   T25] usb 3-1: SerialNumber: syz
[  217.956613][ T5245] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  217.967980][   T25] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  217.981043][ T5245] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  217.991495][ T5245] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  217.999553][ T5245] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  218.007071][ T5245] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  218.017353][ T5302] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  218.145195][   T12] bridge_slave_1: left allmulticast mode
[  218.150898][   T12] bridge_slave_1: left promiscuous mode
[  218.225686][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.363333][   T12] bridge_slave_0: left allmulticast mode
[  218.382279][   T12] bridge_slave_0: left promiscuous mode
[  218.408487][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.080438][ T5302] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  219.094808][ T5302] ath9k_htc: Failed to initialize the device
[  219.140747][ T5302] usb 3-1: ath9k_htc: USB layer deinitialized
[  219.368261][ T5302] usb 3-1: USB disconnect, device number 34
[  219.625373][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  219.659680][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  219.686076][   T12] bond0 (unregistering): Released all slaves
[  219.723081][ T8779] netlink: 20 bytes leftover after parsing attributes in process `syz.0.909'.
[  219.734792][ T8779] FAULT_INJECTION: forcing a failure.
[  219.734792][ T8779] name failslab, interval 1, probability 0, space 0, times 0
[  219.797835][ T8779] CPU: 0 UID: 0 PID: 8779 Comm: syz.0.909 Not tainted 6.12.0-rc1-syzkaller #0
[  219.806746][ T8779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  219.816841][ T8779] Call Trace:
[  219.820144][ T8779]  <TASK>
[  219.823109][ T8779]  dump_stack_lvl+0x241/0x360
[  219.827815][ T8779]  ? __pfx_dump_stack_lvl+0x10/0x10
[  219.833031][ T8779]  ? __pfx__printk+0x10/0x10
[  219.837623][ T8779]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  219.843602][ T8779]  ? __pfx___might_resched+0x10/0x10
[  219.848885][ T8779]  should_fail_ex+0x3b0/0x4e0
[  219.853558][ T8779]  should_failslab+0xac/0x100
[  219.858240][ T8779]  ? __alloc_skb+0x1c3/0x440
[  219.862849][ T8779]  kmem_cache_alloc_node_noprof+0x71/0x320
[  219.868686][ T8779]  __alloc_skb+0x1c3/0x440
[  219.873124][ T8779]  ? __pfx___alloc_skb+0x10/0x10
[  219.878096][ T8779]  ? netlink_ack_tlv_len+0x6e/0x200
[  219.883324][ T8779]  netlink_ack+0x13f/0xa30
[  219.887773][ T8779]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.893266][ T8779]  netlink_rcv_skb+0x262/0x430
[  219.898134][ T8779]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  219.903581][ T8779]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  219.908872][ T8779]  ? netlink_deliver_tap+0x2e/0x1b0
[  219.914109][ T8779]  netlink_unicast+0x7f6/0x990
[  219.918907][ T8779]  ? __pfx_netlink_unicast+0x10/0x10
[  219.924193][ T8779]  ? __virt_addr_valid+0x183/0x530
[  219.929303][ T8779]  ? __check_object_size+0x48e/0x900
[  219.934602][ T8779]  netlink_sendmsg+0x8e4/0xcb0
[  219.939363][ T8779]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.944671][ T8779]  ? aa_sock_msg_perm+0x91/0x160
[  219.949606][ T8779]  ? __pfx_netlink_sendmsg+0x10/0x10
[  219.954890][ T8779]  __sock_sendmsg+0x221/0x270
[  219.959586][ T8779]  ____sys_sendmsg+0x52a/0x7e0
[  219.964349][ T8779]  ? __pfx_____sys_sendmsg+0x10/0x10
[  219.969659][ T8779]  __sys_sendmsg+0x292/0x380
[  219.974237][ T8779]  ? __pfx___sys_sendmsg+0x10/0x10
[  219.979365][ T8779]  ? __pfx_vfs_write+0x10/0x10
[  219.984159][ T8779]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  219.990488][ T8779]  ? do_syscall_64+0x100/0x230
[  219.995246][ T8779]  ? do_syscall_64+0xb6/0x230
[  219.999917][ T8779]  do_syscall_64+0xf3/0x230
[  220.004415][ T8779]  ? clear_bhb_loop+0x35/0x90
[  220.009089][ T8779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  220.014979][ T8779] RIP: 0033:0x7f8af437dff9
[  220.019385][ T8779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  220.038992][ T8779] RSP: 002b:00007f8af50bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  220.047414][ T8779] RAX: ffffffffffffffda RBX: 00007f8af4535f80 RCX: 00007f8af437dff9
[  220.055398][ T8779] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  220.063386][ T8779] RBP: 00007f8af50bb090 R08: 0000000000000000 R09: 0000000000000000
[  220.071363][ T8779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  220.079335][ T8779] R13: 0000000000000000 R14: 00007f8af4535f80 R15: 00007f8af465fa28
[  220.087317][ T8779]  </TASK>
[  220.092079][   T12] tipc: Disabling bearer <udp:s>
[  220.099833][   T12] tipc: Disabling bearer <eth:team0>
[  220.124362][ T4625] Bluetooth: hci1: command tx timeout
[  220.222154][   T12] tipc: Left network mode
[  220.331069][ T8796] trusted_key: encrypted_key: key trusted:syz not found
[  220.585108][ T5303] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  220.700817][ T5302] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  220.722691][   T12] hsr_slave_0: left promiscuous mode
[  220.741361][   T12] hsr_slave_1: left promiscuous mode
[  220.796486][ T5303] usb 2-1: not running at top speed; connect to a high speed hub
[  220.825235][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  220.839332][ T5303] usb 2-1: too many endpoints for config 1 interface 0 altsetting 7: 239, using maximum allowed: 30
[  220.865057][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  220.898996][ T5303] usb 2-1: config 1 interface 0 altsetting 7 endpoint 0x2 has invalid maxpacket 352, setting to 64
[  220.920037][ T5302] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  220.933120][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.967217][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  220.988510][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.999989][ T5303] usb 2-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 239
[  221.034862][ T5302] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.047569][ T5303] usb 2-1: config 1 interface 0 has no altsetting 0
[  221.070941][ T5302] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 34
[  221.090783][ T5303] usb 2-1: New USB device found, idVendor=056a, idProduct=0018, bcdDevice= 0.40
[  221.110973][ T5303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.123706][ T5302] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  221.143634][ T5303] usb 2-1: Product: syz
[  221.152912][ T5302] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=64
[  221.177743][   T12] veth1_macvtap: left promiscuous mode
[  221.191777][   T12] veth0_macvtap: left promiscuous mode
[  221.203094][   T12] veth1_vlan: left promiscuous mode
[  221.232681][   T12] veth0_vlan: left promiscuous mode
[  221.273000][ T5303] usb 2-1: Manufacturer: syz
[  221.314501][ T5302] usb 3-1: SerialNumber: syz
[  221.324089][ T5303] usb 2-1: SerialNumber: syz
[  221.353177][ T5302] usb 3-1: config 0 descriptor??
[  221.360313][ T8796] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  221.602155][ T5303] usbhid 2-1:1.0: can't add hid device: -71
[  221.631131][ T5303] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  221.684339][ T5303] usb 2-1: USB disconnect, device number 37
[  222.184674][ T5245] Bluetooth: hci1: command tx timeout
[  222.723663][ T5302] usbhid 3-1:0.0: can't add hid device: -71
[  222.729837][ T5302] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  222.744850][ T5302] usb 3-1: USB disconnect, device number 35
[  222.858713][   T12] team0 (unregistering): Port device team_slave_1 removed
[  223.017654][   T12] team0 (unregistering): Port device team_slave_0 removed
[  224.142186][ T8820] tc_dump_action: action bad kind
[  224.151749][ T8830] netlink: 12 bytes leftover after parsing attributes in process `syz.2.920'.
[  224.265419][ T5245] Bluetooth: hci1: command tx timeout
[  224.350511][ T8844] netlink: 20 bytes leftover after parsing attributes in process `syz.1.923'.
[  224.362105][ T8842] netlink: 'syz.1.923': attribute type 21 has an invalid length.
[  224.399874][ T8846] netlink: 92 bytes leftover after parsing attributes in process `syz.0.924'.
