last executing test programs:

20.410982165s ago: executing program 3 (id=6):
r0 = syz_io_uring_setup(0x98, &(0x7f0000000140)={0x0, 0xffffffff, 0x0, 0x3}, &(0x7f0000000240)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)={0x24102, 0x0, 0x1}, &(0x7f0000000500)='./file0\x00', 0x18})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500), 0x101, 0x0)
io_uring_enter(r0, 0x47f6, 0xbacc, 0x0, 0x0, 0x0)

19.447045926s ago: executing program 3 (id=8):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, 0x0})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
add_key$user(0x0, 0x0, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffb)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SCROLLCONSOLE(r4, 0x541c, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000002280)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11, 0x1, 0x0, 0x7}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r6 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$IMADDTIMER(r6, 0x80044940, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r4, 0x80089419, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffdd5}, 0x94)
r7 = syz_open_dev$vim2m(&(0x7f0000000240), 0x41d3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
preadv(r8, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/191, 0xbf}], 0x1, 0x55, 0xfffffffc)
ioctl$vim2m_VIDIOC_STREAMOFF(r7, 0x40045612, &(0x7f0000000000)=0x1)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e23, 0x3, 'sed\x00', 0x10, 0x60000000, 0xc}, {@empty, 0x4e21, 0x12002, 0xf, 0xe1b2, 0x10001}}, 0x44)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000300)=ANY=[@ANYBLOB="94000000100003042dbd7000fdffff00000003", @ANYRES32=0x0, @ANYBLOB="0800000000b10000680012800b0001006272696467650000580002800a001400bbbbbbbbbbbb00000c001f00020000000000000005002900010000000800020009000000050017000000000005002600000000000c002300010000000000000008000400050000000800030023000000080040", @ANYRES32], 0x94}}, 0x0)

15.328268308s ago: executing program 1 (id=21):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet(r2, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000206030000000000000000000000000005000100070000000900020073797a320000000014000780080013400006000008001240000020000500050002000000050004000000000015000300686173683a6970"], 0x64}}, 0x840)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000580)={0x2, 0x0, 0x6, 0xffffffff}, 0x10)
sendto$inet6(r2, &(0x7f0000000200)='x', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000005c0)={0x0, 0x2, 0x47a}, 0x39)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000240)={0x0, 0x2}, 0x8)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
socket$packet(0x11, 0x2, 0x300)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r4, &(0x7f0000003040)={@val={0x8, 0x800}, @val={0x0, 0x3, 0x0, 0x1}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x89, 0x0, @rand_addr, @multicast2=0xe0000001}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r6, &(0x7f0000001d80)='.\x00', 0x8000, &(0x7f0000001dc0)={0xb, 0x0, 0x80000}, 0x20)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESOCT=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

14.24313932s ago: executing program 1 (id=26):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x28, 0x8, 0x6, 0x5, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x4001800}, 0x10004)

13.615383934s ago: executing program 1 (id=29):
unshare(0x24060400)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0xf, 0x8, 0x80, 0x1, 0x1, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x8, 0x10, 0x80000000, 0xfffffffe, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x9, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0x2, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x20403, 0x200006, 0x4, 0xff, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e2, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x8200, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x80004, 0x3, 0x51, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0xb, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x4, 0x6d01, 0x2, 0x38, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x8, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x2, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x2, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x3, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40008, 0xaf, 0x5, 0x6, 0x7, 0x2, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0xd7, 0x201, 0xffff3441, 0x4]}, 0x45c)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

12.992057601s ago: executing program 1 (id=31):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e21, 0xc, @loopback, 0x100009}, 0x1c)
setsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, 0x0)

12.131177143s ago: executing program 1 (id=36):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0xdb4, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000040)=0x8, 0x4)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
set_mempolicy(0x6, &(0x7f0000000180)=0x472, 0x9)
gettid()
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
userfaultfd(0x1)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x110e, &(0x7f00000003c0)={0x0, 0xfc1e, 0x2, 0x1}, &(0x7f00000001c0), 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

10.656961498s ago: executing program 3 (id=41):
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000340), 0xf2, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r0, r0, r0}, &(0x7f0000000140)=""/42, 0x2a, &(0x7f0000000100)={&(0x7f0000000080)={'xxhash64\x00'}})

9.21692278s ago: executing program 3 (id=47):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0xe5c, 0x80000)
r3 = eventfd2(0x4001, 0x800)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3})
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x1})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x5, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x2, 0x3d, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x35, 0xe, 0x4, 0x1, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x1, 0x1, 0x40001, 0x0, 0xc12, 0x1, 0xbde], 0x1000, 0x3d4316})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

8.748194432s ago: executing program 2 (id=48):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa, 0xffe0}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0x6, 0x7}}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24000001)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

8.474342576s ago: executing program 3 (id=49):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

7.985251996s ago: executing program 0 (id=51):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {0xa}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0)

