last executing test programs:

11.017673264s ago: executing program 0 (id=52):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$inet6(r1, &(0x7f0000004300)=[{{0x0, 0x0, &(0x7f0000002700)=[{&(0x7f0000000140)="32446ebb53cd88c4e24118a56a9c84cd9626c12202ef3ff665f01439d7b68565f4045865221d6bc1251c04b07b45f92896136780399446674d28315c86c656665595bf1c2c1025e849c23dd881cbeb261aec71f465a61fc4dbe7bd4f6e985fcb2c92a09478335eff52aceb0b93c1de6cd859741d548f78b4009c0d54554fc08a3b563a8e5d4ade2d9f", 0x89}, {&(0x7f00000002c0)="4f483038525e7bb59bbd280fa0e9ffe8961ca45eeb028f", 0x17}], 0x2}}], 0x1, 0x40011)

10.108011417s ago: executing program 0 (id=59):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', <r1=>0x0})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000440)='contention_end\x00', r2}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@getqdisc={0x24, 0x26, 0x1, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xf, 0x4}, {0x2, 0x8}, {0x3, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x44000800}, 0xc004090)

9.653057454s ago: executing program 0 (id=62):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x38}}, 0x10)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0x7, 0x9, 0x7fff, 0x7, 0xca98}, 0x14)

9.045216653s ago: executing program 0 (id=65):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000340)={0x62, 0x5, r1, 0x0, &(0x7f0000000300)='V', 0x1, 0x2800000000})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x2, r1, 0x0, &(0x7f0000000480)="91", 0x1, 0x7fffffff})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, &(0x7f0000000180)={0x18, r1, 0x40, 0xfffffffb})

8.876593228s ago: executing program 0 (id=67):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r1=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r1, @in={{0x2, 0x4e21, @empty}}, 0x5, 0x2, 0x80000003, 0x4, 0xe2d8f2eb1d010935, 0x5, 0x9}, 0x9c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={r1, @in={{0x2, 0x4e20, @empty}}, 0xd5, 0x6, 0x57f, 0x4, 0x21, 0x1, 0x8}, &(0x7f0000000040)=0x9c)

6.637342442s ago: executing program 0 (id=83):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0300000905810300020000000904010000020d00000904010102020d0000090582010002000008090503"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c, {0x10, 0x810, 0x10, 0x1000, 0x16, 0x10, 0x10, 0x10, 0x7, 0x10, 0x10, 0xd}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

5.789384035s ago: executing program 4 (id=90):
r0 = semget$private(0x0, 0x6, 0x0)
semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x7}], 0x1, 0x0)
semop(r0, &(0x7f00000000c0)=[{}], 0x1)
semop(r0, &(0x7f0000000280)=[{}], 0x1)
semctl$IPC_RMID(r0, 0x0, 0x0)

5.48922803s ago: executing program 2 (id=93):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x48000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000c40)={0x2000000b})

5.488720567s ago: executing program 4 (id=94):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$alg(0x26, 0x5, 0x0)
openat$pidfd(0xffffff9c, &(0x7f0000000100), 0x80, 0x0)
timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x1}, &(0x7f0000000700)=<r4=>0x0)
timer_gettime(r4, &(0x7f0000000100))
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000e00)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee04000000670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca8433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84293af6a22000000005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bf2b5543ffc1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f40105869035000000000000000000000000000000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a000000000000000000000000006d0000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da093dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e86b2145980b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d57"], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r6, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c", 0x9e}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r7}, 0x38)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000001080)={r1, 0x0, 0x0}, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x84, r8, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000004}, 0x2004c004)
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB='3'])
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[], 0x118}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r9}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)

4.864916371s ago: executing program 2 (id=97):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan1\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)={0x5c, r2, 0x1, 0xfffffffd, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVKEY={0x40, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x12, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}]}]}]}, 0x5c}}, 0x0)

4.337760391s ago: executing program 2 (id=100):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x9, 0x4, 0x4, 0x2}, 0x48)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$alg(0x26, 0x5, 0x0)
openat$pidfd(0xffffff9c, &(0x7f0000000100), 0x80, 0x0)
timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x1}, &(0x7f0000000700)=<r4=>0x0)
timer_gettime(r4, &(0x7f0000000100))
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r6, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c", 0x9e}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r7}, 0x38)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000001080)={r1, 0x0, 0x0}, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x84, r8, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000004}, 0x2004c004)
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB='3'])
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[], 0x118}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r9}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)

4.306344596s ago: executing program 4 (id=101):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000000)={0xa, 0x4e24, 0x8, @loopback, 0x2}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000840)='{', 0x1}], 0x1}, 0x20048843)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000180)={0x0, 0x1c, "08b1579f3913f48bf84431d62568fc915e855c5a0d6eed9a8a9db4c7"}, &(0x7f00000000c0)=0x24)

4.121886629s ago: executing program 1 (id=102):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f00000002c0)=ANY=[@ANYBLOB="8200000000000000b6000040"])