[  224.496999][ T8764] chnl_net:caif_netlink_parms(): no params data found
[  224.863767][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.904974][ T8764] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.945095][   T25] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  224.989126][ T8764] bridge_slave_0: entered allmulticast mode
[  225.025190][ T8764] bridge_slave_0: entered promiscuous mode
[  225.100296][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state
[  225.146913][ T8764] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.166871][   T25] usb 5-1: unable to read config index 0 descriptor/start: -61
[  225.180644][ T8764] bridge_slave_1: entered allmulticast mode
[  225.193148][ T8764] bridge_slave_1: entered promiscuous mode
[  225.199332][   T25] usb 5-1: can't read configurations, error -61
[  225.277392][ T8764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  225.320148][ T8764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  225.405097][   T25] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  225.447793][ T8764] team0: Port device team_slave_0 added
[  225.462501][ T8764] team0: Port device team_slave_1 added
[  225.537274][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_0
[  225.545785][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.575417][ T8764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.596537][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.600029][   T25] usb 5-1: unable to read config index 0 descriptor/start: -61
[  225.603528][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  225.611900][ T5237] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  225.658122][   T25] usb 5-1: can't read configurations, error -61
[  225.659209][ T8764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  225.688249][   T25] usb usb5-port1: attempt power cycle
[  225.704141][ T5303] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  225.766842][ T8764] hsr_slave_0: entered promiscuous mode
[  225.786688][ T8764] hsr_slave_1: entered promiscuous mode
[  225.894746][ T5237] usb 3-1: Using ep0 maxpacket: 32
[  225.900017][ T5303] usb 2-1: Using ep0 maxpacket: 16
[  225.916675][ T5237] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  225.934814][ T5303] usb 2-1: config 0 has no interfaces?
[  225.965138][ T5237] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  225.975891][ T5303] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  225.994674][ T5237] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  226.003760][ T5237] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.012547][ T5303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.035491][ T5303] usb 2-1: Product: syz
[  226.039707][ T5303] usb 2-1: Manufacturer: syz
[  226.044327][ T5303] usb 2-1: SerialNumber: syz
[  226.067911][ T5237] usb 3-1: rejected 1 configuration due to insufficient available bus power
[  226.076764][   T25] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  226.097045][ T5303] usb 2-1: config 0 descriptor??
[  226.122668][   T25] usb 5-1: unable to read config index 0 descriptor/start: -61
[  226.138101][ T5237] usb 3-1: no configuration chosen from 1 choice
[  226.158400][   T25] usb 5-1: can't read configurations, error -61
[  226.314906][   T25] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  226.350451][ T8889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  226.358973][ T5245] Bluetooth: hci1: command tx timeout
[  226.399897][   T25] usb 5-1: unable to read config index 0 descriptor/start: -61
[  226.409226][ T8889] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  226.424116][   T25] usb 5-1: can't read configurations, error -61
[  226.444864][   T25] usb usb5-port1: unable to enumerate USB device
[  226.455400][ T8889] tls_set_device_offload_rx: netdev not found
[  226.562626][ T5276] usb 2-1: USB disconnect, device number 38
[  226.752633][ T8764] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  226.762661][ T8764] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  226.779107][ T8764] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  226.790977][ T8764] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  226.944281][ T8764] 8021q: adding VLAN 0 to HW filter on device bond0
[  227.008231][ T8764] 8021q: adding VLAN 0 to HW filter on device team0
[  227.041523][ T2908] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.048663][ T2908] bridge0: port 1(bridge_slave_0) entered forwarding state
[  227.125285][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.132463][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  227.342324][ T8764] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.438235][ T8764] veth0_vlan: entered promiscuous mode
[  227.472369][ T8764] veth1_vlan: entered promiscuous mode
[  227.519384][ T8764] veth0_macvtap: entered promiscuous mode
[  227.545778][ T8764] veth1_macvtap: entered promiscuous mode
[  227.582778][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.643236][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.668284][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.690809][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.724665][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  227.745602][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  227.764001][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_0
[  227.988501][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.011151][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.027379][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.051830][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.104103][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  228.146860][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  228.203350][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_1
[  228.269279][ T8764] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  228.310735][ T8764] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  228.350721][ T8764] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  228.370428][    T9] usb 3-1: USB disconnect, device number 36
[  228.453315][ T8764] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.234686][  T939] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  229.570779][  T939] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  229.582416][  T939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.593554][  T939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.603343][  T939] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 34
[  229.620068][  T939] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  229.629729][  T939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=64
[  229.638165][  T939] usb 2-1: SerialNumber: syz
[  229.673886][ T8951] IPVS: set_ctl: invalid protocol: 50 172.20.20.56:0
[  229.681827][  T939] usb 2-1: config 0 descriptor??
[  229.747873][ T5303] IPVS: starting estimator thread 0...
[  229.885866][ T8953] IPVS: using max 32 ests per chain, 76800 per kthread
[  229.932722][ T1908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.972904][ T8961] netlink: 8 bytes leftover after parsing attributes in process `syz.4.940'.
[  230.062222][ T1908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.369586][ T8959] netlink: 'syz.4.940': attribute type 10 has an invalid length.
[  230.387482][ T8959] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.395029][ T8959] bridge0: port 1(bridge_slave_0) entered disabled state
[  230.505088][ T8959] bridge0: port 2(bridge_slave_1) entered blocking state
[  230.512251][ T8959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.519659][ T8959] bridge0: port 1(bridge_slave_0) entered blocking state
[  230.526787][ T8959] bridge0: port 1(bridge_slave_0) entered forwarding state
[  230.797602][ T8959] bridge0: entered promiscuous mode
[  230.863430][ T8959] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  230.911409][ T8961] netlink: 4 bytes leftover after parsing attributes in process `syz.4.940'.
[  230.921086][ T8961] bridge_slave_1: left allmulticast mode
[  230.927451][ T8961] bridge_slave_1: left promiscuous mode
[  230.928552][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.933279][ T8961] bridge0: port 2(bridge_slave_1) entered disabled state
[  230.962686][  T939] usbhid 2-1:0.0: can't add hid device: -71
[  230.971240][ T8961] bridge_slave_0: left allmulticast mode
[  230.971569][  T939] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  230.987460][ T8961] bridge_slave_0: left promiscuous mode
[  230.991113][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.009191][ T8961] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.048745][  T939] usb 2-1: USB disconnect, device number 39
[  231.102030][ T8961] bond0: (slave bridge0): Releasing backup interface
[  231.130973][ T8961] bridge0 (unregistering): left promiscuous mode
[  231.504967][   T29] audit: type=1800 audit(1727696295.037:207): pid=9003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.905" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  231.601589][   T29] audit: type=1326 audit(1727696295.047:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9002 comm="syz.3.905" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2769b7dff9 code=0x0
[  231.684843][ T5302] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  231.881585][ T5302] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  231.894350][ T5302] usb 5-1: config 0 has no interfaces?
[  231.904894][ T5302] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  231.913969][ T5302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.922671][ T5303] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  231.939898][ T5302] usb 5-1: config 0 descriptor??
[  232.014725][  T939] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  232.098272][ T5303] usb 2-1: config 0 has no interfaces?
[  232.103985][ T5303] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  232.115867][ T5303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.126878][ T5303] usb 2-1: config 0 descriptor??
[  232.176503][  T939] usb 3-1: config 0 has an invalid interface number: 253 but max is 0
[  232.184864][  T939] usb 3-1: config 0 has no interface number 0
[  232.190975][  T939] usb 3-1: config 0 interface 253 has no altsetting 0
[  232.200993][  T939] usb 3-1: New USB device found, idVendor=0bfd, idProduct=0023, bcdDevice=2b.62
[  232.211145][  T939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.219484][  T939] usb 3-1: Product: syz
[  232.223856][  T939] usb 3-1: Manufacturer: syz
[  232.228629][  T939] usb 3-1: SerialNumber: syz
[  232.240233][  T939] usb 3-1: config 0 descriptor??
[  232.247666][  T939] kvaser_usb 3-1:0.253: error -ENODEV: Cannot get usb endpoint(s)
[  232.339152][ T9017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.350564][ T9017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.416251][ T5303] usb 2-1: USB disconnect, device number 40
[  232.447522][  T939] usb 3-1: USB disconnect, device number 37
[  232.540769][ T9043] usb usb1: usbfs: process 9043 (syz.3.951) did not claim interface 0 before use
[  233.045703][ T9051] netlink: 20 bytes leftover after parsing attributes in process `syz.2.953'.
[  233.192165][ T9055] netlink: 64 bytes leftover after parsing attributes in process `syz.2.955'.
[  233.245992][ T9060] FAULT_INJECTION: forcing a failure.