7.848698712s ago: executing program 2 (id=53):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x5, 0x0, 0x0, &(0x7f0000000240)="4322ac76fd27aab4021884b143b524abf04d5144385fac73f1fd293ceede6a10020901cbeb9c657ac9f5fdd4181fbf3bdf063a842386ef075ed60e44a4e1e2df7e5ccb5c1e6d341e00b86a558cec58aa7ecf7be80d4b6ea9997b1a1640b7a7ff0f3af4ce45cb341ba0e8517b860eaafe303969f489f37f15d6f08f85946a28b11f69568982658fcb51e173a3d58c5798e93ca57cc66582e3fc8c14f16ba668802711f74523423108d8afcdbc47e6a8f09b94765fb5f044a6498e18f862a0fb22be25dc8f5990fda697247ba6ba8b87a59e6001fad9eac432e974bab662106f20f7b0a2f16303beb597c48576bb05a9f3bba4991e534542515dade470099ec3317b1ab3a7894d7f6295fe0625f9a47b52f2d74808e680d78ad21b4946fcb2b7b2e4a3e3e68fe92c9e68ba574bd67ea75241553c6d9e56cba6a0bfe71c9cebee", 0x13f, 0x8000})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="000086dd0001110004000000a60c6eec00be00442f2ffe80"], 0xfdef)

7.774291525s ago: executing program 3 (id=54):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x17, 0x5, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="52010000cf8bed20d90f25004029000000010902120001000000000904000000cafb1a00"], 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0x8, 0xfffc}, 0x8)
fsopen(&(0x7f0000000180)='debugfs\x00', 0x1)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)}, &(0x7f0000000140)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r5 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
r6 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r6, &(0x7f0000001200)=[{{&(0x7f0000000280)={0x2, 0x4e20, @private=0xa010101}, 0x10, &(0x7f0000000980)=[{&(0x7f0000000200)="9c", 0x1}], 0x1}}, {{&(0x7f0000000880)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f0000000900)=[{&(0x7f00000008c0)="77041959dda0", 0x6}], 0x1}}], 0x2, 0x8080)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xc, &(0x7f0000000040)=@assoc_value={<r7=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f0000000180)={r7, 0x9}, 0xc)
pwritev(r5, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5)
sendfile(r4, r4, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x9]})
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r4)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000001780)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="001501000000c3af5114dbe23279eec68d3d7df3ae3e2f79e6df51c8362a814ee4b4d086248f8074ff9205109c68db646f01c46359b090ea31938043b552306cb17c35c4d17818ab4a63bb18a7b36f429e029530a4ccfffc46d8846bbabbc80750fbd83dff8cbb9a9118cde140d94e7b1fdd41e64209cc75f8618990684647e0b466bf7f4e1c69bbf3028c996002e0968f15ddb58a620dd6645a26fee1799e151e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f0000002580)={0x0})
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00006dbffc), 0x4)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)

7.479397629s ago: executing program 0 (id=55):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x60004, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETLINK(r0, 0x400454cc, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x7101})

7.43112415s ago: executing program 4 (id=56):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x8, 0x7fff7ffc}]})
getresgid(&(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0))

6.66066037s ago: executing program 4 (id=57):
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1100"/12, @ANYRES32=0x0, @ANYBLOB="05"], 0x20)

6.53141215s ago: executing program 0 (id=58):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x0, 0x81, 0x0, @vifc_lcl_ifindex, @private=0xa010102}, 0x10)

6.417062203s ago: executing program 2 (id=59):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
eventfd2(0xe5c, 0x80000)
eventfd2(0x4001, 0x800)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x1})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000840)={0x0, 0x0, @pic={0x5, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x2, 0x3d, 0x7, 0x5c, 0x5, 0x5, 0xb, 0x7f}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x35, 0xe, 0x4, 0x1, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x1, 0x1, 0x40001, 0x0, 0xc12, 0x1, 0xbde], 0x1000, 0x3d4316})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.892396946s ago: executing program 4 (id=60):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x1, 0x7fff7ff8}]})
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x7, 0xc})
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

5.739320419s ago: executing program 0 (id=61):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000001480)={&(0x7f0000001380)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4804}, 0x40)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$vsock_stream(0x28, 0x1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x4, 0x200000400000000, 0x4, 0x344}, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x3c, 0x20, 0x98, 0x40, 0x2001, 0x1a00, 0x38f5, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x66, 0x0, 0x0, 0x54, 0xef, 0x55}}]}}]}}, 0x0)
close(r0)

5.089172668s ago: executing program 2 (id=62):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_pts(r0, 0x0)
ioctl$TCXONC(r1, 0x540a, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x57)
ioctl$TCSETA(r1, 0x5406, &(0x7f0000000200)={0x10, 0x80, 0xe000, 0xb3, 0x14, "041000001000"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x4)

5.088915036s ago: executing program 4 (id=63):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000000)=0x94b, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x38, 0x3a, 0xff, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x500, {0x6, 0x6, ':yE', 0x2, 0x3a, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x3d}, [], "8029335287b7a081"}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x2000, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)