3.765099345s ago: executing program 1 (id=104):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@private, @in=@remote, 0x0, 0xfffc, 0x0, 0x0, 0xa, 0x0, 0x0, 0x62}, {0x9, 0x80000000000000, 0x0, 0xfffffffd, 0xca8, 0x4}, {0x0, 0x0, 0x0, 0x5}, 0x0, 0x6e6bbb, 0x2, 0x1}}, 0xb8}}, 0x4)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd7000fcdbdf254400000008000300", @ANYRES32=r2, @ANYBLOB="0a001800030303030303000004005a8020005a8018000080140005"], 0x4c}}, 0x4040810)

3.290337745s ago: executing program 2 (id=105):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaae863834626be86ff20010000000000000000000000000002ff02000000000000000000000000b349c6"], 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01000000000000000000100000001800018014000200766574683000000000000000000000000800"], 0x34}}, 0x0)
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

3.194147494s ago: executing program 3 (id=106):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff}, 0x13f, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, {0xa, 0x0, 0x0, @mcast2}, r1}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x1, r1, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000000)={0x7, 0x8, 0xfa00, {r1, 0xfffffffe}}, 0x10)

3.130481962s ago: executing program 3 (id=107):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setrlimit(0x7, &(0x7f0000000000))
ioctl$KVM_CREATE_VCPU(r1, 0xaece, 0x2)

3.018842981s ago: executing program 4 (id=108):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a40)={{0x14}, [], {0x14}}, 0x28}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000000)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, 0x0}}], 0x1, 0x8014)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"])

2.970285745s ago: executing program 3 (id=109):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCGRDESC(r1, 0x90044802, 0x0)

2.164992545s ago: executing program 3 (id=110):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x30, 0x24, 0xd0f, 0x470bd2d, 0x25dfdbfc, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000040}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x24, 0x2a, 0xd27, 0xebd, 0x0, {0x0, 0x0, 0x0, r2, {0xffe0, 0xfff1}, {0x0, 0xfff2}, {0x4, 0x8}}}, 0x24}}, 0x0)

1.356271475s ago: executing program 4 (id=111):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x5bbf91a1e7f99074, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$alg(0x26, 0x5, 0x0)
openat$pidfd(0xffffff9c, &(0x7f0000000100), 0x80, 0x0)
timer_create(0x9, &(0x7f0000000180)={0x0, 0x1e, 0x1}, &(0x7f0000000700)=<r4=>0x0)
timer_gettime(r4, &(0x7f0000000100))
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000e00)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004070000000000000500000000000e1ff95000000000000002ba76bb33123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee04000000670d25010000020000040000009fc404000000c788b277beee11bf9b0a4def23d410f6accd3641110bec4e90a6341965dac03d04683712a0b09edc9e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e3e8eea3fd8cf49827ca311f5b87e1ca8433a8acd715f5888b2007f0000000000000000010000000000fb00010000000000414027efc84293af6a22000000005335001db43a5c000000000000000024000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000000cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617da7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891f7e5ff7fd6fce424c2200af6c3784a1975fa657de38a3a32a4fd67ce446ac5431d07db79240acaf091231b986e77d05d988d6edc71df48dca02113a38300c2bf2b5543ffc1669557b3819d8c396d2c2361629d1022f722ec23812770d72cd0010000007889b8c7044f563a1f68d4eff895fdbc463f747c08f40105869035000000000000000000000000000000000000000000000000080000003ddf4aa4b1c8baa0ae6feb6737c275dc2740f742b5425f1d581961471cdb0500000000000000d4123f955267fe4a75c114f874e086287547d4099aeec9f1538ee25a365ccf4a9b604e88e12ff25184d4e3c6f7f623559435b26b50fb7113000000f0bc440550ee91302f5a000000000000000000000000006d0000e67ccc00148ac4c43021cce9f24f4b2f9492c32e7af05c648978d9980ba49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec2c3f4523110c0acef5383b5a2720caeb68f1e9c05b05d89467ded84da093dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32881dfd15dc84e79d326337e21e041654f06bd7f000000000000000000000000000000282ffe0000000009350cfa3ab109ab4a7d95938c5334a0dd177f1a7389ee570d95e543a27546d3770740f354df6dd6b1bfe4104d2262f33f596d606ccce75a3c3d5f9ad94a7316b0c6ad14f1398a6b39b07121f636da418b34d48677cf8d2d99ee8ac50142bcdcc73dd73cc6ec46896ffb35ac82ac7a9309ea07396d2814dc630ad1a9913934849be25f7b81b59aaa9fa2e9d6ecafcfa1de81b2d3581ab1138537f98d2240b6c2bf40569da4e2bb77532ab9220347d78319617d17e14f7331486e86b2145980b95c88ae11b1c6b6ea6c2b2311d6ce6315cc451dd50ac746acd59d075b41f9a747894956b10453ccf6527d8f579256e9849bbaf6c7c84362209d3d2320101d57"], &(0x7f0000000140)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000002c0)=r6, 0x4)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c", 0x9e}, {&(0x7f00000004c0)="f80ec2e2badd", 0x6}], 0x2, 0x0, 0x0, 0x2663}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="020000000400000006000000aa0b"], 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, &(0x7f00000002c0)=""/251, &(0x7f0000000940), &(0x7f0000000200), 0xa7c, r7}, 0x38)
bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000001080)={r1, 0x0, 0x0}, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x84, r8, 0x400, 0x70bd25, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000004}, 0x2004c004)
mkdir(&(0x7f0000000000)='./file0\x00', 0x80)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x10000, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB='3'])
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[], 0x118}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r9}, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)

