last executing test programs:

10m37.725982112s ago: executing program 4 (id=71):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(0xffffffffffffffff, 0x84, 0x7, &(0x7f0000000340), 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
ioprio_set$pid(0x2, 0x0, 0x4000)
r0 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
sendfile(r0, r0, 0x0, 0x4800000009)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r1, 0x6, 0x0, 0x0, &(0x7f0000000bc0))
r2 = socket(0x10, 0x803, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x2, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x80c0)
sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x400c084)
socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
fstat(r3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x0, 0x168, 0x0, 0x0, 0xa, 0x340, 0x250, 0x250, 0x340, 0x250, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x1}, @dev={0xfe, 0x80, '\x00', 0x33}, [0xff, 0x0, 0xff, 0xff000000], [0xffffff00, 0xff000000, 0xff, 0xff000000], 'xfrm0\x00', 'veth1_to_bond\x00', {}, {0xff}, 0x0, 0x3, 0x2}, 0x0, 0x228, 0x268, 0x0, {0x0, 0x28e}, [@common=@inet=@hashlimit3={{0x158}, {'caif0\x00', {0x0, 0x7ff, 0x0, 0x1, 0x0, 0x6, 0x1000}, {0xfffffffffffffff6}}}, @inet=@rpfilter={{0x28}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{}, {0x0, 0x8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r6 = syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
dup(r6)

10m33.821430159s ago: executing program 4 (id=75):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
close(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newsa={0x140, 0x10, 0x633, 0x0, 0x0, {{@in6=@empty, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004, 0xa}, {@in=@dev, 0x0, 0x32}, @in6=@private2, {0x327, 0x0, 0x0, 0x0, 0x1000, 0xfffffffffffffffc}, {}, {0x7, 0x800000}, 0x70bd25, 0x3502, 0xa, 0x0, 0xff}, [@algo_crypt={0x4f, 0x2, {{'ecb(cipher_null)\x00'}, 0x38, "05b7a279072aa9"}}]}, 0x140}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {}, 0x20000, [0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40000, 0xfffffffc, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x8569, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8878, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0xcca, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1ffffe], [0x0, 0x0, 0x6, 0x0, 0x4, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffc, 0x0, 0x0, 0x0, 0x4, 0x0, 0xc, 0x0, 0x0, 0x0, 0x744]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x5, &(0x7f0000000000)='sync\x00', 0x0, 0x0)
ioctl$UI_DEV_CREATE(r0, 0x5501)

10m32.231392055s ago: executing program 4 (id=79):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
dup(r1)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bf"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$UI_DEV_CREATE(r2, 0x5501)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
inotify_init1(0x800)
ioctl$EXT4_IOC_GETSTATE(r4, 0x40046629, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000180)={r7, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0xffff, 0x81, 0x693fffd, 0xf0, 0x9}, &(0x7f0000000380)=0x9c)
sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0a733709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf49ab7edb835efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c576830c49b18ece887b47c37affa1c3f24fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f7a7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f285afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866434acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21832e6d639822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0c5aeb05fced1e492670cabc370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a62391", 0x28e, 0x0, 0x0, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r8, &(0x7f0000003680)={0x2020}, 0x2020)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x8b, 0x0, 0x4}}}}]}, 0x40}}, 0x800)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

10m30.83931299s ago: executing program 4 (id=81):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
unshare(0x18000400)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r4 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x46)
mknodat$loop(r4, &(0x7f00000002c0)='./file1\x00', 0x6000, 0x0)
linkat(r4, &(0x7f0000000100)='./file1\x00', r4, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
syz_open_dev$cec(0x0, 0x0, 0x0)
nanosleep(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)

10m29.331974955s ago: executing program 4 (id=83):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="a6deb8df8f0029f299bac995589a845ee8eb8e0935ea6f290511a62c26e723dd7d2f98916922f16ffe0ac0f206d6f14406ee341f7fe8c91033a9e4eae3b483b829fdb51f20011f2be4ad65697c2ffc802baa573bb72c991b"], &(0x7f0000000140)='syzkaller\x00'}, 0x94)
syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="0100010000000000000010", 0xb, 0xfffffffffffffffd)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='uid_map\x00')
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x3, &(0x7f0000000200)=[{0x15, 0x0, 0x1}, {0x1}, {0x6, 0x0, 0x0, 0x7ffffdbe}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='ext4_allocate_inode\x00', r3, 0x0, 0x8}, 0x18)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x7, &(0x7f0000000100)={0x0, 0x34, 0x2}, &(0x7f0000000180))
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r5, &(0x7f0000001d00)={&(0x7f00000017c0)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000001940)}, 0x0)
bind$bt_hci(r4, &(0x7f0000001a40)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000000)="2e000300010000", 0x7)
syz_open_dev$video4linux(&(0x7f00000001c0), 0x0, 0x0)

10m26.462054215s ago: executing program 4 (id=89):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
close(r1)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000000200"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
close(r2)

10m10.765609762s ago: executing program 32 (id=89):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)=ANY=[@ANYBLOB="dc05ee057ada978f61034835c9655cc8f5553beda9f730e151772060ac74b31cd73d524a83d2278bcacaf9ccf186df9ce51f99f2e19707bd19279dea3a989ab3c0bcffcfba1b5cdd4eb33ba40f0198d12e4108f58d9942e2a7a2efac7ed3d4a8ba0211be34077582823b52cea03ece14b22f2f5754", @ANYRES32, @ANYRESHEX, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRES32=0x0, @ANYRES8=0x0, @ANYRESHEX, @ANYRESHEX, @ANYRESDEC], 0x20)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x81}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
close(r1)
bind$llc(r2, &(0x7f0000000040)={0x1a, 0x0, 0x3, 0x54}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000100000001"], 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r5)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c)
listen(r6, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000140)={0x2, 0x4e22, @local}, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380), r4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000001000000280001801400040000000000000000000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
r10 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000000200"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
close(r2)

3m5.319910597s ago: executing program 1 (id=1194):
connect$phonet_pipe(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000400)="3f4e55f1", 0x4)
sendmmsg$unix(r3, &(0x7f000000a480)=[{{&(0x7f0000004380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000002580)=ANY=[], 0x30, 0x4000000}}], 0x1, 0x40)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
r4 = inotify_init1(0xc0000)
inotify_add_watch(r4, 0x0, 0x60000726)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3)

3m3.063983791s ago: executing program 1 (id=1197):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$video4linux(0x0, 0x5, 0x103800)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000080)={0x8, 0x0, 0x2019, 0x6, 0x101, 0x10000000, 0x5})
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/udp\x00')
pread64(r4, &(0x7f0000001600)=""/4103, 0x1007, 0x99)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x0, {0x7, 0x0, 0x0, r7}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x5, 0x0, 0x1, {0x4, 0x5}}]}]}, 0x2c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', r7, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$P9_RSTATu(r8, &(0x7f0000000080)=ANY=[@ANYBLOB="370200007d0200"], 0xe9)

3m1.993570943s ago: executing program 1 (id=1199):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)={0x200000, 0x200000, 0x7})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x2)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
listen(r5, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x0)
writev(r7, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r7)

3m1.482072705s ago: executing program 1 (id=1201):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r4)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xfff3}, {0xb, 0xb}, {0x7, 0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7f, 0x0, 0x5, 0x1, 0x8}, 0xb, 0x2, 0x80008, 0x5, 0x5, 0x2, 0x9, 0x12, 0x8, 0x1, {0xffff1c72, 0x3, 0x1000, 0x102, 0x2, 0x2}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c860}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

2m57.171374614s ago: executing program 1 (id=1211):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r2}, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x80000)
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="900b0000"], 0xb90}, 0x1, 0x0, 0x0, 0x400c010}, 0x20004000)
recvmsg(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000001680)=""/4084, 0xff4}], 0x1}, 0x12041)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x21, 0x4, 0x5b, 0x8a, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2}, 0x48)
sendmsg$NFT_MSG_GETSET(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000000a0a01ff"], 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0xb5}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x24}, @exit={0x95, 0x0, 0x33, 0x48000000}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb800007a}, 0x70)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev={0xfe, 0x80, '\x00', 0x39}, 0x0, 0x1, 0x0, 0x4}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))
r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r7, 0xc0045006, &(0x7f0000000180)=0x6f)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
write$dsp(r7, &(0x7f00000012c0)="a5", 0x1)

2m55.866052005s ago: executing program 1 (id=1215):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x1, 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close(r3)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=""/94, 0x0, 0x5e, 0x0, 0x2}, 0x28)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r5, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

2m39.368165685s ago: executing program 33 (id=1215):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x1, 0x2, 0x0)
sendmmsg$unix(r2, &(0x7f0000001680), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close(r3)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f00000003c0)=""/94, 0x0, 0x5e, 0x0, 0x2}, 0x28)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r5=>0x0})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r5, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)

22.725974029s ago: executing program 0 (id=1462):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="5400000002060103000000000000000007000000090002007379fa30000009000000010006000000050005000000000005000400000000000c00079f08000840000000930d000300686173683a6d616300000000"], 0x54}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000740)=ANY=[@ANYBLOB="44000000090605000000000000000000010000050900020073797a30000006000500010007000000080009400000000114000880100007800a001100b4"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x44000)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271101d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010027bd7000fbdbdf25010000001c0007800c00018008000100", @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r5, @ANYBLOB="0c0002000300000000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c005}, 0x0)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00'}, 0x18)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000240)={r1})
setsockopt$sock_int(r9, 0x1, 0x12, &(0x7f0000000040)=0x80000001, 0x4)
sendto$inet6(r9, 0x0, 0x0, 0x2200c841, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
ioctl$sock_inet6_tcp_SIOCOUTQ(r9, 0x5411, &(0x7f0000000200))
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="4000000010004b0428bd7000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000080480500140012800b000100627269646765"], 0x40}}, 0x4)
io_setup(0x6, &(0x7f0000000300)=<r10=>0x0)
io_submit(r10, 0x20000000000001c9, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x80000000}])
io_getevents(r10, 0x6, 0x4, &(0x7f0000000280)=[{}, {}, {}, {}], 0x0)
io_destroy(r10)
ioctl$sock_rose_SIOCDELRT(r6, 0x890c, &(0x7f00000000c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x6, @null, @bpq0, 0x1, [@bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)

19.34404817s ago: executing program 3 (id=1464):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0))
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x3d}, 0x10)

18.322720955s ago: executing program 0 (id=1466):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'dummy0\x00', 0x4000})
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x0, @pix_mp={0x80000000, 0x9, 0x31363553, 0x0, 0xa, [{0x4, 0x5}, {0x6, 0x7f36}, {0x8, 0x70}, {0x3, 0xf}, {0xa, 0xff}, {0x6, 0x589}, {0x0, 0x7}, {0x10041, 0x8}], 0x10, 0x8, 0x2, 0x0, 0x5}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x327cf3e4, 0xfffffffffffffffc, 0x0, 0x5, 0x0, 0x0, 0x0, 0x8000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x5, 0x3, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0xa, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff]})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
sched_rr_get_interval(0x0, &(0x7f0000000540))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x8c2b01)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000009f40), r4)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r4, &(0x7f000000a080)={0x0, 0x0, &(0x7f000000a040)={&(0x7f0000000100)={0x14, r5, 0x1, 0x70bd2b, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})