[  233.245992][ T9060] name failslab, interval 1, probability 0, space 0, times 0
[  233.268675][ T9060] CPU: 1 UID: 0 PID: 9060 Comm: syz.1.957 Not tainted 6.12.0-rc1-syzkaller #0
[  233.277581][ T9060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  233.287657][ T9060] Call Trace:
[  233.290950][ T9060]  <TASK>
[  233.293886][ T9060]  dump_stack_lvl+0x241/0x360
[  233.298569][ T9060]  ? __pfx_dump_stack_lvl+0x10/0x10
[  233.303762][ T9060]  ? __pfx__printk+0x10/0x10
[  233.308365][ T9060]  ? __kmalloc_noprof+0xb0/0x400
[  233.313300][ T9060]  ? __pfx___might_resched+0x10/0x10
[  233.318589][ T9060]  should_fail_ex+0x3b0/0x4e0
[  233.323266][ T9060]  ? alloc_pipe_info+0x1ff/0x4d0
[  233.328197][ T9060]  should_failslab+0xac/0x100
[  233.332869][ T9060]  ? alloc_pipe_info+0x1ff/0x4d0
[  233.337803][ T9060]  __kmalloc_noprof+0xd8/0x400
[  233.342566][ T9060]  alloc_pipe_info+0x1ff/0x4d0
[  233.347328][ T9060]  splice_direct_to_actor+0xa9e/0xc80
[  233.352700][ T9060]  ? aa_file_perm+0x3ef/0xf50
[  233.357380][ T9060]  ? __pfx_aa_file_perm+0x10/0x10
[  233.362399][ T9060]  ? __pfx_direct_splice_actor+0x10/0x10
[  233.368034][ T9060]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  233.373925][ T9060]  ? __fget_files+0x29/0x470
[  233.378511][ T9060]  ? __pfx_lock_release+0x10/0x10
[  233.383534][ T9060]  do_splice_direct+0x289/0x3e0
[  233.388386][ T9060]  ? __pfx_do_splice_direct+0x10/0x10
[  233.393762][ T9060]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  233.399660][ T9060]  ? bpf_lsm_file_permission+0x9/0x10
[  233.405029][ T9060]  ? security_file_permission+0x74/0x280
[  233.410662][ T9060]  ? rw_verify_area+0x1c3/0x6f0
[  233.415510][ T9060]  do_sendfile+0x561/0xe10
[  233.419926][ T9060]  ? __pfx_vfs_write+0x10/0x10
[  233.424686][ T9060]  ? __pfx_do_sendfile+0x10/0x10
[  233.429628][ T9060]  __se_sys_sendfile64+0x17c/0x1e0
[  233.434746][ T9060]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  233.440380][ T9060]  ? do_syscall_64+0x100/0x230
[  233.445140][ T9060]  ? do_syscall_64+0xb6/0x230
[  233.449810][ T9060]  do_syscall_64+0xf3/0x230
[  233.454305][ T9060]  ? clear_bhb_loop+0x35/0x90
[  233.458979][ T9060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  233.464877][ T9060] RIP: 0033:0x7fe9a5b7dff9
[  233.469288][ T9060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  233.489079][ T9060] RSP: 002b:00007fe9a6a29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  233.497492][ T9060] RAX: ffffffffffffffda RBX: 00007fe9a5d35f80 RCX: 00007fe9a5b7dff9
[  233.505463][ T9060] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004
[  233.513428][ T9060] RBP: 00007fe9a6a29090 R08: 0000000000000000 R09: 0000000000000000
[  233.521391][ T9060] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
[  233.529352][ T9060] R13: 0000000000000000 R14: 00007fe9a5d35f80 R15: 00007fe9a5e5fa28
[  233.537327][ T9060]  </TASK>
[  233.909615][ T9075] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  233.931903][ T9075] FAULT_INJECTION: forcing a failure.
[  233.931903][ T9075] name failslab, interval 1, probability 0, space 0, times 0
[  233.945413][    T9] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  233.970897][ T9075] CPU: 1 UID: 0 PID: 9075 Comm: syz.2.962 Not tainted 6.12.0-rc1-syzkaller #0
[  233.979802][ T9075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  233.989870][ T9075] Call Trace:
[  233.993139][ T9075]  <TASK>
[  233.996167][ T9075]  dump_stack_lvl+0x241/0x360
[  234.000837][ T9075]  ? __pfx_dump_stack_lvl+0x10/0x10
[  234.006019][ T9075]  ? __pfx__printk+0x10/0x10
[  234.010606][ T9075]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  234.016664][ T9075]  ? __pfx___might_resched+0x10/0x10
[  234.021938][ T9075]  ? rcu_is_watching+0x15/0xb0
[  234.026701][ T9075]  should_fail_ex+0x3b0/0x4e0
[  234.031370][ T9075]  should_failslab+0xac/0x100
[  234.036032][ T9075]  ? __alloc_skb+0x1c3/0x440
[  234.040604][ T9075]  kmem_cache_alloc_node_noprof+0x71/0x320
[  234.046403][ T9075]  __alloc_skb+0x1c3/0x440
[  234.050801][ T9075]  ? __pfx___alloc_skb+0x10/0x10
[  234.055747][ T9075]  ? netlink_ack_tlv_len+0x6e/0x200
[  234.060937][ T9075]  netlink_ack+0x13f/0xa30
[  234.065341][ T9075]  ? __pfx_lock_acquire+0x10/0x10
[  234.070350][ T9075]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  234.075978][ T9075]  netlink_rcv_skb+0x262/0x430
[  234.080728][ T9075]  ? __pfx_genl_rcv_msg+0x10/0x10
[  234.085755][ T9075]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  234.091063][ T9075]  ? __netlink_deliver_tap+0x77e/0x7c0
[  234.096527][ T9075]  genl_rcv+0x28/0x40
[  234.100494][ T9075]  netlink_unicast+0x7f6/0x990
[  234.105257][ T9075]  ? __pfx_netlink_unicast+0x10/0x10
[  234.110537][ T9075]  ? __virt_addr_valid+0x183/0x530
[  234.115653][ T9075]  ? __check_object_size+0x48e/0x900
[  234.121125][ T9075]  netlink_sendmsg+0x8e4/0xcb0
[  234.125896][ T9075]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.131181][ T9075]  ? aa_sock_msg_perm+0x91/0x160
[  234.136113][ T9075]  ? __pfx_netlink_sendmsg+0x10/0x10
[  234.141384][ T9075]  __sock_sendmsg+0x221/0x270
[  234.146078][ T9075]  ____sys_sendmsg+0x52a/0x7e0
[  234.150835][ T9075]  ? __pfx_____sys_sendmsg+0x10/0x10
[  234.156300][ T9075]  __sys_sendmsg+0x292/0x380
[  234.160908][ T9075]  ? __pfx___sys_sendmsg+0x10/0x10
[  234.166027][ T9075]  ? __pfx_vfs_write+0x10/0x10
[  234.170803][ T9075]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  234.177145][ T9075]  ? do_syscall_64+0x100/0x230
[  234.181909][ T9075]  ? do_syscall_64+0xb6/0x230
[  234.186844][ T9075]  do_syscall_64+0xf3/0x230
[  234.191335][ T9075]  ? clear_bhb_loop+0x35/0x90
[  234.196008][ T9075]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  234.201892][ T9075] RIP: 0033:0x7fa76a97dff9
[  234.206307][ T9075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  234.207368][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  234.225920][ T9075] RSP: 002b:00007fa76b81c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  234.225976][ T9075] RAX: ffffffffffffffda RBX: 00007fa76ab35f80 RCX: 00007fa76a97dff9
[  234.225989][ T9075] RDX: 0000000000000000 RSI: 0000000020000440 RDI: 0000000000000003
[  234.226002][ T9075] RBP: 00007fa76b81c090 R08: 0000000000000000 R09: 0000000000000000
[  234.226013][ T9075] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  234.226024][ T9075] R13: 0000000000000000 R14: 00007fa76ab35f80 R15: 00007fa76ac5fa28
[  234.226053][ T9075]  </TASK>
[  234.294720][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  234.305881][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  234.315995][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 34
[  234.342388][    T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  234.351627][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=64
[  234.362329][    T9] usb 2-1: SerialNumber: syz
[  234.377722][    T9] usb 2-1: config 0 descriptor??
[  234.423398][  T939] usb 5-1: USB disconnect, device number 41
[  234.982748][    T9] usbhid 2-1:0.0: can't add hid device: -71
[  235.030017][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  235.124945][    T9] usb 2-1: USB disconnect, device number 41
[  235.192361][ T9088] tipc: Enabling of bearer <eth:team0> rejected, already enabled
[  236.065382][ T9101] netlink: 'syz.1.971': attribute type 1 has an invalid length.
[  236.093870][ T9101] bond1: entered promiscuous mode
[  236.153825][ T9101] netlink: 40 bytes leftover after parsing attributes in process `syz.1.971'.
[  238.498301][ T9125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.979'.