2.430464207s ago: executing program 4 (id=64):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r0)
ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.39603206s ago: executing program 0 (id=65):
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000009c0)}], 0x1}}], 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet(0x2, 0x3, 0x3)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)

1.395834959s ago: executing program 2 (id=66):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = syz_io_uring_setup(0x3ff, &(0x7f00000005c0)={0x0, 0x32b2, 0x100, 0x1, 0x3da}, &(0x7f0000000040)=<r2=>0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000300)=[r0], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, 0x0, &(0x7f0000000140)=@IORING_OP_READV=@pass_iovec={0x1, 0x1, 0x6000, @fd_index, 0x400000080001001, 0x0})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)

1.236312942s ago: executing program 4 (id=67):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4)
shutdown(r1, 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

972.46515ms ago: executing program 0 (id=68):
socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
syz_emit_ethernet(0x3a, &(0x7f00000005c0)={@local, @remote, @val={@void, {0x8100, 0x4, 0x1, 0x4}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x4e21, 0x4e23, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2, 0x0, 0x0, 0x3}}}}}}, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140))
r3 = msgget$private(0x0, 0x4a0)
msgctl$IPC_STAT(r3, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
sched_setattr(0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000005c0)='mountinfo\x00')
read$FUSE(r4, &(0x7f0000002d80)={0x2020}, 0x2025)
pread64(r4, &(0x7f0000000080)=""/110, 0x6e, 0x400)
read(r4, &(0x7f0000000380)=""/167, 0xa7)
syz_usb_connect(0x0, 0xfffffffffffffc35, 0x0, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x15)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
recvmmsg(r5, &(0x7f0000000740)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x40010000, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f00000002c0)={0xfffd, 0x4, 0x0, 0x0, @vifc_lcl_addr=@remote, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
syz_clone(0x104080, 0x0, 0x0, &(0x7f0000000140), 0x0, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, &(0x7f0000000280)={@broadcast, @empty, 0x0, "ffff01e03d64a831683fdc3fd440829c82cfc400"}, 0x3c)
setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000000)=0xe, 0x4)
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000240)=""/254, &(0x7f0000000040)=0xfe)
socket$packet(0x11, 0x2, 0x300)

387.69648ms ago: executing program 1 (id=69):
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x1, 0x3, "c282fe"}, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010e"], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000700)={0x1, 0x40, 0x3, &(0x7f00000006c0)={0x6, "0fd62f5244b23de763cfb137449ccf18ea4ee9f23bc4e6acba8d11e8daa6c4ee99"}})
syz_open_dev$I2C(0x0, 0x1, 0x402)