15.637681547s ago: executing program 3 (id=1469):
open_tree(0xffffffffffffff9c, &(0x7f0000001700)='./file0\x00', 0x89901)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000780)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYRESOCT=0x0], &(0x7f0000001600)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000016c0)=[{0x0}, {&(0x7f0000001740)="3429f18737b0e80859a22627dd8be9a77eeb8eda3cc765cf21d80f748b17c82dfc9ec5e2323a7fa53dc5efdbfabef8d27999251212b0e1957a476296c62504df98c6f19b29", 0x45}], 0x2}, 0x44004)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r5}, 0x10)
syz_open_dev$I2C(0x0, 0x80, 0x14000)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x2014800, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x590, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x4c0, 0xffffffff, 0xffffffff, 0x4c0, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x81, 0x0, 0x24, 0x0, 'syz1\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x298, 0x300, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x1, 0x1, 0x0, 'syz1\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x0, 0x0, 'syz0\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5f0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r7, &(0x7f0000000600)="6d12483bb95dab4da2bccb9a5c51f7769b4aa2ed6f00bcfff2058843f7de72fa8f9dd7572991db9f2968c67d150dbd80321f91c14a7705c3d6e2292f74d074e24cdfdc28da61b60db4ac67a81c04430dd72555dcebe8193594b8fe29718d5781fe3f418379dab48089b86edc4facdbc388e30fdfabe867722b348dcfbff8f7745bb98584b3384eb1b1c541d05427c4e5c33b3692ebf599d4a179bcd27271d55e4a38ac7be3cae3e85eddbdcf574ac462df22b6b2242245f32d5826de908a96ea66331cad4d0ff094f552e118ee643f2f12f854c32d4e548bd82a69c4102bc516a41a52436f6dfd80133de801fdc8e75276c631f041d86269f2ba0791e8119868816c1fe9c78654919d6dcce67a5f32b77575867f43f76e99108bf9ee3fd550cc18f8bee8505da7ea8fe0a3a9e40c01be1d39435821c5f52cf39a7d5558f278b01be298e5460d3ebf011345ed0030603f767fe44876fdf1cb172a4cbfb2f7784ac61c4786a147b6d446eaf46d5b26c6b85580ba4913fc12a443d8dcf05d08513ae01a7f489826fdc8bff83c1708ebbc060aa72d25e6ce21521799bd37c34fdad973fd7e17070b7783bf341fc079c6b0c9811388430c84540d8d544d1887b73e3a9d2625358be4b09128ee7f8d2dacf2d9704b9143c0341568d1e39429e1d442d21878c87271e66651e12d077b8dd49c0bf285097e261a5116b91036368265c1c5b74353bb42ff4936e27a20c48dea290685b09c2e5baa29dbeb790969f793692fb112c973329236f30bd29c39ee6104e1e0ccd1f855e5837d156c83834661a2aa8929ad78c025413179d880ee905d0b1ee1c9c3eacb63ac807a6ce73d492502ce52beba9ea5214a9387e2c5a810a96e14956809b6865e46a9d9ce2deb4cce2155562dd7e3daef9b3c0c0a55f1fe1a89835971dbc9c09ee9d4abe827b0e87dcd08e5e7cf08869cdcd6fe7f42d93c075db2fec9d96aff21410c3cbd5d904ed147af08c297011ec105dec6fb319cc5637ac71dac05d01ef356dcc6b6bd3f8625204d92f6d0447c0ee5c72d13b4e951a5ba060d4e0ab4680bba08ca9e0079ed6332e6449e01ec480903b0f377e08e8146c8a1e86df678dd88f3768e0958b04f24d58f39a15ee93e4b3e1e2dcd91f8cd36c37b2806d5f7c1871d0e1d7496ac64b377a8fb32104166536597bbfd6d814b2eb41970ba1aef50238e34ec8069690029c58c8a01b28b711ff44aed4652629c7cdc7843d83efe9514bb5b1f80d1047e6075870c53505a142e48d6897d7811f84d8c3e8f9985f9a9d01c8fd68960aee376caa465f25622d7ff5deae8f0d628e048bc4387ca3046067768f3014a3ef4d1b55123ce45507ab1b6f587f6302bb9b715899d2fc20cabfd306549b6a2ec8ea5169e5be19cf59ef71cbb16d402cdc62a422b2bf5c01bb6139e60fd61ea4b77382c7e2e038c6511bfe08f7a3cea5e793f9e2cb4facce20e719d179104418f6745bf8065c70da3815c8e1a1b650d96865c41fd45dbcae51e1d54b41002c2f673cd1008dbf3f17847dd28d8fe3c24ef238000be692e05b0365cb7691fa8f134efe70df46b5cc4765def995971ae0c45f653292f4a3c26300e359afbe0c4f7b049f505ab8e8a0d4c7090cc07c62dbcb9bf6682425553de4ca63f98ac5d420d01bf729bf815683d11451eea0295675778f00bef94ac6e29dd2285847fd857cf2d204de3170e024169d568500befd5c6f34e9d3fcae78bd8fcd6d8f85fcf56241c7787d86bdfca06a6e69b996d72530c94eaa82e99f8ccbd66b53ce0f066fffcb3b643f84a1112c4c8a153ef745f7da3c4887f95de7df8dcf6653200eccb389a7aad4a874d347791cd00cf767bdd8d36de55cbc0879e11cddec175b36be0d1224d1dab7d8f8f3bab0f622d031be123b6ab48188716162afea5e0529830a39c3c9edc86b3e6020830f2f94060685d96887fb536afaedcd9523c53e5e210e87a07bc941b29b968ec9b0f6e5a74b929ad56ef7e80b981d39460040df8aedb253bc4681e72de2b3e886320b2f9a52f675bb08e4dee27b468d0822d6269ad1eee16d1c1781ad17b1fae21b44e427ace6d1fa932ca9c295c5ae74140ffea23ac2b70a6ca71af12c6d63adc32110521cee84dce3514c51417fa794fff4fb7b72844fbb3ba786173d3ffea23e03eb49acbd957d52494ffff3cd2dc420ace19bbe375aabb97953dd1b8adc24856a81b2888e2fb635332c2d4257cf6833ccb3135c0327f79c4846b691b693b066cd5de30ca40e29fe8775fd6a8844f566223008d017ccb6f2ee47496b61aa2900f64c1e2136c8dfbb6dd7ab368e0cfeb3e639657f16d9f26f0c575b61476ea7cd499e2fffe75f6118d19d6186e9433d1b92dc30e84bceba4c9bd8e889575c50da8e236d0ad184a2ae7e91e31485a44389a7c6a63c4d7588fa0755ae292102c46df1cfcc21eccfa5bc815a2491cb845de2feae93d5a9365cff327d048b7e66733b1d1cbf1eadae7296631f3f1681ab5878272a9b17e11f64e8ea8afbd297f388b951e39b94d909c74a4c667f6204128c84566c2347222a984f67177160e3f144518721f25aab93c9d0a34d407b84485bf1f2fa07af7de0617dbda0b2eb3ef839d6ad8649fa7133e14646cb30462e827a1bba8b6cf97c93c95552c70aae8ba4918f8b51275ed7e1f90f7ae7a5313aff699f54265adad4b0608a90165c8e7df729ceb0eda12357ea37e7bbb86fc542544c93d494d4edfd098432e389666a8a93f4333e630deefa87397ece144a59fbf736aeefb7b66744954e8076e9d0534508a3631dbdcd2c15b5fd844d62409bf6c63699ac5ff0cab98d4b7f0e33e5cb20853554c895ea26607e9554d74e1511c4c476c41aa7fa717259e5048d80f1f30f07dd5397c17d818dac1849b7ccf6425fa0265edfecb58a763615dedbe98e215ce63dd1688e191a191ccdb4e939bd370f68054440296cb511b5f070fb9479bdef321b7d124506f6345ac3c2ca0ef22292d3f83ec21908de3a3c7f98cc5e086034d0b08df704382a8ee9f6129542cac7dc5fd54e71270f5ea9739b625347f3200d6f74d41106aed8fa8af5a3a6cd58a44de62af681d449a44b5f86702e625a1658f2bb09e1c7a178ec27081bb8e0f3febf700a1663374325bbb17a17c6178fbc0424f83cfafdd8ed301450bc6822105e6033bc999c833ce3f60814f9db98c3880aae837027cc4fd82a1aa61d1c7fbacf0e5da0c820f97e35f52abb212dcfd77c7e159ef4f777a2cbf61508539660a577974291852a3dfdcb0706961faf65f62745240e281e9c1ea25a2bf29729008b59b5bac92c8ffc53b240761c0021edb53bad82a322510f480a53945c63803abb0b5947aa32a7ad5cf8059933ae4dc5d18a261b8d4a126dadd1d7f186cc0f3bc00c82c15516ea2a4b5a5517395d2a16a3beb920b16c706381bae273443ebfa3c37778596177de18a62cb96c08a35459a897ac87bcd87cdbcecae83c95cd4b5eb878a8d31e75955eb11e0cb58c6ad2b39f8f9350ff95778a961b07b4b0e4ff6b58caab6db44c6345c8ad9da0aef0c2b4a09e459a027d774da684ce2defd0b23b6e15ec573268050cba4cd1be4d899672ea3562f280df3b3ee878bd2e9989357829c363b4b47eacadeee76144957f4d76c3ea703aa5bf32f75a0370f49ae371f001eced8bbdaa781f66c83f959af0cb0ecbabeeeb0f91c26a22b430d5cae34e470f79f01446cdca5b70ba6448a8d9e4722dba03369b3204253eea942de2fb7b4408212a4c6a5d36c7e82417edd052a59d6d1ce2b0a2bd94f334647712cc2296e75db316be650195dd28a360e2e44fd32951b2b983d673bce51eea778d2ed2a2468c3b6b94b67ee175aa08f757d5522b43cefd5969511579cd79300802c811adad7b6bdf789f70bc76e94f8ea317043cf29b562a2041c553122ec338834455be1b68fe7470808451b0e1f1d444ae1e430c51c718a751142fa675a663e9d9f66a8a6199b56d18e4167e54942a37366fa0b5242de86bf1af6c758b2f0bb1f0fda16dc5241e3cc442326fdb501b95fe768c45781c8b60fbe576c7e790e2d5a2a76085cdca098fb3209b30a017eefbf6f8b315b38d8f8f194e456d1776cf6c9c4f4a99e9b50ca4bbc57ff1f035f13a3d8261617b5d55387488f9456a32400a84f95320e722c7abed22b9f8b574da8322fe104c12fb35c9d0c600dde78c47cd46647a8e24aafa53c68e2119ed1473bb3b7c9873d0a256e8eec8dc9f57820a7e23d49deb4041beae704b3fb527ce57316ff238515c248c80d51fd44e31dbb2d2e1d6b8007a03bf9b981fee094ee82f413698af66a3057621490d60207bca2e7a11e96cfb850a9a371ce672d0c4826be044acaa0a0a04fab4f2807eac896c48db2c35caf97fdf8bacb854f5351328cfbab2c3b251fc0abe20ba4b8fe8f4a98dfb76a0b1ea6b6463bdd900e23114c94f205f492a4acb30cc8a6efe6f73a96d3688853c60dce92732440db5ec245478bb64ebe9b60e7469ffb253febcda05613a8c1dbf72634e68d912e2fc98501d99c7dafb50081edcc60dc74daf9cecbcf65aa57661451fc6131f8c879b2181984bc4e0973ad6984837e19595caa35ff4713266b6a6c090a50afeb1461590c4c36f7fead0c9620af82302616c154e74199ee11353f6e9861472e2f1826afd0ce1a2ce9712b50019b32397960f54f4fce3c6655e13d8ef3ba20eaa3ca03a831a39732203dc3d2d3bf8de63fb4c96b3ec10cc852401f25a2575e98d9a25bf0767fc180f6fef5928565fa9ffdd620b6713f85bbc140060df1b50607b4eb51c0c71dac8ee2c19b9bd03b1840bb4d1f8a767d788a31926c9c39be4709dd57e856cb417d3947ce825f194fac18323f36a3b7743603abc628d477b3292a6b3f4965e882a110728f2a9f4fa8fd9d9d50859c48fe0f07f6a826bd5c5d8d645c0f7d8d03cf49be2419e2986f8ad55a228cacd0838f867a8612fd1c4b04d54dc9d5b05cc9395f5bb7fe918083bedfa33734a3f6afaf70379f4d423fa592dcfdeef84161df3f8f42204116442fc815a3cb3c79348d489296014fb8d4334c4ad776e14207ed2115781a0caac4cbfddf8f788f58cd9da9c33f145d87a187d7db78ce4368c5bdbba67fde5264a53a65a027a52aa09fd4943aeeae146a769a26a0f3597fd5004b60c179ce2bcafc78220d691c44c153c883bf942f01586b5321e4bbb28ab44d97bea3368f7c5d0c3dda0ef359065fd31f62060beb0b2a31f7164867e4b78f89f5ea0131aed7014ef3385f0b350ff847f4321b81c7dc9a484605ee397a2d5ea8ad9593020cea3acb6a106a560b4bf675c89aa3b14678dfef6602fdfa9afeeb6f16cb1b3cc944ad5d0492a3d07308c07dfc204c071d92f6b8b5694c70d166fe29f7894ceee7554dc32c71f3b971c8f20f2cafa4399a8755684090f90e6b45ee924d1205e0a075fd2259b6ca6430d28c780735353be38578b3cf1badcba4dae86419d4a0c1ec21f4a7510a08018e90974f0757aab8b51dc0fc068193d040cbd9706eeec02360da646b11cc5f1a544ecf24ce87c7165a0cb9bdb6990db03320ecf2f65fb6dfd1f3d32b2ae10723707cf5f30ea387f677aea100649c72e795b5f7d652e0e2fd0ae19eaf96f1b6453d056e01c97aa5c271b5e5f303fa4013f686cfbf64a1c1fe4263786b835e46a98699b8d5262520c4947987748ab21a48aef3", 0xfd1, 0x6, 0x0)
mq_timedreceive(r7, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = getpid()
sched_setscheduler(r8, 0x5, &(0x7f0000000040)=0x7)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x300)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000031c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)

11.606586596s ago: executing program 5 (id=1471):
socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r1 = fanotify_init(0x0, 0x800)
r2 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r1, 0x641, 0x1021, r2, 0x0)
fanotify_mark(r1, 0x90, 0x20, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
mknod(&(0x7f0000000040)='./file1\x00', 0x0, 0x0)
chmod(&(0x7f0000000080)='./file1\x00', 0x1258bab1c8332e9a)
lchown(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r5, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706b86e65204361707455"], 0xb8)
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
dup3(r6, r5, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x1, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000300)}, 0x0)

10.941630678s ago: executing program 3 (id=1472):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000009800"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = socket$netlink(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockname(r6, 0x0, &(0x7f0000000d00))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0xe97, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r8, 0xc038563c, &(0x7f00000005c0)={0x0, 0x2000000, {0x8, 0xfffffffd, 0xfffff1b4, 0x3}})
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
fremovexattr(r9, &(0x7f0000000240)=@known='system.sockprotoname\x00')
bind$netlink(r7, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.843774609s ago: executing program 0 (id=1475):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$evdev(0x0, 0x0, 0x24000)
ioctl$EVIOCGREP(r2, 0x80084522, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
r6 = openat$smackfs_change_rule(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$smackfs_change_rule(r6, &(0x7f00000000c0)={'\x19\x1fzg\x05\xa3\x87\xc7\x96\xee\x1b\x8a\x1c\x83\xcdi.!\f\xd4A8\x8fk`*\xb2\x87B\x7f\x16\xda:To\x98\x95\xd4*5,\n\xfb\x91\xee2[\xcc\xd71\x03\xed\x17{\xd1\xc3\xbb\x13\xbdp\x00'/76, 0x20, '', 0x20, 'ratbl', 0x20, 'rwbl'}, 0x59)
sendfile(r5, r5, 0x0, 0x101)
mmap$binder(&(0x7f00008d6000/0x2000)=nil, 0x2000, 0x1, 0x11, r5, 0x5)
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x28, 0x0, &(0x7f00000002c0))
r7 = memfd_create(&(0x7f0000000300)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xae\xd1md\xc8\x85\x00\x00\xfb\xff\x00\x18\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e20, @loopback}})
ioctl$sock_inet_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000000)={'ipvlan1\x00', {0x2, 0x4e1f, @empty}})
execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
symlink(0x0, &(0x7f00000059c0)='./file0\x00')
socket$inet6(0xa, 0x1, 0x8010800000000084)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000280)={0xffffffffffffffff, 0x1, 0x4}, 0xc)

9.365598406s ago: executing program 3 (id=1477):
timer_create(0x3, 0x0, &(0x7f0000000080))
timer_settime(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3, 0x0, 0x1e0000}, 0x18)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0xe8c}, 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
r4 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000040)=0x2)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
timer_create(0x3, 0x0, &(0x7f00000000c0)=<r5=>0x0)
clock_gettime(0x0, &(0x7f00000002c0)={<r6=>0x0, <r7=>0x0})
timer_settime(r5, 0x1, &(0x7f0000000040)={{r6, r7+60000000}, {0x77359400}}, 0x0)
r8 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x89e2, &(0x7f0000000340)={<r9=>r8})
ioctl$sock_kcm_SIOCKCMCLONE(r9, 0x89e2, &(0x7f0000000080)={r8})
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x5, 0xb, 0x0, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e3, &(0x7f0000000180)={r8, r10})
timer_delete(r5)
r11 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r11, 0x6, 0x0, 0x0, 0x0)

8.234241122s ago: executing program 0 (id=1479):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000004c0))
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000040)={0x2c, 0x0, 0x0, 0x3d}, 0x10)

7.940073315s ago: executing program 5 (id=1480):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b04101e8c00000001090212000100000000090401"], 0x0)

7.169425734s ago: executing program 3 (id=1481):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2002, 0x0)
write$UHID_CREATE(r1, &(0x7f0000000180)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0, 0x0, 0x5, 0x50b, 0x9, 0xc, 0x2}}, 0x120)
splice(r0, 0x0, r2, 0x0, 0x4, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pivot_root(0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=<r5=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, 0x0, &(0x7f0000000280)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r4, 0x0, 0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r7, 0x0, 0x0)
r8 = socket$unix(0x1, 0x2, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r9, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7ff, 0x56}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)
r11 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r11)
socket$inet_sctp(0x2, 0x5, 0x84)

7.027456324s ago: executing program 0 (id=1482):
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = signalfd(r0, &(0x7f00000000c0)={[0xe]}, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)=ANY=[@ANYBLOB], 0x0, 0x3a, 0x0, 0x1}, 0x28)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000c80)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000400010db3c6e2300"/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=<r5=>r3, @ANYBLOB="0000000000000000b70500000000000085000000a800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r6, 0x0)
read$FUSE(r7, 0x0, 0x38)
r8 = dup2(r7, r6)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x8)
r9 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@getstat={0xe0, 0x15, 0x0, 0x70bd29, 0x0, {{'drbg_pr_hmac_sha384\x00'}, '\x00', '\x00', 0x0, 0x2400}}, 0xe0}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=ANY=[@ANYRES16=r2, @ANYRES64=r5, @ANYRES16=r7, @ANYRESHEX=r8, @ANYBLOB="223e330da5ce7481f33c96571f8c2a2796868401792bb8e651efe4a2dd55b7d8fa1ae4c9ebbdc63a6edcc948d91e1524ef06f33edd351ddac3bad4202bc95b6cac28bbe5f87ef4b12dc5e9340d6e2864157b4c35122df223c163abe219d34fc2715002e01622a67c672623b89d690a6aea5b51b4838e11c24f20b8cdb7", @ANYRES16], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x40100c5)
sendmsg$nl_crypto(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)
ioctl(r0, 0x8b2c, &(0x7f0000000040))
open(&(0x7f0000000480)='./file0\x00', 0x2000, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r10, &(0x7f00000015c0)=[{0x0}], 0x1)

5.039989604s ago: executing program 6 (id=1485):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x3, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x100001}, [@printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x25}, 0x94)

4.824030957s ago: executing program 2 (id=1486):
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB='\t\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="aa"], 0x20)

4.75589096s ago: executing program 6 (id=1487):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000009800"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = socket$netlink(0x10, 0x3, 0xc)
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
getsockname(r6, 0x0, &(0x7f0000000d00))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0xe97, 0x0)
ioctl$VIDIOC_SUBDEV_S_CROP(r8, 0xc038563c, &(0x7f00000005c0)={0x0, 0x2000000, {0x8, 0xfffffffd, 0xfffff1b4, 0x3}})
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
fremovexattr(r9, &(0x7f0000000240)=@known='system.sockprotoname\x00')
bind$netlink(r7, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r5, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000200), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.744522346s ago: executing program 2 (id=1488):
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e07090908"], 0xa)

4.722418992s ago: executing program 5 (id=1489):
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x87, &(0x7f0000000400)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0xd, 0x4, 0x0, 0x0, 0x79, 0x67, 0x0, 0x0, 0x11, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@cipso={0x86, 0x1f, 0x3, [{0x1, 0x2}, {0x1, 0x12, "2ed50de8474f1917bf157ac4b0020800"}, {0x1, 0x5, "4740c2"}]}]}}, {0x1, 0x4e20, 0x45, 0x0, @opaque="d44464bfacbc42fb46565baf9238ee1e70bdca7032f0c9bc50d6651b049308293ea2065e84580843c7cee9fae33a0bc99d8001ecbac79edb55f2c36b5f"}}}}}, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
fcntl$setlease(r0, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000040)=0xe, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
sched_setscheduler(r2, 0x0, &(0x7f0000000180)=0x8001)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2$watch_queue(0x0, 0x80)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
r4 = creat(&(0x7f00000000c0)='./file0\x00', 0xd4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='block_bio_remap\x00', r5}, 0x10)
r6 = dup2(r4, r4)
ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f00000002c0)={'\x00', 0x0, 0xd, 0x1, 0x8})
r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x501, 0x0)
close_range(r7, r7, 0x0)
setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000180)=0x10000, 0x4)
ioctl$VIDIOC_SUBDEV_G_SELECTION(0xffffffffffffffff, 0xc040563d, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x4, {0x8, 0x7f, 0x7ab8, 0x7aa}})

4.64498805s ago: executing program 2 (id=1490):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x7, 0x4}, {0x2, 0x1, 0x8, 0x3}, {0x1, 0x4, 0x4, 0xc}, {0x5, 0x5, 0xa, 0x7}, {0x5, 0x4, 0x0, 0x3}, {0x5, 0x2, 0x5, 0xa}, {0x4, 0x1, 0xe, 0x1}], 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000002140)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000030000005637f880f14ee2dd0000f90e72cd0ea30cee982535"], &(0x7f0000000c40)=""/3, 0x26, 0x3, 0x1, 0x1}, 0x28)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
accept(0xffffffffffffffff, &(0x7f0000002080)=@l2tp6, &(0x7f0000002100)=0x80)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r5 = fanotify_init(0xf00, 0x1000)
fanotify_mark(r5, 0x105, 0x5000003a, r4, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)
r6 = epoll_create(0x6)
r7 = dup3(r3, r6, 0x0)
read$FUSE(r7, 0x0, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000000114010025bd7000fedbdf25000000000000a000"], 0x18}, 0x1, 0x0, 0x0, 0x44}, 0x4044080)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VT_RESIZE(r7, 0x5609, &(0x7f0000002180)={0x2, 0x1, 0xefbf})
sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2004c010}, 0x4080)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad03010000000000bf000000000000006916a00000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

3.68003548s ago: executing program 6 (id=1491):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)='%pi6   \x00'}, 0x20)
r4 = fcntl$dupfd(r1, 0x406, r3)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0x20, &(0x7f00000003c0)={&(0x7f0000000340)=""/47, 0x2f, <r5=>0x0, &(0x7f0000000380)=""/44, 0x2c}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x14, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket(0x10, 0x3, 0x9)
connect$netlink(r6, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc, 0x8}, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
userfaultfd(0x1)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
pwritev2(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x7c00, 0x0, 0x3)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r8, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r8, &(0x7f0000000000), 0x10)
r9 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt(r9, 0x65, 0x1, &(0x7f0000000080), 0x1d0)
bind$can_raw(r9, &(0x7f00000001c0), 0x10)
dup3(r7, r8, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r11, 0x4068aea3, 0x0)

3.598128586s ago: executing program 2 (id=1492):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'sit0\x00', <r4=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000001c0)=0x2, 0x4)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000240)=0x4000, 0x4)
bind$xdp(r0, &(0x7f0000000040)={0x2c, 0x0, r4, 0x3d}, 0x10)

2.110988832s ago: executing program 5 (id=1493):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r0)
syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
r1 = socket(0x15, 0x5, 0x0)
connect$netrom(r1, &(0x7f00000000c0)={{0xa, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1}, [@null, @bcast, @bcast, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48)
getsockname$tipc(r1, 0x0, &(0x7f0000000080))
socket$kcm(0x10, 0x2, 0x4)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x500944, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000180)='freezer.parent_freezing\x00', 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_submit(0x0, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r3, &(0x7f00000000c0), 0x40002022)
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90424fc60040207000a000200053582c137153e", 0x23}], 0x1}, 0x0)
ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r5}, 0x10)
ioctl$SIOCSIFHWADDR(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})