[  238.983793][ T9129] netlink: 'syz.0.981': attribute type 5 has an invalid length.
[  239.240612][ T2926] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.415814][ T9129] : entered promiscuous mode
[  239.709466][ T2926] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.930635][ T2926] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.319212][ T4625] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  240.329072][ T4625] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  240.346287][ T4625] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  240.384903][ T4625] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  240.417696][ T4625] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  240.436459][ T4625] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  241.776333][   T29] audit: type=1800 audit(1727696305.307:209): pid=9142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.985" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  241.804373][   T29] audit: type=1326 audit(1727696305.307:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9141 comm="syz.1.985" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9a5b7dff9 code=0x0
[  241.858645][ T9145] netlink: 8 bytes leftover after parsing attributes in process `syz.1.985'.
[  241.904320][ T2926] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.363505][ T9151] vlan2: entered allmulticast mode
[  242.368912][ T9151] bridge_slave_0: entered allmulticast mode
[  242.438362][ T9151] bridge_slave_0: left allmulticast mode
[  242.512242][ T9154] vlan2: entered allmulticast mode
[  242.529959][ T9154] bridge_slave_0: entered allmulticast mode
[  242.557122][ T9154] bridge_slave_0: left allmulticast mode
[  242.779973][ T2926] erspan0: left allmulticast mode
[  242.794717][ T2926] erspan0: left promiscuous mode
[  242.806846][ T2926] bridge0: port 3(erspan0) entered disabled state
[  242.822183][ T2926] bridge_slave_1: left allmulticast mode
[  242.834745][ T2926] bridge_slave_1: left promiscuous mode
[  242.847384][ T2926] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.888873][ T2926] bridge_slave_0: left allmulticast mode
[  242.910374][ T2926] bridge_slave_0: left promiscuous mode
[  242.967176][ T2926] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.163321][ T9158] binfmt_misc: register: failed to install interpreter file ./file0
[  243.704855][ T5245] Bluetooth: hci2: command tx timeout
[  243.995514][ T4625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  244.020011][ T4625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  244.030384][ T4625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  244.047402][ T4625] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  244.070100][ T4625] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  244.078976][ T4625] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  244.198546][ T2926] bond2 (unregistering): (slave bridge1): Releasing backup interface
[  244.462167][ T2926] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.480664][ T2926] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.507855][ T2926] bond0 (unregistering): Released all slaves
[  244.538886][ T2926] bond1 (unregistering): Released all slaves
[  244.569177][ T2926] bond2 (unregistering): Released all slaves
[  244.620442][ T9173] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  244.632978][ T9173] batman_adv: batadv0: Removing interface: batadv_slave_0
[  244.644478][ T9173] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  244.658964][ T9173] batman_adv: batadv0: Removing interface: batadv_slave_1
[  244.740062][ T9173] bond0: (slave batadv0): Releasing backup interface
[  244.750001][ T9173] batadv0 (unregistering): left promiscuous mode
[  244.797465][ T9140] chnl_net:caif_netlink_parms(): no params data found
[  244.822149][ T2926] tipc: Disabling bearer <eth:team0>
[  244.840752][ T2926] tipc: Left network mode
[  245.284294][ T9140] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.291678][ T9140] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.324824][ T9140] bridge_slave_0: entered allmulticast mode
[  245.332606][ T9140] bridge_slave_0: entered promiscuous mode
[  245.340728][ T9140] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.350120][ T9140] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.359996][ T9140] bridge_slave_1: entered allmulticast mode
[  245.368228][ T9140] bridge_slave_1: entered promiscuous mode
[  245.428963][ T2926] hsr_slave_0: left promiscuous mode
[  245.445445][ T2926] hsr_slave_1: left promiscuous mode
[  245.461880][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.502531][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.513725][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.545864][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.589995][ T2926] veth1_macvtap: left promiscuous mode
[  245.607365][ T2926] veth0_macvtap: left promiscuous mode
[  245.613680][ T2926] veth1_vlan: left promiscuous mode
[  245.622475][ T2926] veth0_vlan: left promiscuous mode
[  245.785334][ T5245] Bluetooth: hci2: command tx timeout
[  246.184993][ T5245] Bluetooth: hci1: command tx timeout
[  246.593092][ T2926] team0 (unregistering): Port device team_slave_1 removed
[  246.688804][ T2926] team0 (unregistering): Port device team_slave_0 removed
[  247.433582][ T9202] netlink: 'syz.1.997': attribute type 21 has an invalid length.
[  247.479563][ T9140] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  247.535672][   T29] audit: type=1800 audit(1727696311.087:211): pid=9207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.999" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  247.538909][ T9140] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  247.631048][ T9209] netlink: 'syz.1.1000': attribute type 2 has an invalid length.
[  247.659702][   T29] audit: type=1326 audit(1727696311.137:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9206 comm="syz.4.999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  247.688179][ T9212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.999'.
[  247.745806][ T9140] team0: Port device team_slave_0 added
[  247.755077][ T9140] team0: Port device team_slave_1 added
[  247.834133][ T9140] batman_adv: batadv0: Adding interface: batadv_slave_0
[  247.860110][ T9140] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  247.887071][ T5245] Bluetooth: hci2: command tx timeout
[  247.910640][ T9140] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  247.978941][ T9171] chnl_net:caif_netlink_parms(): no params data found
[  247.993455][ T9140] batman_adv: batadv0: Adding interface: batadv_slave_1
[  248.002454][ T9140] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  248.030563][ T9140] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  248.193034][ T9140] hsr_slave_0: entered promiscuous mode
[  248.204281][ T9140] hsr_slave_1: entered promiscuous mode
[  248.246255][ T9140] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  248.254081][ T9140] Cannot create hsr debugfs directory
[  248.266722][ T5245] Bluetooth: hci1: command tx timeout
[  248.608143][ T2926] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.626301][ T9171] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.643585][ T9171] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.655509][ T9171] bridge_slave_0: entered allmulticast mode
[  248.662577][ T9171] bridge_slave_0: entered promiscuous mode
[  248.696450][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  248.741978][ T9171] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.764774][ T9171] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.772248][ T9171] bridge_slave_1: entered allmulticast mode
[  248.788313][ T9171] bridge_slave_1: entered promiscuous mode
[  248.835548][ T2926] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.869494][    T9] usb 2-1: Using ep0 maxpacket: 32
[  248.899030][    T9] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  248.924610][    T9] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  248.945611][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  248.968861][ T9171] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  248.969178][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  248.990016][    T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  249.008739][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  249.031431][    T9] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  249.042942][ T2926] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.043139][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.066345][    T9] usb 2-1: config 0 descriptor??
[  249.091435][ T9171] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  249.226617][ T2926] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.320757][ T9171] team0: Port device team_slave_0 added
[  249.328473][    T9] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 42 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  249.367241][ T9171] team0: Port device team_slave_1 added
[  249.492563][    C1] usblp0: nonzero read bulk status received: -71
[  249.500562][ T5302] usb 2-1: USB disconnect, device number 42
[  249.539473][ T9171] batman_adv: batadv0: Adding interface: batadv_slave_0
[  249.583277][ T9171] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  249.665501][ T9171] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  249.722398][ T9171] batman_adv: batadv0: Adding interface: batadv_slave_1
[  249.731371][ T9171] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  249.761286][ T9171] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  249.832780][ T9235] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1003'.
[  249.848955][ T9235] netlink: 304 bytes leftover after parsing attributes in process `syz.1.1003'.
[  249.922695][ T9232] usblp0: removed
[  249.944868][ T5245] Bluetooth: hci2: command tx timeout
[  249.965697][ T2926] bridge_slave_1: left allmulticast mode
[  249.972256][ T2926] bridge_slave_1: left promiscuous mode
[  249.978156][ T2926] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.991693][ T2926] bridge_slave_0: left allmulticast mode
[  249.997810][ T2926] bridge_slave_0: left promiscuous mode
[  250.003651][ T2926] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.315708][ T5302] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  250.344764][ T5245] Bluetooth: hci1: command tx timeout
[  250.481744][ T5302] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  250.508756][ T5302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  250.520453][ T5302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  250.531795][ T5302] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  250.546615][ T5302] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  250.558920][ T2926] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  250.563251][ T5302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.579346][ T5302] usb 5-1: config 0 descriptor??