841.363658ms ago: executing program 2 (id=112):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x6, 0x1ff, 0x2, 0x7, "ff00000000000000000000008000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x16)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000180)=0x8)

726.033909ms ago: executing program 1 (id=113):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x20040045, &(0x7f00000002c0)={0xa, 0x2, 0x395, @empty}, 0x1c)
shutdown(r0, 0x1)

660.636721ms ago: executing program 3 (id=114):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180900000020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xe, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18)
r1 = io_uring_setup(0x167c, &(0x7f00000003c0)={0x0, 0x800000, 0x400, 0x2, 0x12d})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r1, 0x17, &(0x7f0000000300)={0x0}, 0x1)

412.044627ms ago: executing program 3 (id=115):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x97, 0xff, 0x82, 0x8, 0x2058, 0x1005, 0xc19b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8f, 0x0, 0x0, 0xbf, 0x57, 0x5a}}]}}]}}, 0x0)

222.015136ms ago: executing program 1 (id=116):
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket$kcm(0x23, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000000c0), 0x4)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000940))

191.338033ms ago: executing program 2 (id=117):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="001004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000640)={0x34, &(0x7f0000000300)={0x0, 0x12, 0x2, "f725"}, 0x0, 0x0, 0x0, 0x0, 0x0})

137.794381ms ago: executing program 1 (id=118):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r1}, 0x18)
r2 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r2, &(0x7f0000002480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000680)="b7", 0x1}], 0x1}}], 0x2, 0x24001844)

137.086071ms ago: executing program 4 (id=119):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x129a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x3, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x75, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x4e24, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0x9, 0x0, 0x7, 0x0, 0x13, {[@window={0xb, 0x3}, @timestamp={0x5, 0xa, 0x460000c1, 0x4000}]}}, {"2244070000bc0be4bdf9da2470a34ec90000932b52c828de6f79d82439cc00080000000000009248ba27afeb7396efe6b9986063fd95e9391e2692595a"}}}}}, 0x83)