0s ago: executing program 2 (id=70):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r1, 0x0, 0xffdd)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000100)={0x2, 0x2, 0x0, 0xc2c6d7ed92c4ca45, 0x4})
syz_usb_connect$cdc_ncm(0x0, 0x72, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x63, @loopback, 0x7}, 0x1c)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/fib_triestat\x00')
preadv(r6, &(0x7f0000000080)=[{&(0x7f0000000040)=""/46, 0x2e}], 0x1, 0x0, 0x4)
r7 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r7, 0x84, 0x21, &(0x7f00000001c0), &(0x7f0000000240)=0x4)
shutdown(0xffffffffffffffff, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0)
bind$can_raw(0xffffffffffffffff, &(0x7f0000001140), 0x10)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x20081, 0x0)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x54, 0x12, 0x1, 0xfffffffd, 0x0, {0xa, 0x5, 0x0, 0x0, {0x0, 0x5e22, [0x0, 0xffffffff, 0xfffffffe], [0x0, 0x0, 0xfffffffd, 0x2000], 0x0, [0x1, 0x3]}, 0x0, 0xfffffffe}, [@INET_DIAG_REQ_BYTECODE={0x8, 0x3, "11000000"}]}, 0x54}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.21' (ED25519) to the list of known hosts.
[  171.762823][ T5763] cgroup: Unknown subsys name 'net'
[  171.889146][ T5763] cgroup: Unknown subsys name 'cpuset'
[  171.903384][ T5763] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  177.519458][ T5763] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  182.506733][ T5782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  182.519152][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  182.527894][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  182.539564][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  182.545256][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  182.551086][ T5782] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  182.565094][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  182.577013][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  182.585779][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  182.590211][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  182.596252][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  182.640933][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  182.662617][ T5790] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  182.677614][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  182.692593][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  182.701013][ T5790] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  182.710810][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  182.732868][ T5083] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  182.741216][ T5787] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  182.757233][ T5083] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  182.759958][ T5786] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  182.768566][ T5083] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  182.775124][ T5786] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  182.804997][ T5786] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  182.824126][ T5786] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  184.629033][ T5786] Bluetooth: hci0: command tx timeout
[  184.709267][ T5786] Bluetooth: hci1: command tx timeout
[  184.735719][ T5780] chnl_net:caif_netlink_parms(): no params data found
[  184.885723][ T5786] Bluetooth: hci3: command tx timeout
[  184.891539][ T5786] Bluetooth: hci4: command tx timeout
[  184.897322][ T5786] Bluetooth: hci2: command tx timeout
[  185.212457][ T5779] chnl_net:caif_netlink_parms(): no params data found
[  185.450244][ T5788] chnl_net:caif_netlink_parms(): no params data found
[  185.665532][ T5795] chnl_net:caif_netlink_parms(): no params data found
[  185.742481][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.750324][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.757973][ T5780] bridge_slave_0: entered allmulticast mode
[  185.767699][ T5780] bridge_slave_0: entered promiscuous mode
[  185.866481][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.877402][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.889324][ T5780] bridge_slave_1: entered allmulticast mode
[  185.899087][ T5780] bridge_slave_1: entered promiscuous mode
[  185.909790][ T5784] chnl_net:caif_netlink_parms(): no params data found
[  186.188892][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  186.287658][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  186.436848][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.444577][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.452448][ T5779] bridge_slave_0: entered allmulticast mode
[  186.461901][ T5779] bridge_slave_0: entered promiscuous mode
[  186.564201][ T5780] team0: Port device team_slave_0 added
[  186.572054][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.581642][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.589384][ T5779] bridge_slave_1: entered allmulticast mode
[  186.598544][ T5779] bridge_slave_1: entered promiscuous mode
[  186.670572][ T5780] team0: Port device team_slave_1 added
[  186.740820][ T5790] Bluetooth: hci0: command tx timeout
[  186.782897][ T5788] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.790781][ T5788] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.790955][ T5790] Bluetooth: hci1: command tx timeout
[  186.798385][ T5788] bridge_slave_0: entered allmulticast mode
[  186.815013][ T5788] bridge_slave_0: entered promiscuous mode
[  186.930778][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state
[  186.938271][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.946060][ T5795] bridge_slave_0: entered allmulticast mode
[  186.955390][ T5795] bridge_slave_0: entered promiscuous mode
[  186.972024][ T5788] bridge0: port 2(bridge_slave_1) entered blocking state
[  186.972350][ T5790] Bluetooth: hci2: command tx timeout
[  186.979793][ T5788] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.984920][ T5790] Bluetooth: hci4: command tx timeout
[  186.992497][ T5788] bridge_slave_1: entered allmulticast mode
[  186.997598][ T5790] Bluetooth: hci3: command tx timeout
[  187.006878][ T5788] bridge_slave_1: entered promiscuous mode
[  187.100294][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.107803][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.119217][ T5795] bridge_slave_1: entered allmulticast mode
[  187.127454][ T5795] bridge_slave_1: entered promiscuous mode