1.41693074s ago: executing program 6 (id=1494):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000003e0007012dbd7000fcdbdf25047c0000040000001400018006000600800a0000080016"], 0x2c}, 0x1, 0x0, 0x0, 0x20040000}, 0x44000)

1.385981517s ago: executing program 2 (id=1495):
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}}}, 0x55)

1.331283393s ago: executing program 3 (id=1496):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000003800), 0x2, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000580)={0xe, 0x18, 0xfa00, @id_resuseaddr={0x0, r2}}, 0x20)
clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe14})
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='ipi_raise\x00', r8}, 0x18)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000d40)=@nat={'nat\x00', 0x2, 0x5, 0x4b0, 0x310, 0x220, 0xffffffff, 0x310, 0xf0, 0x3e0, 0x3e0, 0xffffffff, 0x3e0, 0x3e0, 0x5, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @remote, [], [0xff], 'ip6tnl0\x00', 'veth0_to_batadv\x00', {}, {}, 0x3a}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv6=@mcast1, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}}}, {{@ipv6={@dev, @loopback, [], [], 'batadv0\x00', 'veth1_vlan\x00'}, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}, {[0xff000000, 0x0, 0xff000000]}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@loopback, @ipv6=@private0, @icmp_id=0x1, @icmp_id}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @gre_key=0x775, @gre_key}}}, {{@ipv6={@remote, @mcast1, [], [], 'ipvlan0\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x53e)
r9 = syz_io_uring_complete(0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'ip_vti0\x00', &(0x7f0000000140)={'sit0\x00', 0x0, 0x40, 0x40, 0x800, 0x9, {{0x10, 0x4, 0x0, 0x7, 0x40, 0x66, 0x0, 0x2, 0x29, 0x0, @multicast1, @broadcast, {[@lsrr={0x83, 0x3, 0xeb}, @end, @cipso={0x86, 0x20, 0xffffffffffffffff, [{0x0, 0x2}, {0x0, 0x9, "dcb42574df031e"}, {0x1, 0xf, "41ce656a7689723e8383a293b1"}]}, @end, @ra={0x94, 0x4, 0x1}]}}}}})
io_setup(0x1, 0x0)
sendmsg$nl_route_sched(r9, 0x0, 0x8040)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$nfc(&(0x7f0000000980), r10)
sendmsg$NFC_CMD_LLC_SDREQ(r10, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000a40)={0x20, r11, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@NFC_ATTR_LLC_SDP={0x4}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x48090}, 0x4000080)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x60, 0x10, 0xffffffffffffffff, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x33c13, 0x51a23}, [@IFLA_LINKINFO={0x40, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @loopback={0x21, 0xfffffffffffffffe}}, @IFLA_GRE_LOCAL={0x14, 0x6, @mcast1}]}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20040000)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000000)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x10000, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, {0xa, 0x4e23, 0xf54c, @remote, 0x7fffffff}, r2, 0x7}}, 0x48)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000003840)={0x14, 0x88, 0xfa00, {0xffffffffffffffff, 0xc, 0x0, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, 0x90)

1.298292288s ago: executing program 0 (id=1497):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYRES16], 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x101100, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000e50003000000000085100000fcffffff250001000000000085100000faffffff9500000000000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x90)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
clock_getres(0x7, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000000000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x20040000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3})
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x80000000000000c, 0x0, 0x4, 0x10000, 0x7, 0x9004, 0x9, 0x8, 0x0, 0x7, 0x49, 0x3ff, 0x5, 0x2, 0x1, 0x5, 0x7, 0xc1, 0x1, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x5, 0x7, 0x4, 0x1, 0x9, 0x888f, 0x1, 0x6, 0x46, 0x1, 0x3, 0xa3de, 0x20000000006, 0x8, 0x7, 0x400, 0x3, 0xffffffffffbfffb7, 0xfffffffffffffffa, 0x2, 0xd, 0x6, 0x4, 0xe6, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x0, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x10001, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x4000000007, 0x2, 0x3, 0x2, 0x2, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x9, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x204, 0x7, 0xe53e, 0x4, 0x8, 0x2293332f, 0x6, 0x5, 0x1e, 0xd, 0x2, 0x4, 0xfffffffffffffffb, 0x80000001, 0x7, 0xdfd4, 0xfff9, 0x10, 0x20005, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x1000003]})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x35)

1.25722974s ago: executing program 5 (id=1498):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r0, &(0x7f0000000340)=[{{&(0x7f0000000140)={0xa, 0x4e24, 0x5c, @mcast2, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="f8"], 0xf8}}, {{&(0x7f0000000000)={0xa, 0x4e22, 0x4, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1400"], 0x1298}}], 0x2, 0x40400e4)

1.200152317s ago: executing program 6 (id=1499):
r0 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0)

1.183257072s ago: executing program 2 (id=1500):
mkdir(&(0x7f0000000000)='./file1\x00', 0x74)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0])
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_mr_cache\x00')
read$FUSE(r0, &(0x7f0000000e00)={0x2020}, 0x2020)
r1 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab82)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[], 0x48)
times(&(0x7f0000000180))
mknod(&(0x7f0000000080)='./bus\x00', 0x4, 0x6)
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='ext2\x00', 0x8080, &(0x7f00000001c0)='discard')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, 0x0, 0x0}, 0x20)
ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, 0x0)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000180)=0x1)
ioctl$VIDIOC_S_CROP(r1, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}})
pread64(r0, &(0x7f0000033240)=""/102389, 0x18ff5, 0x41e)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r7 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, 0x0)

1.058451687s ago: executing program 6 (id=1501):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2f00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10)
gettid()
rt_sigtimedwait(&(0x7f00000003c0)={[0x6]}, 0x0, 0x0, 0x8)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10)
getdents64(0xffffffffffffffff, &(0x7f0000002f40)=""/4098, 0x1002)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x15, 0x11, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000008000000bc09080000000000b60a0100000000000f0000000000000018130000", @ANYRES32, @ANYBLOB="00000000000000013f93200000000000b503000000000000"], 0x0, 0x3, 0x0, 0x0, 0x1f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000040)={'erspan0\x00', 0x0})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0x4020aeb2, &(0x7f0000000080)={0x0, 0xfffffff, @ioapic={0x5000, 0x1, 0x0, 0x9, 0x0, [{0x6, 0x7, 0x8, '\x00', 0xab}, {0x2, 0x0, 0x2, '\x00', 0x5a}, {0x60, 0x4, 0x8, '\x00', 0x3}, {0x5, 0x9, 0x7, '\x00', 0xf1}, {0xc, 0x2, 0x9, '\x00', 0x43}, {0x4, 0x79, 0xc5, '\x00', 0x9}, {0x1, 0x5, 0x9, '\x00', 0xfe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x8, '\x00', 0x33}, {0x81, 0xf, 0x57, '\x00', 0x9}, {0x5, 0x4, 0x1, '\x00', 0x6}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x1, 0x1, 0x8, '\x00', 0xff}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x6, 0x5, 0x3, '\x00', 0xbc}, {0xd, 0x2, 0x9, '\x00', 0x2}, {0x8, 0x7c, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x5, '\x00', 0xf}, {0x78, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x3, 0xc1, '\x00', 0x8e}, {0x5, 0x26, 0x5, '\x00', 0x9}, {0x5, 0x9, 0xe4, '\x00', 0x6}, {0xc1, 0x50, 0x81, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
close(r4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f00000001c0)={0x1f, 0x4}, 0x6)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff7)
ioctl$TUNGETVNETLE(r4, 0x40047451, &(0x7f0000000180))

0s ago: executing program 5 (id=1502):
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/15, 0xf}, {0x0}], 0x2, 0x400, 0xfffffffe)
r1 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
ioperm(0x0, 0x2, 0x7e)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES8=r1], 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x281}, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x1d, 0x2, 0x6)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r5, 0x6a, 0x4, 0x20000000, 0x4)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="651c0000000000006111640000000000180000000000000000000000000000950000000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x80)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000280)=0x1)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r9, &(0x7f0000000140)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r9, 0x0)
ioctl$TCSETS(r8, 0x8926, &(0x7f0000000100)={0xfffffffc, 0x0, 0x0, 0x7ff, 0x0, "5dee0000005940000000000f00"})
sendmsg$NFT_BATCH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000100001000000000000000000d100000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a31000000004c000000050a19020000000000000000010020000c00024000000000000000010900010073797a3100000000200004"], 0xe8}}, 0x0)

kernel console output (not intermixed with test programs):