0s ago: executing program 1 (id=120):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6cb, 0x81a7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0xe00000, @mcast2, 0x1}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f0000000040)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x7, 0x6}}}}}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220b000000a1"], 0x0}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.4' (ED25519) to the list of known hosts.
[   79.953670][ T5798] cgroup: Unknown subsys name 'net'
[   80.194395][ T5798] cgroup: Unknown subsys name 'cpuset'
[   80.230273][ T5798] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   81.963365][ T5798] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   84.567487][ T5812] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.582419][   T59] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.583179][   T59] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   84.585441][   T59] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.586725][   T59] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.587717][   T59] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.639395][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   84.649825][ T5130] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   84.669084][ T5130] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   84.677477][ T5130] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   84.731480][ T5130] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   84.736471][ T5130] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   84.754383][ T5130] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   84.758771][ T5130] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   84.776288][ T5130] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   84.798814][ T5817] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   84.813463][ T5817] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   84.816105][ T5817] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   84.845291][ T5812] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   84.852984][   T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   84.853112][ T5812] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   84.858754][   T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   84.858935][ T5812] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   84.862934][ T5812] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   84.866030][ T5130] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   85.616753][ T5810] chnl_net:caif_netlink_parms(): no params data found
[   85.702943][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   85.796621][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   85.876914][ T5823] chnl_net:caif_netlink_parms(): no params data found
[   86.366844][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.368326][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.368687][ T5810] bridge_slave_0: entered allmulticast mode
[   86.377856][ T5810] bridge_slave_0: entered promiscuous mode
[   86.385388][ T5821] chnl_net:caif_netlink_parms(): no params data found
[   86.476590][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.476713][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state
[   86.476885][ T5810] bridge_slave_1: entered allmulticast mode
[   86.478383][ T5810] bridge_slave_1: entered promiscuous mode
[   86.641197][ T5817] Bluetooth: hci0: command tx timeout
[   86.719893][ T5817] Bluetooth: hci1: command tx timeout
[   86.763705][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.763803][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.763916][ T5814] bridge_slave_0: entered allmulticast mode
[   86.765359][ T5814] bridge_slave_0: entered promiscuous mode
[   86.801547][ T5817] Bluetooth: hci2: command tx timeout
[   86.804955][  T989] cfg80211: failed to load regulatory.db
[   86.959935][ T5817] Bluetooth: hci3: command tx timeout
[   86.960120][ T5817] Bluetooth: hci4: command tx timeout
[   87.162017][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.162091][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.162225][ T5814] bridge_slave_1: entered allmulticast mode
[   87.163702][ T5814] bridge_slave_1: entered promiscuous mode
[   87.166239][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.166355][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.166541][ T5820] bridge_slave_0: entered allmulticast mode
[   87.168261][ T5820] bridge_slave_0: entered promiscuous mode
[   87.284364][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.381194][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.381302][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.381446][ T5820] bridge_slave_1: entered allmulticast mode
[   87.384047][ T5820] bridge_slave_1: entered promiscuous mode
[   87.385476][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state
[   87.385602][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.386145][ T5823] bridge_slave_0: entered allmulticast mode
[   87.388819][ T5823] bridge_slave_0: entered promiscuous mode
[   87.397263][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.570789][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state
[   87.570889][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.571006][ T5823] bridge_slave_1: entered allmulticast mode
[   87.572515][ T5823] bridge_slave_1: entered promiscuous mode
[   87.644933][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.934293][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.047654][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.112303][ T5810] team0: Port device team_slave_0 added
[   88.264693][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.268760][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.271499][ T5810] team0: Port device team_slave_1 added
[   88.272248][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.272431][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.272586][ T5821] bridge_slave_0: entered allmulticast mode
[   88.275108][ T5821] bridge_slave_0: entered promiscuous mode
[   88.530844][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.530955][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.531074][ T5821] bridge_slave_1: entered allmulticast mode
[   88.532533][ T5821] bridge_slave_1: entered promiscuous mode
[   88.535960][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.538019][ T5814] team0: Port device team_slave_0 added
[   88.719777][ T5130] Bluetooth: hci0: command tx timeout
[   88.799830][ T5130] Bluetooth: hci1: command tx timeout
[   88.814496][ T5814] team0: Port device team_slave_1 added
[   88.817068][ T5820] team0: Port device team_slave_0 added
[   88.818858][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.818870][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.818893][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.889821][ T5130] Bluetooth: hci2: command tx timeout
[   89.039940][ T5130] Bluetooth: hci4: command tx timeout
[   89.039972][ T5130] Bluetooth: hci3: command tx timeout
[   89.081969][ T5820] team0: Port device team_slave_1 added
[   89.082892][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.082902][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.082916][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.085921][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.253710][ T5823] team0: Port device team_slave_0 added
[   89.393996][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.395425][ T5823] team0: Port device team_slave_1 added