[  187.167017][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.174298][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  187.200638][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.260869][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.312141][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.319326][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  187.345567][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  187.369888][ T5788] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.403659][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.476630][ T5788] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.561154][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.667491][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.675207][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.682929][ T5784] bridge_slave_0: entered allmulticast mode
[  187.691691][ T5784] bridge_slave_0: entered promiscuous mode
[  187.713261][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.723086][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.730638][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.738206][ T5784] bridge_slave_1: entered allmulticast mode
[  187.747787][ T5784] bridge_slave_1: entered promiscuous mode
[  187.831558][ T5788] team0: Port device team_slave_0 added
[  187.845753][ T5779] team0: Port device team_slave_0 added
[  187.859639][ T5788] team0: Port device team_slave_1 added
[  187.936832][ T5780] hsr_slave_0: entered promiscuous mode
[  187.946982][ T5780] hsr_slave_1: entered promiscuous mode
[  187.963866][ T5779] team0: Port device team_slave_1 added
[  188.151110][ T5795] team0: Port device team_slave_0 added
[  188.201153][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  188.238809][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.245910][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.272154][ T5788] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.286157][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.293391][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.319922][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.339517][ T5795] team0: Port device team_slave_1 added
[  188.401246][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.430682][ T5788] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.437771][ T5788] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.464105][ T5788] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.478062][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.485330][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.511702][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.707058][ T5784] team0: Port device team_slave_0 added
[  188.730244][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.737348][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.763792][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.789424][ T5786] Bluetooth: hci0: command tx timeout
[  188.814120][ T5784] team0: Port device team_slave_1 added
[  188.858572][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.866088][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  188.892408][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.894960][ T5786] Bluetooth: hci1: command tx timeout
[  189.029368][ T5786] Bluetooth: hci3: command tx timeout
[  189.035168][ T5786] Bluetooth: hci4: command tx timeout
[  189.040472][ T5790] Bluetooth: hci2: command tx timeout
[  189.105805][ T5788] hsr_slave_0: entered promiscuous mode
[  189.115959][ T5788] hsr_slave_1: entered promiscuous mode
[  189.124694][ T5788] debugfs: 'hsr0' already exists in 'hsr'
[  189.131383][ T5788] Cannot create hsr debugfs directory
[  189.211044][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0
[  189.218152][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.244801][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  189.381263][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1
[  189.388373][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  189.414922][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  189.477249][ T5795] hsr_slave_0: entered promiscuous mode
[  189.485845][ T5795] hsr_slave_1: entered promiscuous mode
[  189.494149][ T5795] debugfs: 'hsr0' already exists in 'hsr'
[  189.500089][ T5795] Cannot create hsr debugfs directory
[  189.578015][ T5779] hsr_slave_0: entered promiscuous mode
[  189.588364][ T5779] hsr_slave_1: entered promiscuous mode
[  189.597266][ T5779] debugfs: 'hsr0' already exists in 'hsr'
[  189.603249][ T5779] Cannot create hsr debugfs directory
[  190.059056][ T5784] hsr_slave_0: entered promiscuous mode
[  190.069271][ T5784] hsr_slave_1: entered promiscuous mode
[  190.077845][ T5784] debugfs: 'hsr0' already exists in 'hsr'
[  190.083891][ T5784] Cannot create hsr debugfs directory
[  190.615478][ T5780] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  190.735247][ T5780] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  190.855089][ T5780] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  190.869021][ T5790] Bluetooth: hci0: command tx timeout
[  190.945235][ T5780] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  190.952417][ T5790] Bluetooth: hci1: command tx timeout
[  191.109651][ T5790] Bluetooth: hci2: command tx timeout
[  191.115251][ T5790] Bluetooth: hci4: command tx timeout
[  191.116985][ T5786] Bluetooth: hci3: command tx timeout
[  191.145375][ T5788] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  191.169190][ T5788] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  191.240163][ T5788] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  191.277851][ T5788] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  191.457806][ T5779] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  191.516346][ T5779] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  191.549529][ T5795] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  191.613769][ T5779] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  191.636313][ T5779] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  191.657977][ T5795] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  191.776866][ T5795] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  191.800536][ T5795] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  191.851905][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  191.923700][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  191.964430][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  192.030735][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  192.286902][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.555140][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[  192.665068][ T3974] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.672702][ T3974] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.796086][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.814031][ T3974] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.821589][ T3974] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.854937][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.030887][ T5779] 8021q: adding VLAN 0 to HW filter on device team0