[  250.608615][ T2926] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  250.623882][ T2926] bond0 (unregistering): Released all slaves
[  250.730522][ T9171] hsr_slave_0: entered promiscuous mode
[  250.738532][ T9171] hsr_slave_1: entered promiscuous mode
[  250.755412][ T9171] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  250.772837][ T9171] Cannot create hsr debugfs directory
[  251.009354][ T5302] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  251.032737][ T5302] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  251.042505][ T5302] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  251.071200][ T5302] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  251.288850][  T939] usb 5-1: USB disconnect, device number 42
[  251.420264][ T2926] hsr_slave_0: left promiscuous mode
[  251.440312][ T2926] hsr_slave_1: left promiscuous mode
[  251.465564][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  251.493421][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_0
[  251.507050][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  251.520810][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_1
[  251.566850][ T2926] veth1_macvtap: left promiscuous mode
[  251.572518][ T2926] veth0_macvtap: left promiscuous mode
[  251.584463][ T2926] veth1_vlan: left promiscuous mode
[  251.594114][ T2926] veth0_vlan: left promiscuous mode
[  251.717493][ T4625] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  251.732740][ T4625] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  251.744322][ T4625] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  251.759312][ T4625] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  251.773140][ T4625] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  251.783497][ T4625] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  251.968961][   T29] audit: type=1800 audit(1727696315.527:213): pid=9271 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1012" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  252.029206][   T29] audit: type=1326 audit(1727696315.577:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.4.1012" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  252.133944][ T9272] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1012'.
[  252.426151][ T4625] Bluetooth: hci1: command tx timeout
[  252.551865][ T2926] team0 (unregistering): Port device team_slave_1 removed
[  252.619420][ T2926] team0 (unregistering): Port device team_slave_0 removed
[  252.896540][   T29] audit: type=1326 audit(1727696316.457:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9274 comm="syz.4.1014" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  253.062628][ T5245] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  253.075529][ T5245] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  253.088873][ T5245] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  253.110095][ T5245] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  253.120328][ T5245] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  253.128191][ T5245] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  253.834761][ T9140] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  253.868566][ T4625] Bluetooth: hci0: command tx timeout
[  253.938801][ T9140] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  254.021491][ T9140] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  254.140031][ T9140] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  254.480198][ T9278] chnl_net:caif_netlink_parms(): no params data found
[  254.680344][ T2926] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.758484][ T9269] chnl_net:caif_netlink_parms(): no params data found
[  254.869722][ T2926] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.959888][ T2926] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.092282][ T2926] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.173359][ T9278] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.182879][ T9278] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.193763][ T9278] bridge_slave_0: entered allmulticast mode
[  255.202197][ T9278] bridge_slave_0: entered promiscuous mode
[  255.220674][ T9171] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  255.227611][ T4625] Bluetooth: hci5: command tx timeout
[  255.248899][ T9171] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  255.266720][ T9171] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  255.317092][ T9278] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.324232][ T9278] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.346083][ T9278] bridge_slave_1: entered allmulticast mode
[  255.352689][ T9278] bridge_slave_1: entered promiscuous mode
[  255.414247][ T9171] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  255.481619][ T9269] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.489779][ T9269] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.500960][ T9269] bridge_slave_0: entered allmulticast mode
[  255.508897][ T9269] bridge_slave_0: entered promiscuous mode
[  255.517742][ T9269] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.525355][ T9269] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.532592][ T9269] bridge_slave_1: entered allmulticast mode
[  255.540095][ T9269] bridge_slave_1: entered promiscuous mode
[  255.571319][ T9278] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  255.649812][ T9140] 8021q: adding VLAN 0 to HW filter on device bond0
[  255.669954][ T9278] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  255.729360][ T9269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  255.758533][ T9269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  255.909548][ T9278] team0: Port device team_slave_0 added
[  255.918341][ T9278] team0: Port device team_slave_1 added
[  255.964708][ T4625] Bluetooth: hci0: command tx timeout
[  255.971713][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  255.981485][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  256.001841][ T9140] 8021q: adding VLAN 0 to HW filter on device team0
[  256.202436][ T9269] team0: Port device team_slave_0 added
[  256.259526][ T9269] team0: Port device team_slave_1 added
[  256.310986][ T2893] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.318209][ T2893] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.412978][ T2893] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.420453][ T2893] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.542223][ T2926] bridge_slave_1: left allmulticast mode
[  256.552585][ T2926] bridge_slave_1: left promiscuous mode
[  256.560969][ T2926] bridge0: port 2(bridge_slave_1) entered disabled state
[  256.585213][ T2926] bridge_slave_0: left allmulticast mode
[  256.591068][ T2926] bridge_slave_0: left promiscuous mode
[  256.627243][ T2926] bridge0: port 1(bridge_slave_0) entered disabled state
[  256.784857][ T5303] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  256.975318][ T5303] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  256.992530][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  257.006175][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  257.018611][ T5303] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  257.032128][ T5303] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  257.055391][ T5303] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.066230][ T5303] usb 5-1: config 0 descriptor??
[  257.306466][ T4625] Bluetooth: hci5: command tx timeout
[  257.480883][ T5303] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  257.499325][ T2926] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  257.501026][ T5303] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0
[  257.522169][ T2926] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  257.534171][ T5303] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[  257.536550][ T2926] bond0 (unregistering): Released all slaves
[  257.553491][ T5303] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  257.602816][ T2926] bond1 (unregistering): Released all slaves
[  257.623139][ T9278] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.638198][ T9278] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.669206][ T9278] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  257.704862][ T9278] batman_adv: batadv0: Adding interface: batadv_slave_1
[  257.711909][ T9278] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  257.747776][ T9278] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  257.820190][ T5237] usb 5-1: USB disconnect, device number 43
[  257.957180][ T9269] batman_adv: batadv0: Adding interface: batadv_slave_0
[  257.964172][ T9269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.004362][ T9269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.030190][ T4625] Bluetooth: hci0: command tx timeout
[  258.052602][ T9269] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.060206][ T9269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.088985][ T9269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.168690][ T9269] hsr_slave_0: entered promiscuous mode
[  258.180025][ T9269] hsr_slave_1: entered promiscuous mode
[  258.365074][ T9171] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.381720][ T9171] 8021q: adding VLAN 0 to HW filter on device team0
[  258.401032][ T2893] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.408193][ T2893] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.468484][ T2893] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.475903][ T2893] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.530153][ T9140] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  258.542038][ T9140] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  258.631597][ T9349] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1020'.
[  258.684069][ T9278] hsr_slave_0: entered promiscuous mode
[  258.693484][ T9278] hsr_slave_1: entered promiscuous mode
[  258.710096][ T9278] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  258.719451][ T9278] Cannot create hsr debugfs directory
[  258.724704][   T29] audit: type=1326 audit(1727696322.277:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9352 comm="syz.4.1021" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  258.749146][ T9140] 8021q: adding VLAN 0 to HW filter on device batadv0
[  258.767790][ T2926] hsr_slave_0: left promiscuous mode
[  258.775670][ T2926] hsr_slave_1: left promiscuous mode
[  258.784340][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  258.802083][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_0
[  258.823545][ T2926] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  258.838251][ T2926] batman_adv: batadv0: Removing interface: batadv_slave_1
[  258.871330][ T2926] veth1_macvtap: left promiscuous mode
[  258.880319][ T2926] veth0_macvtap: left promiscuous mode
[  258.887915][ T2926] veth1_vlan: left promiscuous mode
[  258.895365][ T2926] veth0_vlan: left promiscuous mode
[  259.392514][ T4625] Bluetooth: hci5: command tx timeout
[  259.747994][ T2926] team0 (unregistering): Port device team_slave_1 removed
[  259.766475][ T9358] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1023'.
[  259.828610][ T2926] team0 (unregistering): Port device team_slave_0 removed
[  260.113024][ T4625] Bluetooth: hci0: command tx timeout
[  260.835160][ T9171] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  261.035970][ T9361] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  261.259454][   T29] audit: type=1800 audit(1727696324.817:217): pid=9370 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1025" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  261.267452][ T9140] veth0_vlan: entered promiscuous mode
[  261.296424][ T9171] 8021q: adding VLAN 0 to HW filter on device batadv0
[  261.317086][   T29] audit: type=1326 audit(1727696324.817:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9368 comm="syz.4.1025" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  261.366307][ T9375] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1025'.
[  261.426898][ T9140] veth1_vlan: entered promiscuous mode
[  261.464808][ T4625] Bluetooth: hci5: command tx timeout
[  261.565812][ T9171] veth0_vlan: entered promiscuous mode
[  261.688298][ T9278] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.763336][ T9140] veth0_macvtap: entered promiscuous mode
[  261.782467][ T9171] veth1_vlan: entered promiscuous mode
[  261.823295][ T9140] veth1_macvtap: entered promiscuous mode
[  261.879646][ T9278] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  261.980139][ T9278] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.057500][ T9140] batman_adv: batadv0: Interface activated: batadv_slave_0
[  262.117515][ T9140] batman_adv: batadv0: Interface activated: batadv_slave_1
[  262.221401][ T9278] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  262.260684][ T9393] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1026'.