[   89.396282][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.396291][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.396304][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.611363][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.611374][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.611387][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.612313][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.612324][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.612337][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.777318][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.777330][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.777343][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.862279][ T5821] team0: Port device team_slave_0 added
[   89.863355][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.863368][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.863390][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.953670][ T5821] team0: Port device team_slave_1 added
[   89.954494][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.954503][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.954516][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.965788][ T5810] hsr_slave_0: entered promiscuous mode
[   89.967237][ T5810] hsr_slave_1: entered promiscuous mode
[   90.502041][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.502053][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.502067][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.508468][ T5814] hsr_slave_0: entered promiscuous mode
[   90.509363][ T5814] hsr_slave_1: entered promiscuous mode
[   90.511476][ T5814] debugfs: 'hsr0' already exists in 'hsr'
[   90.511594][ T5814] Cannot create hsr debugfs directory
[   90.751997][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.752013][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.752035][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.759521][ T5820] hsr_slave_0: entered promiscuous mode
[   90.764796][ T5820] hsr_slave_1: entered promiscuous mode
[   90.765690][ T5820] debugfs: 'hsr0' already exists in 'hsr'
[   90.765712][ T5820] Cannot create hsr debugfs directory
[   90.799743][ T5817] Bluetooth: hci0: command tx timeout
[   90.879967][ T5817] Bluetooth: hci1: command tx timeout
[   90.959845][ T5817] Bluetooth: hci2: command tx timeout
[   91.025596][ T5823] hsr_slave_0: entered promiscuous mode
[   91.026415][ T5823] hsr_slave_1: entered promiscuous mode
[   91.026931][ T5823] debugfs: 'hsr0' already exists in 'hsr'
[   91.026951][ T5823] Cannot create hsr debugfs directory
[   91.119960][ T5817] Bluetooth: hci3: command tx timeout
[   91.119992][ T5817] Bluetooth: hci4: command tx timeout
[   91.645729][ T5821] hsr_slave_0: entered promiscuous mode
[   91.646466][ T5821] hsr_slave_1: entered promiscuous mode
[   91.646995][ T5821] debugfs: 'hsr0' already exists in 'hsr'
[   91.647013][ T5821] Cannot create hsr debugfs directory
[   92.665012][ T5810] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   92.691853][ T5810] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   92.730484][ T5810] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.780201][ T5810] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.879776][ T5130] Bluetooth: hci0: command tx timeout
[   92.915223][ T5814] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   92.960389][ T5130] Bluetooth: hci1: command tx timeout
[   92.968126][ T5814] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   93.023005][ T5814] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   93.040039][ T5130] Bluetooth: hci2: command tx timeout
[   93.068515][ T5814] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   93.200863][ T5130] Bluetooth: hci4: command tx timeout
[   93.200869][ T5817] Bluetooth: hci3: command tx timeout
[   93.230301][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   93.279883][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   93.305606][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   93.345854][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   93.488147][ T5823] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   93.529458][ T5823] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   93.585261][ T5823] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   93.634299][ T5823] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   93.746677][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.778381][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   93.836440][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.878826][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.924847][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.994494][ T5810] 8021q: adding VLAN 0 to HW filter on device team0
[   94.043708][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.044834][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.069968][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.095234][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.095330][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.177388][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   94.236619][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.236925][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.256163][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.286345][ T1178] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.286478][ T1178] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.358967][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   94.383045][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.415297][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.415509][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.478614][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.487695][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.559340][ T5823] 8021q: adding VLAN 0 to HW filter on device team0
[   94.636417][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.636682][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.656811][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.696600][ T1104] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.696733][ T1104] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.812235][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   94.868157][ T1178] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.868423][ T1178] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.931537][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.931794][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.967455][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.146882][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.358801][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.403420][ T5810] veth0_vlan: entered promiscuous mode
[   95.494907][ T5810] veth1_vlan: entered promiscuous mode
[   95.568455][ T5814] veth0_vlan: entered promiscuous mode
[   95.617487][ T5814] veth1_vlan: entered promiscuous mode
[   95.627058][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.678136][ T5820] veth0_vlan: entered promiscuous mode
[   95.688545][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.703446][ T5810] veth0_macvtap: entered promiscuous mode
[   95.746970][ T5810] veth1_macvtap: entered promiscuous mode
[   95.757331][ T5820] veth1_vlan: entered promiscuous mode
[   95.881378][ T5814] veth0_macvtap: entered promiscuous mode
[   95.909079][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0
[   95.934093][ T5814] veth1_macvtap: entered promiscuous mode
[   95.969295][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.977741][ T5823] veth0_vlan: entered promiscuous mode
[   96.037590][ T1114] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.057279][   T67] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.073868][   T67] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.077858][ T5823] veth1_vlan: entered promiscuous mode
[   96.097986][ T5820] veth0_macvtap: entered promiscuous mode
