last executing test programs:

2m6.674090631s ago: executing program 2 (id=3066):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="180800002008ffb0000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000200000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe0000000066090000fdffffffdbaaf0ff50000000bf8600000000000007080000c8070000bfa400000000000007040000f0ffffffd50000000800000018220000", @ANYRES32=r1, @ANYBLOB="000000000600000007000000080000004608f0ff760000005d9800000000000056080000020000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x68, '\x00', 0x0, @fallback=0x9, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m5.226882198s ago: executing program 0 (id=3068):
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x88}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$isdn(0x22, 0x2, 0x25)
r2 = socket$isdn(0x22, 0x2, 0x22)
dup3(r1, r2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_open_procfs(0x0, 0x0)
setgroups(0x0, &(0x7f0000000080))
read$FUSE(r4, &(0x7f0000003440)={0x2020}, 0x2020)
syz_open_dev$cec(0x0, 0x0, 0x180)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @local}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f0000000300)=0x2)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x77, &(0x7f00000000c0)=ANY=[@ANYRES32=r7], 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000002f40), 0x1, 0x0)
write$binfmt_register(r9, &(0x7f0000002f80)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x10001, 0x3a, '/dev/kvm\x00', 0x3a, '/dev/vhost-vsock\x00', 0x3a, './file0'}, 0x41)
getpeername(r8, 0x0, &(0x7f0000001180))

2m5.129149293s ago: executing program 2 (id=3069):
preadv2(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000540)=""/10, 0xa}], 0x1, 0x5, 0x80, 0x1c)
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_io_uring_setup(0x499, &(0x7f0000000100)={0x0, 0xf7c9, 0x80, 0x1, 0x27d}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x50, 0x10, 0x403, 0x300, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10010}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xf, 0x35}}]}}}, @IFLA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0xc810)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r0, 0x26c8, 0x0, 0x1, 0x0, 0x10)

2m2.866680312s ago: executing program 0 (id=3072):
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)='N', 0x1, 0x80, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000300)=""/39, 0x27}, {&(0x7f0000000540)=""/29, 0x1d}], 0x2}, 0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c030000160001000000000000000000fc010000000000000000000000000000fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141400000000000000000000000000000000076c000000ac14140000000000000000000000000000000000000000000000000000000000000800"/123], 0x34c}}, 0x0)

2m2.860825793s ago: executing program 2 (id=3073):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r2, @ANYBLOB="f5ff1b59ee5355b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000305000000000007000000000000", @ANYRES32=0x0, @ANYBLOB="0003311b51130000140012800b00010062726964676500000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)

2m2.776155415s ago: executing program 0 (id=3074):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x40002006})
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x6, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3010000}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x2000, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m1.596881196s ago: executing program 0 (id=3077):
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$vim2m(&(0x7f00000000c0), 0xfffffffffffff630, 0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000100)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x42000)
ioctl$SNDRV_PCM_IOCTL_XRUN(r1, 0x4148, 0x0)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000240), 0x2400, 0x0)
read$msr(r2, &(0x7f0000000300)=""/136, 0x88)
ioctl$SNDRV_PCM_IOCTL_DROP(r2, 0x4143, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0xfffb}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff)
readv(r4, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/214, 0xd6}], 0x1)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0, 0x114}], 0x1}, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x400200)
socket$pppl2tp(0x18, 0x1, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0)
mount$binder(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1026864, &(0x7f00000001c0)=ANY=[@ANYBLOB='max=-', @ANYRESOCT])
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)

1m58.821784067s ago: executing program 2 (id=3080):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d1d7a440041601801f4401020301090212"], 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_SCRNMAP(r0, 0x4b52, &(0x7f0000000000))

1m58.715831299s ago: executing program 0 (id=3081):
ioctl$SNDCTL_DSP_GETTRIGGER(0xffffffffffffffff, 0x80045010, &(0x7f00000000c0))
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
r1 = syz_open_dev$amidi(0x0, 0x2, 0x181)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x40045731, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000400)={0x24, 0x0, 0x0, &(0x7f0000001000)=ANY=[@ANYBLOB="00220500000083"], 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="400302000000f809291f06c391214bf5f9729320d4fb0a0212b2b30486074b3e54700cfacccca4447b6c37959f5b55908336272d5ef01f78d8687eb61218a15df71cf6bb8996c06a762f8ffca87d9d903f3463526f3ae1687059571cf1a6214bb0b4c23d845ce3d44dbdbe"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
getsockopt$bt_hci(r3, 0x0, 0x3, &(0x7f0000000300)=""/203, &(0x7f0000000440)=0xcb)
ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1})
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)

1m56.575221181s ago: executing program 2 (id=3085):
preadv2(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000540)=""/10, 0xa}], 0x1, 0x5, 0x80, 0x1c)
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r0 = syz_io_uring_setup(0x499, &(0x7f0000000100)={0x0, 0xf7c9, 0x80, 0x1, 0x27d}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x50, 0x10, 0x403, 0x300, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10010}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0xf, 0x35}}]}}}, @IFLA_LINK={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0xc810)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r0, 0x26c8, 0xea, 0x1, 0x0, 0x10)

1m52.819247278s ago: executing program 0 (id=3098):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000006000000400000004000000041000000", @ANYRES32, @ANYBLOB="0000000000000000004300000000000000ac68c0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)="7a47aa3dcdb26a85f3a4dcf01fe80d2c1a7b37591586fa5a24ee2d29c353f33edcb5ce5f", &(0x7f00000008c0), 0x1003, r0}, 0x38)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
shutdown(r2, 0x1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x13d, @private2, 0xffffffff}], 0x1c)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x36, &(0x7f00000000c0)=[{0x7}, {0x3, 0x5, 0x2c, 0x4}, {0xfac3, 0x2, 0x4, 0x2}, {0x77cf, 0x7f, 0x1, 0x80000001}, {0x7, 0x11, 0xcf, 0x7}]})
getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000340), &(0x7f0000000380)=0x4)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0xffa6, &(0x7f0000000240)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
r5 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x0, 0xd, 0x1, 0x8})
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r0, &(0x7f00000014c0), &(0x7f0000000b40)=""/31}, 0x20)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
fchmod(0xffffffffffffffff, 0x10b)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/comedi1\x00', 0x100, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0xf73a, 0x80009000, 0x100009, 0x2, 0x0, 0x0, 0x1, 0xf, 0xffe, 0x7, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x7fff, 0x3ff, 0x10080, 0x800, 0x1, 0x2, 0xfffffffd, 0x1, 0x7fffffff, 0x7, 0x5, 0x8005]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x15, &(0x7f0000000200)=ANY=[], &(0x7f0000000780)='GPL\x00'}, 0x94)

1m37.205816844s ago: executing program 32 (id=3098):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0500000006000000400000004000000041000000", @ANYRES32, @ANYBLOB="0000000000000000004300000000000000ac68c0", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000140)="7a47aa3dcdb26a85f3a4dcf01fe80d2c1a7b37591586fa5a24ee2d29c353f33edcb5ce5f", &(0x7f00000008c0), 0x1003, r0}, 0x38)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
shutdown(r2, 0x1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e24, 0x13d, @private2, 0xffffffff}], 0x1c)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff}, 0x67)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x36, &(0x7f00000000c0)=[{0x7}, {0x3, 0x5, 0x2c, 0x4}, {0xfac3, 0x2, 0x4, 0x2}, {0x77cf, 0x7f, 0x1, 0x80000001}, {0x7, 0x11, 0xcf, 0x7}]})
getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000340), &(0x7f0000000380)=0x4)
bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r3, &(0x7f0000000040)=ANY=[], 0x6)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000100)={0x0, 0xffa6, &(0x7f0000000240)={&(0x7f0000000280)={0x30, 0x0, 0x1, 0x0, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x0, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x4008000}, 0x9004)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
r5 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x0, 0xd, 0x1, 0x8})
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r0, &(0x7f00000014c0), &(0x7f0000000b40)=""/31}, 0x20)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
fchmod(0xffffffffffffffff, 0x10b)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000300)='/dev/comedi1\x00', 0x100, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f0000000180)={'multiq3\x00', [0xf73a, 0x80009000, 0x100009, 0x2, 0x0, 0x0, 0x1, 0xf, 0xffe, 0x7, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x7fff, 0x3ff, 0x10080, 0x800, 0x1, 0x2, 0xfffffffd, 0x1, 0x7fffffff, 0x7, 0x5, 0x8005]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x15, &(0x7f0000000200)=ANY=[], &(0x7f0000000780)='GPL\x00'}, 0x94)

1m11.072347651s ago: executing program 2 (id=3089):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_aio12_8\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]})
syz_usb_connect(0x5, 0x76, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0xf6, 0x43, 0xf7, 0x20, 0x46d, 0x900, 0x2a74, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb6, 0x9, 0x0, 0x8a, 0x3b, 0xc4}}]}}]}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r1)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x14, r2, 0xc8036ab6d6cbef07, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000180)=@framed={{0x18, 0x2, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x41}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0), r1)

55.862527163s ago: executing program 33 (id=3089):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'aio_aio12_8\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]})
syz_usb_connect(0x5, 0x76, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0xf6, 0x43, 0xf7, 0x20, 0x46d, 0x900, 0x2a74, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xb6, 0x9, 0x0, 0x8a, 0x3b, 0xc4}}]}}]}}, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000440), r1)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x14, r2, 0xc8036ab6d6cbef07, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000180)=@framed={{0x18, 0x2, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x3}, [@call={0x85, 0x0, 0x0, 0x41}, @call={0x85, 0x0, 0x0, 0x2a}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0), r1)

34.498285149s ago: executing program 3 (id=3256):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0100001000130700000000fdfffffffe800000000000000000000000000035fe8000000000000000000000000000aa00000000001900"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000fe8000000000000000000000000000aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000a00000000000000000000005c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000"], 0x14c}}, 0x44000)

34.200947131s ago: executing program 3 (id=3257):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x101, 0xffc, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000f8ff000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000005a027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008ffffffdb01100010010000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

34.099172509s ago: executing program 3 (id=3259):
r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x24, &(0x7f0000000100)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x536, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00')
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000005c0)=@multiplanar_mmap={0x81, 0x4, 0x4, 0x2000, 0x80, {}, {0x2, 0x2, 0x4, 0x7, 0x2, 0x4, "4360c0ba"}, 0x3, 0x1, {0x0}, 0x9})
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, 0x0)
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x280240, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61123400000000006113500000000000bf2000000ae620001500000008ffffffbd0301000000000095000000000000006916320000000000bf67000000000000a406000007ff07006706000002000000070600000ee60000bf050000000000002e650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a2aadfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf736f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000b542a536559eed87b58edcfee83a50077ee0e8fb6e787cb3076dfeeb79f55927fef9651e176b40e64740a01944577caea4ceb9e907cec36a8429445c833b9d24d53dc91f15af1f4a1db9fa452fa3f0b812355aab5b58659ffd56034fdbb169f3e86660acdc65dc699d3e6364a80f45e54d6efcb99b41a080494f842706f3c1716d2e252bf89663393356296d89fbf95aa7966fa700b710008311d6f25e05f77d68799e671d90cb04131742790941d83ffdfa857e9e085a59a78e7a17f008ce55866fcc4de388f270a1ba675f43481bd2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)

32.986924339s ago: executing program 3 (id=3262):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000080)=@ethtool_per_queue_op={0x4b, 0xf, [0x10010001, 0x4, 0x4, 0x4, 0x7, 0x9, 0x57e, 0x8, 0x2, 0x28e8, 0x7, 0x9, 0xff, 0x7ffc, 0x805, 0x74a, 0x80000001, 0x7, 0x0, 0x800, 0xfffffffc, 0x2, 0x1, 0xffff8000, 0x20000091, 0xffffffff, 0x1, 0x400, 0x2, 0x3, 0x8, 0x8, 0xa2, 0x3, 0x7, 0xfff, 0x4, 0xffffffff, 0x4e6, 0xb13, 0xff, 0x1a5a, 0x90, 0x2, 0x4, 0x4, 0x8b, 0xffffff00, 0x8, 0x224, 0xa, 0x6, 0x9, 0x98f, 0x1, 0x80000001, 0xfffffff8, 0x2b6395a6, 0x5510, 0x4, 0x9, 0x5, 0x7, 0x7f, 0x5, 0xaf97, 0x0, 0x1, 0x3ff, 0x5, 0x9dc, 0x0, 0x80b1, 0x80, 0x80000001, 0x9, 0x7, 0x3, 0x4, 0x9, 0x1, 0xd640, 0x7, 0x8, 0x3, 0x1, 0x11, 0x9, 0x401, 0x4, 0x9, 0x5, 0x1, 0xc9, 0x1ff, 0x7, 0x1, 0x4, 0x7fff, 0x8, 0x3, 0x400d07, 0x3, 0x6, 0x2000009, 0x80000001, 0x7, 0x140000, 0x6, 0x2, 0xfffffff9, 0x0, 0x350d, 0x0, 0x7fff, 0x80, 0x103, 0x80000000, 0x7, 0x5, 0x2, 0x9, 0x3, 0x3ff, 0x3, 0x1, 0x3, 0x7]}})
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000080)=@mangle={'mangle\x00', 0x1f, 0x6, 0x560, 0xf0, 0xf0, 0xf0, 0x2d0, 0xf0, 0x510, 0x510, 0x510, 0x510, 0x510, 0x6, 0x0, {[{{@ipv6={@local, @dev={0xfe, 0x80, '\x00', 0x13}, [0xff000000, 0xff, 0xff000000, 0xff], [0x0, 0xffffff00, 0x0, 0xffffffff], 'veth0_vlan\x00', 'veth0_to_batadv\x00', {0xff}, {}, 0x42, 0xd, 0x0, 0x18}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@broadcast, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x38, 0xf, 0x7}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x5, 'syz0\x00', {0x100}}}}, {{@ipv6={@remote, @remote, [0xff, 0xffffffff, 0xff000000, 0xff000000], [0xff000000, 0x0, 0xffffffff], 'team_slave_0\x00', 'wlan0\x00', {}, {}, 0x33, 0x2, 0x1, 0x8}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x19}, 'erspan0\x00', {0x4}}}}, {{@ipv6={@rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, [0xffffff00, 0x0, 0xffffffff], [0xff, 0xff, 0xffffff00, 0xffffffff], 'ip6tnl0\x00', 'veth0_to_team\x00', {0xff}, {}, 0x2b, 0x8, 0x7, 0x20}, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ipv6={@remote, @private2, [0xffffffff, 0xffffffff, 0xffffffff, 0xffffff00], [0x0, 0xff000000, 0xffff00, 0xffffffff], 'veth0_vlan\x00', 'ip6erspan0\x00', {0xff}, {0xff}, 0x2c, 0xb, 0x1, 0x60}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@mcast2, @ipv4=@loopback, 0x6, 0x5, 0x7}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5c0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4048098}, 0x14)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
shutdown(r0, 0x1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e21, 0x4, @empty, 0x6a5d}}, [0x10001, 0x2, 0x5, 0x10, 0x4, 0x0, 0x1ff, 0x3, 0xfffffffffffffffc, 0x6, 0x7, 0x1, 0x5, 0x7, 0x279]}, &(0x7f0000000300)=0x100)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket(0x2, 0xa, 0x300)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r1, 0x89f0, &(0x7f0000000000)={'ip6tnl0\x00', 0x0})
syz_emit_ethernet(0x76, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd600a843500400600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="00020000907800052202080a80000001000000020303002208da6434537ae81312275a6263e43d5959a166a23bd1116edc000000"], 0x0)

32.386068771s ago: executing program 3 (id=3264):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c10000000000000000000", 0x58}], 0x1)

32.036780792s ago: executing program 3 (id=3266):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000ff004f1110f800c5000000a000080000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\8\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
mkdir(0x0, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcl818\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x0, 0x9, 0xe1cb, 0x6, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffd, 0x6, 0x6, 0xffffeadb, 0x3, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]}) (async, rerun: 64)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) (rerun: 64)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
getpid() (async, rerun: 64)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) (rerun: 64)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x22}, 0x94) (async)
add_key$user(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000480), 0x0, 0xffffffffffffffff) (async)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg$unix(r4, &(0x7f0000008f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async, rerun: 32)
write(r4, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) (async, rerun: 32)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
socket$nl_route(0x10, 0x3, 0x0)
r5 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0)
read$FUSE(r5, &(0x7f00000025c0)={0x2020}, 0x2020) (async, rerun: 32)
socket$packet(0x11, 0x2, 0x300) (rerun: 32)

15.446742194s ago: executing program 34 (id=3266):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000ff004f1110f800c5000000a000080000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) (async)
r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\8\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
mkdir(0x0, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'pcl818\x00', [0x4f27, 0x5, 0x2, 0x401, 0x1, 0xcc7, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x802, 0x1600, 0x1, 0x0, 0x9, 0xe1cb, 0x6, 0x4, 0x3, 0x395, 0x80000089, 0xfffffffd, 0x6, 0x6, 0xffffeadb, 0x3, 0x1003c, 0x5, 0x4, 0x8000000, 0x5]}) (async, rerun: 64)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0) (rerun: 64)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
getpid() (async, rerun: 64)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) (rerun: 64)
ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, @fallback=0x22}, 0x94) (async)
add_key$user(&(0x7f0000000300), &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000480), 0x0, 0xffffffffffffffff) (async)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRESDEC], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg$unix(r4, &(0x7f0000008f40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) (async, rerun: 32)
write(r4, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) (async, rerun: 32)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r4)
socket$nl_route(0x10, 0x3, 0x0)
r5 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r5, 0x0)
read$FUSE(r5, &(0x7f00000025c0)={0x2020}, 0x2020) (async, rerun: 32)
socket$packet(0x11, 0x2, 0x300) (rerun: 32)