0a, idProduct=0103, bcdDevice=ad.1d
[  202.032872][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.052954][ T5891] usb 4-1: Product: syz
[  202.057183][ T5891] usb 4-1: Manufacturer: syz
[  202.062432][ T5891] usb 4-1: SerialNumber: syz
[  202.103869][ T5891] usb 4-1: config 0 descriptor??
[  202.627022][ T5925] usb 2-1: config 0 has an invalid interface number: 168 but max is 0
[  202.664468][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.687080][ T5891] usb_ehset_test 4-1:0.0: probe with driver usb_ehset_test failed with error -32
[  202.715136][ T5925] usb 2-1: config 0 has no interface number 0
[  202.790015][ T5891] usb 4-1: USB disconnect, device number 5
[  202.796139][ T5925] usb 2-1: config 0 interface 168 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  202.811656][ T5925] usb 2-1: config 0 interface 168 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16
[  202.850326][ T5925] usb 2-1: New USB device found, idVendor=0959, idProduct=2bd0, bcdDevice=48.98
[  202.992710][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.664657][ T5925] usb 2-1: config 0 descriptor??
[  203.678802][ T5925] HFC-S_USB 2-1:0.168: probe with driver HFC-S_USB failed with error -5
[  203.958588][ T6762] vivid-003: disconnect
[  203.972763][ T6762] vivid-003: reconnect
[  204.315401][ T5925] usb 2-1: USB disconnect, device number 4
[  205.210028][ T6790] bridge0: port 1(bridge_slave_0) entered disabled state
[  205.233606][ T6790] bridge0: port 2(bridge_slave_1) entered disabled state
[  205.336490][ T5927] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  205.414313][ T5927] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  205.435951][ T6790] batadv_slave_0: left promiscuous mode
[  205.636864][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.181'.
[  206.338827][ T6805] netlink: 4 bytes leftover after parsing attributes in process `syz.2.181'.
[  209.919871][ T6830] input: syz0 as /devices/virtual/input/input8
[  211.224963][ T6824] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  211.333684][ T6836] ubi: mtd0 is already attached to ubi31
[  211.350560][ T6824] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  211.842635][ T6825] Falling back ldisc for ttyprintk.
[  211.870324][ T6824] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  211.886194][ T6824] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  211.948254][ T6824] geneve2: entered allmulticast mode
[  212.032485][ T6493] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  212.187831][ T6493] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  212.869888][ T6493] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  213.085116][ T6493] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  213.829244][   T51] Bluetooth: hci3: command 0x0405 tx timeout
[  213.973895][ T6847] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  216.550712][ T6493] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.882335][ T6493] 8021q: adding VLAN 0 to HW filter on device team0
[  217.989412][ T3550] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.996635][ T3550] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.011366][ T3550] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.018535][ T3550] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.249635][ T6493] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  218.326688][ T6493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  219.120535][ T5841] Bluetooth: hci0: unexpected event for opcode 0x1002
[  219.433135][ T6910] netlink: 4 bytes leftover after parsing attributes in process `syz.2.200'.
[  219.495409][ T6910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.530297][ T6910] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.912491][ T6914] cramfs: Unknown parameter 'discard'
[  220.347496][ T6910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  220.358509][ T6910] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.654786][ T6926] overlayfs: overlapping lowerdir path
[  221.756348][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.3.202'.
[  223.534319][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  223.629179][ T6940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.206'.
[  225.138554][   T51] Bluetooth: hci4: unexpected event for opcode 0x1004
[  225.415037][ T6955] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.206'.
[  226.301340][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  226.311626][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  226.320647][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  226.329747][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  226.346517][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  228.813839][   T51] Bluetooth: hci5: command tx timeout
[  228.820660][ T5841] Bluetooth: hci4: unexpected event for opcode 0x1002
[  230.594535][ T6954] lo speed is unknown, defaulting to 1000
[  231.067922][ T5841] Bluetooth: hci5: command tx timeout
[  233.270006][ T5841] Bluetooth: hci5: command tx timeout
[  234.214192][ T7007] lo speed is unknown, defaulting to 1000
[  234.224042][ T7007] lo speed is unknown, defaulting to 1000
[  234.230469][ T7007] lo speed is unknown, defaulting to 1000
[  234.347517][ T7007] infiniband s
z1: set active
[  234.352421][ T7007] infiniband s
z1: added lo
[  234.391039][ T7007] RDS/IB: s
z1: added
[  234.395580][ T7007] smc: adding ib device s
z1 with port count 1
[  234.401881][ T7007] smc:    ib device s
z1 port 1 has pnetid 
[  235.697475][ T7029] /dev/nullb0: Can't open blockdev
[  235.857700][ T5927] lo speed is unknown, defaulting to 1000
[  235.869210][ T7007] lo speed is unknown, defaulting to 1000
[  235.877226][ T5957] lo speed is unknown, defaulting to 1000
[  236.110944][   T51] Bluetooth: hci5: command tx timeout
[  236.336062][ T7007] lo speed is unknown, defaulting to 1000
[  236.461468][ T7007] lo speed is unknown, defaulting to 1000
[  236.581033][ T7007] lo speed is unknown, defaulting to 1000
[  236.701282][ T7007] lo speed is unknown, defaulting to 1000
[  236.820945][ T7007] lo speed is unknown, defaulting to 1000
[  237.427563][ T6954] chnl_net:caif_netlink_parms(): no params data found
[  237.529147][   T49] Bluetooth: hci3: Frame reassembly failed (-84)
[  238.159883][ T7054] netlink: 20 bytes leftover after parsing attributes in process `syz.2.226'.
[  239.235163][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[  240.584458][ T5854] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  240.585178][   T51] Bluetooth: hci3: command 0x1003 tx timeout
[  240.706008][ T7067] No source specified
[  240.916730][ T7066] netlink: 8 bytes leftover after parsing attributes in process `syz.0.227'.
[  240.925630][ T7066] veth1_to_hsr: entered promiscuous mode
[  240.933753][ T6954] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.950528][ T6954] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.981663][ T6954] bridge_slave_0: entered allmulticast mode
[  240.996645][ T6954] bridge_slave_0: entered promiscuous mode
[  241.202180][ T6954] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.213191][ T6954] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.223619][ T6954] bridge_slave_1: entered allmulticast mode
[  241.282707][ T6954] bridge_slave_1: entered promiscuous mode
[  242.451908][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  242.451922][   T30] audit: type=1326 audit(1755748351.186:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  242.497338][ T2154] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  242.516025][ T2154] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  242.628333][ T7092] netlink: 28 bytes leftover after parsing attributes in process `syz.1.232'.
[  242.775627][ T7093] xt_TPROXY: Can be used only with -p tcp or -p udp
[  243.131790][   T30] audit: type=1326 audit(1755748351.186:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.160725][   T30] audit: type=1326 audit(1755748351.186:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.232088][ T7077] usb usb1: check_ctrlrecip: process 7077 (syz.2.230) requesting ep 01 but needs 81
[  243.352860][   T30] audit: type=1326 audit(1755748351.186:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.552744][   T30] audit: type=1326 audit(1755748351.186:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.627111][   T30] audit: type=1326 audit(1755748351.186:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.655650][   T30] audit: type=1326 audit(1755748351.186:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.681680][   T30] audit: type=1326 audit(1755748351.186:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.709255][   T30] audit: type=1326 audit(1755748351.186:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.744713][   T30] audit: type=1326 audit(1755748351.186:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7083 comm="syz.1.232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  243.854476][ T6954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.938869][ T5957] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[  243.994887][ T6954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  244.252073][ T5957] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  244.416954][ T6174] bridge_slave_1: left allmulticast mode
[  244.419859][ T5957] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  244.455446][ T6174] bridge_slave_1: left promiscuous mode
[  244.461448][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.606286][ T5957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  244.636046][ T6174] bridge_slave_0: left allmulticast mode
[  244.648732][ T6174] bridge_slave_0: left promiscuous mode
[  244.660211][ T5957] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  244.667016][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.705338][ T5957] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  244.743716][ T5957] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  244.768161][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  244.795754][ T5957] usb 3-1: Product: syz
[  244.810757][ T5957] usb 3-1: Manufacturer: syz
[  244.830213][ T5957] usb 3-1: SerialNumber: syz
[  244.855408][ T5957] usb 3-1: config 0 descriptor??
[  245.035393][ T7120] netlink: 'syz.1.235': attribute type 10 has an invalid length.
[  245.997852][ T5957] radio-si470x 3-1:0.0: si470x_get_report: usb_control_msg returned -110
[  246.029236][ T5957] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -5
[  246.345430][ T6174] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.527840][ T6174] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.640567][ T6174] bond0 (unregistering): Released all slaves
[  247.979305][ T5891] usb 3-1: USB disconnect, device number 2
[  247.988972][ T5854] Bluetooth: hci1: unexpected event for opcode 0x1002
[  248.240858][ T6954] team0: Port device team_slave_0 added
[  248.367823][ T7120] team0: Port device wlan1 added
[  250.051786][ T6954] team0: Port device team_slave_1 added
[  250.759102][ T7189] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  251.556492][ T6954] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.597498][ T6954] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  253.518439][ T6954] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  253.719885][ T6954] batman_adv: batadv0: Adding interface: batadv_slave_1
[  253.726880][ T6954] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.354724][ T7205] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'.
[  254.754880][ T6954] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  255.314524][ T7205] netlink: 'syz.1.247': attribute type 2 has an invalid length.
[  255.982085][ T5854] Bluetooth: hci1: unexpected event for opcode 0x1002
[  256.194621][ T6174] hsr_slave_0: left promiscuous mode
[  256.228564][ T6174] hsr_slave_1: left promiscuous mode
[  256.400735][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_0
[  256.462382][ T6174] batman_adv: batadv0: Removing interface: batadv_slave_1
[  256.797728][ T7227] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  257.897882][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  259.219199][    T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  259.592027][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  259.738437][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  260.086730][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[  260.111622][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.169185][    T9] usb 4-1: config 0 descriptor??
[  260.267412][    T9] usb 4-1: can't set config #0, error -71
[  260.298191][    T9] usb 4-1: USB disconnect, device number 6
[  260.793110][ T7245] x_tables: ip_tables: osf match: only valid for protocol 6
[  261.255447][ T7248] Bluetooth: MGMT ver 1.23
[  261.325474][ T7248] binder: 7240:7248 ioctl c0306201 2000000003c0 returned -22
[  261.836498][ T6174] team0 (unregistering): Port device team_slave_1 removed
[  262.197785][ T7255] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  263.435145][ T5854] Bluetooth: hci2: command 0x0406 tx timeout
[  263.441278][ T5841] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  265.486277][ T6174] team0 (unregistering): Port device team_slave_0 removed
[  265.916299][ T7245] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  267.298858][ T6954] hsr_slave_0: entered promiscuous mode
[  267.577044][ T7273] netlink: 'syz.2.259': attribute type 4 has an invalid length.
[  267.586379][ T7273] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.259'.
[  268.149855][ T6954] hsr_slave_1: entered promiscuous mode
[  268.165400][ T6954] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  268.178427][ T6954] Cannot create hsr debugfs directory
[  270.981455][ T7291] tmpfs: Bad value for 'mpol'
[  271.870288][ T7295] netlink: 4 bytes leftover after parsing attributes in process `syz.0.264'.
[  271.879161][ T7295] batman_adv: batadv0: Removing interface: batadv_slave_0
[  271.903873][ T7295] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.911499][ T7295] batman_adv: batadv0: Removing interface: batadv_slave_1
[  272.828515][ T7311] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  273.253864][ T7289] syz.3.265: attempt to access beyond end of device
[  273.253864][ T7289] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  273.641818][ T7289] syz.3.265: attempt to access beyond end of device
[  273.641818][ T7289] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  274.182046][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  274.473970][ T7289] syz.3.265: attempt to access beyond end of device
[  274.473970][ T7289] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  274.570596][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  274.758898][ T7289] syz.3.265: attempt to access beyond end of device
[  274.758898][ T7289] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  274.772303][ T7289] syz.3.265: attempt to access beyond end of device
[  274.772303][ T7289] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  274.786225][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  274.796191][ T7289] syz.3.265: attempt to access beyond end of device
[  274.796191][ T7289] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  274.811287][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  274.822182][ T7289] syz.3.265: attempt to access beyond end of device
[  274.822182][ T7289] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  274.835676][ T7289] syz.3.265: attempt to access beyond end of device
[  274.835676][ T7289] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  274.848698][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  274.858917][ T7289] syz.3.265: attempt to access beyond end of device
[  274.858917][ T7289] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  274.871914][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  274.881946][ T7289] syz.3.265: attempt to access beyond end of device
[  274.881946][ T7289] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  274.894985][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  274.904695][ T7289] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  274.914187][ T7289] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  275.132634][ T7336] vlan2: entered promiscuous mode
[  275.138227][ T7336] vlan2: entered allmulticast mode
[  275.182396][ T7336] hsr_slave_1: entered allmulticast mode
[  275.237533][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.273'.
[  276.370226][ T7366] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  276.499333][ T6954] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  276.511867][ T6954] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  276.527504][ T6954] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  276.541203][ T6954] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  279.901282][ T6954] 8021q: adding VLAN 0 to HW filter on device bond0
[  280.586633][ T7380] netlink: 16 bytes leftover after parsing attributes in process `syz.3.278'.
[  281.192358][ T6954] 8021q: adding VLAN 0 to HW filter on device team0
[  281.208685][ T6103] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.215905][ T6103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.294699][ T6103] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.301943][ T6103] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.720413][ T6954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  284.960751][ T7423] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  285.405950][ T7426] loop6: detected capacity change from 0 to 524287999
[  285.523163][ T7427] netlink: 40 bytes leftover after parsing attributes in process `syz.2.285'.
[  285.643338][ T5854] Bluetooth: hci4: unexpected event for opcode 0x0c13
[  287.550539][ T7456] 9pnet_virtio: no channels available for device syz
[  289.051078][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  289.051095][   T30] audit: type=1326 audit(1755748394.912:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.085379][ T5891] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  289.097392][   T30] audit: type=1326 audit(1755748394.912:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.172980][   T30] audit: type=1326 audit(1755748394.950:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.248181][   T30] audit: type=1326 audit(1755748394.950:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.298352][ T5891] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  289.330059][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.346975][ T5891] usb 4-1: Product: syz
[  289.351303][   T30] audit: type=1326 audit(1755748394.950:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.374284][ T5891] usb 4-1: Manufacturer: syz
[  289.379227][ T5891] usb 4-1: SerialNumber: syz
[  289.386988][ T5891] usb 4-1: config 0 descriptor??
[  289.395775][   T30] audit: type=1326 audit(1755748394.950:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.427921][   T30] audit: type=1326 audit(1755748394.968:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.469333][   T30] audit: type=1326 audit(1755748394.968:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.495587][   T30] audit: type=1326 audit(1755748394.968:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.536996][   T30] audit: type=1326 audit(1755748394.968:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7461 comm="syz.1.296" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cf798ebe9 code=0x7ffc0000
[  289.601870][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  289.619055][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  289.629193][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  289.908217][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  289.921869][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  290.690915][ T7474] lo speed is unknown, defaulting to 1000
[  290.724739][ T5891] usb 4-1: Firmware version (0.0) predates our first public release.
[  290.740785][ T5891] usb 4-1: Please update to version 0.2 or newer
[  290.814307][ T7474] lo speed is unknown, defaulting to 1000
[  290.897609][ T5891] usb 4-1: USB disconnect, device number 7
[  291.806613][ T7498] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  292.169267][ T5854] Bluetooth: hci3: command tx timeout
[  293.464011][ T3497] bridge_slave_1: left allmulticast mode
[  293.484695][ T3497] bridge_slave_1: left promiscuous mode
[  293.490516][ T3497] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.526515][ T3497] bridge_slave_0: left allmulticast mode
[  293.567197][ T3497] bridge_slave_0: left promiscuous mode
[  293.579033][ T3497] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.605559][ T5854] Bluetooth: hci2: unexpected event for opcode 0x0c56
[  294.391068][ T5854] Bluetooth: hci3: command tx timeout
[  295.854308][ T7539] netlink: 20 bytes leftover after parsing attributes in process `syz.1.308'.
[  296.615124][ T5854] Bluetooth: hci3: command tx timeout
[  296.775167][ T5891] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  297.779746][ T5891] usb 2-1: Using ep0 maxpacket: 8
[  297.893630][ T5891] usb 2-1: unable to get BOS descriptor or descriptor too short
[  297.941206][ T5891] usb 2-1: config 7 has an invalid interface number: 67 but max is 0
[  297.949351][ T5891] usb 2-1: config 7 has no interface number 0
[  298.005128][ T5891] usb 2-1: string descriptor 0 read error: -22
[  298.011736][ T5891] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  298.056946][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.333220][ T5891] usb 2-1: USB disconnect, device number 5
[  298.458256][ T7563] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.315'.
[  298.838247][ T5854] Bluetooth: hci3: command tx timeout
[  299.377556][ T3497] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.650877][ T3497] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  300.330339][ T5854] Bluetooth: hci1: unexpected event for opcode 0x1002
[  300.466325][ T3497] bond0 (unregistering): Released all slaves
[  300.532600][ T5854] Bluetooth: hci0: unexpected event for opcode 0x1009
[  302.621978][ T7595] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  304.235944][ T3497] hsr_slave_0: left promiscuous mode
[  304.314917][ T3497] hsr_slave_1: left promiscuous mode
[  304.334424][ T3497] batman_adv: batadv0: Removing interface: batadv_slave_0
[  304.373951][ T3497] batman_adv: batadv0: Removing interface: batadv_slave_1
[  305.070853][ T5854] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  305.079560][ T5854] Bluetooth: hci0: Injecting HCI hardware error event
[  305.088589][ T5854] Bluetooth: hci0: hardware error 0x00
[  311.606476][ T5854] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  314.880650][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'.
[  314.892385][ T7643] netlink: 8 bytes leftover after parsing attributes in process `syz.2.333'.
[  315.714256][ T3497] team0 (unregistering): Port device team_slave_1 removed
[  315.868566][ T3497] team0 (unregistering): Port device team_slave_0 removed
[  317.276488][ T7474] chnl_net:caif_netlink_parms(): no params data found
[  317.568319][ T5854] Bluetooth: hci4: command 0x0406 tx timeout
[  317.638413][ T7661] veth0_to_team: entered promiscuous mode
[  317.644259][ T7661] veth0_to_team: entered allmulticast mode
[  319.084382][ T5841] Bluetooth: hci4: unexpected event for opcode 0x1002
[  320.646735][  T890] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  320.711714][ T7700] netlink: 8 bytes leftover after parsing attributes in process `syz.3.344'.
[  320.748738][ T7474] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.765199][ T7474] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.772600][ T7474] bridge_slave_0: entered allmulticast mode
[  320.782022][ T7474] bridge_slave_0: entered promiscuous mode
[  320.808806][ T7474] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.816219][ T7474] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.827782][ T7474] bridge_slave_1: entered allmulticast mode