[   96.111602][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.111672][   T67] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.178519][ T5820] veth1_macvtap: entered promiscuous mode
[   96.188104][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.267101][   T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.280855][   T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.322462][   T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.366118][ T1049] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.415608][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.491078][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.551139][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.551164][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.588054][ T5823] veth0_macvtap: entered promiscuous mode
[   96.640377][ T1049] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.674544][ T1104] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.678957][ T1104] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.705860][ T5823] veth1_macvtap: entered promiscuous mode
[   96.727810][ T1104] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.751553][ T5821] veth0_vlan: entered promiscuous mode
[   96.813999][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.814018][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.926487][ T1049] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.926507][ T1049] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.945273][ T5821] veth1_vlan: entered promiscuous mode
[   96.964351][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.038948][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.123695][ T1114] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.173150][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.173180][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.180711][ T1114] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.238823][ T1114] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.297285][ T1114] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.313201][ T1114] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.313220][ T1114] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.616701][ T5821] veth0_macvtap: entered promiscuous mode
[   97.728656][ T1049] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.728675][ T1049] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.748858][ T5821] veth1_macvtap: entered promiscuous mode
[   97.826543][ T5828] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   97.922031][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.922050][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.985324][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.010611][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   98.010644][ T5828] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.010666][ T5828] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   98.010710][ T5828] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   98.010732][ T5828] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.099466][ T5828] usb 1-1: config 0 descriptor??
[   98.132702][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.345727][ T5828] usbhid 1-1:0.0: can't add hid device: -71
[   98.345858][ T5828] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   98.376064][ T1178] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.376480][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   98.376494][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   98.376743][ T1178] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.378559][ T1178] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.379039][ T1178] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.439348][ T5828] usb 1-1: USB disconnect, device number 2
[   98.850213][ T5948] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   98.931389][ T5950] syz.3.4 uses obsolete (PF_INET,SOCK_PACKET)
[   99.086500][ T1178] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.086520][ T1178] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.320545][   T49] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   99.496001][   T49] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[   99.496060][   T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   99.498003][   T49] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   99.498028][   T49] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   99.498060][   T49] usb 1-1: Manufacturer: syz
[   99.551428][   T49] usb 1-1: config 0 descriptor??
[   99.611839][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.611858][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.689788][   T49] rc_core: IR keymap rc-hauppauge not found
[   99.689820][   T49] Registered IR keymap rc-empty
[   99.693726][   T49] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[   99.696894][   T49] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5
[   99.801590][    C1] igorplugusb 1-1:0.0: Error: urb status = -32
[   99.880234][ T5890] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   99.880449][   T49] usb 1-1: USB disconnect, device number 3
[  100.061664][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.061697][ T5890] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.061718][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  100.061755][ T5890] usb 4-1: New USB device found, idVendor=1532, idProduct=011b, bcdDevice= 0.00
[  100.061775][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.122773][ T5890] usb 4-1: config 0 descriptor??
[  100.564260][ T5890] razer 0003:1532:011B.0001: item fetching failed at offset 4/5
[  100.565124][ T5890] razer 0003:1532:011B.0001: probe with driver razer failed with error -22
[  100.596563][   T37] audit: type=1326 audit(1759298777.218:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.596609][   T37] audit: type=1326 audit(1759298777.228:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.599506][   T37] audit: type=1326 audit(1759298777.228:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.599904][   T37] audit: type=1326 audit(1759298777.238:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613521][   T37] audit: type=1326 audit(1759298777.238:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613566][   T37] audit: type=1326 audit(1759298777.238:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613602][   T37] audit: type=1326 audit(1759298777.248:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613638][   T37] audit: type=1326 audit(1759298777.248:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613673][   T37] audit: type=1326 audit(1759298777.248:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.613716][   T37] audit: type=1326 audit(1759298777.248:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5972 comm="syz.0.19" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f7aec65eec9 code=0x7ffc0000
[  100.823026][ T1592] usb 4-1: USB disconnect, device number 2
[  100.889805][ T5883] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  101.036948][ T5985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.23'.
[  101.089163][ T5883] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.089197][ T5883] usb 3-1: config 0 interface 0 has no altsetting 0
[  101.089228][ T5883] usb 3-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00
[  101.089251][ T5883] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.112423][ T5883] usb 3-1: config 0 descriptor??
[  101.578063][ T5883] nintendo 0003:057E:2009.0002: unknown main item tag 0x0
[  101.578103][ T5883] nintendo 0003:057E:2009.0002: unknown main item tag 0x0
[  101.586168][ T5883] nintendo 0003:057E:2009.0002: hidraw0: USB HID v80.00 Device [HID 057e:2009] on usb-dummy_hcd.2-1/input0
[  101.653973][ T5883] nintendo 0003:057E:2009.0002: Failed to get joycon info; ret=-38