[  193.077802][ T3974] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.085383][ T3974] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.118106][ T5795] 8021q: adding VLAN 0 to HW filter on device team0
[  193.155566][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.190082][ T3974] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.197571][ T3974] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.320983][ T3621] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.328461][ T3621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.432604][ T5788] 8021q: adding VLAN 0 to HW filter on device team0
[  193.454531][ T3942] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.462160][ T3942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.588485][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0
[  193.680197][ T3942] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.687700][ T3942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  193.707931][ T3942] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.715593][ T3942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  193.879028][ T5784] 8021q: adding VLAN 0 to HW filter on device team0
[  194.057875][ T3942] bridge0: port 1(bridge_slave_0) entered blocking state
[  194.065516][ T3942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  194.085174][ T3942] bridge0: port 2(bridge_slave_1) entered blocking state
[  194.092785][ T3942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  194.162903][ T5788] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  194.173690][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  195.143558][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[  195.516824][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0
[  195.637830][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.099391][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.134889][ T5795] veth0_vlan: entered promiscuous mode
[  196.179513][ T5779] veth0_vlan: entered promiscuous mode
[  196.267978][ T5795] veth1_vlan: entered promiscuous mode
[  196.285307][ T5779] veth1_vlan: entered promiscuous mode
[  196.519401][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0
[  196.675611][ T5788] veth0_vlan: entered promiscuous mode
[  196.701083][ T5795] veth0_macvtap: entered promiscuous mode
[  196.787208][ T5779] veth0_macvtap: entered promiscuous mode
[  196.806076][ T5795] veth1_macvtap: entered promiscuous mode
[  196.854296][ T5788] veth1_vlan: entered promiscuous mode
[  196.899526][ T5779] veth1_macvtap: entered promiscuous mode
[  197.002847][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.103838][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.166020][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.178247][ T5784] veth0_vlan: entered promiscuous mode
[  197.266120][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.297728][ T3786] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.330002][ T3786] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.360913][   T35] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.402904][ T5784] veth1_vlan: entered promiscuous mode
[  197.445152][ T3703] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.464135][ T5788] veth0_macvtap: entered promiscuous mode
[  197.529249][ T3703] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.559629][ T5788] veth1_macvtap: entered promiscuous mode
[  197.581529][ T3703] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  197.622280][ T3703] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  197.724140][ T3703] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  197.753464][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.804469][ T5784] veth0_macvtap: entered promiscuous mode
[  197.845639][ T5784] veth1_macvtap: entered promiscuous mode
[  197.885717][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.006296][ T3974] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.045949][ T3974] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.123828][ T3974] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.144346][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0
[  198.170325][ T3974] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.190017][ T5780] veth0_vlan: entered promiscuous mode
[  198.209009][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1
[  198.265209][ T3649] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  198.312279][ T3942] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.330476][ T5780] veth1_vlan: entered promiscuous mode
[  198.366249][ T3942] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.409321][ T3942] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.732618][ T5780] veth0_macvtap: entered promiscuous mode
[  198.792876][ T5780] veth1_macvtap: entered promiscuous mode
[  198.953994][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[  199.065746][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[  199.172102][ T3786] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  199.215555][ T3786] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  199.270613][ T3786] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  199.314525][ T3734] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.259911][ T3786] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.267935][ T3786] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.492522][ T3649] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.500799][ T3649] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.532673][ T3942] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.541465][ T3942] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.872829][ T3703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.873418][ T3786] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  203.881001][ T3703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.889018][ T3786] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.066763][ T5795] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  204.146683][ T3703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  204.156345][ T3703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.544408][ T5966] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4'.
[  204.823481][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  204.831694][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.310522][ T3974] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.321381][ T3974] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.503798][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  205.626685][ T5977] netlink: 'syz.2.3': attribute type 1 has an invalid length.
[  205.694553][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  205.705437][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  205.758562][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  205.827405][ T5973] syz_tun: entered promiscuous mode