8.229659151s ago: executing program 6 (id=3317):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x0, 0x300, 0x0, 0x8, 0x300}})
r2 = syz_open_dev$rtc(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000440), 0x220000, 0x0)
ioctl$SNDCTL_DSP_STEREO(r5, 0xc0045003, &(0x7f0000000480)=0x1)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r6, 0xfffffffd)
r7 = accept4(r6, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000001000), 0x581, 0x4000001f, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x1, 0x2, 0xff, 0xa4, 0x0, 0x1, 0x0, 0x5, 0x8, 0x81, 0x0, 0x2, 0x20}, 0xe)
fremovexattr(r2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, 0x0)
syz_usb_connect(0x2, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x110, 0x9b, 0xde, 0x52, 0x10, 0x3923, 0x718a, 0xd8d7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x5, 0x9, 0x40, 0x19, [{{0x9, 0x4, 0x7b, 0x7, 0x2, 0x2d, 0x51, 0xd5, 0x98, [], [{{0x9, 0x5, 0x67037027c940c0eb, 0x2, 0x20, 0x2, 0x2, 0x5}}, {{0x9, 0x5, 0x4, 0x12, 0x3ff, 0x8, 0x9, 0x23}}]}}]}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x72, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x60, 0x2, 0x1, 0x4, 0x20, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "d9449243"}, {0x5, 0x24, 0x0, 0x5}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x100, 0xce75, 0x5}, {0x6, 0x24, 0x1a, 0x69f, 0x3}}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x0, 0x81, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x7, 0xd, 0x60}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x40, 0x7, 0x6}}}}}}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x2, 0x6, 0x4, 0x8, 0x2}, 0x68, &(0x7f0000000100)={0x5, 0xf, 0x68, 0x5, [@ssp_cap={0x18, 0x10, 0xa, 0x3, 0x3, 0x423b85b, 0x0, 0x2, [0xf0, 0x3f00, 0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0xd, "d1cf79374f0cfee0eaeed8cc0f90b268"}, @ssp_cap={0x18, 0x10, 0xa, 0xc, 0x3, 0x7, 0xf, 0x4, [0x30, 0xf0, 0x3f]}, @wireless={0xb, 0x10, 0x1, 0x0, 0xc, 0x57, 0xe6, 0x7, 0x80}, @ss_container_id={0x14, 0x10, 0x4, 0x1, "c99366718d59f7ecbbff12e48ebda314"}]}, 0x4, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x100a}}, {0xe3, &(0x7f0000000200)=@string={0xe3, 0x3, "402983d3a13f1cb8aa8245ea5924c7f4eb3e428eeae96171e8af2e2c90f286ab4e1ac471db797572f5e75d00694757aadfca1b7f9e02aa936105eaa90ce4e708d18b3d849fcd2bca900a4e1328bd0f55f9e817603a4d05232a8c6f393069cd4d8bb5a091f68fca0ee9734779be46bd8ac5077c3a04bb184fb61c8ed13adcb063d97e4a415129a0df6a495c657d0235b5ccf74c1107a862d680bc6d4a6725755ccfcb6dc5ba2a733f5bdf4aba36844810bbe96ff70dc5c82502be64f5bfe713ab0e67975d779882c6eaf80262d3aa13e0631412793e58d86c592fefeabd2f743afc"}}, {0x66, &(0x7f0000000300)=@string={0x66, 0x3, "512c472af8b429b154dc6012aeea2f2add3d9e633de4c65d7acd3ee990a135a3494b902840bbebdb4a5f90dfcf6366663054a284b145ff9682d7aaa6ee29336804e6fa02fbed59a3b6a736f2dc8fb91a777bc1b5602215fd41df75704003fad4efea8d58"}}, {0x21, &(0x7f0000000380)=@string={0x21, 0x3, "a09e0d5444357f3a24520c1ee0bc0b6959894749033f94e55b485e7abe8472"}}]})

7.90730533s ago: executing program 4 (id=3320):
creat(&(0x7f0000000140)='./file0\x00', 0x4) (async)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = creat(&(0x7f0000000080)='./file0\x00', 0x2a)
getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000000), &(0x7f0000000040)=0x4) (async)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000001200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3", @ANYRES8=r2, @ANYRES64=r0], 0x0)

7.228984756s ago: executing program 5 (id=3322):
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0xa0}, 0x1, 0x7}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, &(0x7f0000000300)=""/4096, 0x0, 0x40}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB="00000000000000004400128009000100626f6e6400000000340002800500010004000000050016000000000008001c000000000005000c00000000000a001a"], 0xc3}, 0x1, 0x100000000000000}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000800000008000300", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000018c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x79, 0x1846, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x80}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000400)={0x2c, &(0x7f0000000580)={0x20, 0x15, 0xb, {0xb, 0xe, "af7d6d280f34844e9a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000000200)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x1000000}, 0xfffffffffffffee1, &(0x7f00000001c0)={&(0x7f0000001340)={0x34, r3, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0x0, 0x99, {0x80a9, 0x400000a}}}}, [@NL80211_ATTR_CHANNEL_WIDTH={0x0, 0x9f, 0x3}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2e}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x38}]}, 0x34}, 0x1, 0x0, 0x0, 0x40008c4}, 0x44804)

6.139012926s ago: executing program 1 (id=3324):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000130900010073797a30000000000900030073797a310000000070000000060a010400000000000000000100000008000b400000000048000480440001800b000100657874686472000034000280080001400000000c080003400000000008000440000000220500020007000000080006400000000308000540000000000900010073797a300000000020000000030a010300000000000000000a0000020900030073797a300000000044010000080a01080000000000000000010000073a00074032e97608c07b8f34d704cc507d07a8d4c429672a9b6841e516ce194f03354b3c46a930469ce36ee8391a02352a70d543c633dc17a9d300007900074012119f33dbd27dbba871f33b8206fc0a59dac6df96baf86f3deffa20b8a2b13fa2fbc917a33ad4b9dc903553ff1e7533cd9d1e3f6a3248b10a63552977fab38d9ad7409cbd223b094a0bb6f0884c8839890d122f9b9963668c97749b2304852a8d461ccc39dc307f41ac41688a4f2d64a916dc532d00000008000a40000000000900010073797a300000000009000200", @ANYRES8=r0], 0x248}}, 0x0)

5.944783664s ago: executing program 1 (id=3325):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r2, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000100003041b00"/20, @ANYRES32=0x0, @ANYBLOB="46060900000000001c00128009000100766c616e000000000c000280060001000400000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r4], 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

5.719498373s ago: executing program 1 (id=3326):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x1}}, 0x28)

5.667272232s ago: executing program 4 (id=3327):
r0 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r1, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x24, &(0x7f0000000100)=@bpf_lsm={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x536, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00')
ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f00000005c0)=@multiplanar_mmap={0x81, 0x4, 0x4, 0x2000, 0x80, {}, {0x2, 0x2, 0x4, 0x7, 0x2, 0x4, "4360c0ba"}, 0x3, 0x1, {0x0}, 0x9})
ioctl$BTRFS_IOC_RM_DEV(r5, 0x5000940b, 0x0)
openat(r0, &(0x7f0000000040)='./file0/file0\x00', 0x280240, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61123400000000006113500000000000bf2000001f3119041500000008ffffffbd0301000000000095000000000000006916320000000000bf67000000000000a406000007ff07006706000002000000070600000ee60000bf050000000000002e650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d4301000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9755ba08554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a6538b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c51231422bb8fab4d4d897db2c544c0ec50b8eac8c63d2b1cd06a39702bd547f5ebaa6954f01cef3c9bacec15e2e3b2bd352e93a2aadfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564b8f8a621483fb2a5ff221e0d831d64759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf736f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d8b570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91f0eb18e21dfdab3c84ec11377fbbfd1e000000000000b542a536559eed87b58edcfee83a50077ee0e8fb6e787cb3076dfeeb79f55927fef9651e176b40e64740a01944577caea4ceb9e907cec36a8429445c833b9d24d53dc91f15af1f4a1db9fa452fa3f0b812355aab5b58659ffd56034fdbb169f3e86660acdc65dc699d3e6364a80f45e54d6efcb99b41a080494f842706f3c1716d2e252bf89663393356296d89fbf95aa7966fa700b710008311d6f25e05f77d68799e671d90cb04131742790941d83ffdfa857e9e085a59a78e7a17f008ce55866fcc4de388f270a1ba675f43481bd2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)

5.417760855s ago: executing program 1 (id=3328):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendfile(r0, r0, 0x0, 0x40000f63c)
socket$nl_netfilter(0x10, 0x3, 0xc)
unshare(0x480)
mq_getsetattr(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001540)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x5c}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x38, r5, 0x5, 0x100000, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x10, 0x49, [0xfac0a, 0xfac09, 0xfac0b]}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000800)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x3, &(0x7f0000000400)=@framed={{0x18, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000180)='syzkaller\x00', 0x1, 0x21, &(0x7f0000000240)=""/153}, 0x90)

4.578797733s ago: executing program 4 (id=3329):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x6000, 0x0)
sendmsg$NFNL_MSG_ACCT_NEW(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000680)={0x28, 0x0, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_FLAGS={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x2000c8d1}, 0x20000810)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETRULE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=ANY=[@ANYBLOB="38000000070a01040000000000000000020000080c00034000e6ff00000000020900020073797a32000000000900010073797a30"], 0x38}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f00000005c0)={0x58, r2, 0x20, 0x70bd24, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x82}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4018800}, 0x40c16)
sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10818000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0xf, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x3}, @IPSET_ATTR_INDEX={0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000010}, 0x0)

4.477538364s ago: executing program 6 (id=3330):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x2403, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x9, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, r3, {0x2}}, './file0\x00'})
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x0)

3.833696073s ago: executing program 4 (id=3331):
r0 = socket$inet6(0xa, 0x80002, 0x0) (async)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000340)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000010000000000035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000074109dff3483a9713af42694099b40e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bff", 0xd8}], 0x1}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x40, &(0x7f0000000040)=0x7ff, 0x4)
getsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, 0x0, &(0x7f0000000000))
sendmmsg$inet6(r0, &(0x7f00000030c0)=[{{&(0x7f0000000380)={0xa, 0x4e21, 0xf, @empty, 0xc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001000)="0ffd", 0x2}], 0x1}}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001480)='YT', 0x2}], 0x1}}], 0x3, 0x24008040) (async)
syz_usb_connect(0x1, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12011003cdaf4c082104e382cb4a01020301090212000102f2800d0904560c000202ff06bd079d42a59f19cde3051167109f75d6cd335649923c4c0853fa8611f8ed303a651abb1f1865ba9aacee023853b412a0d4cfecea15f53f0a3e6d5b656a973ba8ea9761fddd150000"], &(0x7f00000005c0)={0x0, 0x0, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="0d1fdcf9014393273202a8f6762cdf4909696337a9c04fc1ca524ba747865256ddc077d37425c89a24183ac31a06499495c4bf6316389f4fbab9e0c0b560702ee962def9438c398197031a9e88008917b78710c1533140c6c637338b397281b89343a69f9af3d855414fc29e4f262f29bb14727d1a021f1cc6762e678a89b71187392cd053b18c8c3449f8e6be79240507ba384917b955d3bdf250869bdd5570aacc1f2a81ae5f623c8d5e42811ec17893368ccff335e9487efa2fc530222ceea465f9c5e0d434b40148a54f39896e3e3a57ae2d299738ad08dd5f92ed4f3dc52e07b06f96a46f32f000138f929fd42b3bfd3011b4a19f04d9af0e64bb35168ff7d85b334094e88366ba9ae1fe7734fffe3cc6330d657f"]})

3.784745611s ago: executing program 5 (id=3332):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4a0, 0xffffffff, 0xe8, 0x0, 0xe8, 0xfeffffff, 0xffffffff, 0x3d0, 0x3d0, 0x3d0, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xff000000, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x4000}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x1d0, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x500)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x30, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x4}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x24044815}, 0x0)

3.712451283s ago: executing program 6 (id=3333):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x15, 0x1c, &(0x7f0000000400)=ANY=[@ANYBLOB="1808000060000000000000000000008018110000", @ANYRES32=r0, @ANYBLOB="00000089ff000000b702000014000000b7030000000000008500000005000000bc0908000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf8620000000000007080000f8ffffffbfa400000000000007040000f0ffffff770000000800000018220000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7050000180000084609f0ff76000000bf9800000000000056080000000018008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.897696193s ago: executing program 6 (id=3334):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000007feffff720af0ff0000020071a4f0ff000000001f030000d80000002e0a0200000000002604fdffffff000e61143800000000001d430000000000007a0a00fe0000001f6114180000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081504507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5e7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927e2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28e6ce4d9791c73c2d37999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fcf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

2.754996798s ago: executing program 5 (id=3335):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000001850000002f000000850000009e0500009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.805556433s ago: executing program 6 (id=3336):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
dup(r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(0x0, 0x45c, 0x40103)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_io_uring_setup(0x88b, &(0x7f0000000140)={0x0, 0x2aee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x4, 0x0, 0x0)

1.577743367s ago: executing program 5 (id=3337):
openat$smackfs_change_rule(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x80, 0x9, 0x2, 0xe05, 0x20000, 0x28e7})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$FOU_CMD_DEL(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x440c4}, 0x880)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x181021, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
ioctl$COMEDI_INSNLIST(r3, 0x8010640b, &(0x7f0000000000)={0xfffffffffffffee6, 0x0})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000a8000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1.208851008s ago: executing program 1 (id=3338):
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be5216344841", 0xe}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50", 0x6}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) (async)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) (async)
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000121"], 0xffe) (async)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) (async)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) (async)
bind$rxrpc(r5, &(0x7f0000000580)=@in4={0x21, 0x0, 0x2, 0x4, {0x2, 0x0, @dev}}, 0x24)

1.10954092s ago: executing program 6 (id=3339):
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0)
syz_open_pts(0xffffffffffffffff, 0x101)
openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x511000, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff9d, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149e82, 0x244)
setresuid(0x0, 0xee01, 0xffffffffffffffff)
write$cgroup_int(r1, &(0x7f0000000000)=0xfe8e, 0x12)
r2 = syz_open_dev$vim2m(0x0, 0x0, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_SOCKET_DREG={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_SOCKET_KEY={0x8, 0x1, 0x1, 0x0, 0x2}]}}}, {0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x3}, @NFTA_NAT_TYPE={0x8}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xa4}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000440)={@local, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0xd}, {[@lsrr={0x83, 0x7, 0xd7, [@multicast2]}, @cipso={0x86, 0x6}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x2, 0x50565559, 0x4, 0xfffffffb, 0x4, 0x6, 0x4, 0x0, 0x4, 0x1, 0x7}})
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

473.622182ms ago: executing program 5 (id=3340):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, 0x0, 0x0)
listen(r0, 0x1)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c10000000000000000000", 0x58}], 0x1)

468.801706ms ago: executing program 4 (id=3341):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0x1003, &(0x7f0000006680))
setresuid(0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000a00000008000300", @ANYRES32=r2, @ANYBLOB="05003901"], 0x44}}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_settings={0xe, 0xfff, @cisco=&(0x7f0000000040)={0x7, 0x1}}})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x8008000000010, &(0x7f0000000180)="17000000020001000003be8c5e687a8a6a003300020100ecff3f0000000300000a0001000098fc5a53d3f5b7e4a96c6b06169da9c0f8d9485bbb6a880a00243c5197b29f9368bdd6c8db0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000000000100000000000080c457681f009cee4a5acb3dac00001fb7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfccebf6ba00085d024f0298e9e90554062a", 0xb8)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))

226.384481ms ago: executing program 1 (id=3342):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = fsopen(&(0x7f00000003c0)='gfs2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r3, &(0x7f0000000100)={0x2, 0x4, @remote}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r4, &(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x0, 0x2, 0x3, 0x3, {0xa, 0x4e24, 0xb4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x1}}}, 0x32)
setsockopt$inet_tcp_int(r3, 0x6, 0x25, &(0x7f0000000140)=0x27a8dfcf, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x3b, &(0x7f0000000000)='/proc/sys/net/ipv4\x00\x00s/sync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd11=\x11\xc8\xdd\x15\xcc\xd2\xf1d\'%\x11c\x91l,'}, 0x30)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0), 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x50bd2f, 0xfffffffc, {0x60, 0x0, 0x0, r2, {0xffe0, 0x8}, {0xffff, 0xd}, {0x0, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x3004408c)

109.581748ms ago: executing program 4 (id=3343):
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={0x0, 0x58}, 0x1, 0x0, 0x0, 0x8010}, 0x10)
mlock2(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0)
mlock2(&(0x7f0000006000/0x1000)=nil, 0x1000, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(0xffffffffffffffff, 0x8911, &(0x7f0000000000)={'ip6gretap0\x00', @ifru_mtu=0x6})
r2 = mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x6, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r2)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
syz_open_procfs(0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$cec(&(0x7f0000000680), 0x0, 0x0)
r4 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r3)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r4, &(0x7f0000000580)='fd/3\x00')

0s ago: executing program 5 (id=3344):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000100)={0x18, 0x0, {0x3, @random="c0c13c2baeb6", 'hsr0\x00'}}, 0x1e)
sendmmsg$sock(r0, &(0x7f0000001dc0), 0x213, 0x100000000000000)

kernel console output (not intermixed with test programs):