[  101.653998][ T5883] nintendo 0003:057E:2009.0002: Failed to retrieve controller info; ret=-38
[  101.654016][ T5883] nintendo 0003:057E:2009.0002: Failed to initialize controller; ret=-38
[  101.668380][ T5883] nintendo 0003:057E:2009.0002: probe - fail = -38
[  101.668518][ T5883] nintendo 0003:057E:2009.0002: probe with driver nintendo failed with error -38
[  101.792420][ T5890] usb 3-1: USB disconnect, device number 2
[  102.022200][ T6002] loop6: detected capacity change from 0 to 524287999
[  102.080125][ T5912] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  102.230791][   T31] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  102.265760][ T5912] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.265809][ T5912] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  102.265830][ T5912] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  102.342811][ T5912] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  102.342840][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.342857][ T5912] usb 1-1: Product: syz
[  102.342870][ T5912] usb 1-1: Manufacturer: syz
[  102.342882][ T5912] usb 1-1: SerialNumber: syz
[  102.393874][   T31] usb 4-1: config 2 has an invalid interface number: 219 but max is 0
[  102.393902][   T31] usb 4-1: config 2 has no interface number 0
[  102.414454][   T31] usb 4-1: New USB device found, idVendor=19d2, idProduct=1099, bcdDevice=2c.93
[  102.414481][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.414500][   T31] usb 4-1: Product: syz
[  102.414513][   T31] usb 4-1: Manufacturer: syz
[  102.414526][   T31] usb 4-1: SerialNumber: syz
[  102.475865][   T31] option 4-1:2.219: GSM modem (1-port) converter detected
[  103.168751][ T1592] usb 4-1: USB disconnect, device number 3
[  103.188856][ T1592] option 4-1:2.219: device disconnected
[  103.562805][ T5912] cdc_ncm 1-1:1.0: bind() failure
[  103.610395][ T5912] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  103.612389][ T5912] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  103.614770][ T5912] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  103.657160][ T5912] usb 1-1: USB disconnect, device number 4
[  104.117617][ T5883] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  104.279761][ T5883] usb 4-1: Using ep0 maxpacket: 16
[  104.284330][ T5883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.284362][ T5883] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  104.284405][ T5883] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  104.284426][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.350315][ T5883] usb 4-1: config 0 descriptor??
[  105.421525][ T5883] usbhid 4-1:0.0: can't add hid device: -71
[  105.421650][ T5883] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  105.454468][ T5883] usb 4-1: USB disconnect, device number 4
[  106.137178][ T6050] tipc: Started in network mode
[  106.137213][ T6050] tipc: Node identity 7365725f69643d3, cluster identity 4711
[  106.137267][ T6050] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  106.759731][ T1592] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  106.914802][ T6067] process 'syz.2.56' launched './file2' with NULL argv: empty string added
[  106.929002][ T1592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.929034][ T1592] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.929073][ T1592] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  106.929096][ T1592] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.972833][ T1592] usb 5-1: config 0 descriptor??
[  107.402472][ T1592] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[  107.430056][ T1592] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[  107.607820][ T1592] cp2112 0003:10C4:EA90.0003: Part Number: 0x82 Device Version: 0xFE
[  108.011175][ T1592] cp2112 0003:10C4:EA90.0003: error setting SMBus config
[  108.013925][ T1592] cp2112 0003:10C4:EA90.0003: probe with driver cp2112 failed with error -71
[  108.039823][   T49] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  108.061884][ T1592] usb 5-1: USB disconnect, device number 2
[  108.645721][ T6090] Illegal XDP return value 4294967274 on prog  (id 7) dev syz_tun, expect packet loss!
[  108.945972][ T1592] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  109.073777][ T6099] =======================================================
[  109.073777][ T6099] WARNING: The mand mount option has been deprecated and
[  109.073777][ T6099]          and is ignored by this kernel. Remove the mand
[  109.073777][ T6099]          option from the mount to silence this warning.
[  109.073777][ T6099] =======================================================
[  109.116977][ T1592] usb 5-1: config 0 has an invalid interface number: 102 but max is 0
[  109.117003][ T1592] usb 5-1: config 0 has no interface number 0
[  109.117046][ T1592] usb 5-1: New USB device found, idVendor=2001, idProduct=1a00, bcdDevice=38.f5
[  109.117067][ T1592] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.123132][ T1592] usb 5-1: config 0 descriptor??
[  109.175139][ T6099] overlayfs: maximum fs stacking depth exceeded
[  109.957883][ T1592] asix 5-1:0.102 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  109.957913][ T1592] asix 5-1:0.102 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[  109.958175][ T1592] asix 5-1:0.102: probe with driver asix failed with error -71
[  109.999435][ T1592] usb 5-1: USB disconnect, device number 3
[  110.041164][   T57] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting
[  110.165955][   T57] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  110.576598][ T6122] erspan0: entered promiscuous mode
[  110.601626][ T6122] netlink: 8 bytes leftover after parsing attributes in process `syz.2.77'.
[  110.829275][ T6127] syz.4.80 (6127) used greatest stack depth: 18808 bytes left
[  111.000593][ T1441] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.345177][ T1441] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.726304][ T1441] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  111.992644][ T5130] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  112.014728][ T5130] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  112.041047][ T5130] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  112.044869][ T5130] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  112.045623][ T5130] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  112.135426][ T1441] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  112.246357][ T6160] 9pnet_virtio: no channels available for device syz
[  113.034113][ T1441] bridge_slave_1: left allmulticast mode
[  113.034205][ T1441] bridge_slave_1: left promiscuous mode
[  113.035640][ T1441] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.183148][ T1441] bridge_slave_0: left allmulticast mode
[  113.183178][ T1441] bridge_slave_0: left promiscuous mode
[  113.183415][ T1441] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.208651][ T6180] netlink: 64 bytes leftover after parsing attributes in process `syz.3.99'.
[  113.372219][ T6179] 9pnet_virtio: no channels available for device syz
[  114.079867][ T5817] Bluetooth: hci0: command tx timeout
[  114.092581][ T6192] netlink: 27 bytes leftover after parsing attributes in process `syz.2.105'.
[  114.122454][   T37] kauditd_printk_skb: 1 callbacks suppressed
[  114.122470][   T37] audit: type=1326 audit(1759298790.758:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6182 comm="syz.3.103" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6818a7eec9 code=0x7fc00000
[  114.495291][  T989] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  114.523940][  T989] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  114.609739][ T5890] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  114.759964][ T5890] usb 5-1: Using ep0 maxpacket: 32