[  262.368491][ T9140] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  262.391687][ T9140] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  262.409968][ T9140] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  262.434673][ T9140] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  262.499994][ T9171] veth0_macvtap: entered promiscuous mode
[  262.603569][ T9171] veth1_macvtap: entered promiscuous mode
[  262.719555][   T29] audit: type=1326 audit(1727696326.277:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9405 comm="syz.4.1028" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  262.780377][ T2908] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  262.785192][ T9171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  262.792523][ T2908] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.850387][ T9171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  262.883256][ T9171] batman_adv: batadv0: Interface activated: batadv_slave_0
[  262.963592][ T9171] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  262.989981][ T9171] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  263.007958][ T9171] batman_adv: batadv0: Interface activated: batadv_slave_1
[  263.061324][ T9171] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  263.074338][ T2926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.092215][ T2926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.095236][ T9171] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  263.109195][ T9171] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  263.125096][ T9171] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  263.170629][ T9269] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  263.203705][ T9269] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  263.221195][ T9269] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  263.256471][ T9269] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  263.518279][ T9278] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  263.586096][ T9278] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  263.677144][ T2926] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.704367][ T2926] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.734619][ T9278] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  263.757855][ T9278] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  263.809767][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  263.823300][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  263.861635][ T9269] 8021q: adding VLAN 0 to HW filter on device bond0
[  263.934734][ T5302] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  263.960331][ T9269] 8021q: adding VLAN 0 to HW filter on device team0
[  264.009934][ T2893] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.017306][ T2893] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.066255][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.073494][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.114766][ T5302] usb 5-1: Using ep0 maxpacket: 32
[  264.122657][ T5302] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  264.131226][ T5302] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  264.156286][ T5302] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  264.187700][ T5302] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  264.266630][ T5302] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  264.285874][ T5302] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  264.368550][ T5302] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  264.378158][ T5302] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.396247][ T5302] usb 5-1: config 0 descriptor??
[  264.432256][ T9278] 8021q: adding VLAN 0 to HW filter on device bond0
[  264.469536][ T9269] 8021q: adding VLAN 0 to HW filter on device batadv0
[  264.528272][   T29] audit: type=1800 audit(1727696328.077:220): pid=9446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1032" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  264.566993][ T9278] 8021q: adding VLAN 0 to HW filter on device team0
[  264.583247][   T29] audit: type=1326 audit(1727696328.117:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9444 comm="syz.2.1032" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c4277dff9 code=0x0
[  264.661915][ T9450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1032'.
[  264.662678][ T2893] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.678031][ T2893] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.688259][ T5302] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 44 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  264.714908][ T5302] usb 5-1: USB disconnect, device number 44
[  264.728508][ T5302] usblp0: removed
[  264.777605][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.784824][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.957575][ T9269] veth0_vlan: entered promiscuous mode
[  265.022397][ T9269] veth1_vlan: entered promiscuous mode
[  265.094367][ T9269] veth0_macvtap: entered promiscuous mode
[  265.132179][ T9278] 8021q: adding VLAN 0 to HW filter on device batadv0
[  265.157663][ T9269] veth1_macvtap: entered promiscuous mode
[  265.215632][ T5284] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  265.226350][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.249858][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.275589][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  265.329092][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.377538][ T9269] batman_adv: batadv0: Interface activated: batadv_slave_0
[  265.394807][ T5284] usb 5-1: Using ep0 maxpacket: 32
[  265.423287][ T5284] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  265.437812][ T5284] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  265.449557][ T5284] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  265.463670][ T5284] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  265.476286][ T5284] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  265.487214][ T5284] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  265.501574][ T5284] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  265.511656][ T5284] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.522968][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  265.535479][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.546535][ T5284] usb 5-1: config 0 descriptor??
[  265.569775][ T9269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  265.584097][ T9269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  265.616031][ T9269] batman_adv: batadv0: Interface activated: batadv_slave_1
[  265.628735][ T9269] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  265.643193][ T9269] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  265.656392][ T9269] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  265.666381][ T9269] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  265.756752][ T9424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.797467][ T9424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.829500][ T5284] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 45 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  266.082313][ T2908] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.162456][ T5289] IPVS: starting estimator thread 0...
[  266.259025][ T9278] veth0_vlan: entered promiscuous mode
[  266.284712][ T9477] IPVS: using max 23 ests per chain, 55200 per kthread
[  266.299027][ T9481] xt_HMARK: spi-set and port-set can't be combined
[  266.402687][ T2908] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.469976][ T9278] veth1_vlan: entered promiscuous mode
[  266.547269][ T2908] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.578613][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  266.590992][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  266.603908][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  266.621155][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  266.630386][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  266.639776][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  266.653838][ T2893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  266.690246][ T2893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  266.817526][ T2908] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  267.022185][ T9278] veth0_macvtap: entered promiscuous mode
[  267.086655][ T1908] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.100561][ T1908] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.148064][ T9278] veth1_macvtap: entered promiscuous mode
[  267.249824][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.260719][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.262816][    T9] usb 5-1: USB disconnect, device number 45
[  267.270721][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.270745][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.270764][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  267.270776][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.272157][ T9278] batman_adv: batadv0: Interface activated: batadv_slave_0
[  267.374884][ T5284] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  267.405760][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.416803][    T9] usblp0: removed
[  267.422556][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.438781][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.452970][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.473791][ T9278] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  267.484504][ T9278] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.510452][ T9278] batman_adv: batadv0: Interface activated: batadv_slave_1
[  267.551169][ T5284] usb 3-1: Using ep0 maxpacket: 32
[  267.565972][ T5284] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  267.576453][ T5284] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  267.589483][ T5284] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  267.599227][ T5284] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.605203][ T2908] bridge_slave_1: left allmulticast mode
[  267.625966][ T5284] usb 3-1: config 0 descriptor??
[  267.633344][ T2908] bridge_slave_1: left promiscuous mode
[  267.645283][ T5284] hub 3-1:0.0: bad descriptor, ignoring hub
[  267.653511][ T5284] hub 3-1:0.0: probe with driver hub failed with error -5
[  267.664656][ T5284] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  267.670976][ T2908] bridge0: port 2(bridge_slave_1) entered disabled state
[  267.745762][ T2908] bridge_slave_0: left allmulticast mode
[  267.751601][ T2908] bridge_slave_0: left promiscuous mode
[  267.756504][  T939] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  267.770655][ T2908] bridge0: port 1(bridge_slave_0) entered disabled state
[  267.938680][  T939] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.963176][  T939] usb 2-1: config 0 has no interfaces?
[  267.969083][  T939] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  267.978382][  T939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.000912][  T939] usb 2-1: config 0 descriptor??
[  268.277217][ T5239] Bluetooth: hci4: command 0x0406 tx timeout
[  268.555884][ T2908] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  268.593743][ T2908] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  268.657514][ T2908] bond0 (unregistering): Released all slaves
[  268.718388][ T9278] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  268.749805][ T4625] Bluetooth: hci1: command tx timeout
[  268.760550][ T9278] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  268.776530][ T9278] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  268.790143][ T9278] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  268.844199][ T9504] netlink: 'syz.4.1042': attribute type 30 has an invalid length.
[  268.859391][ T9504] (unnamed net_device) (uninitialized): option arp_missed_max: invalid value (0)
[  268.871397][ T9504] (unnamed net_device) (uninitialized): option arp_missed_max: allowed values 1 - 255
[  269.272327][ T9485] chnl_net:caif_netlink_parms(): no params data found
[  269.508750][ T2908] hsr_slave_0: left promiscuous mode
[  269.533292][ T2908] hsr_slave_1: left promiscuous mode
[  269.547936][ T2908] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  269.563468][ T2908] batman_adv: batadv0: Removing interface: batadv_slave_0
[  269.591374][ T2908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  269.599711][ T2908] batman_adv: batadv0: Removing interface: batadv_slave_1
[  269.687180][ T2908] veth1_macvtap: left promiscuous mode
[  269.692707][ T2908] veth0_macvtap: left promiscuous mode
[  269.711302][ T2908] veth1_vlan: left promiscuous mode
[  269.720711][ T2908] veth0_vlan: left promiscuous mode
[  270.285652][    T9] usb 3-1: USB disconnect, device number 38
[  270.542121][ T5303] usb 2-1: USB disconnect, device number 43
[  270.805450][ T9525] net_ratelimit: 287 callbacks suppressed
[  270.805465][ T9525] netlink: zone id is out of range
[  270.816816][ T9525] netlink: zone id is out of range
[  270.822103][ T9525] netlink: zone id is out of range
[  270.827302][ T4625] Bluetooth: hci1: command tx timeout
[  270.867374][ T9525] netlink: zone id is out of range
[  270.873574][ T9525] netlink: zone id is out of range
[  270.881728][ T9525] netlink: zone id is out of range
[  270.900369][ T9525] netlink: zone id is out of range
[  270.923916][ T9525] netlink: zone id is out of range
[  270.932766][ T9525] netlink: zone id is out of range
[  270.957353][ T9525] netlink: zone id is out of range
[  271.040371][ T5303] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  271.130098][ T9529] IPVS: set_ctl: invalid protocol: 50 224.0.0.2:20003
[  271.196356][ T5303] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  271.212034][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  271.230107][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  271.240874][ T5303] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  271.256897][ T5303] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  271.266992][ T5303] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.278802][ T5303] usb 5-1: config 0 descriptor??