[  205.981682][ T3603] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.990589][ T3603] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.255869][ T3703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.264292][ T3703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.645731][ T5990] netlink: 116 bytes leftover after parsing attributes in process `syz.3.8'.
[  206.759416][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  206.773022][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  206.785239][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  207.099635][ T5877] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  207.339024][ T5877] usb 2-1: Using ep0 maxpacket: 8
[  207.359836][ T5877] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  207.394270][ T5877] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  207.403953][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.412420][ T5877] usb 2-1: Product: syz
[  207.416685][ T5877] usb 2-1: Manufacturer: syz
[  207.421468][ T5877] usb 2-1: SerialNumber: syz
[  207.501968][ T5877] usb 2-1: config 0 descriptor??
[  207.529521][ T5838] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  207.549308][ T5877] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  207.557624][ T5877] usb 2-1: setting power ON
[  207.562377][ T5877] dvb-usb: bulk message failed: -22 (2/0)
[  207.590787][ T5877] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  207.612193][ T5877] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  207.621138][ T5877] usb 2-1: media controller created
[  207.713422][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  207.753325][ T5994] dvb-usb: bulk message failed: -22 (3/0)
[  207.759683][ T5994] dvb-usb: bulk message failed: -22 (4/0)
[  207.765566][ T5994] cxusb: i2c read failed
[  207.794920][ T5838] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  207.803913][ T5838] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  207.814449][ T5838] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  207.823755][ T5838] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  207.837580][ T5838] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  207.854591][ T5994] dvb-usb: bulk message failed: -22 (4/0)
[  207.860734][ T5994] cxusb: i2c read failed
[  207.868799][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  208.066172][ T6006] syz.4.14 uses obsolete (PF_INET,SOCK_PACKET)
[  208.089461][ T5838] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  208.101531][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  208.113435][ T5838] usb 3-1: Product: syz
[  208.117889][ T5838] usb 3-1: Manufacturer: syz
[  208.124607][ T6005] netlink: 8 bytes leftover after parsing attributes in process `syz.4.14'.
[  208.188370][ T5877] usb 2-1: selecting invalid altsetting 6
[  208.194598][ T5877] usb 2-1: digital interface selection failed (-22)
[  208.205314][ T5877] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  208.226933][ T5877] usb 2-1: setting power OFF
[  208.232906][ T5877] dvb-usb: bulk message failed: -22 (2/0)
[  208.239134][ T5877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  208.249128][ T5877] (NULL device *): no alternate interface
[  208.275785][ T5838] cdc_wdm 3-1:1.0: skipping garbage
[  208.287209][ T5838] cdc_wdm 3-1:1.0: skipping garbage
[  208.316201][ T5838] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  208.322493][ T5838] cdc_wdm 3-1:1.0: Unknown control protocol
[  208.483301][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  208.618549][ T5877] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  208.756775][ T5877] usb 2-1: USB disconnect, device number 2
[  209.229620][ T6014] syzkaller1: entered promiscuous mode
[  209.235296][ T6014] syzkaller1: entered allmulticast mode
[  209.328045][ T5877] usb 3-1: USB disconnect, device number 2
[  209.580750][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  209.847894][ T6020] tipc: Started in network mode
[  209.853135][ T6020] tipc: Node identity e2a4b886644f, cluster identity 4711
[  209.861207][ T6020] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  209.988081][ T6023] syzkaller0: entered promiscuous mode
[  209.996258][ T6023] syzkaller0: entered allmulticast mode
[  210.151494][ T6020] netlink: 76 bytes leftover after parsing attributes in process `syz.2.18'.
[  210.223639][ T6020] tipc: Resetting bearer <eth:syzkaller0>
[  210.320018][ T6019] tipc: Resetting bearer <eth:syzkaller0>
[  210.412124][ T6019] tipc: Disabling bearer <eth:syzkaller0>
[  210.501095][ T6030] syzkaller1: entered promiscuous mode
[  210.506675][ T6030] syzkaller1: entered allmulticast mode
[  211.036139][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  211.601538][ T6040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'.
[  212.066384][ T6046] tipc: Started in network mode
[  212.072154][ T6046] tipc: Node identity a25d88b319a2, cluster identity 4711
[  212.082823][ T6046] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  212.173738][ T6046] syzkaller0: entered promiscuous mode
[  212.181500][ T6046] syzkaller0: entered allmulticast mode
[  212.285217][ T6049] tipc: Resetting bearer <eth:syzkaller0>
[  212.413641][ T6045] tipc: Resetting bearer <eth:syzkaller0>
[  212.557299][ T6045] tipc: Disabling bearer <eth:syzkaller0>
[  214.993247][ T6082] capability: warning: `syz.2.39' uses deprecated v2 capabilities in a way that may be insecure
[  216.673430][ T6096] tipc: Started in network mode
[  216.678752][ T6096] tipc: Node identity , cluster identity 4711
[  216.685156][ T6096] tipc: Failed to obtain node identity
[  216.692205][ T6096] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  216.767970][ T6092] syzkaller0: entered promiscuous mode
[  216.773948][ T6092] syzkaller0: entered allmulticast mode
[  216.956801][ T6099] Zero length message leads to an empty skb
[  218.442444][ T5838] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  218.656904][ T5838] usb 4-1: Using ep0 maxpacket: 32
[  218.779052][ T5838] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  218.788404][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.901726][ T5838] usb 4-1: config 0 descriptor??
[  219.195314][ T6116] loop7: detected capacity change from 0 to 16384
[  219.841991][ T6125] loop7: detected capacity change from 16384 to 0
[  220.010823][ T5838] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  220.036539][ T5838] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  220.124705][ T5838] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  220.132208][ T5838] usb 4-1: media controller created