[  114.762212][ T5890] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  114.762236][ T5890] usb 5-1: config 0 has no interface number 0
[  114.768822][ T5890] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  114.768850][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.768868][ T5890] usb 5-1: Product: syz
[  114.768881][ T5890] usb 5-1: Manufacturer: syz
[  114.768894][ T5890] usb 5-1: SerialNumber: syz
[  114.837424][ T5890] usb 5-1: config 0 descriptor??
[  114.858597][ T5890] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  115.074123][ T5890] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  115.096159][ T5890] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  115.476185][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  115.479454][ T5876] usb 5-1: USB disconnect, device number 4
[  115.493008][ T5876] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  115.513301][ T5876] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  115.514149][ T5876] quatech2 5-1:0.51: device disconnected
[  116.160411][ T5817] Bluetooth: hci0: command tx timeout
[  116.218610][ T6208] 9pnet_virtio: no channels available for device syz
[  116.223794][ T1441] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  116.303698][ T1441] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  116.343002][ T1441] bond0 (unregistering): Released all slaves
[  117.104588][ T6159] chnl_net:caif_netlink_parms(): no params data found
[  117.379806][    T9] ==================================================================
[  117.379823][    T9] BUG: KASAN: vmalloc-out-of-bounds in __list_del_entry_valid_or_report+0xb5/0x190
[  117.379859][    T9] Read of size 8 at addr ffffc9000f066008 by task kworker/0:0/9
[  117.379874][    T9] 
[  117.379897][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  117.379915][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  117.379926][    T9] Workqueue: usb_hub_wq hub_event
[  117.379973][    T9] Call Trace:
[  117.379983][    T9]  <TASK>
[  117.379992][    T9]  dump_stack_lvl+0x189/0x250
[  117.380012][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.380033][    T9]  ? __pfx__printk+0x10/0x10
[  117.380052][    T9]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  117.380077][    T9]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  117.380098][    T9]  ? __virt_addr_valid+0xdc/0x5c0
[  117.380115][    T9]  ? __virt_addr_valid+0xdc/0x5c0
[  117.380133][    T9]  print_report+0xca/0x240
[  117.380153][    T9]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  117.380173][    T9]  kasan_report+0x118/0x150
[  117.380195][    T9]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  117.380220][    T9]  __list_del_entry_valid_or_report+0xb5/0x190
[  117.380242][    T9]  kcov_remote_start+0x2b0/0x6f0
[  117.380265][    T9]  hub_event+0x158/0x4a20
[  117.380284][    T9]  ? __lock_acquire+0xab9/0xd20
[  117.380315][    T9]  ? do_raw_spin_lock+0x121/0x290
[  117.380333][    T9]  ? look_up_lock_class+0x74/0x170
[  117.380353][    T9]  ? register_lock_class+0x51/0x320
[  117.380377][    T9]  ? __lock_acquire+0xab9/0xd20
[  117.380401][    T9]  ? __pfx_hub_event+0x10/0x10
[  117.380419][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.380441][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.380463][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.380483][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.380500][    T9]  process_scheduled_works+0xae1/0x17b0
[  117.380532][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.380558][    T9]  worker_thread+0x8a0/0xda0
[  117.380588][    T9]  kthread+0x711/0x8a0
[  117.380604][    T9]  ? __pfx_worker_thread+0x10/0x10
[  117.380623][    T9]  ? __pfx_kthread+0x10/0x10
[  117.380637][    T9]  ? rt_spin_unlock+0x150/0x200
[  117.380658][    T9]  ? rt_spin_unlock+0x161/0x200
[  117.380675][    T9]  ? __pfx_kthread+0x10/0x10
[  117.380691][    T9]  ret_from_fork+0x439/0x7d0
[  117.380711][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  117.380734][    T9]  ? __switch_to_asm+0x39/0x70
[  117.380749][    T9]  ? __switch_to_asm+0x33/0x70
[  117.380765][    T9]  ? __pfx_kthread+0x10/0x10
[  117.380780][    T9]  ret_from_fork_asm+0x1a/0x30
[  117.380804][    T9]  </TASK>
[  117.380811][    T9] 
[  117.380816][    T9] The buggy address belongs to a vmalloc virtual mapping
[  117.380830][    T9] Memory state around the buggy address:
[  117.380839][    T9]  ffffc9000f065f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  117.380849][    T9]  ffffc9000f065f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  117.380860][    T9] >ffffc9000f066000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  117.380868][    T9]                       ^
[  117.380877][    T9]  ffffc9000f066080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  117.380888][    T9]  ffffc9000f066100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  117.380895][    T9] ==================================================================
[  117.380907][    T9] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  117.380925][    T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  117.380945][    T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  117.380956][    T9] Workqueue: usb_hub_wq hub_event
[  117.380974][    T9] Call Trace:
[  117.380981][    T9]  <TASK>
[  117.380986][    T9]  dump_stack_lvl+0x99/0x250
[  117.381003][    T9]  ? __asan_memcpy+0x40/0x70
[  117.381020][    T9]  ? __pfx_dump_stack_lvl+0x10/0x10
[  117.381041][    T9]  ? __pfx__printk+0x10/0x10
[  117.381074][    T9]  vpanic+0x281/0x750
[  117.381093][    T9]  ? __pfx_vpanic+0x10/0x10
[  117.381115][    T9]  panic+0xb9/0xc0
[  117.381131][    T9]  ? __pfx_panic+0x10/0x10
[  117.381145][    T9]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  117.381169][    T9]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  117.381196][    T9]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  117.381216][    T9]  check_panic_on_warn+0x89/0xb0
[  117.381234][    T9]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  117.381254][    T9]  end_report+0x78/0x160
[  117.381273][    T9]  kasan_report+0x129/0x150
[  117.381293][    T9]  ? __list_del_entry_valid_or_report+0xb5/0x190
[  117.381318][    T9]  __list_del_entry_valid_or_report+0xb5/0x190
[  117.381340][    T9]  kcov_remote_start+0x2b0/0x6f0
[  117.381373][    T9]  hub_event+0x158/0x4a20
[  117.381397][    T9]  ? __lock_acquire+0xab9/0xd20
[  117.381433][    T9]  ? do_raw_spin_lock+0x121/0x290
[  117.381457][    T9]  ? look_up_lock_class+0x74/0x170
[  117.381489][    T9]  ? register_lock_class+0x51/0x320
[  117.381514][    T9]  ? __lock_acquire+0xab9/0xd20
[  117.381552][    T9]  ? __pfx_hub_event+0x10/0x10
[  117.381570][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.381601][    T9]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.381632][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.381658][    T9]  ? process_scheduled_works+0x9ef/0x17b0
[  117.381684][    T9]  process_scheduled_works+0xae1/0x17b0
[  117.381726][    T9]  ? __pfx_process_scheduled_works+0x10/0x10
[  117.381760][    T9]  worker_thread+0x8a0/0xda0
[  117.381792][    T9]  kthread+0x711/0x8a0
[  117.381810][    T9]  ? __pfx_worker_thread+0x10/0x10
[  117.381835][    T9]  ? __pfx_kthread+0x10/0x10
[  117.381850][    T9]  ? rt_spin_unlock+0x150/0x200
[  117.381875][    T9]  ? rt_spin_unlock+0x161/0x200
[  117.381893][    T9]  ? __pfx_kthread+0x10/0x10
[  117.381910][    T9]  ret_from_fork+0x439/0x7d0
[  117.381932][    T9]  ? __pfx_ret_from_fork+0x10/0x10
[  117.381954][    T9]  ? __switch_to_asm+0x39/0x70
[  117.381970][    T9]  ? __switch_to_asm+0x33/0x70
[  117.381986][    T9]  ? __pfx_kthread+0x10/0x10
[  117.382002][    T9]  ret_from_fork_asm+0x1a/0x30
[  117.382033][    T9]  </TASK>
[  117.382302][    T9] Kernel Offset: disabled