[  320.833910][  T890] usb 3-1: Using ep0 maxpacket: 32
[  320.840293][ T7474] bridge_slave_1: entered promiscuous mode
[  320.841894][ T7678] netlink: 4 bytes leftover after parsing attributes in process `syz.1.341'.
[  320.857325][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.905593][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.937337][  T890] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  320.947771][ T7678] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  320.955265][ T7678] batman_adv: batadv0: Removing interface: batadv_slave_0
[  320.964043][ T7678] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  320.971565][ T7678] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.015481][  T890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.059549][ T7474] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  321.081975][ T7474] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.085980][  T890] usb 3-1: config 0 descriptor??
[  321.479426][  T890] usb 3-1: can't set config #0, error -71
[  321.589141][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  321.598134][ T7706] netlink: 8 bytes leftover after parsing attributes in process `syz.3.345'.
[  321.694957][  T890] usb 3-1: USB disconnect, device number 3
[  321.848001][ T7474] team0: Port device team_slave_0 added
[  321.861598][ T7474] team0: Port device team_slave_1 added
[  322.038024][ T7474] batman_adv: batadv0: Adding interface: batadv_slave_0
[  322.053700][ T7474] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  322.122020][ T7474] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  322.145683][ T7474] batman_adv: batadv0: Adding interface: batadv_slave_1
[  322.145701][ T7474] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  322.145739][ T7474] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  322.350597][ T7474] hsr_slave_0: entered promiscuous mode
[  322.358203][ T7474] hsr_slave_1: entered promiscuous mode
[  322.364525][ T7474] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  322.410930][ T7474] Cannot create hsr debugfs directory
[  323.568024][  T890] IPVS: starting estimator thread 0...
[  323.976801][ T7759] IPVS: using max 32 ests per chain, 76800 per kthread
[  324.768997][ T7754] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  324.791946][ T7754] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  324.885465][ T7770] tipc: Started in network mode
[  324.897504][ T7754] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  324.907238][ T7770] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  324.918389][ T7754] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  324.930075][ T7770] tipc: New replicast peer: 0000:0000:0000:0000:0000:ffff:6401:0100
[  324.939298][ T7770] tipc: Enabled bearer <udp:syz2>, priority 10
[  325.094046][ T7754] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  325.126535][ T7754] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  325.269721][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  325.763435][ T7754] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  325.778426][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  325.840966][ T7754] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  326.515520][   T10] tipc: Node number set to 1
[  327.017264][ T5841] Bluetooth: hci1: command 0x0406 tx timeout
[  327.061304][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  327.146737][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  327.339213][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout
[  329.304525][ T5841] Bluetooth: hci1: command 0x0406 tx timeout
[  329.312259][ T5854] Bluetooth: hci2: command 0x0406 tx timeout
[  329.327831][  T890] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  329.563310][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout
[  329.712997][  T890] usb 2-1: config 0 interface 0 has no altsetting 0
[  329.726611][  T890] usb 2-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  329.776688][ T2154] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  329.805238][ T7474] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  329.861129][  T890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.934993][ T7474] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  329.949505][ T2154] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  329.949789][  T890] usb 2-1: config 0 descriptor??
[  329.988764][ T7474] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  329.999796][ T2154] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  330.036897][ T7474] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  330.045626][ T2154] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  330.107230][ T2154] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  330.122032][ T2154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  330.158343][ T2154] usb 4-1: Product: syz
[  330.165295][ T2154] usb 4-1: Manufacturer: syz
[  330.169929][ T2154] usb 4-1: SerialNumber: syz
[  330.347176][ T7474] 8021q: adding VLAN 0 to HW filter on device bond0
[  330.391620][ T7474] 8021q: adding VLAN 0 to HW filter on device team0
[  330.423855][ T6103] bridge0: port 1(bridge_slave_0) entered blocking state
[  330.431093][ T6103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  330.459235][ T2154] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  330.491680][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.507778][ T6103] bridge0: port 2(bridge_slave_1) entered blocking state
[  330.515018][ T6103] bridge0: port 2(bridge_slave_1) entered forwarding state
[  330.523094][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.532408][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.560508][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.590246][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.607582][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.621374][  T890] apple 0003:05AC:0264.0003: unknown main item tag 0x0
[  330.648536][  T890] apple 0003:05AC:0264.0003: hidraw0: USB HID vf.fe Device [HID 05ac:0264] on usb-dummy_hcd.1-1/input0
[  330.688395][    T9] usb 4-1: USB disconnect, device number 8
[  330.718738][    T9] usblp0: removed
[  330.767357][  T890] usb 2-1: USB disconnect, device number 6
[  330.815683][ T5841] Bluetooth: hci2: unexpected event for opcode 0x0c46
[  330.851417][ T7862] fido_id[7862]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  331.213010][ T7474] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.936047][ T5841] Bluetooth: hci3: command 0x0c1a tx timeout
[  332.364166][ T7901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.391'.
[  332.464201][  T890] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  332.563210][ T5841] Bluetooth: hci1: unexpected event for opcode 0x1002
[  333.212732][  T890] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  333.279453][  T890] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  333.343853][  T890] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  333.407302][  T890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  333.476955][ T7474] veth0_vlan: entered promiscuous mode
[  333.497639][  T890] usb 3-1: SerialNumber: syz
[  334.135341][ T7474] veth1_vlan: entered promiscuous mode
[  334.150795][  T890] usb 3-1: 0:2 : does not exist
[  334.181236][ T7921] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  334.190328][ T7921] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0
[  334.372649][ T7474] veth0_macvtap: entered promiscuous mode
[  334.401060][ T7474] veth1_macvtap: entered promiscuous mode
[  334.434413][  T890] usb 3-1: USB disconnect, device number 4
[  334.443565][ T7474] batman_adv: batadv0: Interface activated: batadv_slave_0
[  334.487286][ T7474] batman_adv: batadv0: Interface activated: batadv_slave_1
[  334.548716][ T7474] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  334.587218][ T7474] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  334.599544][ T7693] udevd[7693]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  334.615396][ T7474] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  334.635440][ T7474] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  334.693351][ T7930] netlink: 60 bytes leftover after parsing attributes in process `syz.1.397'.
[  334.702603][ T7930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.397'.
[  334.949520][ T1322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.108829][ T1322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  335.777269][ T6174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  335.822066][ T6174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  336.098239][ T5841] Bluetooth: hci1: unexpected event for opcode 0x0809
[  336.451589][ T5841] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  336.705610][ T7966] netlink: 8 bytes leftover after parsing attributes in process `syz.5.112'.
[  337.837624][  T890] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  338.476861][ T7988] veth1_macvtap: left promiscuous mode
[  338.482568][ T7988] macsec0: entered promiscuous mode
[  338.487291][  T890] usb 6-1: Using ep0 maxpacket: 8
[  338.498363][ T7988] veth1_macvtap: entered promiscuous mode
[  338.504345][ T7988] macsec0: left promiscuous mode
[  338.540417][  T890] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  338.565526][  T890] usb 6-1: New USB device found, idVendor=04b3, idProduct=3108, bcdDevice= 0.00
[  338.596995][  T890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.676253][  T890] usb 6-1: config 0 descriptor??
[  339.478635][  T890] lenovo 0003:04B3:3108.0004: unknown main item tag 0x0
[  339.582546][  T890] lenovo 0003:04B3:3108.0004: unknown main item tag 0x0
[  339.609619][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  339.609636][   T30] audit: type=1326 audit(1755748895.197:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  339.670551][  T890] lenovo 0003:04B3:3108.0004: unknown main item tag 0x0
[  339.680295][  T890] lenovo 0003:04B3:3108.0004: unknown main item tag 0x0
[  339.689133][  T890] lenovo 0003:04B3:3108.0004: unknown main item tag 0x0
[  339.709273][  T890] lenovo 0003:04B3:3108.0004: hidraw0: USB HID v0.03 Device [HID 04b3:3108] on usb-dummy_hcd.5-1/input0
[  339.721727][   T30] audit: type=1326 audit(1755748895.235:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  339.743092][ T5925] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  339.754792][   T30] audit: type=1326 audit(1755748895.263:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  339.780811][  T890] usb 6-1: USB disconnect, device number 2
[  339.807900][   T30] audit: type=1326 audit(1755748895.394:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8006 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff89bbc14a5 code=0x7ffc0000
[  339.879641][   T30] audit: type=1326 audit(1755748895.394:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  339.996749][ T5925] usb 4-1: Using ep0 maxpacket: 16
[  340.010554][ T5925] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  340.036225][   T30] audit: type=1326 audit(1755748895.394:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  340.076756][ T5925] usb 4-1: config 0 has no interface number 0
[  340.098419][ T5925] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  340.132738][   T30] audit: type=1326 audit(1755748895.553:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  340.139140][ T5925] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  340.175727][   T30] audit: type=1326 audit(1755748895.553:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  340.181618][ T8009] fido_id[8009]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  340.202573][   T30] audit: type=1326 audit(1755748895.553:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8003 comm="syz.2.414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x7ffc0000
[  340.254893][ T5925] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  340.274155][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  340.693905][ T5927] IPVS: starting estimator thread 0...
[  340.791793][ T8020] IPVS: using max 28 ests per chain, 67200 per kthread
[  341.154431][ T5925] usb 4-1: Product: syz
[  341.164256][ T5925] usb 4-1: SerialNumber: syz
[  341.172347][ T5925] usb 4-1: config 0 descriptor??
[  341.191594][ T5925] cm109 4-1:0.8: invalid payload size 0, expected 4
[  341.207118][ T5925] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input10
[  341.309621][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.420'.
[  341.323731][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz.1.420'.
[  341.514540][ T8029] syz.0.421 uses obsolete (PF_INET,SOCK_PACKET)
[  341.531171][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  341.542007][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  341.552180][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  341.559415][ T5925] usb 4-1: USB disconnect, device number 9
[  341.567344][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  341.574416][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  341.617622][ T5925] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  341.636745][ T8032] syzkaller1: entered promiscuous mode
[  341.658374][ T8032] syzkaller1: entered allmulticast mode
[  343.700593][ T8077] IPVS: stopping master sync thread 8081 ...
[  343.944004][ T8085] netlink: 20 bytes leftover after parsing attributes in process `syz.5.438'.
[  345.155799][ T5841] Bluetooth: hci1: unexpected event for opcode 0x1002
[  345.549356][ T8111] input: syz1 as /devices/virtual/input/input11
[  345.963760][  T890] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  346.144159][  T890] usb 6-1: Using ep0 maxpacket: 16
[  346.264989][  T890] usb 6-1: config 166 has an invalid interface number: 177 but max is 1
[  346.397304][  T890] usb 6-1: config 166 has an invalid interface number: 34 but max is 1
[  346.496672][  T890] usb 6-1: config 166 has no interface number 0
[  346.516692][  T890] usb 6-1: config 166 has no interface number 1
[  346.544907][  T890] usb 6-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  346.584559][  T890] usb 6-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  346.725460][  T890] usb 6-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[  346.744344][  T890] usb 6-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[  346.774506][  T890] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[  346.973163][ T8151] netlink: 104 bytes leftover after parsing attributes in process `syz.3.455'.
[  346.998631][  T890] usb 6-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[  347.121306][  T890] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  347.132598][  T890] usb 6-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  347.145377][  T890] usb 6-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[  347.158641][  T890] usb 6-1: config 166 interface 177 has no altsetting 0
[  347.358032][  T890] usb 6-1: config 166 interface 34 has no altsetting 0
[  347.368205][  T890] usb 6-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[  347.379000][  T890] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.389325][  T890] usb 6-1: Product: syz
[  347.395242][  T890] usb 6-1: Manufacturer: syz
[  347.400235][  T890] usb 6-1: SerialNumber: syz
[  347.957623][  T890] ums-realtek 6-1:166.177: USB Mass Storage device detected
[  348.222246][  T890] ums-realtek 6-1:166.34: USB Mass Storage device detected
[  348.303443][ T5925] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  348.499810][ T5925] usb 2-1: Using ep0 maxpacket: 16
[  348.590320][ T5925] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  348.621210][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.629381][  T890] ums-realtek 6-1:166.34: probe with driver ums-realtek failed with error -5
[  348.754274][  T890] usb 6-1: Found UVC 0.00 device syz (0bda:0138)
[  348.769046][  T890] usb 6-1: No valid video chain found.
[  348.784603][ T8184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'.
[  348.792277][  T890] usb 6-1: USB disconnect, device number 3
[  348.806352][ T8184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'.
[  348.838023][ T5925] usb 2-1: Product: syz
[  348.842328][ T5925] usb 2-1: Manufacturer: syz
[  348.847208][ T5925] usb 2-1: SerialNumber: syz
[  348.904604][ T5925] usb 2-1: config 0 descriptor??
[  348.937348][ T5925] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  349.053246][ T8191] ipvlan2: entered promiscuous mode
[  349.062073][ T8191] bridge0: port 3(ipvlan2) entered blocking state
[  349.070927][ T8191] bridge0: port 3(ipvlan2) entered disabled state
[  349.078861][ T8191] ipvlan2: entered allmulticast mode
[  349.086372][ T8191] bridge0: entered allmulticast mode
[  349.096126][ T8191] ipvlan2: left allmulticast mode
[  349.101990][ T8191] bridge0: left allmulticast mode
[  349.573139][ T5925] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71
[  349.609231][ T5925] usb 2-1: USB disconnect, device number 7
[  349.933661][ T5207] udevd[5207]: worker [7693] terminated by signal 33 (Unknown signal 33)
[  350.376356][ T5854] Bluetooth: hci2: unexpected event for opcode 0x1002
[  350.621536][ T8249] netlink: 'syz.2.490': attribute type 10 has an invalid length.
[  351.171597][ T8249] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  351.211865][ T8256] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  351.722826][ T5841] Bluetooth: hci3: unexpected event for opcode 0x1002
[  351.787711][ T8278] netlink: 72 bytes leftover after parsing attributes in process `syz.3.502'.
[  352.001653][ T8284] tipc: Started in network mode
[  352.040895][ T8284] tipc: Node identity 4, cluster identity 4711
[  352.077855][ T8284] tipc: Node number set to 4
[  352.100103][ T5925] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  352.302412][ T5925] usb 2-1: Using ep0 maxpacket: 16
[  352.371097][ T5925] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.482820][ T5925] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.575216][ T5925] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  352.597023][ T5925] usb 2-1: config 0 interface 0 has no altsetting 0
[  352.647013][ T5925] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  352.706075][ T5925] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.813381][ T5925] usb 2-1: config 0 descriptor??
[  353.107576][  T890] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  353.278356][ T8311] lo speed is unknown, defaulting to 1000
[  353.291017][ T8311] lo speed is unknown, defaulting to 1000
[  353.309705][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.339559][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.360209][  T890] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  353.369329][  T890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.389577][  T890] usb 3-1: config 0 descriptor??
[  353.485637][ T5925] usb 2-1: USB disconnect, device number 8
[  353.838929][  T890] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0
[  353.850471][  T890] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  354.055638][  T890] cp2112 0003:10C4:EA90.0006: Part Number: 0x00 Device Version: 0x4D
[  354.645945][  T890] cp2112 0003:10C4:EA90.0006: error requesting SMBus config
[  354.813539][  T890] cp2112 0003:10C4:EA90.0006: probe with driver cp2112 failed with error -71
[  358.084129][  T890] usb 3-1: USB disconnect, device number 5
[  359.156929][  T890] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  359.166697][ T5927] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  359.336237][ T5927] usb 6-1: Using ep0 maxpacket: 8
[  359.343893][ T5927] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  359.366685][ T5927] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  359.377319][  T890] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  359.391758][  T890] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  359.417001][ T5927] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  359.434653][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  359.453586][ T5927] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  359.463554][ T5927] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  359.477594][  T890] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  359.492545][  T890] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  359.505549][ T5927] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  359.514723][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.523470][  T890] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.535681][  T890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.559516][  T890] usb 3-1: config 0 descriptor??
[  359.566842][ T8336] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  359.763844][ T5927] usb 6-1: usb_control_msg returned -32
[  359.781080][ T5927] usbtmc 6-1:16.0: can't read capabilities
[  360.043740][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.074398][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.084891][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.092343][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.101408][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.110072][  T890] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  360.141420][  T890] plantronics 0003:047F:FFFF.0007: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  360.425963][ T5905] usb 3-1: USB disconnect, device number 6
[  361.343337][   T30] audit: type=1326 audit(1755748915.533:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8390 comm="syz.2.542" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff89bb8ebe9 code=0x0
[  361.785398][ T5927] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  361.969924][ T5927] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  361.979172][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.987171][ T5927] usb 2-1: Product: syz
[  361.991477][ T5927] usb 2-1: Manufacturer: syz
[  361.996087][ T5927] usb 2-1: SerialNumber: syz
[  362.004188][ T5927] usb 2-1: config 0 descriptor??
[  362.135870][ T2154] usb 6-1: USB disconnect, device number 4
[  362.238196][ T5927] hso 2-1:0.0: Can't find BULK IN endpoint
[  362.245663][ T5927] usb-storage 2-1:0.0: USB Mass Storage device detected
[  362.455412][ T5925] usb 2-1: USB disconnect, device number 9
[  362.746588][ T5927] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  363.082259][ T5927] usb 4-1: Using ep0 maxpacket: 16
[  363.101877][ T5927] usb 4-1: config 6 has an invalid interface number: 43 but max is 0
[  363.120190][ T5927] usb 4-1: config 6 has no interface number 0
[  363.133128][ T5927] usb 4-1: config 6 interface 43 altsetting 170 endpoint 0xC has invalid maxpacket 512, setting to 64
[  363.159035][ T5927] usb 4-1: config 6 interface 43 has no altsetting 0
[  363.303589][ T5927] usb 4-1: string descriptor 0 read error: -71
[  363.309947][ T5927] usb 4-1: New USB device found, idVendor=2304, idProduct=023b, bcdDevice=7b.5c
[  363.320910][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.337883][ T5927] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  363.348041][ T5927] usb 4-1: no configuration chosen from 1 choice
[  363.357834][ T5927] usb 4-1: USB disconnect, device number 10
[  363.764268][ T5925] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  364.127500][ T5925] usb 3-1: Using ep0 maxpacket: 16
[  364.158611][ T5925] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  364.190814][ T5925] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  364.223492][ T5925] usb 3-1: config 0 interface 0 has no altsetting 0
[  364.241026][ T5925] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  364.319281][ T5925] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  364.356356][ T5925] usb 3-1: config 0 descriptor??
[  365.304164][ T5925] hid (null): report_id 0 is invalid
[  365.312620][ T5925] hid (null): unknown global tag 0xd
[  365.318057][ T5925] hid (null): invalid report_size 10717
[  365.328269][ T5925] hid (null): invalid report_count 64132
[  365.372638][ T5925] usb 3-1: USB disconnect, device number 7