[  220.230091][ T5838] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  220.272957][ T6116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.285338][ T6116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  221.004544][ T5839] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  221.639232][ T5839] usb 1-1: config 0 has an invalid interface number: 102 but max is 0
[  221.647667][ T5839] usb 1-1: config 0 has no interface number 0
[  221.654165][ T5839] usb 1-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5
[  221.663572][ T5839] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.811713][ T5839] usb 1-1: config 0 descriptor??
[  222.859618][ T5838] az6027: usb out operation failed. (-110)
[  222.999617][ T5838] az6027: usb out operation failed. (-32)
[  223.005756][ T5838] stb0899_attach: Driver disabled by Kconfig
[  223.012363][ T5838] az6027: no front-end attached
[  223.012363][ T5838] 
[  223.039931][ T5838] az6027: usb out operation failed. (-32)
[  223.050109][ T5838] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  223.063540][ T5838] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  223.094753][ T5838] dvb-usb: schedule remote query interval to 400 msecs.
[  223.102404][ T5838] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  223.619506][ T5839] asix 1-1:0.102 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  223.631021][ T5839] asix 1-1:0.102: probe with driver asix failed with error -71
[  223.830630][ T5839] usb 1-1: USB disconnect, device number 2
[  224.512861][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  224.519685][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  225.425042][ T6156] =====================================================
[  225.432532][ T6156] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120
[  225.440170][ T6156]  _copy_to_user+0xcc/0x120
[  225.444844][ T6156]  i2cdev_ioctl_smbus+0x586/0x660
[  225.450189][ T6156]  i2cdev_ioctl+0xa14/0xf40
[  225.454858][ T6156]  __se_sys_ioctl+0x23c/0x400
[  225.460032][ T6156]  __x64_sys_ioctl+0x97/0xe0
[  225.464770][ T6156]  x64_sys_call+0x1cbc/0x3e30
[  225.470459][ T6156]  do_syscall_64+0xd9/0x210
[  225.475181][ T6156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.481588][ T6156] 
[  225.483978][ T6156] Uninit was stored to memory at:
[  225.489937][ T6156]  __i2c_smbus_xfer+0x254d/0x2f60
[  225.495157][ T6156]  i2c_smbus_xfer+0x31d/0x4d0
[  225.500321][ T6156]  i2cdev_ioctl_smbus+0x4a1/0x660
[  225.508105][ T6156]  i2cdev_ioctl+0xa14/0xf40
[  225.513783][ T6156]  __se_sys_ioctl+0x23c/0x400
[  225.518791][ T6156]  __x64_sys_ioctl+0x97/0xe0
[  225.523523][ T6156]  x64_sys_call+0x1cbc/0x3e30
[  225.528377][ T6156]  do_syscall_64+0xd9/0x210
[  225.533176][ T6156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.540749][ T6156] 
[  225.543141][ T6156] Local variable msgbuf1.i created at:
[  225.548924][ T6156]  __i2c_smbus_xfer+0x86a/0x2f60
[  225.554054][ T6156]  i2c_smbus_xfer+0x31d/0x4d0
[  225.559595][ T6156] 
[  225.561988][ T6156] Bytes 0-1 of 2 are uninitialized
[  225.567183][ T6156] Memory access of size 2 starts at ffff88805042bd06
[  225.574161][ T6156] Data copied to user address 00002000000006c0
[  225.580590][ T6156] 
[  225.583022][ T6156] CPU: 0 UID: 0 PID: 6156 Comm: syz.1.69 Not tainted syzkaller #0 PREEMPT(none) 
[  225.592599][ T6156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  225.602906][ T6156] =====================================================
[  225.611948][ T6156] Disabling lock debugging due to kernel taint
[  225.618162][ T6156] Kernel panic - not syncing: kmsan.panic set ...
[  225.624662][ T6156] CPU: 0 UID: 0 PID: 6156 Comm: syz.1.69 Tainted: G    B               syzkaller #0 PREEMPT(none) 
[  225.635446][ T6156] Tainted: [B]=BAD_PAGE
[  225.639639][ T6156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  225.649755][ T6156] Call Trace:
[  225.653075][ T6156]  <TASK>
[  225.656048][ T6156]  __dump_stack+0x26/0x30
[  225.660500][ T6156]  dump_stack_lvl+0x53/0x270
[  225.665181][ T6156]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  225.671097][ T6156]  dump_stack+0x1e/0x25
[  225.675337][ T6156]  vpanic+0x435/0xd30
[  225.679414][ T6156]  panic+0x15d/0x160
[  225.683426][ T6156]  kmsan_report+0x31c/0x320
[  225.688010][ T6156]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  225.694415][ T6156]  ? kmsan_internal_check_memory+0x1e1/0x230
[  225.700474][ T6156]  ? kmsan_copy_to_user+0xf1/0x190
[  225.705659][ T6156]  ? _copy_to_user+0xcc/0x120
[  225.710418][ T6156]  ? i2cdev_ioctl_smbus+0x586/0x660
[  225.715776][ T6156]  ? i2cdev_ioctl+0xa14/0xf40
[  225.720540][ T6156]  ? __se_sys_ioctl+0x23c/0x400
[  225.725474][ T6156]  ? __x64_sys_ioctl+0x97/0xe0
[  225.730305][ T6156]  ? x64_sys_call+0x1cbc/0x3e30
[  225.735247][ T6156]  ? do_syscall_64+0xd9/0x210
[  225.739992][ T6156]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.746159][ T6156]  ? __pfx_az6027_i2c_xfer+0x10/0x10
[  225.751570][ T6156]  ? __i2c_transfer+0x11cd/0x3110
[  225.756679][ T6156]  ? kmsan_get_metadata+0xfb/0x160
[  225.761879][ T6156]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  225.768293][ T6156]  ? kmsan_get_metadata+0xfb/0x160
[  225.773503][ T6156]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  225.779494][ T6156]  ? __i2c_smbus_xfer+0x1e93/0x2f60
[  225.784812][ T6156]  ? kmsan_get_metadata+0xfb/0x160
[  225.790016][ T6156]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  225.795920][ T6156]  kmsan_internal_check_memory+0x1e1/0x230
[  225.801822][ T6156]  kmsan_copy_to_user+0xf1/0x190
[  225.806849][ T6156]  _copy_to_user+0xcc/0x120
[  225.811450][ T6156]  i2cdev_ioctl_smbus+0x586/0x660
[  225.816656][ T6156]  i2cdev_ioctl+0xa14/0xf40
[  225.821252][ T6156]  ? __pfx_kmsan_get_shadow_origin_ptr+0x10/0x10
[  225.827685][ T6156]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  225.832791][ T6156]  __se_sys_ioctl+0x23c/0x400
[  225.837551][ T6156]  __x64_sys_ioctl+0x97/0xe0
[  225.842226][ T6156]  x64_sys_call+0x1cbc/0x3e30
[  225.847002][ T6156]  do_syscall_64+0xd9/0x210
[  225.851596][ T6156]  ? irqentry_exit+0x16/0x60
[  225.856288][ T6156]  ? clear_bhb_loop+0x40/0x90
[  225.861045][ T6156]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.867013][ T6156] RIP: 0033:0x7f6a6598eec9
[  225.871492][ T6156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.891183][ T6156] RSP: 002b:00007f6a667a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  225.899690][ T6156] RAX: ffffffffffffffda RBX: 00007f6a65be5fa0 RCX: 00007f6a6598eec9
[  225.907721][ T6156] RDX: 0000200000000700 RSI: 0000000000000720 RDI: 0000000000000003
[  225.915760][ T6156] RBP: 00007f6a65a11f91 R08: 0000000000000000 R09: 0000000000000000
[  225.923836][ T6156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  225.931862][ T6156] R13: 00007f6a65be6038 R14: 00007f6a65be5fa0 R15: 00007ffe55498bb8
[  225.939932][ T6156]  </TASK>
[  225.943155][ T6156] Kernel Offset: disabled
[  225.947528][ T6156] Rebooting in 86400 seconds..