[  271.497855][ T2908] team0 (unregistering): Port device team_slave_1 removed
[  271.591397][ T2908] team0 (unregistering): Port device team_slave_0 removed
[  271.702130][ T5303] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0
[  271.724195][ T5303] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0
[  271.734314][ T5303] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  271.784012][ T5303] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  272.532168][  T939] usb 5-1: USB disconnect, device number 46
[  272.809380][ T9485] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.815760][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.861145][ T9485] bridge0: port 1(bridge_slave_0) entered disabled state
[  272.874051][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.906600][ T4625] Bluetooth: hci1: command tx timeout
[  273.017725][ T9485] bridge_slave_0: entered allmulticast mode
[  273.026293][ T9485] bridge_slave_0: entered promiscuous mode
[  273.043132][ T9485] bridge0: port 2(bridge_slave_1) entered blocking state
[  273.089862][ T9485] bridge0: port 2(bridge_slave_1) entered disabled state
[  273.112995][ T9485] bridge_slave_1: entered allmulticast mode
[  273.145417][ T9485] bridge_slave_1: entered promiscuous mode
[  273.213278][ T2926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  273.221235][ T2926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  273.433507][ T9485] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  273.566450][ T9485] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  273.686370][ T9559] syz_tun: entered promiscuous mode
[  273.691803][ T9559] macvtap1: entered promiscuous mode
[  273.744338][ T9559] macvtap1: entered allmulticast mode
[  273.767813][ T9559] syz_tun: entered allmulticast mode
[  273.817999][ T9559] syz_tun: left allmulticast mode
[  273.828213][ T9559] syz_tun: left promiscuous mode
[  274.097261][ T9485] team0: Port device team_slave_0 added
[  274.128607][ T9485] team0: Port device team_slave_1 added
[  274.258719][ T9485] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.280690][   T29] audit: type=1326 audit(1727696337.827:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9565 comm="syz.4.1055" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52a897dff9 code=0x0
[  274.302934][ T9485] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.344059][ T9485] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  274.359093][ T9485] batman_adv: batadv0: Adding interface: batadv_slave_1
[  274.368516][ T9485] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.394566][    C1] vkms_vblank_simulate: vblank timer overrun
[  274.405447][ T9485] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  274.469486][ T9566] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1055'.
[  274.482203][ T9566] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1055'.
[  274.566692][ T9485] hsr_slave_0: entered promiscuous mode
[  274.625747][ T9485] hsr_slave_1: entered promiscuous mode
[  274.666706][ T9485] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  274.713478][ T9485] Cannot create hsr debugfs directory
[  274.984990][ T4625] Bluetooth: hci1: command tx timeout
[  275.857367][ T9602] vlan2: entered allmulticast mode
[  275.921884][ T9604] vlan2: entered allmulticast mode
[  276.124169][ T9485] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  276.174270][ T9485] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  276.183196][    T8] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  276.200054][ T9485] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  276.216056][ T9485] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  276.220197][ T9612] binder: 9611:9612 ioctl 800454df 20000200 returned -22
[  276.329438][ T9485] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.357055][    T8] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  276.370926][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  276.383094][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  276.393911][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  276.407284][    T8] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  276.416817][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.432294][    T8] usb 5-1: config 0 descriptor??
[  276.470351][ T9485] 8021q: adding VLAN 0 to HW filter on device team0
[  276.616524][   T29] audit: type=1800 audit(1727696340.177:223): pid=9616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1063" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  276.674096][ T9616] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1063'.
[  276.866883][    T8] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  276.874379][    T8] plantronics 0003:047F:FFFF.000D: unknown main item tag 0x0
[  276.901379][    T8] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  276.941076][    T8] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  277.032157][ T9629] tipc: Started in network mode
[  277.046299][ T9629] tipc: Node identity ac1414aa, cluster identity 4711
[  277.085134][ T9629] tipc: Enabled bearer <udp:s>, priority 10
[  277.110015][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.117126][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  277.129558][    T9] usb 5-1: USB disconnect, device number 47
[  277.213309][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  277.220566][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  277.480154][ T9646] netlink: 'syz.2.1068': attribute type 1 has an invalid length.
[  277.637825][ T9485] 8021q: adding VLAN 0 to HW filter on device batadv0
[  277.908028][ T9485] veth0_vlan: entered promiscuous mode
[  278.025591][ T9485] veth1_vlan: entered promiscuous mode
[  278.192595][ T9485] veth0_macvtap: entered promiscuous mode
[  278.207889][ T5289] tipc: Node number set to 2886997162
[  278.261164][ T9485] veth1_macvtap: entered promiscuous mode
[  278.375374][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.386703][ T9669] net_ratelimit: 290 callbacks suppressed
[  278.386736][ T9669] netlink: set zone limit has 4 unknown bytes
[  278.406699][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.434646][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.471836][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.538803][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  278.555560][ T5289] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  278.559348][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.582303][ T9485] batman_adv: batadv0: Interface activated: batadv_slave_0
[  278.629760][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.653657][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.665742][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.677118][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.718066][ T5289] usb 5-1: Using ep0 maxpacket: 16
[  278.741425][ T9485] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  278.754392][ T9485] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  278.764995][ T5289] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  278.773281][ T5289] usb 5-1: config 0 has no interface number 0
[  278.781293][ T5289] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  278.794924][ T5289] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  278.811035][ T9485] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.812722][ T5289] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  278.841491][ T5289] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  278.850597][ T5289] usb 5-1: Product: syz
[  278.855688][ T5289] usb 5-1: SerialNumber: syz
[  278.865653][ T5289] usb 5-1: config 0 descriptor??