[  366.031565][ T5854] Bluetooth: hci3: unexpected event for opcode 0x1002
[  368.391064][ T5891] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  368.846512][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  368.872877][ T5841] Bluetooth: hci3: unexpected event for opcode 0x1002
[  368.982767][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  369.164445][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  369.233048][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  369.250469][ T5891] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  369.273560][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.293147][ T5891] usb 4-1: config 0 descriptor??
[  369.306131][ T8496] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  369.689312][ T8520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.589'.
[  369.728942][ T8521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.588'.
[  369.773722][ T8523] netlink: 4 bytes leftover after parsing attributes in process `syz.2.590'.
[  369.796533][ T5891] plantronics 0003:047F:FFFF.0009: reserved main item tag 0xd
[  369.840544][ T5891] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  369.874522][ T8525] syzkaller1: entered promiscuous mode
[  369.880565][ T8525] syzkaller1: entered allmulticast mode
[  369.930827][ T5905] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  370.033562][ T8496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.042674][ T8496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  370.057346][ T5927] usb 4-1: USB disconnect, device number 11
[  370.078704][ T8531] lo speed is unknown, defaulting to 1000
[  370.086851][ T8531] lo speed is unknown, defaulting to 1000
[  370.094896][ T5905] usb 6-1: Using ep0 maxpacket: 16
[  370.112756][ T5905] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.133560][ T5905] usb 6-1: config 0 interface 0 has no altsetting 0
[  370.140324][ T5905] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  370.165896][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.187948][ T5905] usb 6-1: config 0 descriptor??
[  370.511995][ T8533] netlink: 36 bytes leftover after parsing attributes in process `syz.2.594'.
[  370.568669][ T8531] netlink: 'syz.2.594': attribute type 4 has an invalid length.
[  370.686692][ T5905] nzxt-smart2 0003:1E71:2009.000A: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[  370.861268][ T5854] Bluetooth: hci1: command 0x0406 tx timeout
[  370.993795][ T8549] lo speed is unknown, defaulting to 1000
[  371.035997][ T8549] lo speed is unknown, defaulting to 1000
[  371.114598][ T5854] Bluetooth: hci2: Malformed MSFT vendor event: 0x02
[  371.182395][ T5927] usb 6-1: USB disconnect, device number 5
[  372.002411][ T8575] lo speed is unknown, defaulting to 1000
[  372.011552][ T8575] lo speed is unknown, defaulting to 1000
[  373.022134][ T8588] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  374.644543][ T8619] bridge0: port 2(bridge_slave_1) entered disabled state
[  374.652607][ T8619] bridge0: port 1(bridge_slave_0) entered disabled state
[  374.667628][ T8619] bridge0: entered promiscuous mode
[  374.673371][ T8619] bridge0: entered allmulticast mode
[  374.689736][ T8619] bridge0: port 2(bridge_slave_1) entered blocking state
[  374.697916][ T8619] bridge0: port 2(bridge_slave_1) entered forwarding state
[  374.705485][ T8619] bridge0: port 1(bridge_slave_0) entered blocking state
[  374.712719][ T8619] bridge0: port 1(bridge_slave_0) entered forwarding state
[  376.242856][ T2154] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  376.270899][   T30] audit: type=1107 audit(1755748929.433:96): pid=8641 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  376.596377][ T2154] usb 2-1: Using ep0 maxpacket: 8
[  376.603472][ T2154] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  376.623670][ T2154] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  376.635404][ T2154] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  376.650441][ T2154] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  376.661906][ T2154] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  376.676288][ T2154] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  376.694170][ T2154] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  376.718979][ T2154] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  376.793780][ T2154] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  376.889567][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.2.635'.
[  376.914533][ T2154] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  376.979833][ T2154] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.000743][ T2154] usb 2-1: Product: syz
[  377.009790][ T2154] usb 2-1: Manufacturer: syz
[  377.019286][ T2154] usb 2-1: SerialNumber: syz
[  377.189899][ T8664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.636'.
[  377.325734][ T8669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.636'.
[  378.067655][ T5854] Bluetooth: hci4: unexpected event for opcode 0x1002
[  379.846325][ T8700] loop8: detected capacity change from 0 to 16384
[  379.854423][ T8701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  379.868172][ T8701] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.003593][   T10] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  380.548768][ T8702] loop8: detected capacity change from 16384 to 16383
[  380.569863][   T10] usb 4-1: config 0 has no interfaces?
[  380.576553][   T10] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  380.590438][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.602823][   T10] usb 4-1: config 0 descriptor??
[  380.844410][   T10] usb 4-1: USB disconnect, device number 12
[  381.444741][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  381.815546][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.905789][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.927490][   T10] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  381.948320][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.982172][   T10] usb 6-1: config 0 descriptor??
[  382.507105][ T2154] adutux 2-1:168.0: interrupt endpoints not found
[  382.524375][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  382.961569][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  382.990723][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  383.025835][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  383.036227][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  383.043237][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  383.078547][   T10] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  383.106786][   T10] cp2112 0003:10C4:EA90.000B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.5-1/input0
[  383.205871][   T10] cp2112 0003:10C4:EA90.000B: Part Number: 0x00 Device Version: 0x00
[  383.960862][ T8719] cp2112 0003:10C4:EA90.000B: Error starting transaction: -38
[  384.126227][   T10] cp2112 0003:10C4:EA90.000B: error reading lock byte: -71
[  384.965528][   T10] usb 6-1: USB disconnect, device number 6
[  385.006202][ T8766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.670'.
[  385.012469][ T8746] lo speed is unknown, defaulting to 1000
[  385.239266][ T8746] lo speed is unknown, defaulting to 1000
[  386.807974][  T890] usb 6-1: reset high-speed USB device number 6 using dummy_hcd
[  387.601691][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  387.796435][   T10] usb 6-1: config 0 has no interfaces?
[  387.865303][   T10] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  387.909281][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.918243][   T10] usb 6-1: Product: syz
[  387.942745][   T10] usb 6-1: Manufacturer: syz
[  387.947404][   T10] usb 6-1: SerialNumber: syz
[  388.199973][   T10] usb 6-1: config 0 descriptor??
[  389.249792][ T8824] netlink: 60 bytes leftover after parsing attributes in process `syz.1.686'.
[  389.259576][ T8824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.686'.
[  390.620474][   T10] usb 6-1: can't set config #0, error -71
[  390.643867][   T10] usb 6-1: USB disconnect, device number 7
[  390.954523][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  392.400573][ T8870] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.457508][ T8870] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  393.068147][   T30] audit: type=1804 audit(1755749201.214:97): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.703" name="/newroot/176/file0" dev="tmpfs" ino=935 res=1 errno=0
[  393.573452][  T890] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  393.767799][  T890] usb 4-1: Using ep0 maxpacket: 8
[  393.784810][  T890] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  393.793348][  T890] usb 4-1: config 0 has no interface number 0
[  393.847404][  T890] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  393.891000][  T890] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  393.956147][  T890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.974612][ T8898] syzkaller0: entered promiscuous mode
[  393.985866][ T8898] syzkaller0: entered allmulticast mode
[  393.989049][  T890] usb 4-1: config 0 descriptor??
[  394.008005][  T890] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  394.240898][  T890] usb 4-1: USB disconnect, device number 13
[  395.453878][ T8917] netlink: 24 bytes leftover after parsing attributes in process `syz.5.714'.
[  396.332227][ T5854] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  396.332815][ T5841] Bluetooth: hci5: command 0x1003 tx timeout
[  397.634512][ T5905] lo speed is unknown, defaulting to 1000
[  397.640512][ T5905] syz0: Port: 1 Link DOWN
[  399.188822][ T8942] syzkaller0: entered promiscuous mode
[  399.200998][ T8942] syzkaller0: entered allmulticast mode
[  399.260110][ T8948] netlink: 'syz.1.725': attribute type 1 has an invalid length.
[  399.548249][ T8952] macvlan2: entered promiscuous mode
[  399.553568][ T8952] macvlan2: entered allmulticast mode
[  399.566908][ T8952] bond1: entered promiscuous mode
[  399.572988][ T8952] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  399.682613][ T5854] Bluetooth: hci4: unexpected event for opcode 0x1002
[  400.407928][ T8952] bond1: left promiscuous mode
[  400.814080][ T8970] syz_tun: entered allmulticast mode
[  400.831779][ T8970] dvmrp1: entered allmulticast mode
[  400.924635][ T8968] syz_tun: left allmulticast mode
[  401.087864][ T8974] netlink: 60 bytes leftover after parsing attributes in process `syz.1.733'.
[  401.163363][ T8977] binder: 8976:8977 ioctl c0306201 200000000540 returned -14
[  403.198452][ T9004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.208430][ T9004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.553912][ T9033] block device autoloading is deprecated and will be removed.
[  405.564050][ T9031] block device autoloading is deprecated and will be removed.
[  406.083413][ T9048] netlink: 60 bytes leftover after parsing attributes in process `syz.5.753'.
[  406.483493][ T9061] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  406.498118][ T9061] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  406.783927][ T9066] syz.3.759 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  407.256125][ T9076] binder: 9075:9076 ioctl c018620c 200000000280 returned -22
[  408.241388][ T9094] netlink: 60 bytes leftover after parsing attributes in process `syz.5.765'.
[  409.774244][ T9109] MTD: Attempt to mount non-MTD device "/dev/nbd1"
[  409.815824][ T9109] cramfs: wrong magic
[  410.340909][  T890] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  411.169575][  T890] usb 4-1: Using ep0 maxpacket: 16
[  411.176265][  T890] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  411.190369][  T890] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  411.205475][  T890] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  411.215190][  T890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.259842][  T890] usb 4-1: Product: syz
[  411.290148][  T890] usb 4-1: Manufacturer: syz
[  411.295268][  T890] usb 4-1: SerialNumber: syz
[  411.556092][  T890] usb 4-1: 0:2 : does not exist
[  411.566556][  T890] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  411.631834][  T890] usb 4-1: USB disconnect, device number 14
[  412.548925][ T9140] netlink: 4 bytes leftover after parsing attributes in process `syz.3.783'.
[  412.687932][ T9140] netlink: 4 bytes leftover after parsing attributes in process `syz.3.783'.
[  414.938647][ T9177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'.
[  414.947548][ T9177] netlink: 8 bytes leftover after parsing attributes in process `syz.3.798'.
[  415.255360][ T9186] netlink: 'syz.2.799': attribute type 7 has an invalid length.
[  415.368967][ T9186] : entered promiscuous mode
[  415.993339][ T5841] Bluetooth: hci5: command 0x1003 tx timeout
[  416.000889][ T5854] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  421.171300][ T5854] Bluetooth: hci1: unexpected event for opcode 0x1002
[  421.534532][ T9254] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.685308][ T9254] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  425.299336][ T9288] input: syz1 as /devices/virtual/input/input13
[  427.196353][ T9306] bio_check_eod: 2 callbacks suppressed
[  427.196400][ T9306] syz.0.833: attempt to access beyond end of device
[  427.196400][ T9306] nbd0: rw=0, sector=0, nr_sectors = 1 limit=0
[  427.215352][ T9306] efs: cannot read volume header
[  429.028007][ T9326] kvm: vcpu 2: requested 148514 ns lapic timer period limited to 200000 ns
[  429.082161][ T9326] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer.
[  431.622480][   T30] audit: type=1326 audit(1755749237.303:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  431.651006][   T30] audit: type=1326 audit(1755749237.303:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  432.040246][   T30] audit: type=1326 audit(1755749237.321:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  432.677046][   T30] audit: type=1326 audit(1755749237.321:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  432.698490][    C1] vkms_vblank_simulate: vblank timer overrun
[  432.743208][   T30] audit: type=1326 audit(1755749237.321:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  432.968252][   T30] audit: type=1326 audit(1755749237.321:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  433.089495][   T30] audit: type=1326 audit(1755749237.321:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  433.110956][    C1] vkms_vblank_simulate: vblank timer overrun
[  433.285272][   T30] audit: type=1326 audit(1755749237.321:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  433.306753][    C1] vkms_vblank_simulate: vblank timer overrun
[  433.399073][   T30] audit: type=1326 audit(1755749237.368:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  433.443998][   T30] audit: type=1326 audit(1755749237.368:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9332 comm="syz.0.842" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  433.465378][    C1] vkms_vblank_simulate: vblank timer overrun
[  433.706299][ T9365] vivid-002: disconnect
[  434.040517][ T9371] netlink: 4 bytes leftover after parsing attributes in process `syz.0.852'.
[  434.180835][ T9362] vivid-002: reconnect
[  437.700183][  T890] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  437.767379][ T9406] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  438.127922][  T890] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  438.203742][  T890] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config
[  438.403001][  T890] usb 3-1: config 179 has no interface number 0
[  438.404185][ T9413] netlink: 'syz.0.865': attribute type 14 has an invalid length.
[  438.426762][  T890] usb 3-1: config 179 interface 65 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  438.438451][  T890] usb 3-1: config 179 interface 65 altsetting 12 has 1 endpoint descriptor, different from the interface descriptor's value: 23
[  438.469815][  T890] usb 3-1: config 179 interface 65 has no altsetting 0
[  438.490115][  T890] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  438.500549][  T890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.696708][ T9416] o2cb: This node has not been configured.
[  438.702832][ T9416] o2cb: Cluster check failed. Fix errors before retrying.
[  438.714927][ T9416] (syz.5.868,9416,0):user_dlm_register:674 ERROR: status = -22
[  438.722937][ T9416] (syz.5.868,9416,0):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "bus"
[  439.242202][ T5891] usb 3-1: USB disconnect, device number 8
[  440.239077][ T9430] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  441.083894][ T9430] tipc: Started in network mode
[  441.108772][ T9430] tipc: Node identity 7f000001, cluster identity 4711
[  441.117893][ T9430] tipc: Enabled bearer <udp:syz1>, priority 10
[  442.247785][  T890] tipc: Node number set to 2130706433
[  443.259484][ T9457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.879'.
[  443.268787][ T9457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.879'.
[  446.147466][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057f92000: rx timeout, send abort
[  446.691419][    C0] vcan0: j1939_tp_rxtimer: 0xffff888057f92000: abort rx timeout. Force session deactivation
[  446.917117][ T9496] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  446.926280][ T9496] syzkaller0: entered promiscuous mode
[  446.934982][ T9496] syzkaller0: entered allmulticast mode
[  446.962522][ T9496] tipc: Resetting bearer <eth:syzkaller0>
[  446.975327][ T9496] syzkaller0: tun_net_xmit 90
[  446.982313][ T9501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.993921][ T9495] tipc: Resetting bearer <eth:syzkaller0>
[  447.019515][ T9500] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  447.026263][ T9501] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.055208][ T9495] tipc: Disabling bearer <eth:syzkaller0>
[  447.056797][ T9500] kvm: pic: non byte read
[  447.076255][ T9500] kvm: pic: level sensitive irq not supported
[  447.076485][ T9500] kvm: pic: non byte read
[  447.888195][ T5905] usb 3-1: new low-speed USB device number 9 using dummy_hcd
[  448.053802][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.5.896'.
[  448.062599][ T9510] netlink: 8 bytes leftover after parsing attributes in process `syz.5.896'.
[  448.216502][ T5905] usb 3-1: config 1 interface 0 altsetting 4 endpoint 0x82 is Bulk; changing to Interrupt
[  448.271226][ T5905] usb 3-1: config 1 interface 0 altsetting 4 endpoint 0x3 is Bulk; changing to Interrupt
[  448.281383][ T5905] usb 3-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  448.294583][ T5905] usb 3-1: config 1 interface 0 has no altsetting 0
[  448.311530][ T5905] usb 3-1: string descriptor 0 read error: -22
[  448.318607][ T5905] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  448.341022][ T5905] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.360113][ T9512] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  448.371076][ T9512] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  448.391194][ T5905] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  448.690499][ T5905] usb 3-1: USB disconnect, device number 9
[  449.817202][ T9545] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  449.826407][ T9545] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  449.836341][ T9545] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  449.845477][ T9545] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  449.885958][ T9545] bond0: (slave vxlan0): Enslaving as an active interface with an up link
[  451.485522][ T9561] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  451.521901][ T9561] kvm: pic: single mode not supported
[  451.522002][ T9561] kvm: pic: non byte read
[  451.566257][ T9561] kvm: pic: level sensitive irq not supported
[  451.566324][ T9561] kvm: pic: non byte read
[  452.539837][ T9592] netlink: 8 bytes leftover after parsing attributes in process `syz.0.915'.
[  456.445074][ T9635] sch_tbf: burst 19869 is lower than device lo mtu (65550) !
[  456.606301][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  457.425531][ T9651] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.249743][  T890] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  461.431370][  T890] usb 6-1: Using ep0 maxpacket: 8
[  461.505061][  T890] usb 6-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  461.610501][  T890] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.812610][  T890] usb 6-1: config 0 descriptor??
[  462.171425][  T890] asix 6-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  463.626489][ T9708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.942'.
[  463.663607][ T9708] netlink: 16 bytes leftover after parsing attributes in process `syz.1.942'.
[  463.673875][ T9708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.942'.
[  463.689744][ T9708] netlink: 36 bytes leftover after parsing attributes in process `syz.1.942'.
[  464.076797][ T9713] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  465.497962][  T890] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  465.512288][  T890] asix 6-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  465.572245][  T890] asix 6-1:0.0: probe with driver asix failed with error -71
[  465.600516][  T890] usb 6-1: USB disconnect, device number 8
[  469.852204][ T9758] netlink: 8 bytes leftover after parsing attributes in process `syz.5.956'.
[  469.861398][ T9758] netlink: 8 bytes leftover after parsing attributes in process `syz.5.956'.
[  471.040950][ T5891] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  471.127787][ T5891] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  474.431883][ T5854] Bluetooth: hci2: unexpected event for opcode 0x1002
[  477.010518][ T5891] IPVS: starting estimator thread 0...
[  477.223929][ T9821] IPVS: using max 25 ests per chain, 60000 per kthread
[  477.794901][ T9834] tipc: Started in network mode
[  477.799813][ T9834] tipc: Node identity 6af566521054, cluster identity 4711
[  477.843475][ T9834] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  477.871119][ T9829] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  477.890566][ T9829] syzkaller0: entered promiscuous mode
[  477.896078][ T9829] syzkaller0: entered allmulticast mode
[  477.931375][ T9836] syzkaller0: entered promiscuous mode
[  477.948503][ T9836] syzkaller0: entered allmulticast mode
[  478.959394][ T6174] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  478.971669][ T9843] tipc: Resetting bearer <eth:syzkaller0>
[  478.979929][ T9843] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.207676][ T5891] tipc: Node number set to 2057397842
[  479.235586][ T9844] tipc: Resetting bearer <eth:syzkaller0>
[  479.275161][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  479.563578][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.129885][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  480.368879][ T9833] tipc: Resetting bearer <eth:syzkaller0>
[  480.401874][ T9833] tipc: Disabling bearer <eth:syzkaller0>
[  480.432091][ T9827] tipc: Resetting bearer <eth:syzkaller0>
[  480.468964][ T9827] tipc: Disabling bearer <eth:syzkaller0>
[  487.484197][ T9922] tipc: Started in network mode
[  487.494866][ T9922] tipc: Node identity 96fb39bac73a, cluster identity 4711
[  487.513216][ T9922] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  487.534900][ T9922] syzkaller0: entered promiscuous mode
[  487.544609][ T9922] syzkaller0: entered allmulticast mode
[  487.615795][ T9922] tipc: Resetting bearer <eth:syzkaller0>
[  487.641828][ T9921] tipc: Resetting bearer <eth:syzkaller0>
[  487.911605][ T9921] tipc: Disabling bearer <eth:syzkaller0>
[  488.732549][    T9] tipc: Node number set to 1371617722
[  489.326769][ T9941] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1002'.
[  491.884919][ T9941] team0 (unregistering): Port device team_slave_0 removed
[  491.991219][ T9956] netlink: 'syz.3.1006': attribute type 16 has an invalid length.
[  491.999202][ T9956] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.1006'.