AGS: 00000246 ORIG_RAX: 0000000000000130
[ 1086.315499][T16020] RAX: ffffffffffffffda RBX: 00007ffa727b5fa0 RCX: 00007ffa7258e9a9
[ 1086.315512][T16020] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000003
[ 1086.315522][T16020] RBP: 00007ffa73472090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.315533][T16020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1086.315543][T16020] R13: 0000000000000000 R14: 00007ffa727b5fa0 R15: 00007ffc45fe02e8
[ 1086.315567][T16020]  </TASK>
[ 1087.153269][T16030] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2889'.
[ 1087.201275][T16029] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2889'.
[ 1087.687050][   T24] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[ 1087.955775][   T24] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[ 1088.251893][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1088.432095][   T24] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1088.442613][T16044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2893'.
[ 1088.526779][   T24] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1088.535021][   T24] usb 2-1: Product: syz
[ 1088.588856][   T24] usb 2-1: Manufacturer: syz
[ 1088.593536][   T24] usb 2-1: SerialNumber: syz
[ 1088.650127][   T24] usb 2-1: config 0 descriptor??
[ 1088.869616][   T24] usb 2-1: selecting invalid altsetting 0
[ 1089.723767][ T6930] usb 2-1: USB disconnect, device number 43
[ 1090.415889][T16070] FAULT_INJECTION: forcing a failure.
[ 1090.415889][T16070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1090.445438][T16070] CPU: 0 UID: 0 PID: 16070 Comm: syz.0.2903 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1090.445466][T16070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1090.445479][T16070] Call Trace:
[ 1090.445487][T16070]  <TASK>
[ 1090.445495][T16070]  dump_stack_lvl+0x189/0x250
[ 1090.445523][T16070]  ? __pfx____ratelimit+0x10/0x10
[ 1090.445545][T16070]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1090.445569][T16070]  ? __pfx__printk+0x10/0x10
[ 1090.445595][T16070]  ? __might_fault+0xb0/0x130
[ 1090.445628][T16070]  should_fail_ex+0x414/0x560
[ 1090.445655][T16070]  _copy_from_user+0x2d/0xb0
[ 1090.445685][T16070]  do_handle_open+0x4a0/0x850
[ 1090.445715][T16070]  ? __pfx_do_handle_open+0x10/0x10
[ 1090.445738][T16070]  ? ksys_write+0x22a/0x250
[ 1090.445758][T16070]  ? __pfx_ksys_write+0x10/0x10
[ 1090.445774][T16070]  ? rcu_is_watching+0x15/0xb0
[ 1090.445801][T16070]  ? do_syscall_64+0xbe/0x3b0
[ 1090.445828][T16070]  do_syscall_64+0xfa/0x3b0
[ 1090.445849][T16070]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1090.445869][T16070]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.445890][T16070]  ? clear_bhb_loop+0x60/0xb0
[ 1090.445914][T16070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1090.445934][T16070] RIP: 0033:0x7f1fddd8e9a9
[ 1090.445952][T16070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1090.445970][T16070] RSP: 002b:00007f1fdec71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 1090.445991][T16070] RAX: ffffffffffffffda RBX: 00007f1fddfb5fa0 RCX: 00007f1fddd8e9a9
[ 1090.446006][T16070] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000003
[ 1090.446019][T16070] RBP: 00007f1fdec71090 R08: 0000000000000000 R09: 0000000000000000
[ 1090.446031][T16070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1090.446044][T16070] R13: 0000000000000000 R14: 00007f1fddfb5fa0 R15: 00007ffffb4e0518
[ 1090.446076][T16070]  </TASK>
[ 1090.451585][ T7195] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1090.478736][ T7217] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1091.115861][T16080] netlink: 'syz.0.2907': attribute type 7 has an invalid length.
[ 1091.306042][T16082] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[ 1091.312708][T16082] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1091.371056][T16082] vhci_hcd vhci_hcd.0: Device attached
[ 1091.373031][T16080] : entered promiscuous mode
[ 1091.492637][T16086] vhci_hcd: connection closed
[ 1091.513697][   T37] vhci_hcd: stop threads
[ 1091.534274][   T37] vhci_hcd: release socket
[ 1091.546823][T12347] vhci_hcd: vhci_device speed not set
[ 1091.564350][   T37] vhci_hcd: disconnect device
[ 1091.606755][T12347] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[ 1091.621997][T12347] usb 33-1: enqueue for inactive port 0
[ 1091.759554][T12347] vhci_hcd: vhci_device speed not set
[ 1092.261442][T16104] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2909'.
[ 1092.377367][T16104] vlan1: entered promiscuous mode
[ 1092.467617][T16104] gretap0: entered promiscuous mode
[ 1092.524419][   T24] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[ 1092.677342][   T24] usb 3-1: device descriptor read/64, error -71
[ 1092.726797][ T6930] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1092.736499][T16111] sp0: Synchronizing with TNC
[ 1092.753187][T16110] [U] �
[ 1092.887619][ T6930] usb 2-1: Using ep0 maxpacket: 32
[ 1092.903809][ T6930] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1092.925726][ T6930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1092.945316][   T24] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[ 1093.002717][ T6930] usb 2-1: Product: syz
[ 1093.109723][ T6930] usb 2-1: Manufacturer: syz
[ 1093.170507][   T24] usb 3-1: device descriptor read/64, error -71
[ 1093.256723][ T6930] usb 2-1: SerialNumber: syz
[ 1093.320818][   T24] usb usb3-port1: attempt power cycle
[ 1093.509425][ T6930] usb 2-1: config 0 descriptor??
[ 1093.536017][ T6930] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1093.837954][T16125] loop6: detected capacity change from 0 to 524287999
[ 1093.928973][T16126] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 1093.936287][T16126] IPv6: NLM_F_CREATE should be set when creating new route
[ 1093.996845][   T24] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[ 1094.333508][ T6930] gspca_topro: reg_w err -110
[ 1094.366762][ T6930] gspca_topro: Sensor soi763a
[ 1094.505166][   T24] usb 3-1: device descriptor read/8, error -71
[ 1094.679927][   T30] audit: type=1326 audit(1753866762.002:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16133 comm="syz.4.2921" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f08f8e9a9 code=0x0
[ 1094.787587][   T24] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[ 1094.940733][   T24] usb 3-1: device descriptor read/8, error -71
[ 1095.178780][   T24] usb usb3-port1: unable to enumerate USB device
[ 1096.509438][  T967] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1096.606829][   T30] audit: type=1800 audit(1753866763.172:382): pid=16151 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.2.2924" name="bus" dev="overlay" ino=3158 res=0 errno=0
[ 1096.731108][T16153] netlink: 'syz.4.2922': attribute type 1 has an invalid length.
[ 1096.731156][T16153] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2922'.
[ 1096.785645][   T24] usb 2-1: USB disconnect, device number 44
[ 1096.838143][  T967] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1097.126984][T16161] netlink: 596 bytes leftover after parsing attributes in process `syz.4.2927'.
[ 1100.972136][ T5156] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1100.983728][ T7203] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1100.997124][ T5156] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1101.016956][ T5156] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1101.035581][ T5156] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1101.043545][ T5156] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1101.185386][T13547] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1101.208027][T13547] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1101.215426][T13547] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1101.224451][T13547] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1101.232305][T13547] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1101.285088][T16198] lo speed is unknown, defaulting to 1000
[ 1101.328457][   T24] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1101.679847][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1101.885728][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1101.954493][   T24] usb 1-1: can't read configurations, error -61
[ 1102.177225][   T24] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1102.394754][ T7203] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1102.732553][ T7203] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1102.894903][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1102.927505][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1102.935230][   T24] usb 1-1: can't read configurations, error -61
[ 1102.943342][ T7203] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1102.957187][   T24] usb usb1-port1: attempt power cycle
[ 1103.031923][T16219] xt_bpf: check failed: parse error
[ 1103.318379][ T5156] Bluetooth: hci3: command tx timeout
[ 1103.398855][   T24] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1103.473176][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1103.670586][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1103.687005][   T24] usb 1-1: can't read configurations, error -61
[ 1103.838055][   T24] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 1103.900894][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1103.986351][   T24] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1104.099540][   T24] usb 1-1: can't read configurations, error -61
[ 1104.122357][   T24] usb usb1-port1: unable to enumerate USB device
[ 1104.433265][T16198] chnl_net:caif_netlink_parms(): no params data found
[ 1104.786753][   T24] usb 4-1: new full-speed USB device number 61 using dummy_hcd
[ 1105.429354][ T5156] Bluetooth: hci3: command tx timeout
[ 1105.667947][ T7203] bridge_slave_1: left allmulticast mode
[ 1105.685194][ T7203] bridge_slave_1: left promiscuous mode
[ 1106.311071][ T7203] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1106.342433][ T7203] bridge_slave_0: left allmulticast mode
[ 1106.396810][ T7203] bridge_slave_0: left promiscuous mode
[ 1106.409872][ T7203] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1106.419617][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1106.447009][   T24] usb 4-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[ 1106.456114][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1106.484473][   T24] usb 4-1: config 0 descriptor??
[ 1106.502765][ T7203] vlan2: left promiscuous mode
[ 1106.515987][ T7203] bridge0: left promiscuous mode
[ 1106.541546][ T7203] bridge3: port 1(vlan2) entered disabled state
[ 1107.017752][   T24] sigmamicro 0003:1C4F:0059.0018: item fetching failed at offset 0/5
[ 1107.037414][   T24] sigmamicro 0003:1C4F:0059.0018: probe with driver sigmamicro failed with error -22
[ 1107.486801][ T5156] Bluetooth: hci3: command tx timeout
[ 1108.512718][ T7203] bond2 (unregistering): (slave bridge2): Releasing backup interface
[ 1108.610517][ T7203] bond3 (unregistering): (slave bridge4): Releasing backup interface
[ 1108.870175][ T7203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1108.881127][ T7203] bond_slave_0: left promiscuous mode
[ 1108.890762][ T7203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1108.900287][ T7203] bond_slave_1: left promiscuous mode
[ 1108.908589][ T7203] bond0 (unregistering): Released all slaves
[ 1109.018552][ T7203] bond1 (unregistering): (slave veth0_to_bond): Releasing active interface
[ 1109.029766][ T7203] bond1 (unregistering): Released all slaves
[ 1109.047941][ T7203] bond2 (unregistering): Released all slaves
[ 1109.061786][ T7203] bond3 (unregistering): Released all slaves
[ 1109.107601][T16244] wg2: left promiscuous mode
[ 1109.113570][T16244] wg2: left allmulticast mode
[ 1109.129796][T16248] wg2: entered promiscuous mode
[ 1109.140485][T16248] wg2: entered allmulticast mode
[ 1109.217965][T16265] wg2: left promiscuous mode
[ 1109.316829][T16265] wg2: left allmulticast mode
[ 1109.556917][ T5156] Bluetooth: hci3: command tx timeout
[ 1109.641601][T16268] wg2: entered promiscuous mode
[ 1109.646531][T16268] wg2: entered allmulticast mode
[ 1109.706413][   T24] usb 4-1: USB disconnect, device number 61
[ 1109.866232][ T7203] : left promiscuous mode
[ 1110.190868][T16198] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1110.211621][T16198] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1110.220342][T16198] bridge_slave_0: entered allmulticast mode
[ 1110.228289][T16198] bridge_slave_0: entered promiscuous mode
[ 1110.320750][T16198] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1110.349366][T16198] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1110.367439][T16198] bridge_slave_1: entered allmulticast mode
[ 1110.380784][T16198] bridge_slave_1: entered promiscuous mode
[ 1110.397064][   T24] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[ 1110.416764][ T1215] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[ 1110.502104][T16198] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1110.580187][   T24] usb 4-1: no configurations
[ 1110.585029][   T24] usb 4-1: can't read configurations, error -22
[ 1110.586260][ T1215] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00
[ 1110.608819][T16198] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1110.644519][ T1215] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1110.666687][ T1215] usb 3-1: Product: syz
[ 1110.670886][ T1215] usb 3-1: SerialNumber: syz
[ 1110.708626][ T1215] usb 3-1: config 0 descriptor??
[ 1110.717524][   T24] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[ 1110.788449][ T7203] hsr_slave_0: left promiscuous mode
[ 1110.803044][ T7203] hsr_slave_1: left promiscuous mode
[ 1110.827597][ T7203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1110.851060][ T7203] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1110.882409][ T7203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1110.891682][   T24] usb 4-1: no configurations
[ 1110.896316][   T24] usb 4-1: can't read configurations, error -22
[ 1110.924693][ T7203] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1110.937172][   T24] usb usb4-port1: attempt power cycle
[ 1110.980515][ T7203] batman_adv: batadv0: Interface deactivated: macvtap0
[ 1111.003111][ T7203] batman_adv: batadv0: Removing interface: macvtap0
[ 1111.100020][ T7203] veth1_macvtap: left promiscuous mode
[ 1111.116936][ T7203] veth0_macvtap: left promiscuous mode
[ 1111.137005][ T7203] veth1_vlan: left promiscuous mode
[ 1111.142437][ T7203] veth0_vlan: left promiscuous mode
[ 1111.195685][ T1215] usb 3-1: USB disconnect, device number 56
[ 1111.303087][   T24] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1111.354648][   T24] usb 4-1: no configurations
[ 1111.363760][   T24] usb 4-1: can't read configurations, error -22
[ 1111.677084][   T24] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1111.709655][   T24] usb 4-1: no configurations
[ 1111.714301][   T24] usb 4-1: can't read configurations, error -22
[ 1111.730215][ T7203] pimreg999999999 (unregistering): left allmulticast mode
[ 1111.739502][   T24] usb usb4-port1: unable to enumerate USB device
[ 1111.836173][ T7203] pimreg3 (unregistering): left allmulticast mode
[ 1113.939165][ T1215] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[ 1114.083036][ T7203] team0 (unregistering): Port device team_slave_1 removed
[ 1114.547379][T16198] team0: Port device team_slave_0 added
[ 1114.567331][T16320] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1114.612037][T16336] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2965'.
[ 1114.736399][ T1215] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1114.739259][T16198] team0: Port device team_slave_1 added
[ 1114.766054][ T1215] usb 2-1: unable to read config index 0 descriptor/start: -71
[ 1114.785785][ T1215] usb 2-1: can't read configurations, error -71
[ 1114.884271][T16342] blktrace: Concurrent blktraces are not allowed on loop5
[ 1114.973798][T16198] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1114.984027][T16198] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1115.010007][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1115.045999][T16198] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1115.104914][T16198] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1115.140980][T16198] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1115.224150][T16198] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1115.309987][T16351] input: syz1 as /devices/virtual/input/input56
[ 1115.516875][ T1224] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[ 1116.567338][ T1224] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1116.617096][ T1224] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1116.662299][ T1224] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[ 1116.698099][ T1224] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1116.707950][T16198] hsr_slave_0: entered promiscuous mode
[ 1116.729502][T16198] hsr_slave_1: entered promiscuous mode
[ 1116.743750][ T1224] usb 4-1: config 0 descriptor??
[ 1116.993570][   T24] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 1117.046448][T16352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.067943][T16352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.086396][T16352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.129163][ T7203] IPVS: stop unused estimator thread 0...
[ 1117.136584][T16352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.175310][   T24] usb 1-1: no configurations
[ 1117.185342][   T24] usb 1-1: can't read configurations, error -22
[ 1117.196529][T16352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.259087][T16352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.446281][T16352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.466790][   T24] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1117.494760][T16352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.660517][T16352] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.696895][   T24] usb 1-1: no configurations
[ 1117.701552][   T24] usb 1-1: can't read configurations, error -22
[ 1117.717656][   T24] usb usb1-port1: attempt power cycle
[ 1117.747280][T16352] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1118.226753][   T24] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1118.288076][   T24] usb 1-1: no configurations
[ 1118.295191][   T24] usb 1-1: can't read configurations, error -22
[ 1118.409639][T16399] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1118.477982][   T24] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 1118.528297][   T24] usb 1-1: no configurations
[ 1118.566742][   T24] usb 1-1: can't read configurations, error -22
[ 1118.583206][ T1224] hid-steam 0003:28DE:1142.0019: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[ 1118.599122][   T24] usb usb1-port1: unable to enumerate USB device
[ 1118.679654][ T1224] hid-steam 0003:28DE:1142.0019: Steam wireless receiver connected
[ 1118.773393][ T1224] hid-steam 0003:28DE:1142.001A: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[ 1119.014200][T16411] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1119.591202][ T1224] usb 4-1: USB disconnect, device number 66
[ 1119.665526][ T1224] hid-steam 0003:28DE:1142.0019: Steam wireless receiver disconnected
[ 1120.502349][T16431] devpts: Bad value for 'max'
[ 1121.213600][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1122.643069][T16198] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1123.455083][T16198] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1123.534318][T16198] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1123.800528][T16198] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1123.921931][T16452] netlink: 'syz.2.2993': attribute type 1 has an invalid length.
[ 1124.138718][T16452] bond7: entered promiscuous mode
[ 1124.143887][T16452] bond7: entered allmulticast mode
[ 1124.187156][T16459] bridge12: entered promiscuous mode
[ 1124.193049][T16459] bridge12: entered allmulticast mode
[ 1125.007582][T16459] bond7: (slave bridge12): making interface the new active one
[ 1125.051157][T16459] bond7: (slave bridge12): Enslaving as an active interface with an up link
[ 1125.256897][T12347] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1125.506714][T16478] netlink: 'syz.1.2995': attribute type 28 has an invalid length.
[ 1125.542849][T12347] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1125.625402][T12347] usb 4-1: config 0 has no interfaces?
[ 1125.766495][T12347] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1125.783204][T12347] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1125.836076][T12347] usb 4-1: Product: syz
[ 1125.860902][T12347] usb 4-1: Manufacturer: syz
[ 1125.871588][T12347] usb 4-1: SerialNumber: syz
[ 1125.885507][T12347] usb 4-1: config 0 descriptor??