[  278.872954][ T5289] cm109 5-1:0.8: invalid payload size 0, expected 4
[  278.880832][ T5289] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input24
[  278.905046][   T25] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  278.943048][ T9485] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.965863][ T9485] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.974835][ T9485] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.988838][ T9485] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  279.066909][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  279.080074][   T25] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  279.096098][   T25] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  279.117064][   T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  279.128791][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.137012][   T25] usb 2-1: Product: syz
[  279.137042][   T25] usb 2-1: Manufacturer: syz
[  279.137058][   T25] usb 2-1: SerialNumber: syz
[  279.183263][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  279.363615][ T2893] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.396700][ T9663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  279.431663][ T9663] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  279.444316][ T2893] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.483154][  T939] usb 5-1: USB disconnect, device number 48
[  279.539384][  T939] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  279.577688][ T2908] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.607570][ T2908] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  280.032842][ T9688] binder: 9687:9688 unknown command 0
[  280.040037][ T9688] binder: 9687:9688 ioctl c0306201 20004a40 returned -22
[  280.052471][  T939] ==================================================================
[  280.060569][  T939] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x2f/0x140
[  280.069718][  T939] Read of size 8 at addr ffff8880283f0188 by task kworker/0:2/939
[  280.077539][  T939] 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  280.079872][  T939] CPU: 0 UID: 0 PID: 939 Comm: kworker/0:2 Not tainted 6.12.0-rc1-syzkaller #0
[  280.088825][  T939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  280.098904][  T939] Workqueue: events binder_deferred_func
[  280.104660][  T939] Call Trace:
[  280.107955][  T939]  <TASK>
[  280.110900][  T939]  dump_stack_lvl+0x241/0x360
[  280.115597][  T939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.120814][  T939]  ? __pfx__printk+0x10/0x10
[  280.125425][  T939]  ? _printk+0xd5/0x120
[  280.129586][  T939]  ? __virt_addr_valid+0x183/0x530
[  280.134704][  T939]  ? __virt_addr_valid+0x183/0x530
[  280.139821][  T939]  print_report+0x169/0x550
[  280.144421][  T939]  ? __virt_addr_valid+0x183/0x530
[  280.149533][  T939]  ? __virt_addr_valid+0x183/0x530
[  280.154639][  T939]  ? __virt_addr_valid+0x45f/0x530
[  280.159743][  T939]  ? __phys_addr+0xba/0x170
[  280.164237][  T939]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  280.170558][  T939]  kasan_report+0x143/0x180
[  280.175063][  T939]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  280.181389][  T939]  __list_del_entry_valid_or_report+0x2f/0x140
[  280.187541][  T939]  binder_release_work+0xc7/0x480
[  280.192560][  T939]  binder_deferred_func+0x1275/0x1460
[  280.197932][  T939]  ? process_scheduled_works+0x976/0x1850
[  280.203647][  T939]  process_scheduled_works+0xa63/0x1850
[  280.209200][  T939]  ? __pfx_process_scheduled_works+0x10/0x10
[  280.215185][  T939]  ? assign_work+0x364/0x3d0
[  280.219771][  T939]  worker_thread+0x870/0xd30
[  280.224355][  T939]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  280.230245][  T939]  ? __kthread_parkme+0x169/0x1d0
[  280.235266][  T939]  ? __pfx_worker_thread+0x10/0x10
[  280.240376][  T939]  kthread+0x2f0/0x390
[  280.244442][  T939]  ? __pfx_worker_thread+0x10/0x10
[  280.252341][  T939]  ? __pfx_kthread+0x10/0x10
[  280.256937][  T939]  ret_from_fork+0x4b/0x80
[  280.261367][  T939]  ? __pfx_kthread+0x10/0x10
[  280.265958][  T939]  ret_from_fork_asm+0x1a/0x30
[  280.270738][  T939]  </TASK>
[  280.273750][  T939] 
[  280.277667][  T939] Allocated by task 9688:
[  280.281993][  T939]  kasan_save_track+0x3f/0x80
[  280.286676][  T939]  __kasan_kmalloc+0x98/0xb0
[  280.291264][  T939]  __kmalloc_cache_noprof+0x19c/0x2c0
[  280.296647][  T939]  binder_ioctl_write_read+0xe7f/0xb560
[  280.302201][  T939]  binder_ioctl+0x436/0x1cc0
[  280.306790][  T939]  __se_sys_ioctl+0xf9/0x170
[  280.311375][  T939]  do_syscall_64+0xf3/0x230
[  280.315874][  T939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.321764][  T939] 
[  280.324076][  T939] Freed by task 939:
[  280.327953][  T939]  kasan_save_track+0x3f/0x80
[  280.332626][  T939]  kasan_save_free_info+0x40/0x50
[  280.337646][  T939]  __kasan_slab_free+0x59/0x70
[  280.342492][  T939]  kfree+0x1a0/0x440
[  280.346383][  T939]  binder_deferred_func+0x11df/0x1460
[  280.351742][  T939]  process_scheduled_works+0xa63/0x1850
[  280.357369][  T939]  worker_thread+0x870/0xd30
[  280.361958][  T939]  kthread+0x2f0/0x390
[  280.366102][  T939]  ret_from_fork+0x4b/0x80
[  280.370514][  T939]  ret_from_fork_asm+0x1a/0x30
[  280.375270][  T939] 
[  280.377584][  T939] The buggy address belongs to the object at ffff8880283f0180
[  280.377584][  T939]  which belongs to the cache kmalloc-64 of size 64
[  280.391452][  T939] The buggy address is located 8 bytes inside of
[  280.391452][  T939]  freed 64-byte region [ffff8880283f0180, ffff8880283f01c0)
[  280.404988][  T939] 
[  280.407303][  T939] The buggy address belongs to the physical page:
[  280.413707][  T939] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x283f0
[  280.422467][  T939] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  280.429911][  T939] page_type: f5(slab)
[  280.434059][  T939] raw: 00fff00000000000 ffff88801ac418c0 ffffea000097a700 dead000000000007
[  280.442632][  T939] raw: 0000000000000000 0000000080200020 00000001f5000000 0000000000000000
[  280.451201][  T939] page dumped because: kasan: bad access detected
[  280.457605][  T939] page_owner tracks the page as allocated
[  280.463300][  T939] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 11, tgid 11 (kworker/u8:0), ts 7998696757, free_ts 0
[  280.481277][  T939]  post_alloc_hook+0x1f3/0x230
[  280.486050][  T939]  get_page_from_freelist+0x3045/0x3190
[  280.491732][  T939]  __alloc_pages_noprof+0x256/0x6c0
[  280.496929][  T939]  alloc_pages_mpol_noprof+0x3e8/0x680
[  280.502384][  T939]  alloc_slab_page+0x6a/0x120
[  280.507238][  T939]  allocate_slab+0x5a/0x2f0
[  280.511737][  T939]  ___slab_alloc+0xcd1/0x14b0
[  280.516419][  T939]  __slab_alloc+0x58/0xa0
[  280.520743][  T939]  __kmalloc_node_noprof+0x286/0x440
[  280.526019][  T939]  __vmalloc_node_range_noprof+0x5c3/0x13f0
[  280.531899][  T939]  dup_task_struct+0x444/0x8c0
[  280.536660][  T939]  copy_process+0x5d1/0x3d50
[  280.541245][  T939]  kernel_clone+0x226/0x8f0
[  280.545741][  T939]  user_mode_thread+0x132/0x1a0
[  280.550583][  T939]  call_usermodehelper_exec_work+0x5c/0x230
[  280.556475][  T939]  process_scheduled_works+0xa63/0x1850
[  280.562016][  T939] page_owner free stack trace missing
[  280.567376][  T939] 
[  280.569686][  T939] Memory state around the buggy address:
[  280.575302][  T939]  ffff8880283f0080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  280.583379][  T939]  ffff8880283f0100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  280.591443][  T939] >ffff8880283f0180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  280.599508][  T939]                       ^
[  280.603838][  T939]  ffff8880283f0200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  280.611987][  T939]  ffff8880283f0280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[  280.620287][  T939] ==================================================================
[  280.630438][  T939] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  280.637662][  T939] CPU: 0 UID: 0 PID: 939 Comm: kworker/0:2 Not tainted 6.12.0-rc1-syzkaller #0
[  280.646622][  T939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  280.657195][  T939] Workqueue: events binder_deferred_func
[  280.662860][  T939] Call Trace:
[  280.666160][  T939]  <TASK>
[  280.669102][  T939]  dump_stack_lvl+0x241/0x360
[  280.673811][  T939]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.679027][  T939]  ? __pfx__printk+0x10/0x10
[  280.683626][  T939]  ? vscnprintf+0x5d/0x90
[  280.687959][  T939]  panic+0x349/0x880
[  280.691964][  T939]  ? check_panic_on_warn+0x21/0xb0
[  280.697069][  T939]  ? __pfx_panic+0x10/0x10
[  280.701503][  T939]  ? mark_lock+0x9a/0x360
[  280.705843][  T939]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  280.711767][  T939]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  280.717681][  T939]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  280.724018][  T939]  ? print_report+0x502/0x550
[  280.728706][  T939]  check_panic_on_warn+0x86/0xb0
[  280.733652][  T939]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  280.739986][  T939]  end_report+0x77/0x160
[  280.744245][  T939]  kasan_report+0x154/0x180
[  280.748776][  T939]  ? __list_del_entry_valid_or_report+0x2f/0x140
[  280.755143][  T939]  __list_del_entry_valid_or_report+0x2f/0x140
[  280.761419][  T939]  binder_release_work+0xc7/0x480
[  280.766466][  T939]  binder_deferred_func+0x1275/0x1460
[  280.771843][  T939]  ? process_scheduled_works+0x976/0x1850
[  280.777570][  T939]  process_scheduled_works+0xa63/0x1850
[  280.783133][  T939]  ? __pfx_process_scheduled_works+0x10/0x10
[  280.789132][  T939]  ? assign_work+0x364/0x3d0
[  280.793733][  T939]  worker_thread+0x870/0xd30
[  280.798347][  T939]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  280.804279][  T939]  ? __kthread_parkme+0x169/0x1d0
[  280.809313][  T939]  ? __pfx_worker_thread+0x10/0x10
[  280.814436][  T939]  kthread+0x2f0/0x390
[  280.818522][  T939]  ? __pfx_worker_thread+0x10/0x10
[  280.823641][  T939]  ? __pfx_kthread+0x10/0x10
[  280.828260][  T939]  ret_from_fork+0x4b/0x80
[  280.832705][  T939]  ? __pfx_kthread+0x10/0x10
[  280.837306][  T939]  ret_from_fork_asm+0x1a/0x30
[  280.842096][  T939]  </TASK>
[  280.845530][  T939] Kernel Offset: disabled
[  280.849855][  T939] Rebooting in 86400 seconds..