[  492.537577][ T9941] team0 (unregistering): Port device team_slave_1 removed
[  499.217108][T10020] team_slave_0: entered promiscuous mode
[  499.223032][T10020] team_slave_1: entered promiscuous mode
[  499.228727][T10020] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[  499.245611][T10020] vlan2: entered promiscuous mode
[  499.250785][T10020] team0: entered promiscuous mode
[  500.930960][ T5927] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  501.168488][ T5927] usb 6-1: Using ep0 maxpacket: 8
[  501.319668][ T5927] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  501.327927][ T5927] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  502.121152][ T5927] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  502.146836][ T5927] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  502.169933][ T5927] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  502.371957][ T5927] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  502.381130][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.461995][ T5927] usb 6-1: GET_CAPABILITIES returned 0
[  503.478964][ T5927] usbtmc 6-1:16.0: can't read capabilities
[  504.085576][ T2154] usb 6-1: USB disconnect, device number 9
[  505.837799][   T30] audit: type=1326 audit(1755749306.007:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.297331][   T30] audit: type=1326 audit(1755749306.007:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.318980][   T30] audit: type=1326 audit(1755749306.007:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.397219][   T30] audit: type=1326 audit(1755749306.017:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.422488][   T30] audit: type=1326 audit(1755749306.017:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.500206][   T30] audit: type=1326 audit(1755749306.017:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  506.639714][   T30] audit: type=1326 audit(1755749306.017:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  507.298853][   T30] audit: type=1326 audit(1755749306.017:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  507.379859][   T30] audit: type=1326 audit(1755749306.017:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa968f8d550 code=0x7ffc0000
[  507.455960][   T30] audit: type=1326 audit(1755749306.017:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10056 comm="syz.0.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa968f8ebe9 code=0x7ffc0000
[  510.686278][T10097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  510.697941][T10097] syzkaller0: entered promiscuous mode
[  510.711376][T10097] syzkaller0: entered allmulticast mode
[  510.794794][T10097] tipc: Resetting bearer <eth:syzkaller0>
[  510.832378][T10093] tipc: Resetting bearer <eth:syzkaller0>
[  510.903528][T10093] tipc: Disabling bearer <eth:syzkaller0>
[  510.976282][T10099] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  511.018324][T10099] syzkaller0: entered promiscuous mode
[  511.056442][T10099] syzkaller0: entered allmulticast mode
[  511.147732][T10099] tipc: Resetting bearer <eth:syzkaller0>
[  511.160732][T10098] tipc: Resetting bearer <eth:syzkaller0>
[  511.218022][T10098] tipc: Disabling bearer <eth:syzkaller0>
[  512.858464][T10115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  512.875739][T10115] syzkaller0: entered promiscuous mode
[  512.881514][T10115] syzkaller0: entered allmulticast mode
[  513.580529][T10124] tipc: Resetting bearer <eth:syzkaller0>
[  513.615760][T10114] tipc: Resetting bearer <eth:syzkaller0>
[  514.849692][T10114] tipc: Disabling bearer <eth:syzkaller0>
[  515.199214][T10140] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1053'.
[  516.047745][T10137] kvm: kvm [10136]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x1000067f1
[  516.190133][T10137] kvm: kvm [10136]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x1000027f1
[  516.200292][T10137] kvm: kvm [10136]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000
[  516.214673][T10137] kvm: kvm [10136]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xbe706111
[  517.414650][T10137] kvm: kvm [10136]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000
[  520.732961][ T5854] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  522.376695][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  522.948043][T10203] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1069'.
[  526.181736][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  526.181752][   T30] audit: type=1400 audit(1755749325.792:125): lsm=SMACK fn=smack_ipc_permission action=denied subject="w" object="_" requested=w pid=10227 comm="syz.3.1077" ipc_key=0 
[  527.867362][T10230] delete_channel: no stack
[  529.473768][T10251] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1082'.
[  529.533517][T10255] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1082'.
[  529.566876][T10251] dummy0: entered promiscuous mode
[  529.596015][T10251] macvtap1: entered promiscuous mode
[  529.616043][T10251] macvtap1: entered allmulticast mode
[  529.629077][T10251] dummy0: entered allmulticast mode
[  529.676367][T10254] xt_hashlimit: max too large, truncated to 1048576
[  529.715337][T10255] dummy0: left allmulticast mode
[  529.773180][T10255] dummy0: left promiscuous mode
[  531.186087][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0xffffffff000006ed
[  531.268088][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xffffffff000046ed
[  531.331975][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xffffffff00000101
[  531.456718][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xffffffff00004101
[  531.488665][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xc004022
[  531.502998][T10263] kvm: kvm [10262]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x11e) = 0xc000022
[  534.531672][   T30] audit: type=1107 audit(1755749333.457:126): pid=10285 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[  534.888171][T10299] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  534.943939][T10299] syzkaller0: entered promiscuous mode
[  534.964638][T10299] syzkaller0: entered allmulticast mode
[  535.107911][T10305] binder: 10291:10305 ioctl c0306201 0 returned -14
[  535.116279][T10305] binder: 10291:10305 ioctl c0306201 200000000140 returned -11
[  535.858140][T10299] tipc: Resetting bearer <eth:syzkaller0>
[  535.870207][T10298] tipc: Resetting bearer <eth:syzkaller0>
[  535.920763][T10298] tipc: Disabling bearer <eth:syzkaller0>
[  549.613180][T10415] (syz.0.1119,10415,0):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  549.622393][T10415] (syz.0.1119,10415,0):ocfs2_fill_super:1177 ERROR: status = -22
[  550.454425][T10420] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1121'.
[  551.591643][T10420] bridge0: entered promiscuous mode
[  551.616361][T10420] bridge0: port 3(macvlan2) entered blocking state
[  551.624515][T10420] bridge0: port 3(macvlan2) entered disabled state
[  551.633177][T10420] macvlan2: entered allmulticast mode
[  551.638702][T10420] bridge0: entered allmulticast mode
[  551.902562][T10420] macvlan2: left allmulticast mode
[  551.945862][T10420] bridge0: left allmulticast mode
[  551.986239][T10420] bridge0: left promiscuous mode
[  554.479986][T10460] /dev/nullb0: Can't open blockdev
[  560.754736][   T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  560.876786][T10504] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  560.935269][T10504] syzkaller0: entered promiscuous mode
[  560.965882][T10504] syzkaller0: entered allmulticast mode
[  560.982763][   T10] usb 4-1: Using ep0 maxpacket: 8
[  561.007067][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  561.438649][   T10] usb 4-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b
[  561.447818][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.460190][   T10] usb 4-1: Product: syz
[  561.464488][   T10] usb 4-1: Manufacturer: syz
[  561.480712][   T10] usb 4-1: SerialNumber: syz
[  561.489072][T10515] tipc: Resetting bearer <eth:syzkaller0>
[  561.501337][T10515] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  561.514747][   T10] usb 4-1: config 0 descriptor??
[  561.520268][T10503] tipc: Resetting bearer <eth:syzkaller0>
[  561.535816][   T10] gspca_main: stk014-2.14.0 probing 05e1:0893
[  561.548202][T10503] tipc: Disabling bearer <eth:syzkaller0>
[  561.730685][   T10] usb 4-1: selecting invalid altsetting 1
[  561.999030][   T10] gspca_stk014: init reg: 0x00
[  562.005664][   T10] stk014 4-1:0.0: probe with driver stk014 failed with error -5
[  562.481773][ T5925] usb 4-1: USB disconnect, device number 15
[  563.203995][ T5891] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0
[  563.219714][ T5891] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0
[  563.228225][ T5891] hid-generic 0000:0004:0000.000D: unknown main item tag 0x0
[  563.985143][ T5891] hid-generic 0000:0004:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  566.617427][T10563] random: crng reseeded on system resumption
[  569.927059][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'.
[  569.937156][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'.
[  569.946290][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'.
[  569.956634][T10587] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1161'.
[  570.857622][T10590] (syz.5.1163,10590,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  570.866526][T10590] (syz.5.1163,10590,1):ocfs2_fill_super:1177 ERROR: status = -22
[  571.617480][T10592] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD�w�}�z
[  572.084575][T10601] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  572.106349][T10601] syzkaller0: entered promiscuous mode
[  572.124426][T10601] syzkaller0: entered allmulticast mode
[  572.214932][T10601] tipc: Resetting bearer <eth:syzkaller0>
[  572.244615][T10600] tipc: Resetting bearer <eth:syzkaller0>
[  572.319967][T10600] tipc: Disabling bearer <eth:syzkaller0>
[  573.763153][T10621] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  574.191067][T10618] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4)
[  574.197774][T10618] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  574.206743][T10618] vhci_hcd vhci_hcd.0: Device attached
[  574.235470][T10626] vhci_hcd: connection closed
[  574.245452][   T49] vhci_hcd: stop threads
[  574.290184][   T49] vhci_hcd: release socket
[  574.513488][   T49] vhci_hcd: disconnect device
[  575.432006][ T2154] vhci_hcd: vhci_device speed not set
[  575.775130][T10645] xt_TPROXY: Can be used only with -p tcp or -p udp
[  579.339414][ T5854] Bluetooth: hci2: unexpected event for opcode 0x0405
[  584.478721][ T5925] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  584.681779][ T5925] usb 6-1: Using ep0 maxpacket: 16
[  585.501819][T10735] syz.3.1195: attempt to access beyond end of device
[  585.501819][T10735] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  585.515980][T10735] EXT4-fs (nbd3): unable to read superblock
[  586.036393][T10723] Bluetooth: MGMT ver 1.23
[  586.700977][    C1] hrtimer: interrupt took 29045 ns
[  586.964746][T10743] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1198'.
[  586.975209][T10743] tipc: Enabled bearer <eth:syz_tun>, priority 10
[  586.984863][T10743] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1198'.
[  586.995377][T10743] tipc: Resetting bearer <eth:syz_tun>
[  587.032723][T10743] bond0: (slave syz_tun): Releasing backup interface
[  587.043951][ T2154] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  587.064195][T10743] tipc: Resetting bearer <eth:syz_tun>
[  587.078744][T10743] tipc: Disabling bearer <eth:syz_tun>
[  587.243293][ T2154] usb 3-1: config 0 has no interfaces?
[  587.304157][ T2154] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  587.342509][ T2154] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.350594][ T2154] usb 3-1: Product: syz
[  587.408911][ T2154] usb 3-1: Manufacturer: syz
[  587.419274][ T2154] usb 3-1: SerialNumber: syz
[  587.445718][ T5925] usb 6-1: device descriptor read/all, error -71
[  587.453180][ T2154] usb 3-1: config 0 descriptor??
[  588.342217][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  589.119624][T10760] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1203'.
[  589.955239][    T9] usb 3-1: USB disconnect, device number 10
[  590.021069][ T5927] hid-generic 0000:3000000:0000.000E: unknown main item tag 0x4
[  591.184080][ T5927] hid-generic 0000:3000000:0000.000E: unknown main item tag 0x2
[  591.191889][ T5927] hid-generic 0000:3000000:0000.000E: unknown main item tag 0x3
[  591.203057][ T5927] hid-generic 0000:3000000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  591.652230][T10781] netlink: 452 bytes leftover after parsing attributes in process `syz.0.1206'.
[  592.721293][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1208'.
[  594.656651][T10817] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1216'.
[  594.665783][T10817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1216'.
[  594.676107][T10817] netlink: 'syz.0.1216': attribute type 1 has an invalid length.
[  594.885978][T10805] Bluetooth: hci2: unexpected event for opcode 0x1002
[  594.999219][T10817] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1216'.
[  595.538328][T10817] nbd: socks must be embedded in a SOCK_ITEM attr
[  595.546521][T10817] block nbd0: shutting down sockets
[  595.666355][T10805] Bluetooth: hci3: command 0x0c1a tx timeout
[  596.719938][T10831] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1220'.
[  598.236808][T10830] sock: sock_timestamping_bind_phc: sock not bind to device
[  606.402818][T10877] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  610.822515][T10890] kvm: MONITOR instruction emulated as NOP!
[  612.085551][T10925] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1243'.
[  614.266272][ T5854] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  614.279838][ T5854] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  614.288149][ T5854] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  614.296011][ T5854] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  614.454262][ T5854] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  615.035548][T10941] program syz.3.1246 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  616.182777][ T5925] usb 2-1: USB disconnect, device number 10
[  616.280281][T10946] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1249'.
[  616.594990][T10934] lo speed is unknown, defaulting to 1000
[  616.620627][T10934] lo speed is unknown, defaulting to 1000
[  617.412763][T10805] Bluetooth: hci5: command tx timeout
[  618.260891][T10805] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  618.270534][T10961] dlm: no local IP address has been set
[  618.276581][T10961] dlm: cannot start dlm midcomms -107
[  619.599916][T10805] Bluetooth: hci5: command tx timeout
[  621.835850][T10805] Bluetooth: hci5: command tx timeout
[  621.849862][T10934] chnl_net:caif_netlink_parms(): no params data found
[  622.723205][ T2154] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  623.151660][ T2154] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  623.509200][ T2154] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  623.519474][ T2154] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  623.542853][T10934] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.551604][T10934] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.562561][T10934] bridge_slave_0: entered allmulticast mode
[  623.568581][ T2154] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.712051][T10994] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  623.736149][T10934] bridge_slave_0: entered promiscuous mode
[  623.747650][T10934] bridge0: port 2(bridge_slave_1) entered blocking state
[  623.754887][T10934] bridge0: port 2(bridge_slave_1) entered disabled state
[  623.825232][T10934] bridge_slave_1: entered allmulticast mode
[  623.874594][T10934] bridge_slave_1: entered promiscuous mode
[  624.044905][T10805] Bluetooth: hci5: command tx timeout
[  624.104232][T10934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  624.787180][T10934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  625.437469][T10934] team0: Port device team_slave_0 added
[  625.614126][T10934] team0: Port device team_slave_1 added
[  626.284857][T10934] batman_adv: batadv0: Adding interface: batadv_slave_0
[  627.445641][T10934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  627.758949][T10934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  627.771752][T10934] batman_adv: batadv0: Adding interface: batadv_slave_1
[  627.778789][T10934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  627.889275][T10934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  629.089840][ T2154] usb 4-1: can't set config #27, error -110
[  629.318793][T11052] fuse: Unknown parameter '0x000000000000000a'
[  630.530949][ T5925] usb 4-1: USB disconnect, device number 16
[  630.892370][T10934] hsr_slave_0: entered promiscuous mode
[  630.958596][T10934] hsr_slave_1: entered promiscuous mode
[  630.964932][T10934] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  630.973832][T10934] Cannot create hsr debugfs directory
[  631.538512][T11064] random: crng reseeded on system resumption
[  631.575546][   T10] IPVS: starting estimator thread 0...
[  631.745578][T11065] IPVS: using max 27 ests per chain, 64800 per kthread
[  632.390026][T11066] hfs: unable to load iocharset "io#harset"
[  632.785925][T11075] IPVS: set_ctl: invalid protocol: 47 172.20.20.16:20000
[  633.510898][T11074] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  634.298025][T11087] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1277'.
[  634.868404][T10934] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  634.901217][T10934] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  634.927206][T10934] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  635.269558][T10934] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  635.467697][T11099] netlink: 'syz.5.1279': attribute type 1 has an invalid length.
[  636.327664][T11108] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1280'.
[  637.652239][T10934] 8021q: adding VLAN 0 to HW filter on device bond0
[  637.841256][T10934] 8021q: adding VLAN 0 to HW filter on device team0
[  638.024783][ T6103] bridge0: port 1(bridge_slave_0) entered blocking state
[  638.032254][ T6103] bridge0: port 1(bridge_slave_0) entered forwarding state
[  638.464994][T11126] netlink: 'syz.2.1284': attribute type 10 has an invalid length.
[  638.473021][T11126] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1284'.
[  638.965573][T11126] A link change request failed with some changes committed already. Interface vlan1 may have been left with an inconsistent configuration, please check.
[  639.091781][ T6103] bridge0: port 2(bridge_slave_1) entered blocking state
[  639.098967][ T6103] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.411989][T11137] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1287'.
[  641.591471][T10934] 8021q: adding VLAN 0 to HW filter on device batadv0
[  642.630787][T11158] netlink: 'syz.3.1291': attribute type 4 has an invalid length.
[  643.022650][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  643.772846][T10934] veth0_vlan: entered promiscuous mode
[  643.915635][T10934] veth1_vlan: entered promiscuous mode
[  644.068906][T11171] openvswitch: netlink: Flow set message rejected, Key attribute missing.
[  644.095098][T10934] veth0_macvtap: entered promiscuous mode
[  644.115024][T10934] veth1_macvtap: entered promiscuous mode
[  644.138859][T10934] batman_adv: batadv0: Interface activated: batadv_slave_0
[  644.142623][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  644.151247][T10934] batman_adv: batadv0: Interface activated: batadv_slave_1
[  644.164053][T10934] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  644.172916][T10934] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  644.181949][T10934] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  644.252271][T10934] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  645.244648][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  646.084852][ T6103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.115995][ T6103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  646.346009][ T7155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  646.365639][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  646.429495][ T7155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  646.750110][T11194] vlan2: entered promiscuous mode
[  646.755231][T11194] syz_tun: entered promiscuous mode
[  647.466310][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  647.701462][T10805] Bluetooth: hci3: unexpected event for opcode 0x0804
[  648.288955][ T5840] IPVS: starting estimator thread 0...
[  648.407847][T11204] IPVS: using max 29 ests per chain, 69600 per kthread
[  648.578213][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  649.688811][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  650.490626][T11206] delete_channel: no stack
[  650.564744][ T5927] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  650.727406][ T5927] usb 4-1: config 0 has an invalid interface number: 171 but max is 0
[  650.743081][ T5927] usb 4-1: config 0 has no interface number 0
[  650.762570][ T5927] usb 4-1: config 0 interface 171 has no altsetting 0
[  650.801170][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  650.835269][ T5927] usb 4-1: New USB device found, idVendor=10d6, idProduct=2200, bcdDevice= 1.00
[  651.120581][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.128584][ T5927] usb 4-1: Product: syz
[  651.772080][ T5927] usb 4-1: Manufacturer: syz
[  651.776740][ T5927] usb 4-1: SerialNumber: syz
[  651.854403][ T5927] usb 4-1: config 0 descriptor??
[  651.864313][ T5927] usb-storage 4-1:0.171: USB Mass Storage device detected
[  651.911232][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  651.935989][T11238] veth0_to_team: entered promiscuous mode
[  651.941728][T11238] veth0_to_team: entered allmulticast mode
[  652.497010][T11246] ubi: mtd0 is already attached to ubi31
[  653.022478][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  653.541003][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  653.732731][T11250] netlink: 'syz.0.1308': attribute type 10 has an invalid length.
[  653.876394][T11250] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  654.133590][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  655.020900][ T2154] usb 4-1: USB disconnect, device number 17
[  655.181539][T11261] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1310'.
[  655.244999][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  656.356194][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  657.467482][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  658.406145][T11291] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  658.578496][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  659.434851][T11295] random: crng reseeded on system resumption
[  659.512789][T11283] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  659.690022][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  659.736531][T11304] Invalid source name
[  659.740698][T11304] UBIFS error (pid: 11304): cannot open "/dev/sg0", error -22
[  660.227888][T11286] DRBG: could not allocate digest TFM handle: hmac(sha512)
[  660.801387][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  661.923007][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  663.023540][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  663.462586][ T5925] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  663.859043][ T5925] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  664.145463][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  664.572572][ T5925] usb 6-1: config 220 has 1 interface, different from the descriptor's value: 3
[  664.581686][ T5925] usb 6-1: config 220 interface 0 has no altsetting 0
[  664.590516][ T5925] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  664.599811][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.615315][ T5925] usb 6-1: Product: syz