[ 1125.901103][T16198] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1125.956366][T16198] 8021q: adding VLAN 0 to HW filter on device team0
[ 1125.972895][ T7205] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1125.980101][ T7205] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1125.991104][T16483] netlink: 88 bytes leftover after parsing attributes in process `syz.2.2998'.
[ 1126.031530][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1126.038703][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1126.133456][T12347] usb 4-1: USB disconnect, device number 67
[ 1126.179672][T16486] loop6: detected capacity change from 0 to 7
[ 1126.206388][T16486] Dev loop6: unable to read RDB block 7
[ 1126.218882][T16486]  loop6: unable to read partition table
[ 1126.227687][T16486] loop6: partition table beyond EOD, truncated
[ 1126.244213][T16486] loop_reread_partitions: partition scan of loop6 (�被x������ ) failed (rc=-5)
[ 1126.536726][ T1224] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[ 1126.856529][ T1224] usb 2-1: Using ep0 maxpacket: 16
[ 1127.097144][ T1224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1127.303049][T16501] devpts: Bad value for 'max'
[ 1127.574529][   T24] IPVS: starting estimator thread 0...
[ 1127.734217][ T1224] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1127.745479][ T1224] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[ 1127.746810][T16505] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1127.754575][ T1224] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1127.773014][ T1224] usb 2-1: config 0 descriptor??
[ 1127.909578][T16509] xt_policy: neither incoming nor outgoing policy selected
[ 1127.949679][T16198] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1127.982774][T16486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1128.027587][T16486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1128.542075][T16526] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1129.046999][T16486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.225688][T16486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.298653][T16486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.317654][T16486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1129.378215][ T1224] konepure 0003:1E7D:2DB4.001B: unknown main item tag 0x0
[ 1129.385899][ T1224] konepure 0003:1E7D:2DB4.001B: unknown main item tag 0x0
[ 1129.436460][ T1224] konepure 0003:1E7D:2DB4.001B: unknown main item tag 0x0
[ 1129.459049][ T1224] konepure 0003:1E7D:2DB4.001B: unknown main item tag 0x0
[ 1129.507282][ T1224] konepure 0003:1E7D:2DB4.001B: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.1-1/input0
[ 1129.603175][   T24] usb 2-1: USB disconnect, device number 47
[ 1129.725215][T16544] netlink: 'syz.3.3009': attribute type 1 has an invalid length.
[ 1129.801152][T16537] fido_id[16537]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1129.886846][T16544] bond4: entered promiscuous mode
[ 1129.928040][T16544] bond4: entered allmulticast mode
[ 1130.316938][   T24] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[ 1130.586771][T16546] bridge7: entered promiscuous mode
[ 1130.592047][T16546] bridge7: entered allmulticast mode
[ 1130.645484][T16546] bond4: (slave bridge7): making interface the new active one
[ 1130.667606][T16546] bond4: (slave bridge7): Enslaving as an active interface with an up link
[ 1130.687728][   T24] usb 3-1: Using ep0 maxpacket: 16
[ 1130.741207][   T24] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[ 1130.766732][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.774820][   T24] usb 3-1: Product: syz
[ 1130.793097][   T24] usb 3-1: Manufacturer: syz
[ 1130.813621][   T24] usb 3-1: SerialNumber: syz
[ 1130.835541][   T24] usb 3-1: config 0 descriptor??
[ 1130.855983][T16198] veth0_vlan: entered promiscuous mode
[ 1130.861634][   T24] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[ 1130.894468][T16198] veth1_vlan: entered promiscuous mode
[ 1130.905263][T16521] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[ 1131.101475][T16198] veth0_macvtap: entered promiscuous mode
[ 1131.113017][T16198] veth1_macvtap: entered promiscuous mode
[ 1131.170594][T16198] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1131.207101][ T1224] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1131.306004][T16561] syz.1.3011: attempt to access beyond end of device
[ 1131.306004][T16561] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1131.320139][T16561] FAT-fs (loop3): unable to read boot sector
[ 1131.911001][   T24] ssu100 3-1:0.0: probe with driver ssu100 failed with error -110
[ 1132.065588][ T1224] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1132.080991][T16198] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1132.088519][ T1224] usb 4-1: config 0 has no interfaces?
[ 1132.098651][T16198] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1132.113323][T16198] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1132.123028][T16198] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1132.132282][T16198] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1132.141254][ T1224] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1132.151885][ T1224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1132.177234][ T1224] usb 4-1: Product: syz
[ 1132.191998][ T1224] usb 4-1: Manufacturer: syz
[ 1132.215545][ T1224] usb 4-1: SerialNumber: syz
[ 1132.264977][ T1224] usb 4-1: config 0 descriptor??
[ 1132.377703][T16569] devpts: Bad value for 'max'
[ 1134.007137][ T6930] usb 3-1: USB disconnect, device number 57
[ 1136.116433][ T1224] usb 4-1: USB disconnect, device number 68
[ 1136.259621][T16577] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1136.266489][T16577] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1136.279850][ T7205] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1136.299813][ T7205] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1136.369432][T16577] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1136.375918][T16577] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1136.528422][T16577] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1136.534886][T16577] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1136.558193][T16577] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1136.564632][T16577] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1136.768385][T16577] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1136.774904][T16577] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1137.177341][   T24] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[ 1137.365305][ T7203] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1137.401952][ T7203] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1137.426821][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1137.434330][   T24] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[ 1137.466993][   T24] usb 2-1: config 0 has no interface number 0
[ 1137.473176][   T24] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1137.565633][   T24] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[ 1137.708021][   T24] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1137.827685][   T24] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1137.992595][   T24] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[ 1138.074745][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1138.246051][   T24] usb 2-1: config 0 descriptor??
[ 1138.636344][   T24] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[ 1138.791786][T16579] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1138.856518][T16579] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.060605][T16566] usb 2-1: USB disconnect, device number 48
[ 1139.091567][T16566] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[ 1139.938509][T16616] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3022'.
[ 1141.656738][T12347] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[ 1141.815517][T13547] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1141.837305][T13547] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1141.846974][T13547] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1141.874741][T13547] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1141.888629][T12347] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1141.902454][T12347] usb 3-1: can't read configurations, error -61
[ 1141.912491][T13547] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1142.003302][T16627] lo speed is unknown, defaulting to 1000
[ 1142.178063][T12347] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[ 1142.965727][T16638] devpts: Bad value for 'max'
[ 1143.647671][T12347] usb 3-1: unable to read config index 0 descriptor/start: -61
[ 1143.708512][T12347] usb 3-1: can't read configurations, error -61
[ 1143.729964][T12347] usb usb3-port1: attempt power cycle
[ 1143.833491][   T30] audit: type=1800 audit(1753866811.152:383): pid=16650 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.3028" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1144.197809][ T5156] Bluetooth: hci0: command tx timeout
[ 1144.254265][T16658] FAULT_INJECTION: forcing a failure.
[ 1144.254265][T16658] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1144.267440][T16658] CPU: 0 UID: 0 PID: 16658 Comm: syz.0.3029 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1144.267465][T16658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1144.267478][T16658] Call Trace:
[ 1144.267487][T16658]  <TASK>
[ 1144.267495][T16658]  dump_stack_lvl+0x189/0x250
[ 1144.267523][T16658]  ? __pfx____ratelimit+0x10/0x10
[ 1144.267545][T16658]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1144.267568][T16658]  ? __pfx__printk+0x10/0x10
[ 1144.267594][T16658]  ? __might_fault+0xb0/0x130
[ 1144.267626][T16658]  should_fail_ex+0x414/0x560
[ 1144.267662][T16658]  _copy_from_user+0x2d/0xb0
[ 1144.267689][T16658]  __sys_bpf+0x1ed/0x860
[ 1144.267719][T16658]  ? __pfx___sys_bpf+0x10/0x10
[ 1144.267759][T16658]  ? ksys_write+0x22a/0x250
[ 1144.267780][T16658]  ? __pfx_ksys_write+0x10/0x10
[ 1144.267795][T16658]  ? rcu_is_watching+0x15/0xb0
[ 1144.267823][T16658]  __x64_sys_bpf+0x7c/0x90
[ 1144.267849][T16658]  do_syscall_64+0xfa/0x3b0
[ 1144.267869][T16658]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1144.267889][T16658]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.267915][T16658]  ? clear_bhb_loop+0x60/0xb0
[ 1144.267938][T16658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1144.267957][T16658] RIP: 0033:0x7f1fddd8e9a9
[ 1144.267974][T16658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1144.267991][T16658] RSP: 002b:00007f1fdec50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1144.268011][T16658] RAX: ffffffffffffffda RBX: 00007f1fddfb6080 RCX: 00007f1fddd8e9a9
[ 1144.268025][T16658] RDX: 0000000000000048 RSI: 0000200000000500 RDI: 000000000000000a
[ 1144.268037][T16658] RBP: 00007f1fdec50090 R08: 0000000000000000 R09: 0000000000000000
[ 1144.268049][T16658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1144.268060][T16658] R13: 0000000000000000 R14: 00007f1fddfb6080 R15: 00007ffffb4e0518
[ 1144.268090][T16658]  </TASK>
[ 1144.482160][T16627] chnl_net:caif_netlink_parms(): no params data found
[ 1145.820314][T16627] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1145.828972][T16627] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.836220][T16627] bridge_slave_0: entered allmulticast mode
[ 1146.679966][ T5156] Bluetooth: hci0: command tx timeout
[ 1146.718009][T16627] bridge_slave_0: entered promiscuous mode
[ 1146.776948][T16627] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1146.851762][T16627] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1147.417252][T16627] bridge_slave_1: entered allmulticast mode
[ 1147.425241][T16627] bridge_slave_1: entered promiscuous mode
[ 1147.785354][T16700] devpts: Bad value for 'max'
[ 1147.886991][   T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[ 1148.136501][   T24] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1148.174059][T16627] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1148.240757][   T24] usb 2-1: can't read configurations, error -61
[ 1148.479589][T16627] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1148.550690][   T24] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[ 1148.759314][ T5156] Bluetooth: hci0: command tx timeout
[ 1148.942817][   T24] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1149.038314][   T24] usb 2-1: can't read configurations, error -61
[ 1149.060714][   T24] usb usb2-port1: attempt power cycle
[ 1149.178803][T16705] FAULT_INJECTION: forcing a failure.
[ 1149.178803][T16705] name failslab, interval 1, probability 0, space 0, times 0
[ 1149.193485][T16705] CPU: 0 UID: 0 PID: 16705 Comm: syz.4.3041 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1149.193513][T16705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1149.193527][T16705] Call Trace:
[ 1149.193535][T16705]  <TASK>
[ 1149.193544][T16705]  dump_stack_lvl+0x189/0x250
[ 1149.193574][T16705]  ? __pfx____ratelimit+0x10/0x10
[ 1149.193597][T16705]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.193621][T16705]  ? __pfx__printk+0x10/0x10
[ 1149.193655][T16705]  ? __pfx___might_resched+0x10/0x10
[ 1149.193677][T16705]  ? fs_reclaim_acquire+0x7d/0x100
[ 1149.193707][T16705]  should_fail_ex+0x414/0x560
[ 1149.193745][T16705]  should_failslab+0xa8/0x100
[ 1149.193768][T16705]  __kmalloc_noprof+0xcb/0x4f0
[ 1149.193787][T16705]  ? io_cache_alloc_new+0x40/0x100
[ 1149.193811][T16705]  ? __lock_acquire+0xab9/0xd20
[ 1149.193834][T16705]  io_cache_alloc_new+0x40/0x100
[ 1149.193860][T16705]  __io_prep_rw+0x23f/0xd80
[ 1149.193888][T16705]  ? __pfx___io_prep_rw+0x10/0x10
[ 1149.193904][T16705]  ? percpu_ref_get_many+0x21/0x1e0
[ 1149.193933][T16705]  ? percpu_ref_get_many+0x21/0x1e0
[ 1149.193972][T16705]  io_prep_rwv+0x8c/0x3d0
[ 1149.193989][T16705]  ? __pfx___io_alloc_req_refill+0x10/0x10
[ 1149.194013][T16705]  ? __pfx_io_prep_rwv+0x10/0x10
[ 1149.194035][T16705]  ? __asan_memset+0x22/0x50
[ 1149.194062][T16705]  ? blk_start_plug_nr_ios+0x7f/0x1c0
[ 1149.194093][T16705]  io_submit_sqes+0x90c/0x1c50
[ 1149.194155][T16705]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1149.194194][T16705]  ? ksys_write+0x1cb/0x250
[ 1149.194216][T16705]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1149.194233][T16705]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1149.194257][T16705]  ? __pfx_vfs_write+0x10/0x10
[ 1149.194278][T16705]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1149.194304][T16705]  ? __fget_files+0x3a0/0x420
[ 1149.194334][T16705]  ? fput+0xa0/0xd0
[ 1149.194359][T16705]  ? ksys_write+0x22a/0x250
[ 1149.194380][T16705]  ? __pfx_ksys_write+0x10/0x10
[ 1149.194396][T16705]  ? rcu_is_watching+0x15/0xb0
[ 1149.194423][T16705]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1149.194453][T16705]  do_syscall_64+0xfa/0x3b0
[ 1149.194474][T16705]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.194494][T16705]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.194514][T16705]  ? clear_bhb_loop+0x60/0xb0
[ 1149.194538][T16705]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.194557][T16705] RIP: 0033:0x7f562918e9a9
[ 1149.194574][T16705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1149.194591][T16705] RSP: 002b:00007f5629f6e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1149.194612][T16705] RAX: ffffffffffffffda RBX: 00007f56293b5fa0 RCX: 00007f562918e9a9
[ 1149.194626][T16705] RDX: 0000000000000000 RSI: 00000000000026c8 RDI: 0000000000000004
[ 1149.194638][T16705] RBP: 00007f5629f6e090 R08: 0000000000000000 R09: 0000000000000010
[ 1149.194651][T16705] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[ 1149.194662][T16705] R13: 0000000000000000 R14: 00007f56293b5fa0 R15: 00007ffd779b6228
[ 1149.194693][T16705]  </TASK>
[ 1149.543115][T16627] team0: Port device team_slave_0 added
[ 1149.556251][T16627] team0: Port device team_slave_1 added
[ 1149.573189][T16712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3042'.
[ 1149.790064][   T24] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[ 1149.840042][   T24] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1149.861539][   T24] usb 2-1: can't read configurations, error -61
[ 1149.890539][T16627] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1149.911523][T16627] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1149.937494][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1150.046816][T16627] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1150.047468][   T24] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1150.115821][   T24] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1150.166004][   T24] usb 2-1: can't read configurations, error -61
[ 1150.238306][   T24] usb usb2-port1: unable to enumerate USB device
[ 1150.500650][T16627] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1150.563314][T16627] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1150.589300][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1150.696710][T16627] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1150.837192][ T5156] Bluetooth: hci0: command tx timeout
[ 1151.130903][T16744] devpts: Bad value for 'max'
[ 1151.880046][T16627] hsr_slave_0: entered promiscuous mode
[ 1151.919872][T16627] hsr_slave_1: entered promiscuous mode
[ 1151.926859][T16627] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1151.934481][T16627] Cannot create hsr debugfs directory
[ 1153.597143][T16783] netlink: 844 bytes leftover after parsing attributes in process `syz.2.3061'.
[ 1153.879190][T16627] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1153.902788][T16627] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1153.931496][T16627] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1153.947179][ T5911] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1153.969141][T16627] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1154.144632][ T5911] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1154.179932][ T5911] usb 2-1: can't read configurations, error -61
[ 1154.232035][T16800] FAULT_INJECTION: forcing a failure.
[ 1154.232035][T16800] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1154.246905][T16800] CPU: 0 UID: 0 PID: 16800 Comm: syz.0.3062 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1154.246929][T16800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1154.246941][T16800] Call Trace:
[ 1154.246949][T16800]  <TASK>
[ 1154.246958][T16800]  dump_stack_lvl+0x189/0x250
[ 1154.246985][T16800]  ? __pfx____ratelimit+0x10/0x10
[ 1154.247006][T16800]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1154.247028][T16800]  ? __pfx__printk+0x10/0x10
[ 1154.247066][T16800]  should_fail_ex+0x414/0x560
[ 1154.247092][T16800]  _copy_to_user+0x31/0xb0
[ 1154.247122][T16800]  simple_read_from_buffer+0xe1/0x170
[ 1154.247158][T16800]  proc_fail_nth_read+0x1df/0x250
[ 1154.247184][T16800]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1154.247210][T16800]  ? rw_verify_area+0x258/0x650
[ 1154.247237][T16800]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1154.247262][T16800]  vfs_read+0x200/0x980
[ 1154.247296][T16800]  ? __pfx___mutex_lock+0x10/0x10
[ 1154.247318][T16800]  ? __pfx_vfs_read+0x10/0x10
[ 1154.247347][T16800]  ? __fget_files+0x2a/0x420
[ 1154.247373][T16800]  ? __fget_files+0x3a0/0x420
[ 1154.247392][T16800]  ? __fget_files+0x2a/0x420
[ 1154.247422][T16800]  ksys_read+0x145/0x250
[ 1154.247441][T16800]  ? __pfx_ksys_read+0x10/0x10
[ 1154.247456][T16800]  ? rcu_is_watching+0x15/0xb0
[ 1154.247481][T16800]  ? do_syscall_64+0xbe/0x3b0
[ 1154.247506][T16800]  do_syscall_64+0xfa/0x3b0
[ 1154.247525][T16800]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1154.247544][T16800]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.247562][T16800]  ? clear_bhb_loop+0x60/0xb0
[ 1154.247602][T16800]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1154.247621][T16800] RIP: 0033:0x7f1fddd8d3bc
[ 1154.247639][T16800] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1154.247656][T16800] RSP: 002b:00007f1fdec50030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1154.247676][T16800] RAX: ffffffffffffffda RBX: 00007f1fddfb6080 RCX: 00007f1fddd8d3bc
[ 1154.247690][T16800] RDX: 000000000000000f RSI: 00007f1fdec500a0 RDI: 0000000000000009
[ 1154.247703][T16800] RBP: 00007f1fdec50090 R08: 0000000000000000 R09: 0000000000000000
[ 1154.247716][T16800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1154.247727][T16800] R13: 0000000000000000 R14: 00007f1fddfb6080 R15: 00007ffffb4e0518
[ 1154.247767][T16800]  </TASK>
[ 1154.500213][ T5911] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1154.745652][ T5911] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1154.855610][ T5911] usb 2-1: can't read configurations, error -61
[ 1154.972266][ T5911] usb usb2-port1: attempt power cycle
[ 1154.995372][T16627] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1155.325671][T16812] devpts: Bad value for 'max'
[ 1155.869826][ T5911] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1156.308366][T16627] 8021q: adding VLAN 0 to HW filter on device team0
[ 1156.545936][ T7203] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.553175][ T7203] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1156.660417][ T5911] usb 2-1: unable to read config index 0 descriptor/start: -61
[ 1156.676706][ T5911] usb 2-1: can't read configurations, error -61
[ 1156.729498][ T7195] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.736721][ T7195] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1156.806744][ T5911] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1156.994691][T16627] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1157.020845][T16627] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1157.176904][ T5911] usb 2-1: device not accepting address 56, error -71
[ 1157.275623][T16828] delete_channel: no stack
[ 1157.287859][ T5911] usb usb2-port1: unable to enumerate USB device
[ 1157.879173][T16824] delete_channel: no stack
[ 1159.032449][T16833] netlink: 596 bytes leftover after parsing attributes in process `syz.0.3072'.
[ 1159.247530][T16837] netlink: 'syz.2.3073': attribute type 1 has an invalid length.
[ 1160.672879][T16837] bond8: entered promiscuous mode
[ 1160.726726][T16837] bond8: entered allmulticast mode
[ 1160.785670][T16848] bridge13: entered promiscuous mode
[ 1160.877366][T16848] bridge13: entered allmulticast mode
[ 1160.965496][T16857] devpts: Bad value for 'max'
[ 1161.047376][T16848] bond8: (slave bridge13): making interface the new active one
[ 1161.114541][T16848] bond8: (slave bridge13): Enslaving as an active interface with an up link
[ 1163.306706][T16566] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[ 1163.361287][T16627] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1163.443987][T16867] xt_bpf: check failed: parse error
[ 1163.993733][T16627] veth0_vlan: entered promiscuous mode
[ 1164.005679][T16627] veth1_vlan: entered promiscuous mode
[ 1164.035015][T16627] veth0_macvtap: entered promiscuous mode
[ 1164.049266][T16566] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1164.118701][T16566] usb 3-1: config 0 has no interfaces?
[ 1164.154399][T16627] veth1_macvtap: entered promiscuous mode
[ 1164.187876][T16566] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1164.188496][T16627] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1164.226553][T16566] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1164.228222][T16627] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1164.245234][T16566] usb 3-1: Product: syz
[ 1164.255392][T16566] usb 3-1: Manufacturer: syz
[ 1164.265512][T16566] usb 3-1: SerialNumber: syz
[ 1164.278934][T16566] usb 3-1: config 0 descriptor??
[ 1164.367563][T16627] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1164.376338][T16627] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1164.398997][   T24] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1164.441060][T16627] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1164.450339][T16627] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1164.540014][T15806] usb 3-1: USB disconnect, device number 61
[ 1164.594141][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1164.623730][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1164.635777][T16869] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1164.642768][   T24] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1164.663193][T16874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3083'.
[ 1164.671900][T16869] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1164.674281][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1164.696780][T16874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3083'.
[ 1164.719147][T11668] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1164.732737][T11668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1164.741000][   T24] usb 1-1: config 0 descriptor??
[ 1164.830152][ T1215] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[ 1165.264449][ T1215] usb 2-1: Using ep0 maxpacket: 16
[ 1165.278853][ T1215] usb 2-1: config 8 has an invalid interface number: 39 but max is 0
[ 1165.316862][ T1215] usb 2-1: config 8 has no interface number 0
[ 1165.323049][ T1215] usb 2-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[ 1165.358859][   T24] cm6533_jd 0003:0D8C:0022.001C: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[ 1165.381720][ T1215] usb 2-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1165.448431][ T1215] usb 2-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[ 1165.479674][ T1215] usb 2-1: config 8 interface 39 has no altsetting 0
[ 1165.515273][ T1215] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[ 1165.631218][ T1215] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.646719][ T1215] usb 2-1: Product: syz
[ 1165.657459][ T1215] usb 2-1: Manufacturer: syz
[ 1165.666735][ T1215] usb 2-1: SerialNumber: syz
[ 1167.311121][ T1215] ipheth 2-1:8.39: ipheth_enable_ncm: usb_control_msg: 0
[ 1167.424730][ T1215] ipheth 2-1:8.39: Apple iPhone USB Ethernet device attached
[ 1167.516661][   T44] usb 2-1: USB disconnect, device number 57
[ 1167.839971][   T44] ipheth 2-1:8.39: Apple iPhone USB Ethernet now disconnected
[ 1167.847939][   T24] usb 1-1: reset high-speed USB device number 63 using dummy_hcd
[ 1168.528531][T16566] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[ 1168.738935][T16566] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1168.806658][T16566] usb 5-1: config 0 has no interfaces?
[ 1168.821559][T16566] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1168.851495][T16915] input: syz0 as /devices/virtual/input/input57
[ 1168.876796][T16566] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.884829][T16566] usb 5-1: Product: syz
[ 1168.928853][T16566] usb 5-1: Manufacturer: syz
[ 1168.933511][T16566] usb 5-1: SerialNumber: syz
[ 1168.967122][T16566] usb 5-1: config 0 descriptor??
[ 1169.161194][T16922] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3099'.
[ 1169.192018][   T44] usb 5-1: USB disconnect, device number 62
[ 1169.245310][T16925] blktrace: Concurrent blktraces are not allowed on loop1
[ 1169.527889][T16930] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1169.585310][T16930] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1169.593720][T16930] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1169.603003][T16930] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1169.611439][T16930] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1169.639660][ T5911] usb 1-1: USB disconnect, device number 63
[ 1169.769092][T16928] lo speed is unknown, defaulting to 1000
[ 1171.476278][T16947] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3106'.
[ 1171.716895][T16930] Bluetooth: hci1: command tx timeout
[ 1171.900714][T16954] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1173.886575][T16930] Bluetooth: hci1: command tx timeout
[ 1174.463606][T16969] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3113'.
[ 1174.539606][T16969] vlan2: entered allmulticast mode
[ 1174.544789][T16969] bridge0: entered allmulticast mode
[ 1174.558917][T16972] netlink: 'syz.4.3114': attribute type 10 has an invalid length.
[ 1174.631423][T16972] team0: Cannot enslave team device to itself
[ 1175.210626][T16928] chnl_net:caif_netlink_parms(): no params data found
[ 1175.998629][T16930] Bluetooth: hci1: command tx timeout
[ 1176.430212][T16976] syz_tun: entered promiscuous mode
[ 1176.435509][T16976] syz_tun: entered allmulticast mode
[ 1176.488247][T16976] team0: Port device syz_tun added
[ 1176.529540][T16990] ptrace attach of "./syz-executor exec"[5837] was attempted by "./syz-executor exec"[16990]
[ 1176.866872][   T24] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1177.246782][   T24] usb 2-1: Using ep0 maxpacket: 16
[ 1177.263621][   T24] usb 2-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[ 1177.276209][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1177.310953][   T24] usb 2-1: Product: syz
[ 1177.315246][   T24] usb 2-1: Manufacturer: syz
[ 1177.330743][   T24] usb 2-1: SerialNumber: syz
[ 1177.345233][T16928] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1177.461606][   T24] usb 2-1: config 0 descriptor??
[ 1177.478052][T16928] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1177.486162][   T24] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[ 1177.666830][T16928] bridge_slave_0: entered allmulticast mode
[ 1177.806839][T16928] bridge_slave_0: entered promiscuous mode
[ 1177.850210][T16928] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1177.892768][T16928] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1177.930674][T16928] bridge_slave_1: entered allmulticast mode
[ 1178.000894][T16928] bridge_slave_1: entered promiscuous mode
[ 1178.036982][T16930] Bluetooth: hci1: command tx timeout
[ 1178.231645][T17008] batadv1: entered promiscuous mode
[ 1178.242551][T17008] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1178.765570][   T37] vlan2: left allmulticast mode
[ 1178.783200][   T37] bridge0: left allmulticast mode
[ 1178.803581][   T37] vlan2: left promiscuous mode
[ 1178.815683][   T37] bridge0: left promiscuous mode
[ 1178.832699][   T37] bridge1: port 1(vlan2) entered disabled state
[ 1179.601731][   T24] gp8psk: usb in 128 operation failed.
[ 1179.641631][   T24] gp8psk: usb in 137 operation failed.
[ 1179.656796][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1179.717327][   T24] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[ 1179.767249][   T24] usb 2-1: media controller created
[ 1179.845002][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1179.997515][   T24] gp8psk_fe: Frontend revision 1 attached
[ 1180.004188][   T24] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[ 1180.065898][   T24] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[ 1180.332967][   T37] dvmrp1 (unregistering): left allmulticast mode
[ 1180.359503][   T24] gp8psk: usb in 138 operation failed.
[ 1180.385341][   T24] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[ 1180.451106][   T24] gp8psk: found Genpix USB device pID = 201 (hex)
[ 1180.498137][   T24] usb 2-1: USB disconnect, device number 58
[ 1180.750916][   T24] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[ 1180.942971][   T37] bond2 (unregistering): (slave bridge4): Releasing backup interface
[ 1180.952231][T17037] Bluetooth: MGMT ver 1.23
[ 1181.081676][   T24] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1181.339959][   T37] bond3 (unregistering): (slave bridge6): Releasing backup interface
[ 1181.377128][   T24] usb 2-1: Using ep0 maxpacket: 32
[ 1181.389048][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1181.421803][   T24] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[ 1181.603747][T17041] TCP: TCP_TX_DELAY enabled
[ 1181.628070][T17041] program syz.3.3128 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1182.190380][   T37] bond4 (unregistering): (slave bridge8): Releasing backup interface
[ 1182.361183][   T37] bond5 (unregistering): (slave bridge9): Releasing backup interface
[ 1182.387203][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1182.399496][   T24] usb 2-1: config 0 descriptor??
[ 1182.601247][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1183.398417][   T37] bond6 (unregistering): (slave bridge10): Releasing backup interface
[ 1183.408427][   T24] corsair-cpro 0003:1B1C:0C10.001D: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.1-1/input0
[ 1183.769045][T17047] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3126'.
[ 1183.863250][   T37] bond7 (unregistering): (slave bridge12): Releasing backup interface
[ 1184.062375][   T37] bond8 (unregistering): (slave bridge13): Releasing backup interface
[ 1184.449246][   T37] bond0 (unregistering): (slave 
c
1�): Releasing backup interface
[ 1184.457872][   T37] �: left promiscuous mode
[ 1184.465796][   T37] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1184.475143][   T37] bond_slave_1: left promiscuous mode
[ 1184.481790][   T37] bond0 (unregistering): Released all slaves
[ 1184.504161][   T37] bond1 (unregistering): Released all slaves
[ 1184.544196][   T37] bond2 (unregistering): Released all slaves
[ 1184.579326][   T37] bond3 (unregistering): Released all slaves
[ 1184.599409][   T24] corsair-cpro 0003:1B1C:0C10.001D: probe with driver corsair-cpro failed with error -110
[ 1184.622677][   T37] bond4 (unregistering): Released all slaves
[ 1184.655233][   T37] bond5 (unregistering): Released all slaves
[ 1184.702402][   T37] bond6 (unregistering): Released all slaves
[ 1184.755422][   T37] bond7 (unregistering): Released all slaves
[ 1184.798145][   T37] bond8 (unregistering): Released all slaves
[ 1184.851041][T16928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1184.882171][T16928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1184.983644][T17032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3125'.
[ 1185.087826][T17045] : entered promiscuous mode
[ 1185.197717][T16928] team0: Port device team_slave_0 added
[ 1185.255546][   T37] : left promiscuous mode
[ 1185.415735][ T5911] usb 2-1: USB disconnect, device number 59
[ 1185.488376][T16928] team0: Port device team_slave_1 added
[ 1185.647379][ T5156] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1185.656630][ T5156] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1185.664472][ T5156] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1185.672615][ T5156] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1185.680666][ T5156] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1185.909503][T16928] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1185.926552][T17065] overlay: Unknown parameter '/'
[ 1185.947810][T16928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1185.973723][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1186.031662][T16928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1186.202067][T16928] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1186.216119][T16928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1186.242055][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1186.320342][T16928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1186.336708][ T5911] usb 4-1: new low-speed USB device number 69 using dummy_hcd
[ 1186.392855][T17058] lo speed is unknown, defaulting to 1000
[ 1186.456772][T15806] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[ 1186.517676][ T5911] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.526683][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1186.548654][ T5911] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.585089][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1186.613914][T17072] lo speed is unknown, defaulting to 1000
[ 1186.636653][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1186.648624][T16928] hsr_slave_0: entered promiscuous mode
[ 1186.658706][ T5911] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.667684][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1186.677454][T15806] usb 5-1: config 0 has no interfaces?
[ 1186.687145][T16928] hsr_slave_1: entered promiscuous mode
[ 1186.696893][T16928] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1186.699262][T15806] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[ 1186.706096][ T5911] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.736207][T16928] Cannot create hsr debugfs directory
[ 1186.746652][T15806] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1186.756978][T15806] usb 5-1: Product: syz
[ 1186.760993][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1186.773952][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1186.785183][T15806] usb 5-1: Manufacturer: syz
[ 1186.785204][T15806] usb 5-1: SerialNumber: syz
[ 1186.803610][ T5911] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1186.844439][T15806] usb 5-1: config 0 descriptor??
[ 1186.858803][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1186.883971][ T5911] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1186.902193][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1186.914667][ T5911] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1186.953203][ T5911] usb 4-1: string descriptor 0 read error: -22
[ 1186.961460][   T37] hsr_slave_0: left promiscuous mode
[ 1186.972180][   T37] hsr_slave_1: left promiscuous mode
[ 1186.980028][ T5911] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1187.006788][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1187.042815][ T5911] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1187.164484][T17079] net_ratelimit: 1052 callbacks suppressed
[ 1187.164509][T17079] openvswitch: netlink: Duplicate key (type 32).
[ 1187.259811][ T5911] usb 4-1: USB disconnect, device number 69
[ 1187.269772][T17069] usb 4-1: Couldn't submit interrupt_out_urb -19
[ 1187.377373][   T37] pimreg3 (unregistering): left allmulticast mode
[ 1187.726680][ T5156] Bluetooth: hci5: command tx timeout
[ 1189.558061][   T37] team0 (unregistering): Port device team_slave_1 removed
[ 1189.796932][ T5156] Bluetooth: hci5: command tx timeout
[ 1191.887611][ T5156] Bluetooth: hci5: command tx timeout
[ 1193.406557][T17121] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3148'.
[ 1193.956728][ T5156] Bluetooth: hci5: command tx timeout
[ 1194.277399][T17126] fuse: Bad value for 'fd'
[ 1194.332836][   T30] audit: type=1326 audit(1753866861.652:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17125 comm="syz.1.3150" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd1fe98e9a9 code=0x0
[ 1194.526275][T17129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3150'.
[ 1194.685751][T17129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3150'.
[ 1195.250050][   T37] IPVS: stop unused estimator thread 0...
[ 1195.357164][T15806] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1195.364538][T17058] chnl_net:caif_netlink_parms(): no params data found
[ 1195.509642][T17139] FAULT_INJECTION: forcing a failure.
[ 1195.509642][T17139] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1195.561901][T17139] CPU: 1 UID: 0 PID: 17139 Comm: syz.1.3152 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1195.561937][T17139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1195.561954][T17139] Call Trace:
[ 1195.561963][T17139]  <TASK>
[ 1195.561974][T17139]  dump_stack_lvl+0x189/0x250
[ 1195.562006][T17139]  ? __pfx____ratelimit+0x10/0x10
[ 1195.562033][T17139]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1195.562060][T17139]  ? __pfx__printk+0x10/0x10
[ 1195.562092][T17139]  ? __might_fault+0xb0/0x130
[ 1195.562127][T17139]  should_fail_ex+0x414/0x560
[ 1195.562166][T17139]  _copy_from_user+0x2d/0xb0
[ 1195.562201][T17139]  ___sys_sendmsg+0x158/0x2a0
[ 1195.562244][T17139]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1195.562324][T17139]  ? __fget_files+0x2a/0x420
[ 1195.562350][T17139]  ? __fget_files+0x3a0/0x420
[ 1195.562388][T17139]  __sys_sendmmsg+0x227/0x430
[ 1195.562429][T17139]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1195.562462][T17139]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1195.562521][T17139]  ? ksys_write+0x22a/0x250
[ 1195.562563][T17139]  ? __pfx_ksys_write+0x10/0x10
[ 1195.562582][T17139]  ? rcu_is_watching+0x15/0xb0
[ 1195.562618][T17139]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1195.562660][T17139]  do_syscall_64+0xfa/0x3b0
[ 1195.562687][T17139]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.562713][T17139]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.562737][T17139]  ? clear_bhb_loop+0x60/0xb0
[ 1195.562767][T17139]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1195.562792][T17139] RIP: 0033:0x7fd1fe98e9a9
[ 1195.562814][T17139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1195.562836][T17139] RSP: 002b:00007fd1ff87e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1195.562863][T17139] RAX: ffffffffffffffda RBX: 00007fd1febb5fa0 RCX: 00007fd1fe98e9a9
[ 1195.562879][T17139] RDX: 0000000000000213 RSI: 0000200000001dc0 RDI: 0000000000000003
[ 1195.562896][T17139] RBP: 00007fd1ff87e090 R08: 0000000000000000 R09: 0000000000000000
[ 1195.562914][T17139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1195.562929][T17139] R13: 0000000000000000 R14: 00007fd1febb5fa0 R15: 00007fff3eeb4df8
[ 1195.562968][T17139]  </TASK>
[ 1195.567934][T15806] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1195.595171][   T24] usb 5-1: USB disconnect, device number 63
[ 1195.696901][T15806] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1195.993114][T17149] netlink: 'syz.4.3154': attribute type 1 has an invalid length.
[ 1196.120453][T15806] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1196.135388][T15806] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1196.157945][T15806] usb 4-1: Product: syz
[ 1196.182836][T15806] usb 4-1: Manufacturer: syz
[ 1196.200500][T15806] usb 4-1: SerialNumber: syz
[ 1196.262530][T15806] cdc_mbim 4-1:1.0: skipping garbage
[ 1196.298946][T17149] bond1: entered promiscuous mode
[ 1196.317812][T17149] bond1: entered allmulticast mode
[ 1196.341975][T17152] bridge1: entered promiscuous mode
[ 1196.355006][T17152] bridge1: entered allmulticast mode
[ 1196.368421][T17152] bond1: (slave bridge1): making interface the new active one
[ 1196.378067][T17152] bond1: (slave bridge1): Enslaving as an active interface with an up link
[ 1196.470067][T17134] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1196.775174][T17058] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1196.800033][T17058] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1196.817158][T16566] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[ 1196.818141][T17058] bridge_slave_0: entered allmulticast mode
[ 1196.872925][T17058] bridge_slave_0: entered promiscuous mode
[ 1196.881099][T15806] cdc_mbim 4-1:1.0: failed GET_NTB_PARAMETERS
[ 1196.893523][T15806] cdc_mbim 4-1:1.0: bind() failure
[ 1196.924268][T15806] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[ 1196.927874][T17058] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1196.947160][T15806] cdc_ncm 4-1:1.1: bind() failure
[ 1196.980008][T17058] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1197.001832][T17058] bridge_slave_1: entered allmulticast mode
[ 1197.002690][T15806] usb 4-1: USB disconnect, device number 70
[ 1197.029163][T16566] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1197.057014][T17058] bridge_slave_1: entered promiscuous mode
[ 1197.100670][T16566] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1197.129083][T16566] usb 5-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[ 1197.166193][T16566] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.209509][T16566] usb 5-1: config 0 descriptor??
[ 1197.309817][T17058] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1197.363280][T17058] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1197.648206][T17161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1197.771376][T17161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1198.148330][T16566] kye 0003:0458:0153.001E: unknown main item tag 0x3
[ 1198.157413][T17058] team0: Port device team_slave_0 added
[ 1198.200254][T16566] kye 0003:0458:0153.001E: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.4-1/input0
[ 1198.214787][T16928] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1198.312622][T17058] team0: Port device team_slave_1 added
[ 1198.417524][T17161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1198.426248][T17161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1198.657070][T17171] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3157'.
[ 1198.755080][T17174] x_tables: duplicate underflow at hook 2
[ 1198.793145][T16566] usb 5-1: USB disconnect, device number 64
[ 1199.024260][T16928] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1199.545817][T17058] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1199.579890][T17058] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1199.605808][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1199.645973][T17058] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1199.698087][T17058] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1199.741218][T17058] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1199.767216][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1199.922976][T17058] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1199.934679][T16928] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1199.988208][T16928] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1200.774073][T17188] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3160'.
[ 1200.917555][T17192] fuse: Bad value for 'fd'
[ 1200.975068][   T30] audit: type=1326 audit(1753866868.292:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17191 comm="syz.4.3161" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f562918e9a9 code=0x0
[ 1201.319098][T17058] hsr_slave_0: entered promiscuous mode
[ 1201.353037][T17058] hsr_slave_1: entered promiscuous mode
[ 1201.377482][T17058] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1201.385138][T17058] Cannot create hsr debugfs directory
[ 1201.387909][ T1215] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1201.558667][ T1215] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1201.582352][ T1215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1201.615142][ T1215] usb 4-1: config 0 descriptor??
[ 1201.835960][ T1215] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1202.039852][ T1215] [drm:udl_init] *ERROR* Selecting channel failed
[ 1202.158737][ T1215] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[ 1202.163649][T16928] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1202.197061][T15806] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[ 1202.205212][ T1215] [drm] Initialized udl on minor 2
[ 1202.225844][ T1215] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1202.253230][T16928] 8021q: adding VLAN 0 to HW filter on device team0
[ 1202.267517][ T1215] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1202.300516][ T5912] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1202.317236][ T1215] usb 4-1: USB disconnect, device number 71
[ 1202.331894][ T5912] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[ 1202.368717][T15806] usb 5-1: Using ep0 maxpacket: 32
[ 1202.389117][ T7217] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1202.396339][ T7217] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1202.437327][T15806] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[ 1202.450457][T15806] usb 5-1: config 0 has no interface number 0
[ 1202.485252][T15806] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1202.505630][T15806] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1202.527390][T15806] usb 5-1: Product: syz
[ 1202.531708][T15806] usb 5-1: Manufacturer: syz
[ 1202.543621][ T7217] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1202.550834][ T7217] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1202.586358][T15806] usb 5-1: SerialNumber: syz
[ 1202.609632][T15806] usb 5-1: config 0 descriptor??
[ 1202.633974][T15806] smsc95xx v2.0.0
[ 1202.672398][T17058] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1202.743920][T17058] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1202.792847][T17058] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1202.921975][T17058] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1203.066840][T17227] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3166'.
[ 1203.142900][T17211] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.266382][T17234] netlink: 'syz.1.3167': attribute type 30 has an invalid length.
[ 1203.911317][T17211] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1203.942330][T17245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1203.951474][T17245] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1203.973152][T15806] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[ 1204.262675][T17254] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3168'.
[ 1205.150516][T17211] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.544871][T17211] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.878196][T17058] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1206.954161][T17058] 8021q: adding VLAN 0 to HW filter on device team0
[ 1206.984175][ T7208] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1206.991459][ T7208] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1207.038153][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1207.045336][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1207.082486][T17276] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3173'.
[ 1207.260815][T17211] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1207.462950][T17211] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1207.545128][T16928] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1207.617862][T17211] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1207.678677][T16566] usb 2-1: new low-speed USB device number 61 using dummy_hcd
[ 1207.702177][T17211] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1207.869571][T15806] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[ 1207.889952][T16928] veth0_vlan: entered promiscuous mode
[ 1207.926494][T15806] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[ 1207.945916][T16928] veth1_vlan: entered promiscuous mode
[ 1207.953572][T16566] usb 2-1: descriptor type invalid, skip
[ 1207.959694][T16566] usb 2-1: No LPM exit latency info found, disabling LPM.
[ 1207.978456][T15806] usb 5-1: USB disconnect, device number 65
[ 1208.010426][T16566] usb 2-1: config 1 interface 0 altsetting 248 endpoint 0x82 is Bulk; changing to Interrupt
[ 1208.069704][T16566] usb 2-1: config 1 interface 0 altsetting 248 endpoint 0x3 is Bulk; changing to Interrupt
[ 1208.139914][T16566] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1208.152847][T16928] veth0_macvtap: entered promiscuous mode
[ 1208.189112][T16566] usb 2-1: string descriptor 0 read error: -22
[ 1208.212984][T16566] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1208.236340][T16928] veth1_macvtap: entered promiscuous mode
[ 1208.249630][T16566] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.320447][T17281] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1208.366867][T17281] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1208.383000][T16928] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1208.414460][T16566] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 1208.465307][T16928] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1208.549705][T16928] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.597224][T16928] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.661045][T16928] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1208.693963][T16928] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1209.117634][ T7208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1209.130257][ T7208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1209.228590][T17058] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1209.535820][   T24] hid-generic 0000:0000:0000.001F: unknown main item tag 0x0
[ 1209.597334][T11668] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1209.640146][   T24] hid-generic 0000:0000:0000.001F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1209.708984][T11668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1209.970488][T17314] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3179'.
[ 1210.738704][   T24] usb 2-1: USB disconnect, device number 61
[ 1211.286702][   T24] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1211.306803][ T6930] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[ 1211.404059][T17058] veth0_vlan: entered promiscuous mode
[ 1211.473298][T17058] veth1_vlan: entered promiscuous mode
[ 1211.487597][ T6930] usb 3-1: Using ep0 maxpacket: 32
[ 1211.487746][   T24] usb 2-1: Using ep0 maxpacket: 8
[ 1211.503157][ T6930] usb 3-1: config 0 has an invalid interface number: 182 but max is 0
[ 1211.513222][ T6930] usb 3-1: config 0 has no interface number 0
[ 1211.527585][ T6930] usb 3-1: config 0 interface 182 has no altsetting 0
[ 1211.538063][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1211.548055][ T6930] usb 3-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=2a.74
[ 1211.548084][ T6930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1211.548106][ T6930] usb 3-1: Product: syz
[ 1211.548123][ T6930] usb 3-1: Manufacturer: syz
[ 1211.548139][ T6930] usb 3-1: SerialNumber: syz
[ 1211.563432][ T6930] usb 3-1: config 0 descriptor??
[ 1211.610060][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[ 1211.639579][ T6930] gspca_main: spca500-2.14.0 probing 046d:0900
[ 1211.650489][T17058] veth0_macvtap: entered promiscuous mode
[ 1211.658800][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1211.707399][   T24] usb 2-1: config 0 descriptor??
[ 1211.713526][T17058] veth1_macvtap: entered promiscuous mode
[ 1211.791678][T17058] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1211.862423][T17058] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1211.909776][T17058] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1211.945968][T17058] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1211.976793][T17058] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1212.006752][T17058] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1212.160252][ T6930] gspca_spca500: reg write: error -32
[ 1212.180333][ T6930] gspca_spca500: reg write: error -32
[ 1212.198409][ T6930] gspca_spca500: reg write: error -32
[ 1212.216818][ T6930] gspca_spca500: reg write: error -32
[ 1212.232549][ T6930] gspca_spca500: reg write: error -32
[ 1212.258609][ T6930] gspca_spca500: reg write: error -32
[ 1212.294183][ T6930] gspca_spca500: reg write: error -32
[ 1212.323675][ T6930] gspca_spca500: reg write: error -32
[ 1212.342730][ T6930] gspca_spca500: reg write: error -32
[ 1212.360013][   T24] lenovo 0003:17EF:6062.0020: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.1-1/input0
[ 1212.410631][   T24] usb 2-1: USB disconnect, device number 62
[ 1213.010562][ T6930] gspca_spca500: reg write: error -32
[ 1213.057422][ T6930] gspca_spca500: reg write: error -32
[ 1213.067822][ T6930] gspca_spca500: reg write: error -32
[ 1213.128056][ T6930] gspca_spca500: reg write: error -32
[ 1213.165667][ T6930] gspca_spca500: reg write: error -32
[ 1213.202012][ T7219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.249960][ T7219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.345182][T17357] fido_id[17357]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1213.403359][ T7195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.448582][ T7195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.729996][T17372] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3188'.
[ 1213.898491][T17377] netlink: 88 bytes leftover after parsing attributes in process `syz.5.3130'.
[ 1214.287040][T17367] syzkaller0: entered promiscuous mode
[ 1214.292579][T17367] syzkaller0: entered allmulticast mode
[ 1214.466951][ T6930] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1214.666745][ T6930] usb 6-1: Using ep0 maxpacket: 32
[ 1214.680464][ T6930] usb 6-1: config 129 has an invalid interface number: 124 but max is 1
[ 1214.699212][ T6930] usb 6-1: config 129 contains an unexpected descriptor of type 0x2, skipping
[ 1214.719727][ T6930] usb 6-1: config 129 contains an unexpected descriptor of type 0x1, skipping
[ 1214.747983][ T6930] usb 6-1: config 129 has an invalid descriptor of length 70, skipping remainder of the config
[ 1214.756774][ T5911] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[ 1214.779572][ T6930] usb 6-1: config 129 has 1 interface, different from the descriptor's value: 2
[ 1214.797831][ T6930] usb 6-1: config 129 has no interface number 0
[ 1214.804302][ T6930] usb 6-1: config 129 interface 124 altsetting 13 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1214.828348][ T6930] usb 6-1: config 129 interface 124 has no altsetting 0
[ 1214.855556][ T6930] usb 6-1: New USB device found, idVendor=093a, idProduct=2600, bcdDevice=cb.1f
[ 1214.864935][ T6930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1214.880406][ T6930] usb 6-1: Product: 粳휬㏱ꢱ⪞뇰⠔헢妌諐頚ᩡ秘풑诣
[ 1214.888918][ T6930] usb 6-1: Manufacturer: 嫆❰뉻狽瓋欯铿₋荲䤓㕷똑廎藸治愌鋓㨷ਥ矺ꔮ斷텔釽硓҅ᵝ⢖—昙뭳阛륡Ƀ힢퉿ᗫ掾ס᪶錤꠮贺囃韺ꩣ圖垱᠂q࢐昙ਫ਼㍋ꎏ㢋僓७誮⢜Ꝕ콻틁꺆☔轭⽛肽吵欈⽺躌빲⑉贠⤹ᘕᒆ幄蛀笹⭂핊暯缓髂븓
[ 1214.918385][ T6930] usb 6-1: SerialNumber: 捧담Ꚏᴂᑖ혱䝰탴㥯疴됆⮰᪊蹪䅷燥걳狌ꬥ咦䶈방俔靖⋺엤緀愪쀰寗ꐔ管嘻툂刀⃈祁哅蜸䍱甏ᨿ欟嘟댊᪮鐃w줚僲퍺㢦쁙骯뉏꒯湜毤渗
[ 1214.946855][ T5911] usb 5-1: Using ep0 maxpacket: 16
[ 1214.967596][ T5911] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1215.008117][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1215.036980][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1215.067066][ T5911] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1215.096994][ T5911] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1215.123137][ T5911] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1215.147576][ T5911] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1215.176414][ T5911] usb 5-1: Manufacturer: syz
[ 1215.184523][ T6930] gspca_main: pac7311-2.14.0 probing 093a:2600
[ 1215.199585][ T6930] gspca_pac7311: reg_w() failed index 0xff, value 0x01, error -71
[ 1215.209082][ T5911] usb 5-1: config 0 descriptor??
[ 1215.251617][T16930] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1215.263117][T16930] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1215.272088][ T6930] pac7311 6-1:129.124: probe with driver pac7311 failed with error -71
[ 1215.272175][T16930] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1215.290281][T16930] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1215.299755][T16930] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1215.334233][ T6930] usb 6-1: USB disconnect, device number 2
[ 1215.588853][ T5911] rc_core: IR keymap rc-hauppauge not found
[ 1215.595028][ T5911] Registered IR keymap rc-empty
[ 1215.605305][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.649636][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.694581][ T5911] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[ 1215.752295][ T5911] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input59
[ 1215.814087][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.857693][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.878704][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.916967][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.946974][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1215.987362][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1216.026001][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1216.277754][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1216.306959][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1216.326960][ T5911] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[ 1217.068381][ T5911] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[ 1217.116865][ T5911] mceusb 5-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active)
[ 1217.147356][ T5911] usb 5-1: USB disconnect, device number 66
[ 1217.402244][ T5156] Bluetooth: hci2: command tx timeout
[ 1219.477042][ T5156] Bluetooth: hci2: command tx timeout
[ 1220.062956][T17382] lo speed is unknown, defaulting to 1000
[ 1221.412775][ T7195] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1221.456654][ T7195] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1221.576933][ T5156] Bluetooth: hci2: command tx timeout
[ 1221.932595][T17414] : entered promiscuous mode
[ 1223.058062][ T7195] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1223.125078][ T7195] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1223.637316][ T5156] Bluetooth: hci2: command tx timeout
[ 1223.815058][T17428] bridge_slave_0: default FDB implementation only supports local addresses
[ 1223.976297][ T7195] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1224.010988][ T7195] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.138849][T17382] chnl_net:caif_netlink_parms(): no params data found
[ 1224.232022][ T7195] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1224.232373][T17443] netlink: 596 bytes leftover after parsing attributes in process `syz.5.3208'.
[ 1224.265638][ T7195] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.277593][ T5911] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[ 1224.460930][ T5911] usb 5-1: config 0 has an invalid interface number: 93 but max is 0
[ 1224.476695][ T5911] usb 5-1: config 0 has no interface number 0
[ 1224.509525][ T5911] usb 5-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[ 1224.541079][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.595045][ T5911] usb 5-1: Product: syz
[ 1224.664832][ T5911] usb 5-1: Manufacturer: syz
[ 1224.669860][T17449] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1224.958539][T17382] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1225.025295][ T5911] usb 5-1: SerialNumber: syz
[ 1225.051180][T17382] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1225.104859][T17382] bridge_slave_0: entered allmulticast mode
[ 1225.112228][ T5911] usb 5-1: config 0 descriptor??
[ 1225.125694][T17382] bridge_slave_0: entered promiscuous mode
[ 1225.159618][T17382] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1225.186800][T17382] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1225.198400][T17382] bridge_slave_1: entered allmulticast mode
[ 1225.219361][T17382] bridge_slave_1: entered promiscuous mode
[ 1225.336192][ T5911] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[ 1225.383413][ T5911] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 1225.411739][ T5911] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 1225.431021][ T5911] usb 5-1: media controller created
[ 1225.449205][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1225.464249][T17382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1225.499122][T17382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1225.619153][ T5911] DVB: Unable to find symbol dib7000p_attach()
[ 1225.633978][ T5911] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[ 1225.641997][ T5156] Bluetooth: hci3: command 0x0406 tx timeout
[ 1225.682287][ T5911] dvb-usb: will use the device's hardware PID filter (table count: 32).
[ 1225.693829][T17382] team0: Port device team_slave_0 added
[ 1225.703481][ T5911] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[ 1225.775853][T17382] team0: Port device team_slave_1 added
[ 1225.807372][ T5911] usb 5-1: media controller created
[ 1225.815640][ T5911] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1225.918778][ T5911] dib0700: the master dib7090 has to be initialized first
[ 1225.932550][ T5911] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[ 1226.829101][ T7195] vlan3: left promiscuous mode
[ 1226.833973][ T7195] bridge0: left promiscuous mode
[ 1226.847049][ T7195] bridge1: port 1(vlan3) entered disabled state
[ 1227.096706][ T5911] rc_core: IR keymap rc-dib0700-rc5 not found
[ 1227.102912][ T5911] Registered IR keymap rc-empty
[ 1227.160741][ T5911] dvb-usb: could not initialize remote control.
[ 1227.364630][ T5911] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[ 1227.397006][ T5911] usb 5-1: USB disconnect, device number 67
[ 1228.251727][T17485] netlink: 88 bytes leftover after parsing attributes in process `syz.4.3216'.
[ 1228.324573][ T5911] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[ 1228.870178][ T5156] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1228.880586][ T5156] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1228.954993][ T5156] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1228.979697][ T5156] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1228.987962][ T5156] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1230.079264][T17507] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3221'.
[ 1230.211300][ T7195] bond1 (unregistering): (slave bridge2): Releasing backup interface
[ 1230.328529][ T7195] bond2 (unregistering): (slave bridge3): Releasing backup interface
[ 1230.444298][ T7195] team0: Port device bridge4 removed
[ 1230.537279][ T7195] bond3 (unregistering): (slave bridge5): Releasing backup interface
[ 1231.004260][ T7195] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1231.015034][ T7195] bond_slave_0: left promiscuous mode
[ 1231.033226][ T7195] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1231.051003][ T7195] bond_slave_1: left promiscuous mode
[ 1231.068629][ T7195] bond0 (unregistering): Released all slaves
[ 1231.096514][T16930] Bluetooth: hci6: command tx timeout
[ 1231.115418][ T7195] bond1 (unregistering): Released all slaves
[ 1231.139514][ T7195] bond2 (unregistering): Released all slaves
[ 1231.160108][ T7195] bond3 (unregistering): Released all slaves
[ 1231.184438][T17382] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1231.200473][T17382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1231.236516][T17382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1231.297148][T17500] openvswitch: : Dropping previously announced user features
[ 1231.330630][ T7195] : left promiscuous mode
[ 1231.452634][T17508] vlan2: entered allmulticast mode
[ 1231.515869][T17508] bridge0: entered allmulticast mode
[ 1231.563073][T17508] bridge2: port 1(vlan2) entered blocking state
[ 1231.586686][T17508] bridge2: port 1(vlan2) entered disabled state
[ 1231.610663][T17508] vlan2: entered promiscuous mode
[ 1231.626646][T17508] bridge0: entered promiscuous mode
[ 1231.669871][T17382] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1231.697729][T17382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1231.787107][T17382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1231.837422][ T7195] tipc: Left network mode
[ 1231.842647][T17517] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3223'.
[ 1232.164794][T17494] lo speed is unknown, defaulting to 1000
[ 1232.868790][T17527] netlink: 'syz.3.3226': attribute type 20 has an invalid length.
[ 1232.897191][T17524] wg2: entered promiscuous mode
[ 1232.902129][T17524] wg2: entered allmulticast mode
[ 1233.167941][T16930] Bluetooth: hci6: command tx timeout
[ 1233.435396][T17382] hsr_slave_0: entered promiscuous mode
[ 1233.477818][T17382] hsr_slave_1: entered promiscuous mode
[ 1233.526397][T17382] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1233.550920][T17382] Cannot create hsr debugfs directory
[ 1233.629111][T17532] dvmrp17: entered allmulticast mode
[ 1235.236892][T16930] Bluetooth: hci6: command tx timeout
[ 1236.370145][ T7195] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1236.406947][ T7195] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1236.447491][ T7195] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1236.456997][ T7195] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1236.808609][ T7195] veth1_macvtap: left promiscuous mode
[ 1236.849694][ T7195] veth0_macvtap: left promiscuous mode
[ 1237.601766][T16930] Bluetooth: hci6: command tx timeout
[ 1238.054244][T17559] kexec: Could not allocate control_code_buffer
[ 1238.964035][ T7195] pimreg3 (unregistering): left allmulticast mode
[ 1240.082344][ T7195] team0 (unregistering): Port device team_slave_1 removed
[ 1240.908928][T17561] gre1: entered allmulticast mode
[ 1240.956827][T17572] openvswitch: : Dropping previously announced user features
[ 1241.066707][T17586] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3237'.
[ 1241.322248][T16930] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[ 1241.576868][   T44] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1241.805396][   T44] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1241.866987][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1241.916882][   T44] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1241.925979][   T44] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1242.054768][   T44] usb 6-1: Manufacturer: syz
[ 1242.087872][   T44] usb 6-1: config 0 descriptor??
[ 1242.389797][T17494] chnl_net:caif_netlink_parms(): no params data found
[ 1242.802692][T17614] xt_TPROXY: Can be used only with -p tcp or -p udp
[ 1243.570537][T17620] tmpfs: Group quota inode hardlimit too large.
[ 1243.576935][   T44] rc_core: IR keymap rc-hauppauge not found
[ 1243.582904][   T44] Registered IR keymap rc-empty
[ 1243.618284][   T44] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[ 1243.621410][T17620] kvm: kvm [17617]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x10
[ 1243.697834][   T44] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input61
[ 1243.766730][ T1215] psmouse serio4: Failed to reset mouse on : -5
[ 1243.881325][    C1] igorplugusb 6-1:0.0: receive overflow, at least 30 lost
[ 1244.055493][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1244.092705][   T44] usb 6-1: USB disconnect, device number 3
[ 1244.813800][T17494] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1244.857178][T17494] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1244.864469][T17494] bridge_slave_0: entered allmulticast mode
[ 1244.938783][T17644] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1244.960115][T17494] bridge_slave_0: entered promiscuous mode
[ 1245.101478][T17652] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3248'.
[ 1245.273225][T17494] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1245.300968][T17494] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1245.327215][T17494] bridge_slave_1: entered allmulticast mode
[ 1245.355174][T17494] bridge_slave_1: entered promiscuous mode
[ 1245.548861][T17494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1245.597814][T17659] macsec1: entered promiscuous mode
[ 1245.603104][T17659] macsec1: entered allmulticast mode
[ 1245.657518][T17494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1246.131678][T17494] team0: Port device team_slave_0 added
[ 1246.892894][T17668] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3252'.
[ 1247.072977][T17494] team0: Port device team_slave_1 added
[ 1247.288086][T17494] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1247.305353][T17494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1247.331296][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1247.407198][T17494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1247.440956][T17494] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1247.462536][T17494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1247.526087][T17494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1247.657793][T17382] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1247.815141][T17689] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3258'.
[ 1247.849254][T17382] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1247.866696][T17689] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3258'.
[ 1247.875692][T17689] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3258'.
[ 1247.895390][T17382] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1248.068519][T17494] hsr_slave_0: entered promiscuous mode
[ 1248.105214][T17494] hsr_slave_1: entered promiscuous mode
[ 1248.143937][T17494] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1248.151655][T17494] Cannot create hsr debugfs directory
[ 1248.866376][ T1215] misc userio: Buffer overflowed, userio client isn't keeping up
[ 1248.927059][T17382] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1249.952024][ T1215] input: PS/2 Generic Mouse as /devices/serio4/input/input62
[ 1250.252129][T17382] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1250.316786][ T1215] psmouse serio4: Failed to enable mouse on 
[ 1250.381802][T17382] 8021q: adding VLAN 0 to HW filter on device team0
[ 1250.457652][  T967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1250.464974][  T967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1250.544331][T17494] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1250.594513][ T7219] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1250.601760][ T7219] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1250.668286][T17494] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1250.709998][T17494] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1250.779911][T17494] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1251.194008][T17494] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1251.597117][T17494] 8021q: adding VLAN 0 to HW filter on device team0
[ 1252.257504][  T967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1252.264666][  T967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1252.279157][  T967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1252.286369][  T967] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1252.430086][T17756] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3268'.
[ 1252.571761][T17764] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3269'.
[ 1252.719591][T17756] team0: Port device team_slave_0 removed
[ 1253.003384][T17382] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1253.374104][T17382] veth0_vlan: entered promiscuous mode
[ 1253.527363][T17780] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3270'.
[ 1254.351035][T17382] veth1_vlan: entered promiscuous mode
[ 1254.497174][T17382] veth0_macvtap: entered promiscuous mode
[ 1254.534586][T17382] veth1_macvtap: entered promiscuous mode
[ 1254.618284][T17382] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1254.994489][T17494] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1255.101622][T17382] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1255.152096][T17382] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1255.176646][T17382] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1255.185421][T17382] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1255.246859][T17382] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1256.178141][ T7195] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1256.247867][ T7195] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1256.341017][ T7195] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1256.353528][ T7195] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1257.298775][T17494] veth0_vlan: entered promiscuous mode
[ 1257.333808][T17494] veth1_vlan: entered promiscuous mode
[ 1257.402171][   T30] audit: type=1800 audit(1753866924.722:386): pid=17824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.3278" name="file0" dev="tmpfs" ino=217 res=0 errno=0
[ 1257.480427][T17494] veth0_macvtap: entered promiscuous mode
[ 1257.522085][T17832] netlink: 596 bytes leftover after parsing attributes in process `syz.1.3279'.
[ 1257.539947][T17494] veth1_macvtap: entered promiscuous mode
[ 1257.759534][T17494] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1257.814532][T17494] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1257.869604][T17494] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1257.897582][T17494] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1257.928622][T17494] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1257.964698][T17494] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1258.316544][T11668] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1258.354156][T11668] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1258.507614][T11668] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1258.551423][T11668] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1260.429829][T17857] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3284'.
[ 1261.548306][T17867] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3287'.
[ 1261.651366][T17870] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3288'.
[ 1261.673928][T17867] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1261.700741][T17870] vlan2: entered allmulticast mode
[ 1261.716209][T17870] bridge0: entered allmulticast mode
[ 1261.724502][T17870] bridge1: port 1(vlan2) entered blocking state
[ 1261.731246][T17870] bridge1: port 1(vlan2) entered disabled state
[ 1261.740278][T17870] vlan2: entered promiscuous mode
[ 1261.745665][T17870] bridge0: entered promiscuous mode
[ 1261.834275][T17867] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1261.878025][T17867] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1261.892056][T17873] netlink: 5128 bytes leftover after parsing attributes in process `syz.1.3289'.
[ 1261.906955][T17873] netlink: 5128 bytes leftover after parsing attributes in process `syz.1.3289'.
[ 1261.934851][T17873] netlink: 584 bytes leftover after parsing attributes in process `syz.1.3289'.
[ 1261.949253][T17867] bond2: (slave vxcan3): Error -95 calling set_mac_address
[ 1261.969418][T17876] fuse: Bad value for 'fd'
[ 1261.975632][   T30] audit: type=1326 audit(1753866929.292:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17875 comm="syz.5.3290" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7bd278e9a9 code=0x0
[ 1262.064653][T17871] macvlan2: entered promiscuous mode
[ 1262.070442][T17871] macvlan2: entered allmulticast mode
[ 1262.076342][T17871] bond2: (slave macvlan2): Error -98 calling set_mac_address
[ 1262.084828][T17878] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3290'.
[ 1262.104586][T17878] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3290'.
[ 1262.276914][ T6930] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1262.448109][ T6930] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1262.466594][ T6930] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1262.487730][ T6930] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1262.506594][ T6930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1262.515766][ T6930] usb 2-1: SerialNumber: syz
[ 1262.750798][T17873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1262.762707][T17873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1262.844983][ T6930] usb 2-1: 0:2 : does not exist
[ 1262.889616][ T6930] usb 2-1: unit 255 not found!
[ 1262.921425][ T6930] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1262.978915][ T6930] usb 2-1: USB disconnect, device number 63
[ 1263.080925][T13728] udevd[13728]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1263.346716][T12347] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1263.376861][ T6930] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 1263.506893][T12347] usb 6-1: Using ep0 maxpacket: 8
[ 1263.513628][T12347] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1263.536635][T12347] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.550050][ T6930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1263.557803][T12347] usb 6-1: config 0 descriptor??
[ 1263.606437][ T6930] usb 2-1: config 0 has no interfaces?
[ 1263.614845][ T6930] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1263.632335][ T6930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1263.646270][ T6930] usb 2-1: Product: syz
[ 1263.661546][ T6930] usb 2-1: Manufacturer: syz
[ 1263.672080][ T6930] usb 2-1: SerialNumber: syz
[ 1263.690337][ T6930] usb 2-1: config 0 descriptor??
[ 1263.956091][T12347] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[ 1266.644359][T17905] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3298'.
[ 1266.734032][T16930] Bluetooth: hci0: command 0x0406 tx timeout
[ 1267.147511][ T5912] usb 2-1: USB disconnect, device number 64
[ 1267.627957][T12347] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1267.676818][T12347] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[ 1267.722036][T12347] asix 6-1:0.0: probe with driver asix failed with error -71
[ 1267.747534][T12347] usb 6-1: USB disconnect, device number 4
[ 1268.187140][T17920] openvswitch: netlink: IP tunnel dst address not specified
[ 1270.167925][T16930] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1270.191623][T16930] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1270.201766][T16930] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1270.217032][T16930] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1270.237264][T16930] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1270.404039][T17942] netlink: 596 bytes leftover after parsing attributes in process `syz.6.3307'.
[ 1270.499672][T17936] lo speed is unknown, defaulting to 1000
[ 1272.276794][T16930] Bluetooth: hci7: command tx timeout
[ 1273.785540][T17936] chnl_net:caif_netlink_parms(): no params data found
[ 1274.088692][T17981] netlink: 596 bytes leftover after parsing attributes in process `syz.5.3319'.
[ 1274.366741][T12347] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[ 1274.373603][T16930] Bluetooth: hci7: command tx timeout
[ 1274.546094][T12347] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1274.574474][T17991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3321'.
[ 1274.669984][T12347] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1274.731087][T12347] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1274.749105][T12347] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1274.787014][T12347] usb 5-1: SerialNumber: syz
[ 1274.805415][T17990] FAULT_INJECTION: forcing a failure.
[ 1274.805415][T17990] name failslab, interval 1, probability 0, space 0, times 0
[ 1274.856931][T17990] CPU: 1 UID: 0 PID: 17990 Comm: syz.1.3321 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1274.856958][T17990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1274.856970][T17990] Call Trace:
[ 1274.856979][T17990]  <TASK>
[ 1274.856988][T17990]  dump_stack_lvl+0x189/0x250
[ 1274.857015][T17990]  ? __pfx____ratelimit+0x10/0x10
[ 1274.857039][T17990]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1274.857061][T17990]  ? __pfx__printk+0x10/0x10
[ 1274.857109][T17990]  ? __pfx___might_resched+0x10/0x10
[ 1274.857131][T17990]  ? fs_reclaim_acquire+0x7d/0x100
[ 1274.857167][T17990]  should_fail_ex+0x414/0x560
[ 1274.857190][T17990]  should_failslab+0xa8/0x100
[ 1274.857207][T17990]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1274.857222][T17990]  ? bpf_xdp_link_attach+0x168/0x8c0
[ 1274.857240][T17990]  bpf_xdp_link_attach+0x168/0x8c0
[ 1274.857259][T17990]  ? __lock_acquire+0xab9/0xd20
[ 1274.857278][T17990]  ? __pfx_bpf_xdp_link_attach+0x10/0x10
[ 1274.857305][T17990]  ? __fget_files+0x3a0/0x420
[ 1274.857320][T17990]  ? __fget_files+0x2a/0x420
[ 1274.857338][T17990]  ? attach_type_to_prog_type+0x40a/0x470
[ 1274.857353][T17990]  ? bpf_prog_attach_check_attach_type+0x39c/0x540
[ 1274.857372][T17990]  link_create+0x4b6/0x7e0
[ 1274.857390][T17990]  __sys_bpf+0x599/0x860
[ 1274.857413][T17990]  ? __pfx___sys_bpf+0x10/0x10
[ 1274.857446][T17990]  ? irqentry_exit+0x74/0x90
[ 1274.857470][T17990]  __x64_sys_bpf+0x7c/0x90
[ 1274.857489][T17990]  do_syscall_64+0xfa/0x3b0
[ 1274.857508][T17990]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1274.857523][T17990]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1274.857538][T17990]  ? clear_bhb_loop+0x60/0xb0
[ 1274.857555][T17990]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1274.857569][T17990] RIP: 0033:0x7f33aab8e9a9
[ 1274.857583][T17990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1274.857596][T17990] RSP: 002b:00007f33aba58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1274.857612][T17990] RAX: ffffffffffffffda RBX: 00007f33aadb6080 RCX: 00007f33aab8e9a9
[ 1274.857623][T17990] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: 000000000000001c
[ 1274.857633][T17990] RBP: 00007f33aba58090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.857642][T17990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1274.857651][T17990] R13: 0000000000000000 R14: 00007f33aadb6080 R15: 00007ffef3d62648
[ 1274.857672][T17990]  </TASK>
[ 1275.068448][T17997] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3322'.
[ 1275.136172][T12347] usb 5-1: 0:2 : does not exist
[ 1275.209752][T12347] usb 5-1: USB disconnect, device number 68
[ 1275.355102][T13728] udevd[13728]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1275.386715][T17590] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1275.422876][T17991] team0: Port device team_slave_0 removed
[ 1275.465078][T17936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1275.476783][T17936] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1275.494504][T17936] bridge_slave_0: entered allmulticast mode
[ 1275.534877][T17936] bridge_slave_0: entered promiscuous mode
[ 1275.539111][T17590] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1275.609843][T17590] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1275.645225][T17936] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1275.664473][T17590] usb 6-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[ 1275.686800][T17936] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1275.694156][T17936] bridge_slave_1: entered allmulticast mode
[ 1275.705480][T17590] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1275.744621][T17590] usb 6-1: config 0 descriptor??
[ 1275.755172][T17936] bridge_slave_1: entered promiscuous mode
[ 1275.800535][T18005] netlink: 88 bytes leftover after parsing attributes in process `syz.1.3324'.
[ 1275.888287][T17936] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1275.902141][T17936] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1275.961208][T18007] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3325'.
[ 1276.041042][T18008] vlan2: entered allmulticast mode
[ 1276.046299][T18008] bridge0: entered allmulticast mode
[ 1276.085273][T17936] team0: Port device team_slave_0 added
[ 1276.106536][T17936] team0: Port device team_slave_1 added
[ 1276.275017][T17590] hid_mf 0003:0079:1846.0021: hidraw0: USB HID v0.00 Device [HID 0079:1846] on usb-dummy_hcd.5-1/input0
[ 1276.318489][T17590] hid_mf 0003:0079:1846.0021: Force feedback for HJZ Mayflash game controller adapters by Marcel Hasler <mahasler@gmail.com>
[ 1276.334898][T17936] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1276.361799][T17936] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1276.488822][T17936] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1276.526987][T16930] Bluetooth: hci7: command tx timeout
[ 1276.542913][T17936] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1276.568896][T17590] usb 6-1: USB disconnect, device number 5
[ 1276.588108][T17936] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1277.254407][T17936] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1277.332479][T18013] fido_id[18013]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1278.192894][T18027] netlink: 'syz.4.3331': attribute type 21 has an invalid length.
[ 1278.556816][   T44] usb 5-1: new low-speed USB device number 69 using dummy_hcd
[ 1278.597991][T16930] Bluetooth: hci7: command tx timeout
[ 1278.778847][T18034] ip6t_srh: unknown srh match flags  4000
[ 1278.825323][T18027] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3331'.
[ 1278.908435][T17936] hsr_slave_0: entered promiscuous mode
[ 1278.936448][T17936] hsr_slave_1: entered promiscuous mode
[ 1278.946686][   T44] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1278.957882][   T44] usb 5-1: config 2 has an invalid interface number: 86 but max is 0
[ 1278.978935][T17936] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1278.995853][   T44] usb 5-1: config 2 has no interface number 0
[ 1279.007224][T17936] Cannot create hsr debugfs directory
[ 1279.021048][   T44] usb 5-1: config 2 interface 86 has no altsetting 0
[ 1281.240389][   T44] usb 5-1: New USB device found, idVendor=0421, idProduct=82e3, bcdDevice=4a.cb
[ 1281.372071][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1281.465388][   T44] usb 5-1: can't set config #2, error -71
[ 1281.484924][T18058] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3341'.
[ 1281.507335][   T44] usb 5-1: USB disconnect, device number 69
[ 1281.545118][T17936] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1281.658326][T17936] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1281.725572][T17936] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1281.810020][T17936] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1282.406243][T18080] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1282.412769][T18080] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1282.499388][T18080] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1282.505836][T18080] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1282.526853][T18080] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1282.533386][T18080] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1282.736004][T18080] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1282.742775][T18080] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1282.847711][T18080] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[ 1282.854215][T18080] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[ 1282.894491][T17936] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1283.090142][T17936] 8021q: adding VLAN 0 to HW filter on device team0
[ 1283.175424][  T967] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1283.182705][  T967] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1283.270696][  T967] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1283.277956][  T967] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1285.066764][T17590] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1285.486696][T17590] usb 5-1: Using ep0 maxpacket: 16
[ 1285.585577][T17590] usb 5-1: config 0 has an invalid interface number: 226 but max is 0
[ 1285.837283][T17590] usb 5-1: config 0 has no interface number 0
[ 1285.847155][T17590] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1285.867243][T17590] usb 5-1: config 0 interface 226 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1285.877847][T17590] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[ 1287.879020][T17590] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1287.960484][T17590] usb 5-1: config 0 descriptor??
[ 1288.030569][T17590] usb 5-1: can't set config #0, error -71
[ 1288.080980][T17590] usb 5-1: USB disconnect, device number 70
[ 1288.951407][T17936] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1290.330859][T17936] veth0_vlan: entered promiscuous mode
[ 1290.372390][T17936] veth1_vlan: entered promiscuous mode
[ 1290.386794][ T5924] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1290.449323][T17936] veth0_macvtap: entered promiscuous mode
[ 1290.470232][T17936] veth1_macvtap: entered promiscuous mode
[ 1290.523596][T17936] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1290.553026][T17936] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1290.568312][ T5924] usb 6-1: Using ep0 maxpacket: 32
[ 1290.581715][T17936] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.594181][ T5924] usb 6-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[ 1290.611128][T17936] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.620394][ T5924] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.635044][T17936] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.646737][ T5924] usb 6-1: Product: syz
[ 1290.650967][ T5924] usb 6-1: Manufacturer: syz
[ 1290.655616][ T5924] usb 6-1: SerialNumber: syz
[ 1290.665464][T17936] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1290.676472][ T5924] usb 6-1: config 0 descriptor??
[ 1290.718474][ T5924] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[ 1290.910641][ T7219] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1290.946897][ T7219] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1290.994952][ T7217] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1291.015511][ T7217] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1291.233982][ T5924] gspca_topro: reg_w err -110
[ 1291.280975][ T5924] gspca_topro: Sensor soi763a
[ 1291.286115][ T5924] videodev: could not get a free minor
[ 1291.343451][ T5924] gspca_main: video_register_device err -23
[ 1291.398062][ T5924] gspca_topro 6-1:0.0: probe with driver gspca_topro failed with error -23
[ 1291.987393][ T5924] usb 6-1: USB disconnect, device number 6
[ 1292.203123][ T5156] Bluetooth: hci1: command 0x0406 tx timeout
[ 1305.479987][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1312.684861][T16930] Bluetooth: hci5: command 0x0406 tx timeout
[ 1338.277176][ T5156] Bluetooth: hci2: command 0x0406 tx timeout
[ 1353.645122][T18191] Bluetooth: hci6: command 0x0406 tx timeout
[ 1354.757123][   T31] INFO: task syz.2.3089:17326 blocked for more than 143 seconds.
[ 1354.764937][   T31]       Not tainted 6.16.0-syzkaller #0
[ 1354.789333][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1354.807354][   T31] task:syz.2.3089      state:D stack:28328 pid:17326 tgid:17325 ppid:16928  task_flags:0x400140 flags:0x00004004
[ 1354.833876][   T31] Call Trace:
[ 1354.846660][   T31]  <TASK>
[ 1354.849700][   T31]  __schedule+0x16aa/0x4c90
[ 1354.854447][   T31]  ? __lock_acquire+0x9c1/0xd20
[ 1354.860099][   T31]  ? schedule+0x165/0x360
[ 1354.864566][   T31]  ? __pfx___schedule+0x10/0x10
[ 1354.870085][   T31]  ? schedule+0x91/0x360
[ 1354.874456][   T31]  schedule+0x165/0x360
[ 1354.879152][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1354.884713][   T31]  __mutex_lock+0x724/0xe80
[ 1354.890185][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1354.894983][   T31]  ? comedi_device_attach+0xc6/0x670
[ 1354.900805][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1354.905970][   T31]  comedi_device_attach+0xc6/0x670
[ 1354.913479][   T31]  comedi_unlocked_ioctl+0x686/0xfc0
[ 1354.919562][   T31]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1354.925535][   T31]  ? __pfx_smack_log+0x10/0x10
[ 1354.930876][   T31]  ? smk_access+0x14c/0x4e0
[ 1354.935480][   T31]  ? smk_tskacc+0x2fc/0x370
[ 1354.940554][   T31]  ? smack_file_ioctl+0x24a/0x340
[ 1354.945692][   T31]  ? __pfx_smack_file_ioctl+0x10/0x10
[ 1354.951598][   T31]  ? __fget_files+0x2a/0x420
[ 1354.956291][   T31]  ? __fget_files+0x3a0/0x420
[ 1354.961411][   T31]  ? __fget_files+0x2a/0x420
[ 1354.966109][   T31]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1354.971909][   T31]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1354.978165][   T31]  __se_sys_ioctl+0xfc/0x170
[ 1354.982855][   T31]  do_syscall_64+0xfa/0x3b0
[ 1354.987948][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.993299][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1355.008252][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1355.015265][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1355.025400][   T31] RIP: 0033:0x7fc99898e9a9
[ 1355.029965][   T31] RSP: 002b:00007fc9997b2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1355.038539][   T31] RAX: ffffffffffffffda RBX: 00007fc998bb5fa0 RCX: 00007fc99898e9a9
[ 1355.046596][   T31] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003
[ 1355.054623][   T31] RBP: 00007fc998a10d69 R08: 0000000000000000 R09: 0000000000000000
[ 1355.062727][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1355.070799][   T31] R13: 0000000000000000 R14: 00007fc998bb5fa0 R15: 00007fff0030ddd8
[ 1355.079300][   T31]  </TASK>
[ 1355.082439][   T31] 
[ 1355.082439][   T31] Showing all locks held in the system:
[ 1355.090313][   T31] 1 lock held by khungtaskd/31:
[ 1355.095201][   T31]  #0: ffffffff8e13f0e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1355.106443][   T31] 2 locks held by getty/5597:
[ 1355.116341][   T31]  #0: ffff8880353020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1355.128051][   T31]  #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1355.142884][   T31] 2 locks held by syz.0.3098/16925:
[ 1355.148332][   T31] 2 locks held by syz.2.3089/17326:
[ 1355.153548][   T31]  #0: ffff88814c6380f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_unlocked_ioctl+0x138/0xfc0
[ 1355.164378][   T31]  #1: ffffffff8f3c13a8 (comedi_drivers_list_lock){+.+.}-{4:4}, at: comedi_device_attach+0xc6/0x670
[ 1355.175542][   T31] 3 locks held by kworker/u8:4/17601:
[ 1355.181230][   T31] 1 lock held by syz.3.3266/17732:
[ 1355.186384][   T31]  #0: ffff88814c6380f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xc0/0x590
[ 1355.195903][   T31] 1 lock held by syz.7.3297/18161:
[ 1355.201372][   T31]  #0: ffff88814c6380f8 (&dev->mutex#4){+.+.}-{4:4}, at: comedi_open+0xc0/0x590
[ 1355.226739][   T31] 
[ 1355.229120][   T31] =============================================
[ 1355.229120][   T31] 
[ 1355.256574][   T31] NMI backtrace for cpu 1
[ 1355.256594][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1355.256620][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1355.256635][   T31] Call Trace:
[ 1355.256645][   T31]  <TASK>
[ 1355.256656][   T31]  dump_stack_lvl+0x189/0x250
[ 1355.256685][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1355.256719][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1355.256744][   T31]  ? __pfx__printk+0x10/0x10
[ 1355.256787][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1355.256826][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1355.256855][   T31]  ? _printk+0xcf/0x120
[ 1355.256906][   T31]  ? __pfx__printk+0x10/0x10
[ 1355.256939][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1355.256979][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1355.257019][   T31]  watchdog+0xfee/0x1030
[ 1355.257053][   T31]  ? watchdog+0x1de/0x1030
[ 1355.257097][   T31]  kthread+0x70e/0x8a0
[ 1355.257133][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1355.257166][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.257199][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.257221][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1355.257244][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.257283][   T31]  ret_from_fork+0x3fc/0x770
[ 1355.257310][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1355.257340][   T31]  ? __switch_to_asm+0x39/0x70
[ 1355.257368][   T31]  ? __switch_to_asm+0x33/0x70
[ 1355.257394][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.257427][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1355.257475][   T31]  </TASK>
[ 1355.257484][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1355.417499][    C0] NMI backtrace for cpu 0
[ 1355.417514][    C0] CPU: 0 UID: 0 PID: 5195 Comm: klogd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1355.417534][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1355.417545][    C0] RIP: 0010:vsnprintf+0x359/0xf00
[ 1355.417574][    C0] Code: 00 00 41 c6 45 00 25 e9 7a 04 00 00 48 89 eb 4c 29 fb 4c 63 e3 4c 3b 6c 24 20 0f 83 e3 01 00 00 e8 4c 7b 5d f6 4c 89 74 24 08 <4c> 8b 74 24 20 4d 29 ee 4c 89 e7 4c 89 f6 e8 94 7d 5d f6 4d 39 f4
[ 1355.417589][    C0] RSP: 0018:ffffc900030f77f0 EFLAGS: 00000293
[ 1355.417605][    C0] RAX: ffffffff8b62aa74 RBX: 0000000000000001 RCX: ffff888068450000
[ 1355.417617][    C0] RDX: 0000000000000000 RSI: ffffffff8f87bee0 RDI: 0000000000000000
[ 1355.417629][    C0] RBP: ffffffff8b8b8926 R08: ffff888068450000 R09: 0000000000000008
[ 1355.417641][    C0] R10: 0000000000000007 R11: 0000000000000000 R12: 0000000000000001
[ 1355.417651][    C0] R13: ffffc900030f7ac9 R14: 0000000000000800 R15: ffffffff8b8b8925
[ 1355.417663][    C0] FS:  00007f88be000c80(0000) GS:ffff888125c57000(0000) knlGS:0000000000000000
[ 1355.417678][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1355.417690][    C0] CR2: 000055fabce7d538 CR3: 00000000336b0000 CR4: 00000000003526f0
[ 1355.417704][    C0] Call Trace:
[ 1355.417711][    C0]  <TASK>
[ 1355.417726][    C0]  sprintf+0xd9/0x120
[ 1355.417754][    C0]  ? __pfx_sprintf+0x10/0x10
[ 1355.417778][    C0]  ? desc_read+0x208/0x3f0
[ 1355.417801][    C0]  info_print_prefix+0x155/0x310
[ 1355.417828][    C0]  ? __pfx_info_print_prefix+0x10/0x10
[ 1355.417851][    C0]  ? _prb_read_valid+0xa7b/0xa90
[ 1355.417875][    C0]  record_print_text+0x154/0x430
[ 1355.417900][    C0]  ? __pfx__prb_read_valid+0x10/0x10
[ 1355.417919][    C0]  ? __pfx_record_print_text+0x10/0x10
[ 1355.417953][    C0]  ? __kasan_kmalloc+0x93/0xb0
[ 1355.417991][    C0]  syslog_print+0x34f/0x590
[ 1355.418011][    C0]  ? __pfx_syslog_print+0x10/0x10
[ 1355.418050][    C0]  ? smack_privileged_cred+0xb7/0x380
[ 1355.418084][    C0]  ? smack_privileged_cred+0xb7/0x380
[ 1355.418112][    C0]  ? smack_privileged_cred+0xb7/0x380
[ 1355.418139][    C0]  ? smack_privileged_cred+0xb7/0x380
[ 1355.418169][    C0]  ? smack_privileged_cred+0x33d/0x380
[ 1355.418200][    C0]  ? smack_syslog+0x96/0xf0
[ 1355.418247][    C0]  do_syslog+0x544/0x760
[ 1355.418271][    C0]  ? __pfx_do_syslog+0x10/0x10
[ 1355.418294][    C0]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 1355.418329][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1355.418357][    C0]  __x64_sys_syslog+0x7c/0x90
[ 1355.418382][    C0]  do_syscall_64+0xfa/0x3b0
[ 1355.418406][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1355.418428][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1355.418449][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1355.418473][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1355.418502][    C0] RIP: 0033:0x7f88be1caa37
[ 1355.418520][    C0] Code: 73 01 c3 48 8b 0d c1 f3 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 91 f3 0c 00 f7 d8 64 89 01 48
[ 1355.418538][    C0] RSP: 002b:00007fff1ff410c8 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
[ 1355.418560][    C0] RAX: ffffffffffffffda RBX: 00007f88be36a490 RCX: 00007f88be1caa37
[ 1355.418576][    C0] RDX: 00000000000003ff RSI: 00007f88be36a490 RDI: 0000000000000002
[ 1355.418591][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1355.418603][    C0] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f88be36a490
[ 1355.418617][    C0] R13: 00007f88be347dfe R14: 00007f88be36a865 R15: 00007f88be36a865
[ 1355.418645][    C0]  </TASK>
[ 1355.421296][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1355.768175][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1355.777907][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1355.787971][   T31] Call Trace:
[ 1355.791287][   T31]  <TASK>
[ 1355.794229][   T31]  dump_stack_lvl+0x99/0x250
[ 1355.798832][   T31]  ? __asan_memcpy+0x40/0x70
[ 1355.803441][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1355.808657][   T31]  ? __pfx__printk+0x10/0x10
[ 1355.813265][   T31]  panic+0x2db/0x790
[ 1355.817198][   T31]  ? __pfx_panic+0x10/0x10
[ 1355.821639][   T31]  ? __pfx_delay_tsc+0x10/0x10
[ 1355.826414][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1355.832273][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1355.837686][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1355.843855][   T31]  watchdog+0x102d/0x1030
[ 1355.848199][   T31]  ? watchdog+0x1de/0x1030
[ 1355.852634][   T31]  kthread+0x70e/0x8a0
[ 1355.856721][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1355.861406][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.866006][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.871211][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1355.876507][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.881118][   T31]  ret_from_fork+0x3fc/0x770
[ 1355.885722][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1355.890865][   T31]  ? __switch_to_asm+0x39/0x70
[ 1355.895639][   T31]  ? __switch_to_asm+0x33/0x70
[ 1355.900411][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.905013][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1355.909796][   T31]  </TASK>
[ 1355.913213][   T31] Kernel Offset: disabled
[ 1355.917543][   T31] Rebooting in 86400 seconds..