[  664.619508][ T5925] usb 6-1: Manufacturer: syz
[  664.624115][ T5925] usb 6-1: SerialNumber: syz
[  665.041611][T11340] netlink: 'syz.2.1326': attribute type 11 has an invalid length.
[  665.245949][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  666.357261][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  666.964051][ T5925] usb 6-1: Found UVC 0.00 device syz (8086:0b07)
[  666.976723][ T5925] usb 6-1: No valid video chain found.
[  667.008294][ T5925] usb 6-1: USB disconnect, device number 12
[  667.470216][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  668.580223][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  669.436704][T11367] trusted_key: syz.2.1333 sent an empty control message without MSG_MORE.
[  669.690904][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  669.873206][T11377] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1334'.
[  669.885016][T11377] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  670.268372][T11377] batman_adv: batadv0: Removing interface: batadv_slave_1
[  670.543436][T11379] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1336'.
[  670.802260][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  671.700792][T11388] netlink: 'syz.0.1338': attribute type 3 has an invalid length.
[  671.709153][T11388] netlink: 'syz.0.1338': attribute type 1 has an invalid length.
[  671.716932][T11388] netlink: 368 bytes leftover after parsing attributes in process `syz.0.1338'.
[  671.727184][T11388] NCSI netlink: No device for ifindex 33022
[  671.913342][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  673.024584][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  674.122362][T11405] binder: 11397:11405 ioctl 4018620d 0 returned -22
[  674.135734][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  674.948715][T11416] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1343'.
[  674.959017][T11416] lo speed is unknown, defaulting to 1000
[  675.246986][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  676.368987][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  677.245203][T11430] netlink: 'syz.5.1346': attribute type 11 has an invalid length.
[  677.253089][T11430] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1346'.
[  677.470309][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  677.884901][T11423] qrtr: Invalid version 47
[  678.024335][T11423] fuse: Unknown parameter 'fd0x000000000000000a'
[  678.582070][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  679.253361][T11442] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1351'.
[  679.702634][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  680.803606][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  681.175651][T11481] can0: slcan on ttyS3.
[  681.914424][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  681.996450][T11481] can0 (unregistered): slcan off ttyS3.
[  683.025630][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  684.136767][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  685.207815][   T30] audit: type=1800 audit(1755749474.067:127): pid=11508 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.5.1360" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  685.248389][    C0] Dead loop on virtual device ip6_vti0, fix it urgently!
[  685.748198][T11510] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  686.776039][T11523] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  687.789547][T11530] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1366'.
[  687.830106][T10805] Bluetooth: hci1: unexpected event for opcode 0x0405
[  690.227713][T11544] syz.5.1369: attempt to access beyond end of device
[  690.227713][T11544] nbd5: rw=0, sector=0, nr_sectors = 1 limit=0
[  692.340242][T11577] tipc: Started in network mode
[  692.345622][T11577] tipc: Node identity 4, cluster identity 4711
[  692.351834][T11577] tipc: Node number set to 4
[  693.449123][T11561] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1370'.
[  695.027078][T11592] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1378'.
[  695.072059][T11592] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1378'.
[  695.468922][T11596] sit0: entered promiscuous mode
[  695.502341][T11596] netlink: 'syz.2.1380': attribute type 1 has an invalid length.
[  696.520893][T11596] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1380'.
[  697.732050][T11617] netlink: 'syz.5.1382': attribute type 11 has an invalid length.
[  699.345595][T11627] netlink: 'syz.0.1385': attribute type 10 has an invalid length.
[  700.347105][T11645] netlink: 'syz.0.1385': attribute type 1 has an invalid length.
[  700.484813][T11645] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1385'.
[  701.263516][T11633] sctp: [Deprecated]: syz.5.1387 (pid 11633) Use of int in maxseg socket option.
[  701.263516][T11633] Use struct sctp_assoc_value instead
[  701.598255][T11653] cramfs: Unknown parameter 'discard'
[  702.183470][ T5840] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  702.449267][T11655] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1391'.
[  702.467384][T11655] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1391'.
[  702.534076][ T5840] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  702.592235][ T5840] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.674339][ T5840] usb 4-1: config 0 descriptor??
[  702.897579][T11659] mkiss: ax0: crc mode is auto.
[  704.627987][ T5840] cp210x 4-1:0.0: cp210x converter detected
[  705.531429][ T5840] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[  705.550795][ T5840] cp210x 4-1:0.0: querying part number failed
[  705.643050][ T5840] usb 4-1: cp210x converter now attached to ttyUSB0
[  705.669778][ T5840] usb 4-1: USB disconnect, device number 18
[  705.719844][ T5840] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  706.954522][T11669] netlink: 136 bytes leftover after parsing attributes in process `syz.5.1396'.
[  706.963763][T11669] netlink: 136 bytes leftover after parsing attributes in process `syz.5.1396'.
[  707.576892][ T5840] cp210x 4-1:0.0: device disconnected
[  709.117041][T11685] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1400'.
[  711.147306][T11704] bpq0: entered allmulticast mode
[  711.439666][T11706] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1403'.
[  713.300102][T11719] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  714.465055][T11724] vivid-003: disconnect
[  714.926596][T11722] vivid-003: reconnect
[  717.205008][T11730] Illegal XDP return value 4294967274 on prog  (id 350) dev N/A, expect packet loss!
[  718.142352][T11748] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.216788][T11748] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  719.248549][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  723.611973][T11778] Device name cannot be null; rc = [-22]
[  723.879678][T11793] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2
[  723.889281][T11793] netdevsim netdevsim5: Falling back to sysfs fallback for: ./file0
[  728.932128][T11796] overlayfs: failed to resolve './file0': -2
[  729.012541][T11796] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1426'.
[  729.115152][T11805] dvmrp1: left allmulticast mode
[  731.995874][ T5840] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  732.165663][ T5840] usb 3-1: Using ep0 maxpacket: 16
[  732.443205][ T5840] usb 3-1: config 1 has an invalid interface number: 27 but max is 0
[  732.474190][ T5840] usb 3-1: config 1 has no interface number 0
[  732.699123][ T5840] usb 3-1: New USB device found, idVendor=06e1, idProduct=a190, bcdDevice= 3.d5
[  732.721028][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=246
[  733.149530][ T5840] usb 3-1: Product: syz
[  733.153761][ T5840] usb 3-1: Manufacturer: syz
[  733.158382][ T5840] usb 3-1: SerialNumber: syz
[  733.227661][T11836] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  733.286850][T11836] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  733.344356][T11836] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  733.375144][T11836] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  734.703566][ T5840] gspca_main: spca506-2.14.0 probing 06e1:a190
[  737.043893][T11872] xt_CT: No such helper "pptp"
[  737.077823][ T5840] usb 3-1: USB disconnect, device number 11
[  737.846180][T11872] kvm: user requested TSC rate below hardware speed
[  740.944044][T11901] usb usb1: check_ctrlrecip: process 11901 (syz.5.1450) requesting ep 01 but needs 81
[  742.906608][T11915] sctp: [Deprecated]: syz.2.1453 (pid 11915) Use of int in maxseg socket option.
[  742.906608][T11915] Use struct sctp_assoc_value instead
[  742.956373][T11913] IPVS: set_ctl: invalid protocol: 26995 0.0.0.0:0
[  743.156164][T11916] xt_l2tp: missing protocol rule (udp|l2tpip)
[  744.797494][ T7155] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  745.170027][T11931] dlm: no local IP address has been set
[  745.175681][T11931] dlm: cannot start dlm midcomms -107
[  748.259818][T11944] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1462'.
[  749.145567][T11944] Set syz0 is full, maxelem 0 reached
[  749.181625][T11944] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1462'.
[  749.758492][T10805] Bluetooth: hci5: command 0x0406 tx timeout
[  749.793781][T11944] nbd: must specify a size in bytes for the device
[  750.079404][T11944] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1462'.
[  750.118069][T11944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1462'.
[  750.661509][T11464] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  752.110692][T11294] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  755.309023][T11979] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  756.851813][   T49] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  757.549050][T11294] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  758.324462][ T5854] Bluetooth: hci5: unexpected event 0x3e length: 262 > 260
[  758.324498][ T5854] Bluetooth: hci5: unexpected subevent 0x02 length: 261 > 260
[  758.339634][ T5854] Bluetooth: hci5: Dropping invalid advertising data
[  760.277442][T11294] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  760.702102][T12025] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  761.000456][T11294] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  761.123167][ T5927] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  762.031140][ T5927] usb 7-1: Using ep0 maxpacket: 32
[  762.106457][ T5927] usb 7-1: config 0 has an invalid interface number: 219 but max is 0
[  762.120835][ T5927] usb 7-1: config 0 has no interface number 0
[  762.135052][ T5927] usb 7-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  762.179520][ T5927] usb 7-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  762.214140][ T5927] usb 7-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  762.373425][ T5927] usb 7-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  762.491380][   T10] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  762.606516][ T5927] usb 7-1: config 0 interface 219 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  762.865983][ T5927] usb 7-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  762.875674][ T5927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.905060][   T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  762.913238][   T10] usb 6-1: config 0 has no interface number 0
[  762.919992][T11294] bridge_slave_1: left allmulticast mode
[  762.927626][ T5927] usb 7-1: Product: syz
[  762.930213][T11294] bridge_slave_1: left promiscuous mode
[  762.941829][T12040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1482'.
[  762.957197][T11294] bridge0: port 2(bridge_slave_1) entered disabled state
[  762.959794][ T3497] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  762.967127][   T10] usb 6-1: New USB device found, idVendor=0b48, idProduct=1004, bcdDevice=8c.1e
[  763.086997][ T5927] usb 7-1: Manufacturer: syz
[  763.130162][ T5927] usb 7-1: SerialNumber: syz
[  763.141649][ T5927] usb 7-1: config 0 descriptor??
[  763.150655][T12023] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  763.162619][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.272942][T11294] bridge_slave_0: left allmulticast mode
[  763.276968][   T10] usb 6-1: config 0 descriptor??
[  763.283975][T11294] bridge_slave_0: left promiscuous mode
[  763.285721][T11294] bridge0: port 1(bridge_slave_0) entered disabled state
[  763.370644][   T10] usb 6-1: selecting invalid altsetting 1
[  763.394884][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  763.418859][ T5927] etas_es58x 7-1:0.219: Starting syz syz (Serial Number syz)
[  763.443957][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  763.468476][ T5927] usb 7-1: USB disconnect, device number 2
[  763.671297][   T10] DVB: Unable to find symbol ves1820_attach()
[  763.752588][   T10] DVB: Unable to find symbol stv0297_attach()
[  763.758880][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1004]
[  763.774899][   T10] usb 6-1: USB disconnect, device number 13
[  764.519742][ T5854] Bluetooth: hci2: unexpected event for opcode 0x0809
[  764.891849][T12073] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1490'.
[  767.223158][T11294] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  767.335977][T11294] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  767.372590][T11294] bond0 (unregistering): Released all slaves
[  767.385898][T11294] bond1 (unregistering): Released all slaves
[  767.624650][T11464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  767.788651][T11464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  767.870199][ T5854] Bluetooth: hci2: unexpected event 0x35 length: 82 > 6
[  767.898866][T11294] tipc: Left network mode
[  769.204684][T11294] 
[  769.207058][T11294] ======================================================
[  769.214083][T11294] WARNING: possible circular locking dependency detected
[  769.221119][T11294] 6.16.0-syzkaller #0 Not tainted
[  769.226137][T11294] ------------------------------------------------------
[  769.233151][T11294] kworker/u8:0/11294 is trying to acquire lock:
[  769.239383][T11294] ffff8880594b0e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_del_slave+0x32/0x1c0
[  769.249006][T11294] 
[  769.249006][T11294] but task is already holding lock:
[  769.256365][T11294] ffff888027b98768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  769.266739][T11294] 
[  769.266739][T11294] which lock already depends on the new lock.
[  769.266739][T11294] 
[  769.275450][T11468] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  769.277130][T11294] 
[  769.277130][T11294] the existing dependency chain (in reverse order) is:
[  769.277139][T11294] 
[  769.277139][T11294] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}:
[  769.304347][T11294]        lock_acquire+0x120/0x360
[  769.309366][T11294]        __mutex_lock+0x182/0xe80
[  769.314386][T11294]        ieee80211_open+0xed/0x1f0
[  769.319491][T11294]        __dev_open+0x470/0x880
[  769.324337][T11294]        netif_open+0xaa/0x170
[  769.329093][T11294]        dev_open+0x125/0x260
[  769.333765][T11294]        team_add_slave+0xb36/0x2840
[  769.339047][T11294]        do_set_master+0x530/0x6d0
[  769.344155][T11294]        do_setlink+0xcf0/0x41c0
[  769.349085][T11294]        rtnl_newlink+0x160b/0x1c70
[  769.354277][T11294]        rtnetlink_rcv_msg+0x7cc/0xb70
[  769.359728][T11294]        netlink_rcv_skb+0x205/0x470
[  769.365007][T11294]        netlink_unicast+0x75c/0x8e0
[  769.370285][T11294]        netlink_sendmsg+0x805/0xb30
[  769.375567][T11294]        __sock_sendmsg+0x21c/0x270
[  769.380755][T11294]        ____sys_sendmsg+0x505/0x830
[  769.386036][T11294]        ___sys_sendmsg+0x21f/0x2a0
[  769.391231][T11294]        __x64_sys_sendmsg+0x19b/0x260
[  769.396687][T11294]        do_syscall_64+0xfa/0x3b0
[  769.401704][T11294]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.408110][T11294] 
[  769.408110][T11294] -> #0 (team->team_lock_key#3){+.+.}-{4:4}:
[  769.416282][T11294]        validate_chain+0xb9b/0x2140
[  769.421558][T11294]        __lock_acquire+0xab9/0xd20
[  769.426747][T11294]        lock_acquire+0x120/0x360
[  769.431760][T11294]        __mutex_lock+0x182/0xe80
[  769.436776][T11294]        team_del_slave+0x32/0x1c0
[  769.441888][T11294]        team_device_event+0x285/0xa20
[  769.447336][T11294]        notifier_call_chain+0x1b3/0x3e0
[  769.452958][T11294]        unregister_netdevice_many_notify+0x15d8/0x2320
[  769.459888][T11294]        unregister_netdevice_queue+0x33c/0x380
[  769.466115][T11294]        _cfg80211_unregister_wdev+0x165/0x590
[  769.472270][T11294]        ieee80211_remove_interfaces+0x49a/0x6d0
[  769.478590][T11294]        ieee80211_unregister_hw+0x5d/0x2c0
[  769.484480][T11294]        mac80211_hwsim_del_radio+0x275/0x460
[  769.490546][T11294]        hwsim_exit_net+0x584/0x640
[  769.495836][T11294]        ops_undo_list+0x497/0x990
[  769.500948][T11294]        cleanup_net+0x4c5/0x800
[  769.505882][T11294]        process_scheduled_works+0xade/0x17b0
[  769.511941][T11294]        worker_thread+0x8a0/0xda0
[  769.517044][T11294]        kthread+0x70e/0x8a0
[  769.521631][T11294]        ret_from_fork+0x3fc/0x770
[  769.526735][T11294]        ret_from_fork_asm+0x1a/0x30
[  769.532019][T11294] 
[  769.532019][T11294] other info that might help us debug this:
[  769.532019][T11294] 
[  769.542242][T11294]  Possible unsafe locking scenario:
[  769.542242][T11294] 
[  769.549678][T11294]        CPU0                    CPU1
[  769.555035][T11294]        ----                    ----
[  769.560387][T11294]   lock(&rdev->wiphy.mtx);
[  769.564889][T11294]                                lock(team->team_lock_key#3);
[  769.572348][T11294]                                lock(&rdev->wiphy.mtx);
[  769.579364][T11294]   lock(team->team_lock_key#3);
[  769.584303][T11294] 
[  769.584303][T11294]  *** DEADLOCK ***
[  769.584303][T11294] 
[  769.592437][T11294] 5 locks held by kworker/u8:0/11294:
[  769.597799][T11294]  #0: ffff88801b2fb948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  769.608677][T11294]  #1: ffffc90002ed7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  769.619202][T11294]  #2: ffffffff8f4fd310 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[  769.628520][T11294]  #3: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x55/0x2c0
[  769.638361][T11294]  #4: ffff888027b98768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0x133/0x6d0
[  769.649165][T11294] 
[  769.649165][T11294] stack backtrace:
[  769.655056][T11294] CPU: 1 UID: 0 PID: 11294 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  769.655077][T11294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  769.655089][T11294] Workqueue: netns cleanup_net
[  769.655117][T11294] Call Trace:
[  769.655126][T11294]  <TASK>
[  769.655134][T11294]  dump_stack_lvl+0x189/0x250
[  769.655155][T11294]  ? __pfx_dump_stack_lvl+0x10/0x10
[  769.655173][T11294]  ? __pfx__printk+0x10/0x10
[  769.655194][T11294]  ? print_lock_name+0xde/0x100
[  769.655214][T11294]  print_circular_bug+0x2ee/0x310
[  769.655235][T11294]  check_noncircular+0x134/0x160
[  769.655257][T11294]  validate_chain+0xb9b/0x2140
[  769.655278][T11294]  ? lockdep_hardirqs_on+0x9c/0x150
[  769.655300][T11294]  __lock_acquire+0xab9/0xd20
[  769.655317][T11294]  ? team_del_slave+0x32/0x1c0
[  769.655337][T11294]  lock_acquire+0x120/0x360
[  769.655351][T11294]  ? team_del_slave+0x32/0x1c0
[  769.655374][T11294]  ? __mutex_trylock_common+0x153/0x260
[  769.655396][T11294]  __mutex_lock+0x182/0xe80
[  769.655413][T11294]  ? team_del_slave+0x32/0x1c0
[  769.655433][T11294]  ? rcu_is_watching+0x15/0xb0
[  769.655453][T11294]  ? team_del_slave+0x32/0x1c0
[  769.655474][T11294]  ? __pfx___mutex_lock+0x10/0x10
[  769.655492][T11294]  ? bond_netdev_event+0xd9/0xe80
[  769.655516][T11294]  ? __pfx___mutex_lock+0x10/0x10
[  769.655533][T11294]  ? __pfx_bond_netdev_event+0x10/0x10
[  769.655560][T11294]  team_del_slave+0x32/0x1c0
[  769.655582][T11294]  team_device_event+0x285/0xa20
[  769.655599][T11294]  notifier_call_chain+0x1b3/0x3e0
[  769.655621][T11294]  unregister_netdevice_many_notify+0x15d8/0x2320
[  769.655645][T11294]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  769.655665][T11294]  ? __lock_acquire+0xab9/0xd20
[  769.655689][T11294]  unregister_netdevice_queue+0x33c/0x380
[  769.655707][T11294]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  769.655727][T11294]  _cfg80211_unregister_wdev+0x165/0x590
[  769.655752][T11294]  ieee80211_remove_interfaces+0x49a/0x6d0
[  769.655771][T11294]  ? __pfx_synchronize_rcu+0x10/0x10
[  769.655796][T11294]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[  769.655814][T11294]  ? rcu_is_watching+0x15/0xb0
[  769.655834][T11294]  ieee80211_unregister_hw+0x5d/0x2c0
[  769.655861][T11294]  mac80211_hwsim_del_radio+0x275/0x460
[  769.655886][T11294]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[  769.655913][T11294]  hwsim_exit_net+0x584/0x640
[  769.655934][T11294]  ? __pfx_hwsim_exit_net+0x10/0x10
[  769.655956][T11294]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[  769.655980][T11294]  ops_undo_list+0x497/0x990
[  769.656004][T11294]  ? __pfx_ops_undo_list+0x10/0x10
[  769.656029][T11294]  cleanup_net+0x4c5/0x800
[  769.656051][T11294]  ? __pfx_cleanup_net+0x10/0x10
[  769.656073][T11294]  ? _raw_spin_unlock_irq+0x23/0x50
[  769.656087][T11294]  ? process_scheduled_works+0x9ef/0x17b0
[  769.656104][T11294]  ? process_scheduled_works+0x9ef/0x17b0
[  769.656121][T11294]  process_scheduled_works+0xade/0x17b0
[  769.656148][T11294]  ? __pfx_process_scheduled_works+0x10/0x10
[  769.656171][T11294]  worker_thread+0x8a0/0xda0
[  769.656189][T11294]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  769.656218][T11294]  ? __kthread_parkme+0x7b/0x200
[  769.656239][T11294]  kthread+0x70e/0x8a0
[  769.656260][T11294]  ? __pfx_worker_thread+0x10/0x10
[  769.656277][T11294]  ? __pfx_kthread+0x10/0x10
[  769.656297][T11294]  ? _raw_spin_unlock_irq+0x23/0x50
[  769.656311][T11294]  ? lockdep_hardirqs_on+0x9c/0x150
[  769.656326][T11294]  ? __pfx_kthread+0x10/0x10
[  769.656346][T11294]  ret_from_fork+0x3fc/0x770
[  769.656363][T11294]  ? __pfx_ret_from_fork+0x10/0x10
[  769.656379][T11294]  ? __switch_to_asm+0x39/0x70
[  769.656398][T11294]  ? __switch_to_asm+0x33/0x70
[  769.656416][T11294]  ? __pfx_kthread+0x10/0x10
[  769.656437][T11294]  ret_from_fork_asm+0x1a/0x30
[  769.656462][T11294]  </TASK>
[  770.020538][T12113] syz.2.1500: attempt to access beyond end of device
[  770.020538][T12113] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0
[  770.033609][T12113] EXT4-fs (nbd2): unable to read superblock
[  770.114021][T12117] No control pipe specified
[  770.222699][T11294] mac80211_hwsim hwsim5 wlan1 (unregistering): left promiscuous mode
[  770.232123][T11294] team0: Port device wlan1 removed
[  770.352509][T10805] Bluetooth: hci2: command 0x0406 tx timeout
[  770.558119][T12107] netlink: 'syz.0.1497': attribute type 10 has an invalid length.
[  770.690489][T12107] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1497'.
[  770.725859][T12107] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  771.023283][T11294] hsr_slave_0: left promiscuous mode
[  771.038571][T11294] hsr_slave_1: left promiscuous mode
[  771.077902][T11294] veth1_macvtap: left promiscuous mode
[  771.454017][T11294] veth0_macvtap: left promiscuous mode
[  771.460004][T11294] veth1_vlan: left promiscuous mode
[  771.465642][T11294] veth0_vlan: left promiscuous mode
[  771.784178][T11294] team_slave_1 (unregistering): left promiscuous mode
[  771.799444][T11294] team0 (unregistering): Port device team_slave_1 removed
[  771.828030][T11294] team_slave_0 (unregistering): left promiscuous mode
[  771.836842][T11294] team0 (unregistering): Port device team_slave_0 removed
[  772.313600][T11294] IPVS: stop unused estimator thread 0...
[  775.941561][T11468] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration