last executing test programs:

39.456492848s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

32.201684301s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

23.685251956s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

16.051303276s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

9.176586334s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

7.99042124s ago: executing program 0 (id=2794):
r0 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x400}, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000000)=0x4, 0x4)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socket(0x2c, 0x4, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x481e)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000500)=ANY=[@ANYBLOB="0a010100ac1414bb010000000300000010000000e0000001000000009223e4cf2f0478b20c2883411312c4ee0c8d7ec49d43bcd8d7a8804165e4cb139ad374fc39d538747873969d4bc3b4a75002590a8e2bc83b803b7296f0d4dbdc104ee74ec09deb896f245a9afcc69416c39ec738a10952ea346aab87df120eb10a4c65849feda36ff1358a0d47b4c35ee968591b928df2fd12a4cebfe72c5ea6474a635cb570d40386121d584b8f03dd63e289967865281437bb9e69c712eba78524caa93cc4a5caa00e0de72d342340cf65cd7876476648a710070000000000000007c7ed6f663becd1cdfeca0a812c6eb077e21a146408ed02940af7b549eda15dfbe4f590b79a7cdf0cfe7013f0ec3f1503bb9eb433569134ba2252751c43712a43759f7e2f9686"], 0x1c)
chdir(&(0x7f0000000300)='./file0\x00')
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0x4)

7.970861661s ago: executing program 3 (id=2795):
r0 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x400}, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000000)=0x4, 0x4)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x2c, 0x4, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x481e)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000500)=ANY=[@ANYBLOB="0a010100ac1414bb010000000300000010000000e0000001000000009223e4cf2f0478b20c2883411312c4ee0c8d7ec49d43bcd8d7a8804165e4cb139ad374fc39d538747873969d4bc3b4a75002590a8e2bc83b803b7296f0d4dbdc104ee74ec09deb896f245a9afcc69416c39ec738a10952ea346aab87df120eb10a4c65849feda36ff1358a0d47b4c35ee968591b928df2fd12a4cebfe72c5ea6474a635cb570d40386121d584b8f03dd63e289967865281437bb9e69c712eba78524caa93cc4a5caa00e0de72d342340cf65cd7876476648a710070000000000000007c7ed6f663becd1cdfeca0a812c6eb077e21a146408ed02940af7b549eda15dfbe4f590b79a7cdf0cfe7013f0ec3f1503bb9eb433569134ba2252751c43712a43759f7e2f9686"], 0x1c)
chdir(&(0x7f0000000300)='./file0\x00')
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0x4)

7.080860614s ago: executing program 0 (id=2798):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x16, 0x1b, &(0x7f0000001600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000380)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="4bcc72dd61070bec0494f1422be64cd0e12182ae31ab5d3970e5", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xf, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9, 0x11e41e7a, 0x5, 0xfffffffc, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0xffffffffffffff2f, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0x21}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x8)
sendto$inet(r7, 0x0, 0x218, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r7, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)

7.014104821s ago: executing program 3 (id=2799):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010008000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020000087a32000000000900010073797a3000000000080005400000003d300011800b00010074617267657400002000028005000300c400000008000240000000000a00010041"], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
ptrace$ARCH_GET_FS(0x1e, r1, &(0x7f0000000400), 0x1003)
recvmmsg(r2, &(0x7f00000009c0)=[{{&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/49, 0x31}, {0x0}], 0x2}, 0xfffffff3}], 0x1, 0x40012140, &(0x7f0000000a00)={0x0, 0x3938700})
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000001000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800)
recvmmsg(r4, &(0x7f0000000780)=[{{&(0x7f0000000380)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x1, 0x40012100, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r6, &(0x7f0000000240)={{0x6, @default}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)

6.116272408s ago: executing program 3 (id=2800):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000003c0)=ANY=[@ANYRESHEX, @ANYRES64, @ANYRESDEC, @ANYRES8, @ANYRES8, @ANYRES32, @ANYBLOB="e21c0bc94e102411af5e5679561994fe1fb9199dda8b5a07567e2b1b591c323f9461443a0fa4a3f63b9d2af1efcaed922352083cd1b8224b8c9ce29a48133f016d814aac4957510241514e3e2e41b9c48da9c70ef7c6acfb59e758a4d29fa7d36f3bc92a9b055170eab1dec5fced1973a4e66bda3678be2a409e59ce87a259e6edb331711950018d6431463c609a20534032d8530f3f8823af724bf26e678abfc65217474a461797d723b87b942756"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x12, r0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000180)=0x8, 0x4)

6.029804437s ago: executing program 3 (id=2801):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000000)={0x0, {{0x2, 0x0, @multicast1}}}, 0x84)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
getsockopt$inet_buf(r3, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r4, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0xff97, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r5=>0x0})
r6 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=<r7=>0x0, &(0x7f0000000440)=<r8=>0x0)
r9 = openat$6lowpan_control(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r9, 0xfffffffffffffffd, 0x0, 0x0, 0x22})
r10 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r11 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r11, 0x8933, &(0x7f0000000080)={'vcan0\x00', <r12=>0x0})
bind$can_raw(r11, &(0x7f00000005c0), 0x10)
read(r11, &(0x7f00000027c0)=""/4073, 0xfe9)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r11, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r11, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r12}, 0x10, &(0x7f0000000200)={0x0}}, 0x0)
ioctl$USBDEVFS_CONTROL(r10, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x302, 0xe1, 0x0, 0xff, 0x0})
io_uring_enter(r6, 0x448e1, 0xf2bb, 0xa, 0x0, 0x0)
r13 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/131, 0x83}, {&(0x7f0000000280)=""/59, 0x3b}], 0x2)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000000801030000000000000000050000050900020000007a3100000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r14 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_LBT_MODE(r14, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r13, @ANYRESOCT=r0, @ANYRES8=r1], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x20004004)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x407, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r5}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4)

5.921563624s ago: executing program 0 (id=2802):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0xff97, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r4=>0x0})
r5 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
r8 = openat$6lowpan_control(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r8, 0xfffffffffffffffd, 0x0, 0x0, 0x22})
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
bind$can_raw(r10, &(0x7f00000005c0), 0x10)
read(r10, &(0x7f00000027c0)=""/4073, 0xfe9)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r10, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
ioctl$USBDEVFS_CONTROL(r9, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x302, 0xe1, 0x0, 0xff, 0x0})
io_uring_enter(r5, 0x448e1, 0xf2bb, 0xa, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/131, 0x83}, {&(0x7f0000000280)=""/59, 0x3b}], 0x2)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000000801030000000000000000050000050900020000007a3100000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_LBT_MODE(r12, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r11, @ANYRESOCT=r0, @ANYRES8=r1], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x20004004)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x407, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4)

4.843182803s ago: executing program 2 (id=2804):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@loopback}, {@in, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x8}}]}, 0x1a0}}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000300)={0x700, 0x1, &(0x7f0000000340)=[r4], &(0x7f00000000c0)=[0x2], &(0x7f0000000400), 0x0, 0x0, 0xfffffffffffffffe})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001d00)={0x53, 0xfffffffffffffffe, 0x0, 0xf1, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x10024, 0x1, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x138, 0x30, 0x1, 0x0, 0x0, {}, [{0x124, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xdc, 0x3ffe, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e21}]}, {0xa4, 0x6, "156308caa50f6d80e9750c098a8d2f0ec905fa574f325030d9f3fdacea217321df688e13b27bb8bb98fdb7f3ab291b546a4d3ee6af769d10ee279ec2763269cc663a6a2eea6aa265445251cfe43d66546584ebc636467779fd5367f6fc0a6958bcdbeb8a6564cf1dc8217ef34f8ba12ee0c7a5d289637d77c7649f11bc25526ca67c0e44da0a0a6a650b482fce3004aca15e10c91ee3c1d9128e4878717442f1"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r7, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000001480)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d55906000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9ccd5788029901e5a79d8b9990ace8f74087f25ad50c4608800"/684], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40040)
r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
connect$x25(r8, &(0x7f0000000040), 0x12)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)

4.426638653s ago: executing program 0 (id=2805):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000e00000056566b9cbb88c2ee9500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES16])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x4c, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280))
shutdown(0xffffffffffffffff, 0x1)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0xffffffffffffffff)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)

4.41329743s ago: executing program 3 (id=2806):
socket(0x2b, 0x5, 0xf7e)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newtaction={0x118, 0x30, 0x100, 0x0, 0x0, {}, [{0x104, 0x1, [@m_ct={0x74, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x32, 0x6, "2844f7a3a82a894ae862018382ca191a984fb75e03df0ed97cb96721d6f37eb62e004fb8a1da1c87bf4f5a22e685"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x8c, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x48, 0x6, "207792f036002bb5483838e23a73a7d747b7f28b5adbf46b8d0b6ae4c1a976dceaa760dc319b3894b0d81d17c67817c7897f79e1d61d231e94d801330000000000000000"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000040002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000088000000060a010400000000000000000100000008000b40000000005c000480580001800b000100746172676574000048000280300003005fad843dc5c1efe84ced18d4422d5b0b86e8441958d3d2ea41149f1e55359af069a2a5e039ccf56f068a5a0b09000100534e41540000000008000240000000020900010073797a30"], 0xfc}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x2, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)="dc", 0x1}])
r3 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x8444, 0x13580}, &(0x7f0000000100), &(0x7f0000000140))
io_uring_enter(r3, 0xe85, 0x0, 0x0, 0x0, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, 0x0, 0x0)

3.893766547s ago: executing program 2 (id=2807):
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002240)=@newtaction={0x48, 0x30, 0x1, 0x0, 0x0, {}, [{0x34, 0x1, [@m_police={0x30, 0xc, 0x0, 0x0, {{0xb}, {0x4, 0x2, 0x0, 0x1, [[]]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb)
r0 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000880)=0x10003, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
recvmmsg(r0, 0x0, 0x0, 0x10102, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000220001037800000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0)

3.526924069s ago: executing program 3 (id=2808):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009ac0b620110f2110"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000100)=""/178, 0xb2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x2ddd, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000), &(0x7f0000000380)=<r5=>0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, 0x0)
syz_io_uring_setup(0x4969, &(0x7f0000000440)={0x0, 0x0, 0x800, 0x1, 0x0, 0x0, r4}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000180))
socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=@RTM_NEWMDB={0x38, 0x55, 0x1e5, 0x70bd25, 0x0, {0x7, r9}, [@MDBA_SET_ENTRY={0x20, 0x1, {r9, 0x1, 0x1, 0x3, {@in6_addr=@mcast2, 0x86dd}}}]}, 0x38}, 0x1, 0xf0}, 0x0)
r10 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0601, 0x0)
ioctl$TIOCSETD(r10, 0x5423, &(0x7f00000003c0)=0x14)
syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4})
io_uring_enter(r4, 0xa3d, 0x0, 0x0, 0x0, 0x0)

2.979795199s ago: executing program 2 (id=2809):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x9, 0x7, 0x2}}}}]}, 0x40}}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, 0x0, 0x24008011)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004a00003c0000000000069078ac141400ac1e0001070f08e0000002ac1414bbe0000002440400000000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="500000009077fff7"], 0x0)
socket$tipc(0x1e, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, r2)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00', @ANYRES16=r3, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r4, @ANYBLOB="0880050003000000"], 0x24}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$drirender128(0xffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$DRM_IOCTL_VERSION(r7, 0xc0246400, &(0x7f00000002c0)={0x5, 0x6, 0x10, 0xfffffffffffffd32, 0x0, 0xfffffffffffffffd, 0x0, 0xdd, &(0x7f00000005c0)=""/185})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r8=>0x0})
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x22, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r9, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000100)='\x00', 0x1}], 0x1}}], 0x1, 0x2400c042)
r10 = openat$ptp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40001, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f00000001c0)={0x7, "3bc52b01e0980e77751957828706df7650ad84befd5dc3bed20e0fb8aed385c6"})
socket$xdp(0x2c, 0x3, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r10, 0x40043d0d, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x54, 0x10, 0x401, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, 0xf0ff}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}}}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x54}}, 0x0)

2.643974852s ago: executing program 2 (id=2810):
r0 = socket$netlink(0x10, 0x3, 0x4)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x400}, 0xc)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x31, &(0x7f0000000000)=0x4, 0x4)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000003}, 0x80)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x2c, 0x4, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, 0x0, 0x481e)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_msfilter(r7, 0x0, 0x29, &(0x7f0000000500)=ANY=[@ANYBLOB="0a010100ac1414bb010000000300000010000000e0000001000000009223e4cf2f0478b20c2883411312c4ee0c8d7ec49d43bcd8d7a8804165e4cb139ad374fc39d538747873969d4bc3b4a75002590a8e2bc83b803b7296f0d4dbdc104ee74ec09deb896f245a9afcc69416c39ec738a10952ea346aab87df120eb10a4c65849feda36ff1358a0d47b4c35ee968591b928df2fd12a4cebfe72c5ea6474a635cb570d40386121d584b8f03dd63e289967865281437bb9e69c712eba78524caa93cc4a5caa00e0de72d342340cf65cd7876476648a710070000000000000007c7ed6f663becd1cdfeca0a812c6eb077e21a146408ed02940af7b549eda15dfbe4f590b79a7cdf0cfe7013f0ec3f1503bb9eb433569134ba2252751c43712a43759f7e2f9686"], 0x1c)
chdir(&(0x7f0000000300)='./file0\x00')
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0x4)

1.643522505s ago: executing program 2 (id=2811):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010008000900010073797a30000000006c000000090a010400000000000000000100000008000a40000000000900020000087a32000000000900010073797a3000000000080005400000003d300011800b00010074617267657400002000028005000300c400000008000240000000000a00010041"], 0xb4}, 0x1, 0x0, 0x0, 0x890}, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
ptrace$ARCH_GET_FS(0x1e, r1, &(0x7f0000000400), 0x1003)
recvmmsg(r2, &(0x7f00000009c0)=[{{&(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000340)=""/49, 0x31}, {0x0}], 0x2}, 0xfffffff3}], 0x1, 0x40012140, &(0x7f0000000a00)={0x0, 0x3938700})
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0xfe, 0x7ffc0002}]})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x800)
recvmmsg(r4, &(0x7f0000000780)=[{{&(0x7f0000000380)=@in, 0x80, &(0x7f0000000700)=[{&(0x7f0000000640)=""/35, 0x23}, {&(0x7f0000000680)=""/127, 0x7f}], 0x2, &(0x7f0000000740)=""/23, 0x17}, 0x3}], 0x1, 0x40012100, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_int(r5, 0x0, 0x33, &(0x7f0000000300)=0x80000005, 0x4)
socket$inet6_sctp(0xa, 0x1, 0x84)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r6, &(0x7f0000000240)={{0x6, @default}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)

1.319157597s ago: executing program 1 (id=2609):
r0 = socket(0x10, 0x2, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x1, 0x7, 0x8}, {0x11, 0x3, 0x0, 0x1, 0x1, 0x662e}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0xfffffffffffffecd)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000004000)=ANY=[@ANYRESOCT=r4], &(0x7f0000000340)='syzkaller\x00', 0x9c, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vlan1\x00', <r8=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r10 = dup(r9)
write$6lowpan_enable(r10, &(0x7f0000000000)='0', 0xfffffd2c)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xf, 0x0)
r11 = socket$inet6_sctp(0xa, 0x5, 0x84)
r12 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x4885, 0x100, 0x400003, 0x1d, 0x0, r10}, &(0x7f00000000c0)=<r13=>0x0, &(0x7f0000000600)=<r14=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r10, 0x16, &(0x7f0000000040)={&(0x7f0000002000), 0x0, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r13, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r13, r14, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r11, 0x0, 0x0, 0x0, 0x40002202, 0x1, {0x1}})
io_uring_enter(r12, 0x3516, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@delqdisc={0x13c, 0x25, 0x2, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0x9}, {0xa, 0x6}, {0xa, 0x8}}, [@TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xa, 0x9, 0x3, 0x2, 0x2, 0x2, 0x3}}, {0xa, 0x2, [0x100, 0x0, 0xfff8]}}, {{0x1c, 0x1, {0x3, 0x1, 0x100, 0x100, 0x2, 0x9, 0xffffffff, 0x6}}, {0x10, 0x2, [0xd, 0xb, 0x0, 0x0, 0x7, 0xa]}}, {{0x1c, 0x1, {0x2, 0xe3, 0x2, 0x5dc6c6a, 0x0, 0x7, 0x9, 0x24}}, {0x16, 0x2, [0xfffe, 0x6, 0x1790, 0x31c5, 0x5, 0xfff7, 0x3, 0x1, 0x2]}}]}, @TCA_STAB={0x8c, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x5, 0xc, 0x0, 0x2, 0x40, 0xad, 0x5}}, {0xe, 0x2, [0x9, 0x2, 0x953, 0x3, 0x1000]}}, {{0x1c, 0x1, {0x9, 0x9, 0x38f, 0x6, 0x2, 0x7, 0x1, 0x5}}, {0xe, 0x2, [0x0, 0x3, 0x1cd, 0x3, 0x5]}}, {{0x1c, 0x1, {0xd, 0x6, 0xf, 0x401, 0x0, 0xa, 0xed9, 0x7}}, {0x12, 0x2, [0x0, 0xc000, 0x7d, 0xe, 0xc62a, 0x0, 0x51]}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x44004}, 0x0)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
socket$nl_route(0x10, 0x3, 0x0)

199.899284ms ago: executing program 0 (id=2812):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r1, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}], 0x1)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newsa={0x1a0, 0x10, 0x1, 0x0, 0x0, {{@in6=@remote, @in6=@loopback}, {@in, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xaf}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @replay_esn_val={0x1c}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}, 0x0, 0x8}}]}, 0x1a0}}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000300)={0x700, 0x1, &(0x7f0000000340)=[r4], &(0x7f00000000c0)=[0x2], &(0x7f0000000400), 0x0, 0x0, 0xfffffffffffffffe})
ioctl$SG_IO(r1, 0x2285, &(0x7f0000001d00)={0x53, 0xfffffffffffffffe, 0x0, 0xf1, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x10024, 0x1, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x138, 0x30, 0x1, 0x0, 0x0, {}, [{0x124, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x2, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_tunnel_key={0xdc, 0x3ffe, 0x0, 0x0, {{0xf}, {0xc, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e21}]}, {0xa4, 0x6, "156308caa50f6d80e9750c098a8d2f0ec905fa574f325030d9f3fdacea217321df688e13b27bb8bb98fdb7f3ab291b546a4d3ee6af769d10ee279ec2763269cc663a6a2eea6aa265445251cfe43d66546584ebc636467779fd5367f6fc0a6958bcdbeb8a6564cf1dc8217ef34f8ba12ee0c7a5d289637d77c7649f11bc25526ca67c0e44da0a0a6a650b482fce3004aca15e10c91ee3c1d9128e4878717442f1"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r5, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r5, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r6, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000001480)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d55906000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9ccd5788029901e5a79d8b9990ace8f74087f25ad50c4608800"/684], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40040)
r7 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
connect$x25(r7, &(0x7f0000000040), 0x12)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0)

187.970413ms ago: executing program 2 (id=2813):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000e00000056566b9cbb88c2ee9500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000080), 0x400, &(0x7f0000000a40)=ANY=[@ANYRESDEC=r0, @ANYRES16])
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fanotify_init(0x4c, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f0000000280))
shutdown(0xffffffffffffffff, 0x1)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)
socket$inet6(0xa, 0x5, 0x6)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0xffffffffffffffff)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)

0s ago: executing program 0 (id=2814):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, 0x0, 0x0)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r0)
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000001040)={0x3, {{0x2, 0x0, @multicast1}}}, 0x88)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000000)=""/4091, &(0x7f0000001000)=0xffb)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0xff97, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="88000000000101040000000000000000020000002c00018014000180080001007f00000108000200e00000020c000280050001000000000006000340000300002400028014000180080001000000000008000200ac1414bb0c000280050001000000000008000740000000001c000f8008000140000000000800034000000000080002"], 0x88}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00', <r4=>0x0})
r5 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100, 0x3, 0x38a}, &(0x7f0000002000)=<r6=>0x0, &(0x7f0000000440)=<r7=>0x0)
r8 = openat$6lowpan_control(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r8, 0xfffffffffffffffd, 0x0, 0x0, 0x22})
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
bind$can_raw(r10, &(0x7f00000005c0), 0x10)
read(r10, &(0x7f00000027c0)=""/4073, 0xfe9)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r10, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
ioctl$USBDEVFS_CONTROL(r9, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x302, 0xe1, 0x0, 0xff, 0x0})
io_uring_enter(r5, 0x448e1, 0xf2bb, 0xa, 0x0, 0x0)
r11 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r0)
readv(r1, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/131, 0x83}, {&(0x7f0000000280)=""/59, 0x3b}], 0x2)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="20000000000801030000000000000000050000050900020000007a3100000000"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000)
r12 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_LBT_MODE(r12, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES16=r11, @ANYRESOCT=r0, @ANYRES8=r1], 0x20}, 0x1, 0x0, 0x0, 0x20004010}, 0x20004004)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x34, r2, 0x407, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r4}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4)

kernel console output (not intermixed with test programs):

237][  T839] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  789.565224][T17605] netlink: 256 bytes leftover after parsing attributes in process `syz.2.2551'.
[  789.730688][T17592] random: crng reseeded on system resumption
[  790.188518][T17614] s
z1: rxe_newlink: already configured on lo
[  790.195089][  T839] usb 5-1: USB disconnect, device number 29
[  790.234443][T17617] rdma_rxe: rxe_newlink: failed to add lo
[  790.472535][T16703] usb 8-1: new high-speed USB device number 42 using dummy_hcd
[  790.508175][T17623] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2554'.
[  790.512171][T17623] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  790.522576][   T24] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  790.624383][T16703] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  790.629129][T16703] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  790.633398][T16703] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  790.637036][T16703] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.644142][T17614] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  790.650337][T16703] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  790.683807][   T24] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  790.687241][   T24] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  790.690273][   T24] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  790.693320][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.703918][T17617] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  790.708176][   T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  790.877974][T17627] netlink: 'syz.0.2555': attribute type 2 has an invalid length.
[  791.626461][T17632] openvswitch: netlink: VXLAN extension 149 out of range max 1
[  791.687302][T17634] vlan0: entered allmulticast mode
[  791.918298][T17640] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  792.807911][ T5946] usb 8-1: USB disconnect, device number 42
[  792.814649][   T29] usb 6-1: USB disconnect, device number 32
[  792.830258][T17649] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2564'.
[  792.842540][T17649] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  792.964119][T17657] overlay: Bad value for 'workdir'
[  793.110236][T17657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2566'.
[  793.123381][T17665] lo: entered allmulticast mode
[  793.157164][T17667] overlay: Bad value for 'workdir'
[  793.225870][T17663] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2568'.
[  793.299561][T17675] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2570'.
[  793.449588][T17659] lo: left allmulticast mode
[  793.768381][T17684] Unknown options in mask 7
[  793.811628][T17686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2574'.
[  793.990536][T17691] s
z1: rxe_newlink: already configured on lo
[  794.292537][ T5946] usb 8-1: new high-speed USB device number 43 using dummy_hcd
[  794.514946][T17697] openvswitch: netlink: VXLAN extension 149 out of range max 1
[  794.564971][ T5946] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  794.569554][ T5946] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  794.573796][ T5946] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  794.576803][ T5946] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  794.581697][T17694] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  794.588138][ T5946] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  794.852591][   T34] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  794.859287][T17707] netlink: 'syz.2.2579': attribute type 2 has an invalid length.
[  795.004835][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.009211][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  795.013042][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.019112][   T34] usb 5-1: config 0 descriptor??
[  795.231041][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  795.233661][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  795.238637][   T34] usb 5-1: USB disconnect, device number 30
[  795.682507][  T839] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  795.832514][  T839] usb 5-1: Using ep0 maxpacket: 32
[  795.845049][  T839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  795.848934][  T839] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  795.862531][  T839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.872827][  T839] usb 5-1: config 0 descriptor??
[  795.877430][  T839] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  795.885205][  T839] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  796.478020][T17728] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2581'.
[  796.497204][T17728] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  796.815312][ T5946] usb 8-1: USB disconnect, device number 43
[  797.408605][   T40] kauditd_printk_skb: 50 callbacks suppressed
[  797.408617][   T40] audit: type=1326 audit(1749265839.234:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.419122][   T40] audit: type=1326 audit(1749265839.234:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.426179][   T40] audit: type=1326 audit(1749265839.234:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.433175][   T40] audit: type=1326 audit(1749265839.234:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.442174][   T40] audit: type=1326 audit(1749265839.234:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.452973][   T40] audit: type=1326 audit(1749265839.234:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.460001][   T40] audit: type=1326 audit(1749265839.244:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.467122][   T40] audit: type=1326 audit(1749265839.244:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.474198][   T40] audit: type=1326 audit(1749265839.264:3447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.481347][   T40] audit: type=1326 audit(1749265839.264:3448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17744 comm="syz.3.2586" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  797.643683][   T24] usb 5-1: USB disconnect, device number 31
[  797.649086][   T24] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  797.891091][T17760] batman_adv: batadv0: Adding interface: ip6gretap1
[  797.894369][T17760] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  797.903827][T17760] batman_adv: batadv0: Interface activated: ip6gretap1
[  798.374379][T17759] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[  798.376489][T17759] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  798.381378][T17759] vhci_hcd vhci_hcd.0: Device attached
[  798.418095][T17772] vhci_hcd: connection closed
[  798.434713][ T1144] vhci_hcd: stop threads
[  798.442353][ T1144] vhci_hcd: release socket
[  798.444295][ T1144] vhci_hcd: disconnect device
[  799.245515][T17785] fuse: Bad value for 'group_id'
[  799.247166][T17785] fuse: Bad value for 'group_id'
[  799.556462][T17795] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2601'.
[  799.559324][T17795] FAULT_INJECTION: forcing a failure.
[  799.559324][T17795] name failslab, interval 1, probability 0, space 0, times 0
[  799.563566][T17795] CPU: 2 UID: 0 PID: 17795 Comm: syz.3.2601 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) 
[  799.563581][T17795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  799.563588][T17795] Call Trace:
[  799.563591][T17795]  <TASK>
[  799.563595][T17795]  dump_stack_lvl+0x16c/0x1f0
[  799.563618][T17795]  should_fail_ex+0x512/0x640
[  799.563637][T17795]  should_failslab+0xc2/0x120
[  799.563650][T17795]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  799.563667][T17795]  ? skb_clone+0x190/0x3f0
[  799.563681][T17795]  skb_clone+0x190/0x3f0
[  799.563692][T17795]  netlink_deliver_tap+0xabd/0xd30
[  799.563707][T17795]  netlink_unicast+0x6b2/0x7f0
[  799.563722][T17795]  ? __pfx_netlink_unicast+0x10/0x10
[  799.563734][T17795]  ? genl_rcv_msg+0x4bb/0x800
[  799.563752][T17795]  netlink_ack+0x696/0xb80
[  799.563769][T17795]  netlink_rcv_skb+0x332/0x420
[  799.563782][T17795]  ? __pfx_genl_rcv_msg+0x10/0x10
[  799.563797][T17795]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  799.563816][T17795]  ? netlink_deliver_tap+0x1ae/0xd30
[  799.563831][T17795]  genl_rcv+0x28/0x40
[  799.563843][T17795]  netlink_unicast+0x53a/0x7f0
[  799.563858][T17795]  ? __pfx_netlink_unicast+0x10/0x10
[  799.563875][T17795]  netlink_sendmsg+0x8d1/0xdd0
[  799.563890][T17795]  ? __pfx_netlink_sendmsg+0x10/0x10
[  799.563904][T17795]  ? __import_iovec+0x1dd/0x650
[  799.563918][T17795]  ____sys_sendmsg+0xa98/0xc70
[  799.563934][T17795]  ? __pfx_____sys_sendmsg+0x10/0x10
[  799.563947][T17795]  ? get_compat_msghdr+0x11a/0x170
[  799.563965][T17795]  ___sys_sendmsg+0x134/0x1d0
[  799.563977][T17795]  ? __pfx____sys_sendmsg+0x10/0x10
[  799.563994][T17795]  ? find_held_lock+0x2b/0x80
[  799.564015][T17795]  __sys_sendmsg+0x16d/0x220
[  799.564025][T17795]  ? __pfx___sys_sendmsg+0x10/0x10
[  799.564042][T17795]  ? rcu_is_watching+0x12/0xc0
[  799.564055][T17795]  __do_fast_syscall_32+0x7c/0x3a0
[  799.564068][T17795]  do_fast_syscall_32+0x32/0x80
[  799.564078][T17795]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  799.564093][T17795] RIP: 0023:0xf7f06579
[  799.564102][T17795] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  799.564113][T17795] RSP: 002b:00000000f502655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  799.564123][T17795] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300
[  799.564130][T17795] RDX: 0000000000008810 RSI: 0000000000000000 RDI: 0000000000000000
[  799.564136][T17795] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  799.564141][T17795] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  799.564148][T17795] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  799.564161][T17795]  </TASK>
[  800.001980][   T29] libceph: connect (1)[c::]:6789 error -101
[  800.008557][   T29] libceph: mon0 (1)[c::]:6789 connect error
[  800.050809][T17802] ceph: No mds server is up or the cluster is laggy
[  800.637779][   T60] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.781703][T17821] input: syz1 as /devices/virtual/input/input124
[  800.786355][   T60] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.811641][T17821] netlink: 340 bytes leftover after parsing attributes in process `syz.3.2610'.
[  800.825737][T17821] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2610'.
[  800.885060][   T60] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.927077][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  800.935006][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  800.948171][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  800.959617][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  800.970152][   T60] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  800.975161][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  801.020678][T17826] lo speed is unknown, defaulting to 1000
[  801.088381][T17834] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2611'.
[  801.165139][   T60] bridge_slave_1: left allmulticast mode
[  801.167367][   T60] bridge_slave_1: left promiscuous mode
[  801.171554][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.182381][   T60] bridge_slave_0: left allmulticast mode
[  801.188075][   T60] bridge_slave_0: left promiscuous mode
[  801.192045][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  801.202482][   T60] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  801.320568][   T60] batman_adv: batadv0: Removing interface: ip6gretap1
[  801.555993][T17852] netlink: 'syz.2.2612': attribute type 2 has an invalid length.
[  801.591394][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  801.597308][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  801.602378][   T60] bond0 (unregistering): Released all slaves
[  801.634930][T17847] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  801.817288][T17826] chnl_net:caif_netlink_parms(): no params data found
[  801.922560][   T24] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  802.084866][   T24] usb 5-1: config index 0 descriptor too short (expected 12384, got 96)
[  802.087731][   T24] usb 5-1: config 55 has too many interfaces: 49, using maximum allowed: 32
[  802.090514][   T24] usb 5-1: config 55 has an invalid descriptor of length 0, skipping remainder of the config
[  802.095275][   T24] usb 5-1: config 55 has 0 interfaces, different from the descriptor's value: 49
[  802.099428][   T24] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  802.102323][   T24] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  802.105815][   T24] usb 5-1: Product: syz
[  802.107946][   T24] usb 5-1: Manufacturer: syz
[  802.146394][T17826] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.148703][T17826] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.151239][T17826] bridge_slave_0: entered allmulticast mode
[  802.158844][T17826] bridge_slave_0: entered promiscuous mode
[  802.168297][   T60] hsr_slave_0: left promiscuous mode
[  802.171551][   T60] hsr_slave_1: left promiscuous mode
[  802.175282][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  802.178488][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  802.182307][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  802.186677][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  802.210958][   T60] veth1_macvtap: left allmulticast mode
[  802.213181][   T60] veth1_macvtap: left promiscuous mode
[  802.214940][   T60] veth0_macvtap: left promiscuous mode
[  802.997348][ T6027] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  803.011656][ T6027] hid-generic 0000:0000:0000.0003: hidraw1: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  803.018611][   T60] team0 (unregistering): Port device team_slave_1 removed
[  803.036374][ T5951] Bluetooth: hci2: command tx timeout
[  803.141647][   T60] team0 (unregistering): Port device team_slave_0 removed
[  803.771162][T17826] bridge0: port 2(bridge_slave_1) entered blocking state
[  803.773537][T17826] bridge0: port 2(bridge_slave_1) entered disabled state
[  803.775803][T17826] bridge_slave_1: entered allmulticast mode
[  803.778687][T17826] bridge_slave_1: entered promiscuous mode
[  803.834577][T17826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  803.839195][T17826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  803.884688][T17826] team0: Port device team_slave_0 added
[  803.889698][T17826] team0: Port device team_slave_1 added
[  803.922478][ T5995] usb 8-1: new high-speed USB device number 44 using dummy_hcd
[  803.938837][T17826] batman_adv: batadv0: Adding interface: batadv_slave_0
[  803.941065][T17826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  803.949613][T17826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  803.954908][T17826] batman_adv: batadv0: Adding interface: batadv_slave_1
[  803.957091][T17826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  803.965211][T17826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  804.019064][T17826] hsr_slave_0: entered promiscuous mode
[  804.021276][T17826] hsr_slave_1: entered promiscuous mode
[  804.074186][ T5995] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  804.078456][ T5995] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  804.086915][ T5995] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  804.090518][ T5995] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  804.098835][ T5995] usb 8-1: config 0 descriptor??
[  804.103220][ T5995] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  804.308648][ T5946] usb 8-1: USB disconnect, device number 44
[  804.728719][   T24] usb 5-1: USB disconnect, device number 32
[  804.773635][T17934] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  804.792479][ T5946] usb 8-1: new high-speed USB device number 45 using dummy_hcd
[  804.793603][T17826] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  804.813385][T17826] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  804.825229][T17826] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  804.835777][T17826] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  804.934160][T17826] 8021q: adding VLAN 0 to HW filter on device bond0
[  804.955529][T17826] 8021q: adding VLAN 0 to HW filter on device team0
[  804.961344][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[  804.963715][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  804.977661][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  804.979980][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.005633][T17826] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  805.008881][T17826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  805.022818][ T5946] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  805.026048][ T5946] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  805.030098][ T5946] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  805.034746][ T5946] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  805.040993][ T5946] usb 8-1: config 0 descriptor??
[  805.062966][T17952] rdma_rxe: rxe_newlink: failed to add lo
[  805.071901][ T5946] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  805.114017][ T5951] Bluetooth: hci2: command tx timeout
[  805.294351][T17826] 8021q: adding VLAN 0 to HW filter on device batadv0
[  805.327033][T17826] veth0_vlan: entered promiscuous mode
[  805.338179][T17826] veth1_vlan: entered promiscuous mode
[  805.344574][T17896] random: crng reseeded on system resumption
[  805.360453][T17826] veth0_macvtap: entered promiscuous mode
[  805.365502][T17826] veth1_macvtap: entered promiscuous mode
[  805.376106][T17826] batman_adv: batadv0: Interface activated: batadv_slave_0
[  805.382540][T17826] batman_adv: batadv0: Interface activated: batadv_slave_1
[  805.386776][T17826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  805.389645][T17826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  805.393042][T17826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  805.395756][T17826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  805.448726][T17967] FAULT_INJECTION: forcing a failure.
[  805.448726][T17967] name failslab, interval 1, probability 0, space 0, times 0
[  805.464342][T17967] CPU: 1 UID: 0 PID: 17967 Comm: syz.2.2629 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) 
[  805.464358][T17967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  805.464365][T17967] Call Trace:
[  805.464369][T17967]  <TASK>
[  805.464373][T17967]  dump_stack_lvl+0x16c/0x1f0
[  805.464396][T17967]  should_fail_ex+0x512/0x640
[  805.464413][T17967]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  805.464446][T17967]  should_failslab+0xc2/0x120
[  805.464459][T17967]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  805.464476][T17967]  ? process_measurement+0x4a6/0x23e0
[  805.464493][T17967]  ? __d_alloc+0x31/0xaa0
[  805.464505][T17967]  __d_alloc+0x31/0xaa0
[  805.464516][T17967]  d_alloc+0x4a/0x1e0
[  805.464526][T17967]  d_alloc_parallel+0xe3/0x12e0
[  805.464542][T17967]  ? look_up_lock_class+0x59/0x150
[  805.464560][T17967]  ? register_lock_class+0x41/0x4c0
[  805.464576][T17967]  ? __pfx_d_alloc_parallel+0x10/0x10
[  805.464590][T17967]  ? lockdep_init_map_type+0x5c/0x280
[  805.464605][T17967]  ? lockdep_init_map_type+0x5c/0x280
[  805.464623][T17967]  __lookup_slow+0x193/0x460
[  805.464638][T17967]  ? __pfx___lookup_slow+0x10/0x10
[  805.464663][T17967]  ? lookup_fast+0x156/0x610
[  805.464679][T17967]  walk_component+0x353/0x5b0
[  805.464695][T17967]  path_lookupat+0x142/0x6d0
[  805.464712][T17967]  filename_lookup+0x224/0x5f0
[  805.464729][T17967]  ? __pfx_filename_lookup+0x10/0x10
[  805.464761][T17967]  vfs_statx+0x101/0x3e0
[  805.464774][T17967]  ? __pfx_vfs_statx+0x10/0x10
[  805.464789][T17967]  do_statx+0xef/0x170
[  805.464802][T17967]  ? __pfx_do_statx+0x10/0x10
[  805.464824][T17967]  ? getname_flags.part.0+0x1c5/0x550
[  805.464836][T17967]  ? ksys_write+0x1ac/0x250
[  805.464854][T17967]  __ia32_sys_statx+0x140/0x1f0
[  805.464869][T17967]  __do_fast_syscall_32+0x7c/0x3a0
[  805.464882][T17967]  do_fast_syscall_32+0x32/0x80
[  805.464892][T17967]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  805.464907][T17967] RIP: 0023:0xf704e579
[  805.464916][T17967] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  805.464926][T17967] RSP: 002b:00000000f503e55c EFLAGS: 00000296 ORIG_RAX: 000000000000017f
[  805.464937][T17967] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000cc0
[  805.464943][T17967] RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000000
[  805.464949][T17967] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  805.464955][T17967] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  805.464961][T17967] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  805.464974][T17967]  </TASK>
[  805.466089][ T6495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.470152][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.474597][ T6495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  805.478868][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  805.525450][T17967] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  805.529704][ T5946] usb 8-1: USB disconnect, device number 45
[  805.533633][T17967] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  805.535406][T17967] vhci_hcd vhci_hcd.0: Device attached
[  805.575907][T17975] vhci_hcd: connection closed
[  805.586936][   T13] vhci_hcd: stop threads
[  805.590130][   T13] vhci_hcd: release socket
[  805.591545][   T13] vhci_hcd: disconnect device
[  805.885021][T17997] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  805.887680][T17997] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  805.890870][T17997] vhci_hcd vhci_hcd.0: Device attached
[  805.924262][T18005] vhci_hcd: connection closed
[  805.924480][   T60] vhci_hcd: stop threads
[  805.927457][   T60] vhci_hcd: release socket
[  805.928864][   T60] vhci_hcd: disconnect device
[  806.004672][T18014] batman_adv: batadv0: Removing interface: team0
[  806.010686][T18014] bridge_slave_0: left allmulticast mode
[  806.016626][T18014] bridge_slave_0: left promiscuous mode
[  806.019644][T18014] bridge0: port 1(bridge_slave_0) entered disabled state
[  806.025258][T18014] bridge_slave_1: left allmulticast mode
[  806.027625][T18014] bridge_slave_1: left promiscuous mode
[  806.030129][T18014] bridge0: port 2(bridge_slave_1) entered disabled state
[  806.045529][T18014] bond0: (slave bond_slave_0): Releasing backup interface
[  806.049517][T18014] bond_slave_0: left allmulticast mode
[  806.058833][T18014] bond0: (slave bond_slave_1): Releasing backup interface
[  806.072870][T18014] bond_slave_1: left allmulticast mode
[  806.094800][T18014] team0: Port device team_slave_0 removed
[  806.106852][T18014] team0: Port device team_slave_1 removed
[  806.109877][T18014] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  806.113531][T18014] batman_adv: batadv0: Removing interface: batadv_slave_0
[  806.117767][T18014] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  806.120746][T18014] batman_adv: batadv0: Removing interface: batadv_slave_1
[  806.185545][T18014] vlan0: entered allmulticast mode
[  806.188641][T18014] bridge0: port 1(vlan0) entered blocking state
[  806.191404][T18014] bridge0: port 1(vlan0) entered disabled state
[  806.196081][T18014] vlan0: entered promiscuous mode
[  806.198259][T18014] bond0: entered promiscuous mode
[  806.342582][T16703] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  806.494339][T16703] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  806.497840][T16703] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  806.501870][T16703] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  806.506809][T16703] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.513903][T16703] usb 8-1: config 0 descriptor??
[  806.520474][T16703] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  806.722957][ T5946] usb 8-1: USB disconnect, device number 46
[  807.286431][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  807.339763][ T5946] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  807.469236][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  807.477732][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  807.484374][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  807.490337][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  807.495160][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  807.502524][ T5946] usb 8-1: Using ep0 maxpacket: 32
[  807.506944][ T5946] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  807.511076][ T5946] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  807.516648][ T5946] usb 8-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40
[  807.520341][ T5946] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.527048][T18023] lo speed is unknown, defaulting to 1000
[  807.528543][ T5946] usb 8-1: config 0 descriptor??
[  807.542269][ T5946] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  807.767990][T18023] chnl_net:caif_netlink_parms(): no params data found
[  807.839621][T18017] random: crng reseeded on system resumption
[  807.863481][T18023] bridge0: port 1(bridge_slave_0) entered blocking state
[  807.866658][T18023] bridge0: port 1(bridge_slave_0) entered disabled state
[  807.869703][T18023] bridge_slave_0: entered allmulticast mode
[  807.874125][T18023] bridge_slave_0: entered promiscuous mode
[  807.878713][T18023] bridge0: port 2(bridge_slave_1) entered blocking state
[  807.881064][T18023] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.884674][T18023] bridge_slave_1: entered allmulticast mode
[  807.888575][T18023] bridge_slave_1: entered promiscuous mode
[  807.947795][T18023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  807.953525][T18023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  808.000813][   T34] usb 8-1: USB disconnect, device number 47
[  808.016827][T18023] team0: Port device team_slave_0 added
[  808.020570][T18023] team0: Port device team_slave_1 added
[  808.064867][T18023] batman_adv: batadv0: Adding interface: batadv_slave_0
[  808.067187][T18023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  808.073816][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  808.076986][T18023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  808.078032][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  808.081914][T18023] batman_adv: batadv0: Adding interface: batadv_slave_1
[  808.085806][T18023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  808.095806][T18023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  808.144394][T18023] hsr_slave_0: entered promiscuous mode
[  808.146652][T18023] hsr_slave_1: entered promiscuous mode
[  808.148768][T18023] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  808.151108][T18023] Cannot create hsr debugfs directory
[  808.549106][T18039] 9pnet_fd: Insufficient options for proto=fd
[  808.758161][T18045] netlink: 'syz.3.2640': attribute type 2 has an invalid length.
[  809.092010][   T40] kauditd_printk_skb: 20 callbacks suppressed
[  809.092029][   T40] audit: type=1326 audit(1749265850.914:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.103631][   T40] audit: type=1326 audit(1749265850.914:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.105066][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.112535][   T40] audit: type=1326 audit(1749265850.924:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.124965][   T40] audit: type=1326 audit(1749265850.934:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.134502][   T40] audit: type=1326 audit(1749265850.934:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.140916][   T40] audit: type=1326 audit(1749265850.934:3474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.147580][   T40] audit: type=1326 audit(1749265850.944:3475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.154573][   T40] audit: type=1326 audit(1749265850.954:3476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18051 comm="syz.0.2643" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  809.161191][   T40] audit: type=1326 audit(1749265850.964:3477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18053 comm="syz.2.2644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  809.167774][   T40] audit: type=1326 audit(1749265850.964:3478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18053 comm="syz.2.2644" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  809.528961][ T5951] Bluetooth: hci2: command tx timeout
[  809.537099][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.621968][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.726918][   T34] lo speed is unknown, defaulting to 1000
[  809.730236][   T34] s
z1: Port: 1 Link DOWN
[  809.751555][   T34] lo speed is unknown, defaulting to 1000
[  809.755686][   T13] bridge_slave_1: left allmulticast mode
[  809.758111][   T13] bridge_slave_1: left promiscuous mode
[  809.760591][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  809.775568][   T13] bridge_slave_0: left allmulticast mode
[  809.781204][   T13] bridge_slave_0: left promiscuous mode
[  809.787416][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.088151][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  810.093487][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  810.097312][   T13] bond0 (unregistering): Released all slaves
[  810.162715][T17315] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  810.340772][T17315] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  810.346577][T17315] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  810.350476][T17315] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  810.358322][T17315] usb 7-1: config 0 descriptor??
[  810.606777][T17315] usbhid 7-1:0.0: can't add hid device: -71
[  810.608752][T17315] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  810.720290][T17315] usb 7-1: USB disconnect, device number 22
[  811.096660][T18083] batman_adv: batadv0: Adding interface: ip6gretap1
[  811.106467][T18083] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.116504][T18083] batman_adv: batadv0: Interface activated: ip6gretap1
[  811.158760][   T13] hsr_slave_0: left promiscuous mode
[  811.169575][   T13] hsr_slave_1: left promiscuous mode
[  811.191278][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  811.200413][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  811.221123][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  811.231166][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  811.303156][   T13] veth1_macvtap: left promiscuous mode
[  811.305646][   T13] veth0_macvtap: left promiscuous mode
[  811.308087][   T13] veth1_vlan: left promiscuous mode
[  811.310376][   T13] veth0_vlan: left promiscuous mode
[  811.402523][T17315] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  811.555412][T17315] usb 7-1: Using ep0 maxpacket: 32
[  811.560336][T18091] hub 6-0:1.0: USB hub found
[  811.570199][T18091] hub 6-0:1.0: 1 port detected
[  811.572203][T17315] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  811.582010][T17315] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  811.586380][T17315] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.593542][ T5951] Bluetooth: hci2: command tx timeout
[  811.594325][T17315] usb 7-1: config 0 descriptor??
[  811.615441][T17315] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  811.674821][T17315] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  812.506870][   T13] team0 (unregistering): Port device team_slave_1 removed
[  812.653805][   T13] team0 (unregistering): Port device team_slave_0 removed
[  812.816159][T18107] netlink: 'syz.0.2653': attribute type 2 has an invalid length.
[  813.228945][T18023] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  813.236178][T18023] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  813.244138][T18023] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  813.248739][T18023] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  813.297758][T18023] 8021q: adding VLAN 0 to HW filter on device bond0
[  813.307910][T18023] 8021q: adding VLAN 0 to HW filter on device team0
[  813.314301][T13502] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.316789][T13502] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.327896][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.330176][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.451266][T18127] bridge_slave_0: left allmulticast mode
[  813.455615][T18127] bridge_slave_0: left promiscuous mode
[  813.459498][T18127] bridge0: port 1(bridge_slave_0) entered disabled state
[  813.465717][T18127] bridge_slave_1: left allmulticast mode
[  813.467647][T18127] bridge_slave_1: left promiscuous mode
[  813.469609][T18127] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.476055][T18127] bond0: (slave bond_slave_0): Releasing backup interface
[  813.480195][T18127] bond0: (slave bond_slave_1): Releasing backup interface
[  813.494216][T18127] team0: Port device team_slave_0 removed
[  813.499687][T18127] team0: Port device team_slave_1 removed
[  813.501898][T18127] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  813.505570][T18127] batman_adv: batadv0: Removing interface: batadv_slave_0
[  813.508667][T18127] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  813.511001][T18127] batman_adv: batadv0: Removing interface: batadv_slave_1
[  813.521311][T18127] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  813.525044][T18127] batman_adv: batadv0: Removing interface: ip6gretap1
[  813.555813][T18023] 8021q: adding VLAN 0 to HW filter on device batadv0
[  813.629761][T18023] veth0_vlan: entered promiscuous mode
[  813.637129][T18023] veth1_vlan: entered promiscuous mode
[  813.653690][T18023] veth0_macvtap: entered promiscuous mode
[  813.657554][T18023] veth1_macvtap: entered promiscuous mode
[  813.666216][T18023] batman_adv: batadv0: Interface activated: batadv_slave_0
[  813.674161][T18023] batman_adv: batadv0: Interface activated: batadv_slave_1
[  813.676902][ T5951] Bluetooth: hci2: command tx timeout
[  813.680538][T18023] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  813.683685][T18023] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  813.686651][T18023] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  813.690337][T18023] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  813.730256][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  813.739278][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  813.778330][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  813.782706][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  814.238762][   T24] usb 7-1: USB disconnect, device number 23
[  814.284865][   T24] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  815.430218][T18150] lo speed is unknown, defaulting to 1000
[  815.762499][T18162] rdma_rxe: rxe_newlink: failed to add lo
[  816.486212][T18172] vlan0: left promiscuous mode
[  816.487784][T18172] bond0: left promiscuous mode
[  816.489477][T18172] bridge0: port 1(vlan0) entered disabled state
[  816.651441][T13502] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  816.916977][T18178] kvm: kvm [18177]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0x4000007c) = 0x0
[  816.920964][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  816.925645][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  816.928587][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  816.933783][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  816.936400][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  816.966626][T18179] lo speed is unknown, defaulting to 1000
[  817.053606][   T34] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  817.149885][T18179] chnl_net:caif_netlink_parms(): no params data found
[  817.223655][   T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  817.223724][T18179] bridge0: port 1(bridge_slave_0) entered blocking state
[  817.226922][   T34] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  817.229124][T18179] bridge0: port 1(bridge_slave_0) entered disabled state
[  817.234135][   T34] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  817.235464][T18179] bridge_slave_0: entered allmulticast mode
[  817.238648][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.240806][T18179] bridge_slave_0: entered promiscuous mode
[  817.245727][T18179] bridge0: port 2(bridge_slave_1) entered blocking state
[  817.245870][T18179] bridge0: port 2(bridge_slave_1) entered disabled state
[  817.246970][   T34] usb 8-1: config 0 descriptor??
[  817.248810][   T34] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  817.250463][T18179] bridge_slave_1: entered allmulticast mode
[  817.258708][T18179] bridge_slave_1: entered promiscuous mode
[  817.295954][T18179] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  817.302164][T18179] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  817.365809][T18179] team0: Port device team_slave_0 added
[  817.369776][T18179] team0: Port device team_slave_1 added
[  817.399981][T18179] batman_adv: batadv0: Adding interface: batadv_slave_0
[  817.402147][T18179] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  817.411197][T18179] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  817.416997][T18179] batman_adv: batadv0: Adding interface: batadv_slave_1
[  817.419154][T18179] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  817.427516][T18179] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  817.458685][T17312] usb 8-1: USB disconnect, device number 48
[  817.479102][T18179] hsr_slave_0: entered promiscuous mode
[  817.481217][T18179] hsr_slave_1: entered promiscuous mode
[  817.539694][   T40] kauditd_printk_skb: 58 callbacks suppressed
[  817.539803][   T40] audit: type=1326 audit(1749265859.364:3537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.552777][   T40] audit: type=1326 audit(1749265859.364:3538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.560113][   T40] audit: type=1326 audit(1749265859.374:3539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.571860][   T40] audit: type=1326 audit(1749265859.374:3540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.578740][   T40] audit: type=1326 audit(1749265859.374:3541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.588853][   T40] audit: type=1326 audit(1749265859.374:3542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.600129][   T40] audit: type=1326 audit(1749265859.374:3543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.615009][   T40] audit: type=1326 audit(1749265859.384:3544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.622042][   T40] audit: type=1326 audit(1749265859.384:3545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.630906][   T40] audit: type=1326 audit(1749265859.384:3546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.0.2669" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000
[  817.912572][   T24] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[  818.082564][   T24] usb 8-1: Using ep0 maxpacket: 32
[  818.085892][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  818.089080][   T24] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  818.093668][   T24] usb 8-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40
[  818.096399][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.102197][   T24] usb 8-1: config 0 descriptor??
[  818.107757][   T24] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  818.189515][T13502] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.348879][T13502] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.424391][T18176] random: crng reseeded on system resumption
[  818.436575][T13502] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.542525][   T29] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  818.547843][T13502] bridge_slave_1: left allmulticast mode
[  818.549716][T13502] bridge_slave_1: left promiscuous mode
[  818.551566][T13502] bridge0: port 2(bridge_slave_1) entered disabled state
[  818.568122][T13502] bridge_slave_0: left allmulticast mode
[  818.570697][T13502] bridge_slave_0: left promiscuous mode
[  818.573745][T13502] bridge0: port 1(bridge_slave_0) entered disabled state
[  818.697667][   T29] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  818.709128][   T29] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  818.719628][   T29] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  818.722660][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  818.735560][   T29] usb 5-1: config 0 descriptor??
[  818.751852][   T29] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  818.929723][T13502] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  818.954130][ T5951] Bluetooth: hci2: command tx timeout
[  818.955532][T14453] usb 5-1: USB disconnect, device number 33
[  818.981000][T13502] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  819.014926][T13502] bond0 (unregistering): Released all slaves
[  819.139173][T14453] usb 8-1: USB disconnect, device number 49
[  819.324528][T18214] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  819.326614][T18214] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  819.329080][T18214] vhci_hcd vhci_hcd.0: Device attached
[  819.346613][T18219] vhci_hcd: connection closed
[  819.346974][ T6495] vhci_hcd: stop threads
[  819.350674][ T6495] vhci_hcd: release socket
[  819.352742][ T6495] vhci_hcd: disconnect device
[  819.402583][   T53] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  819.491765][T13502] hsr_slave_0: left promiscuous mode
[  819.495671][T13502] hsr_slave_1: left promiscuous mode
[  819.498769][T13502] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  819.501641][T13502] batman_adv: batadv0: Removing interface: batadv_slave_0
[  819.506581][T13502] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  819.509379][T13502] batman_adv: batadv0: Removing interface: batadv_slave_1
[  819.538736][T13502] veth1_macvtap: left promiscuous mode
[  819.540914][T13502] veth0_macvtap: left promiscuous mode
[  819.543479][T13502] veth1_vlan: left promiscuous mode
[  819.545563][T13502] veth0_vlan: left promiscuous mode
[  819.552482][   T53] usb 5-1: Using ep0 maxpacket: 32
[  819.555391][   T53] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  819.558340][   T53] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  819.572559][   T53] usb 5-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40
[  819.575356][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  819.578923][   T53] usb 5-1: config 0 descriptor??
[  819.583104][   T53] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  819.952529][ T6062] usb 8-1: new high-speed USB device number 50 using dummy_hcd
[  819.958323][T18242] random: crng reseeded on system resumption
[  820.100011][ T6062] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  820.104634][ T6062] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  820.109015][ T6062] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.144211][ T6062] usb 8-1: config 0 descriptor??
[  820.351067][T13502] team0 (unregistering): Port device team_slave_1 removed
[  820.357637][ T6062] usbhid 8-1:0.0: can't add hid device: -71
[  820.359585][ T6062] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  820.368198][ T6062] usb 8-1: USB disconnect, device number 50
[  820.585493][T13502] team0 (unregistering): Port device team_slave_0 removed
[  820.812477][ T6027] usb 8-1: new high-speed USB device number 51 using dummy_hcd
[  820.962449][ T6027] usb 8-1: Using ep0 maxpacket: 32
[  820.968516][ T6027] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  820.982566][ T6027] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  820.985409][ T6027] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  820.988982][ T6027] usb 8-1: config 0 descriptor??
[  821.003809][ T6027] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  821.008569][ T6027] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  821.032475][ T5951] Bluetooth: hci2: command tx timeout
[  821.995229][T18179] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  822.039251][T18179] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  822.044120][T18179] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  822.062153][T18179] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  822.120116][T18179] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.130823][T18179] 8021q: adding VLAN 0 to HW filter on device team0
[  822.136439][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  822.138717][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  822.148977][ T6495] bridge0: port 2(bridge_slave_1) entered blocking state
[  822.151704][ T6495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  822.182895][T16703] usb 5-1: USB disconnect, device number 34
[  822.274851][T18270] netlink: 'syz.2.2676': attribute type 2 has an invalid length.
[  822.276092][T18268] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2679'.
[  822.316660][T18179] 8021q: adding VLAN 0 to HW filter on device batadv0
[  822.338397][T18179] veth0_vlan: entered promiscuous mode
[  822.354763][T18179] veth1_vlan: entered promiscuous mode
[  822.371335][T18179] veth0_macvtap: entered promiscuous mode
[  822.378185][T18179] veth1_macvtap: entered promiscuous mode
[  822.386960][T18179] batman_adv: batadv0: Interface activated: batadv_slave_0
[  822.394139][T18179] batman_adv: batadv0: Interface activated: batadv_slave_1
[  822.400781][T18179] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  822.403813][T18179] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  822.406721][T18179] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  822.409586][T18179] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  822.456309][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.462355][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  822.474930][ T1139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  822.477390][ T1139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  823.271204][ T6027] usb 8-1: USB disconnect, device number 51
[  823.273237][    C2] ldusb 8-1:0.0: usb_submit_urb failed (-19)
[  823.277030][ T6027] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  823.510744][T18302] batman_adv: batadv0: Adding interface: ip6gretap1
[  823.513750][T18302] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  823.521932][T18302] batman_adv: batadv0: Interface activated: ip6gretap1
[  823.614318][T18309] s
z1: rxe_newlink: already configured on lo
[  823.902472][   T53] usb 8-1: new high-speed USB device number 52 using dummy_hcd
[  823.920259][T18316] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2684'.
[  824.103771][   T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  824.107141][   T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  824.110317][   T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  824.113503][   T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.136535][T18309] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  824.148943][   T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  824.186338][T18321] rdma_rxe: rxe_newlink: failed to add lo
[  824.374973][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  824.452531][   T29] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  824.613942][   T29] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  824.617537][   T29] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  824.620679][   T29] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  824.623717][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  824.628094][T18321] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  824.632087][   T29] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  824.956271][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  824.963796][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  824.966807][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  824.973007][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  824.976103][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  824.998843][T18326] lo speed is unknown, defaulting to 1000
[  825.152481][   T29] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  825.166891][T18326] chnl_net:caif_netlink_parms(): no params data found
[  825.234301][T18326] bridge0: port 1(bridge_slave_0) entered blocking state
[  825.236541][T18326] bridge0: port 1(bridge_slave_0) entered disabled state
[  825.238882][T18326] bridge_slave_0: entered allmulticast mode
[  825.241579][T18326] bridge_slave_0: entered promiscuous mode
[  825.244935][T18326] bridge0: port 2(bridge_slave_1) entered blocking state
[  825.247804][T18326] bridge0: port 2(bridge_slave_1) entered disabled state
[  825.250747][T18326] bridge_slave_1: entered allmulticast mode
[  825.254253][T18326] bridge_slave_1: entered promiscuous mode
[  825.287748][T18326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  825.292752][T18326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  825.303719][   T29] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  825.306744][   T29] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  825.310814][   T29] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  825.313767][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  825.317836][   T29] usb 5-1: config 0 descriptor??
[  825.322486][   T29] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  825.339316][T18326] team0: Port device team_slave_0 added
[  825.344768][T18326] team0: Port device team_slave_1 added
[  825.373574][T18326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  825.375782][T18326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  825.383712][T18326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  825.387995][T18326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  825.390133][T18326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  825.398011][T18326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  825.465097][T18326] hsr_slave_0: entered promiscuous mode
[  825.468096][T18326] hsr_slave_1: entered promiscuous mode
[  825.470976][T18326] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  825.474453][T18326] Cannot create hsr debugfs directory
[  825.524082][   T34] usb 5-1: USB disconnect, device number 35
[  825.962536][   T34] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  826.093961][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.122457][   T34] usb 5-1: Using ep0 maxpacket: 32
[  826.125801][   T34] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  826.129004][   T34] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  826.132949][   T34] usb 5-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40
[  826.135755][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.139830][   T34] usb 5-1: config 0 descriptor??
[  826.145636][   T34] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  826.175674][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.237039][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  826.322986][   T13] bridge_slave_1: left allmulticast mode
[  826.325161][   T13] bridge_slave_1: left promiscuous mode
[  826.327749][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  826.332014][   T13] bridge_slave_0: left allmulticast mode
[  826.334440][   T13] bridge_slave_0: left promiscuous mode
[  826.337099][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.388831][   T29] usb 8-1: USB disconnect, device number 52
[  826.505131][T18339] random: crng reseeded on system resumption
[  826.655153][   T40] kauditd_printk_skb: 20 callbacks suppressed
[  826.655165][   T40] audit: type=1326 audit(1749265868.484:3567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.2687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  826.665244][   T40] audit: type=1326 audit(1749265868.484:3568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18337 comm="syz.3.2687" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  826.702309][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  826.706804][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  826.710514][   T13] bond0 (unregistering): Released all slaves
[  826.850312][ T6062] usb 5-1: USB disconnect, device number 36
[  826.984654][   T29] usb 7-1: USB disconnect, device number 24
[  826.989199][T18353] netlink: 'syz.3.2688': attribute type 2 has an invalid length.
[  827.037020][ T5951] Bluetooth: hci2: command tx timeout
[  827.071262][T18359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2690'.
[  827.201215][   T13] hsr_slave_0: left promiscuous mode
[  827.205531][   T13] hsr_slave_1: left promiscuous mode
[  827.207549][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  827.209860][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  827.222660][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  827.224927][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  827.243941][   T13] veth1_macvtap: left promiscuous mode
[  827.245725][   T13] veth0_macvtap: left promiscuous mode
[  827.247548][   T13] veth1_vlan: left promiscuous mode
[  827.250365][   T13] veth0_vlan: left promiscuous mode
[  827.475673][   T29] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  827.638963][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  827.642183][   T29] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  827.644942][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.651971][   T29] usb 7-1: config 0 descriptor??
[  827.873540][   T29] usbhid 7-1:0.0: can't add hid device: -71
[  827.875980][   T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  827.884124][   T29] usb 7-1: USB disconnect, device number 25
[  827.928440][   T13] team0 (unregistering): Port device team_slave_1 removed
[  827.996747][   T13] team0 (unregistering): Port device team_slave_0 removed
[  828.332485][   T29] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  828.492521][   T29] usb 7-1: Using ep0 maxpacket: 32
[  828.496288][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  828.500264][   T29] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  828.504350][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  828.507859][   T29] usb 7-1: config 0 descriptor??
[  828.510024][T18326] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  828.517171][   T29] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  828.525899][   T29] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  828.534337][T18326] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  828.547831][T18326] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  828.568011][T18326] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  828.625230][T18326] 8021q: adding VLAN 0 to HW filter on device bond0
[  828.634416][T18326] 8021q: adding VLAN 0 to HW filter on device team0
[  828.640162][ T1144] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.642740][ T1144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  828.652118][ T1144] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.654498][ T1144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  828.756039][T18386] hub 6-0:1.0: USB hub found
[  828.757761][T18386] hub 6-0:1.0: 1 port detected
[  828.838852][T18326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  828.876376][T18326] veth0_vlan: entered promiscuous mode
[  828.904397][T18326] veth1_vlan: entered promiscuous mode
[  828.937653][T18326] veth0_macvtap: entered promiscuous mode
[  828.942009][T18326] veth1_macvtap: entered promiscuous mode
[  828.952627][   T40] audit: type=1326 audit(1749265870.654:3569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  828.954460][T18326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  828.971429][T18326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  828.974279][   T40] audit: type=1326 audit(1749265870.654:3570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  828.981019][   T40] audit: type=1326 audit(1749265870.654:3571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  828.995072][   T40] audit: type=1326 audit(1749265870.654:3572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  829.004127][T18326] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  829.006699][T18326] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  829.009280][T18326] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  829.012808][   T40] audit: type=1326 audit(1749265870.654:3573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  829.019413][T18326] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  829.019492][   T40] audit: type=1326 audit(1749265870.664:3574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  829.028732][   T40] audit: type=1326 audit(1749265870.664:3575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  829.041689][   T40] audit: type=1326 audit(1749265870.664:3576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18389 comm="syz.3.2695" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f06579 code=0x7ffc0000
[  829.084565][T13502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.091398][T13502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  829.110934][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  829.112526][ T5951] Bluetooth: hci2: command tx timeout
[  829.115384][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  830.465792][T18414] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2700'.
[  830.519805][  T839] usb 7-1: USB disconnect, device number 26
[  830.519825][    C1] ldusb 7-1:0.0: usb_submit_urb failed (-19)
[  830.523737][  T839] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  830.729633][ T6436] usb 8-1: new high-speed USB device number 53 using dummy_hcd
[  830.801886][T18425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2704'.
[  830.835121][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  830.884280][ T6436] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  830.887745][ T6436] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  830.903929][ T6436] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  830.907020][ T6436] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.925462][ T6436] usb 8-1: config 0 descriptor??
[  830.932937][ T6436] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  831.134982][ T6436] usb 8-1: USB disconnect, device number 53
[  831.561993][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  831.566422][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  831.569472][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  831.572537][ T6436] usb 8-1: new high-speed USB device number 54 using dummy_hcd
[  831.572673][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  831.580352][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  831.602898][T18435] lo speed is unknown, defaulting to 1000
[  831.751018][T18435] chnl_net:caif_netlink_parms(): no params data found
[  831.763350][ T6436] usb 8-1: Using ep0 maxpacket: 32
[  831.767131][ T6436] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  831.771217][ T6436] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  831.776701][ T6436] usb 8-1: New USB device found, idVendor=0f11, idProduct=3321, bcdDevice= 0.40
[  831.781886][ T6436] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.788244][ T6436] usb 8-1: config 0 descriptor??
[  831.792232][ T6436] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  831.949564][T18435] bridge0: port 1(bridge_slave_0) entered blocking state
[  831.951750][T18435] bridge0: port 1(bridge_slave_0) entered disabled state
[  831.954832][T18435] bridge_slave_0: entered allmulticast mode
[  831.957612][T18435] bridge_slave_0: entered promiscuous mode
[  831.961215][T18435] bridge0: port 2(bridge_slave_1) entered blocking state
[  831.965586][T18435] bridge0: port 2(bridge_slave_1) entered disabled state
[  831.968142][T18435] bridge_slave_1: entered allmulticast mode
[  831.970702][T18435] bridge_slave_1: entered promiscuous mode
[  832.017729][T18435] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  832.031081][T18435] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  832.082317][T18435] team0: Port device team_slave_0 added
[  832.094166][T18435] team0: Port device team_slave_1 added
[  832.097778][T18417] random: crng reseeded on system resumption
[  832.137597][T18435] batman_adv: batadv0: Adding interface: batadv_slave_0
[  832.139918][T18435] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  832.148937][T18435] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  832.154758][T18435] batman_adv: batadv0: Adding interface: batadv_slave_1
[  832.157001][T18435] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  832.164912][T18435] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  832.218114][T18435] hsr_slave_0: entered promiscuous mode
[  832.220708][T18435] hsr_slave_1: entered promiscuous mode
[  832.295337][   T34] usb 8-1: USB disconnect, device number 54
[  832.666466][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  832.691730][T18453] vlan1: entered allmulticast mode
[  832.741059][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  832.883704][T18459] hub 6-0:1.0: USB hub found
[  832.885385][T18459] hub 6-0:1.0: 1 port detected
[  832.892241][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  832.897783][T18465] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2713'.
[  832.902021][T18465] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  833.044493][   T13] bridge_slave_1: left allmulticast mode
[  833.047213][   T13] bridge_slave_1: left promiscuous mode
[  833.051952][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  833.064382][   T13] bridge_slave_0: left allmulticast mode
[  833.066381][   T13] bridge_slave_0: left promiscuous mode
[  833.068676][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  833.092740][   T34] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  833.256254][   T34] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  833.259920][   T34] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  833.263317][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.271021][   T34] usb 5-1: config 0 descriptor??
[  833.371363][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  833.377923][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  833.385439][   T13] bond0 (unregistering): Released all slaves
[  833.482301][   T34] usbhid 5-1:0.0: can't add hid device: -71
[  833.484211][   T34] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  833.488766][   T34] usb 5-1: USB disconnect, device number 37
[  833.592751][ T5953] Bluetooth: hci2: command tx timeout
[  833.855206][T18476] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2715'.
[  833.902548][   T13] hsr_slave_0: left promiscuous mode
[  833.907985][   T13] hsr_slave_1: left promiscuous mode
[  833.910016][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  833.912308][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  833.922493][   T24] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  833.931437][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  833.934099][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  833.968089][   T13] veth1_macvtap: left promiscuous mode
[  833.969775][   T13] veth0_macvtap: left promiscuous mode
[  833.971441][   T13] veth1_vlan: left promiscuous mode
[  833.973536][   T13] veth0_vlan: left promiscuous mode
[  834.072852][   T24] usb 5-1: Using ep0 maxpacket: 32
[  834.076570][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  834.080721][   T24] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  834.084641][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.089974][   T24] usb 5-1: config 0 descriptor??
[  834.096040][   T24] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  834.099940][   T24] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  834.853848][   T13] team0 (unregistering): Port device team_slave_1 removed
[  834.965731][   T13] team0 (unregistering): Port device team_slave_0 removed
[  835.641569][T18435] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  835.651815][T18435] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  835.664640][T18435] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  835.673291][T18435] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  835.683224][ T5953] Bluetooth: hci2: command tx timeout
[  835.721793][T18435] 8021q: adding VLAN 0 to HW filter on device bond0
[  835.736595][T18435] 8021q: adding VLAN 0 to HW filter on device team0
[  835.750270][T18519] vlan0: entered allmulticast mode
[  835.751954][T18519] bond0: entered allmulticast mode
[  835.778412][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  835.780712][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  835.787764][T13502] bridge0: port 2(bridge_slave_1) entered blocking state
[  835.790059][T13502] bridge0: port 2(bridge_slave_1) entered forwarding state
[  835.898927][T18523] rdma_rxe: rxe_newlink: failed to add lo
[  835.993356][T18435] 8021q: adding VLAN 0 to HW filter on device batadv0
[  836.039661][T18435] veth0_vlan: entered promiscuous mode
[  836.049276][T18435] veth1_vlan: entered promiscuous mode
[  836.070209][T18435] veth0_macvtap: entered promiscuous mode
[  836.080321][T18435] veth1_macvtap: entered promiscuous mode
[  836.089584][T18435] batman_adv: batadv0: Interface activated: batadv_slave_0
[  836.097127][T18435] batman_adv: batadv0: Interface activated: batadv_slave_1
[  836.101744][T18435] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  836.105936][T18435] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  836.108638][T18435] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  836.111359][T18435] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  836.161531][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  836.164483][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  836.177069][   T53] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  836.184656][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  836.187216][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  836.213105][ T6062] usb 8-1: new high-speed USB device number 55 using dummy_hcd
[  836.354682][   T53] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  836.358802][   T53] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  836.362820][   T53] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  836.364002][ T6062] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  836.366511][   T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.369647][ T6062] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  836.376747][T18523] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  836.378972][ T6062] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  836.378987][ T6062] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.385386][   T53] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  836.387770][ T6062] usb 8-1: config 0 descriptor??
[  836.392962][ T6062] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  836.580762][ T6062] usb 5-1: USB disconnect, device number 38
[  836.580804][    C2] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  836.600181][ T6062] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  836.605646][   T34] usb 8-1: USB disconnect, device number 55
[  836.912980][ T6062] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  837.052667][   T34] usb 8-1: new high-speed USB device number 56 using dummy_hcd
[  837.074018][ T6062] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  837.077408][ T6062] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  837.081086][ T6062] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.086562][ T6062] usb 5-1: config 0 descriptor??
[  837.202535][   T34] usb 8-1: Using ep0 maxpacket: 32
[  837.206132][   T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  837.209424][   T34] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  837.213663][   T34] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  837.217173][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.221967][   T34] usb 8-1: config 0 descriptor??
[  837.225828][   T34] ldusb 8-1:0.0: Interrupt in endpoint not found
[  837.229039][   T34] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  837.293400][ T6062] usbhid 5-1:0.0: can't add hid device: -71
[  837.295875][ T6062] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  837.299862][ T6062] usb 5-1: USB disconnect, device number 39
[  837.490743][T18531] random: crng reseeded on system resumption
[  837.655141][   T53] usb 8-1: USB disconnect, device number 56
[  837.732516][T17312] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  837.882452][T17312] usb 5-1: Using ep0 maxpacket: 32
[  837.885831][T17312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  837.889475][T17312] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  837.892537][T17312] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.901086][T17312] usb 5-1: config 0 descriptor??
[  837.904832][T17312] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  837.909447][T17312] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  838.077901][ T1144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  838.692373][   T53] usb 7-1: USB disconnect, device number 27
[  838.765985][T18560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2722'.
[  838.769334][T18560] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  839.007573][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  839.115468][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  839.120087][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  839.126175][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  839.130871][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  839.162481][T18563] lo speed is unknown, defaulting to 1000
[  839.292495][   T53] usb 8-1: new high-speed USB device number 57 using dummy_hcd
[  839.332847][T18563] chnl_net:caif_netlink_parms(): no params data found
[  839.407579][T18563] bridge0: port 1(bridge_slave_0) entered blocking state
[  839.409888][T18563] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.412178][T18563] bridge_slave_0: entered allmulticast mode
[  839.416001][T18563] bridge_slave_0: entered promiscuous mode
[  839.419032][T18563] bridge0: port 2(bridge_slave_1) entered blocking state
[  839.421237][T18563] bridge0: port 2(bridge_slave_1) entered disabled state
[  839.423677][T18563] bridge_slave_1: entered allmulticast mode
[  839.427112][T18563] bridge_slave_1: entered promiscuous mode
[  839.444371][   T53] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  839.448293][   T53] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  839.451476][   T53] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  839.454214][   T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  839.458622][T18569] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  839.463512][   T53] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  839.505427][T18563] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  839.510379][T18563] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  839.546510][T18563] team0: Port device team_slave_0 added
[  839.550140][T18563] team0: Port device team_slave_1 added
[  839.583147][T18563] batman_adv: batadv0: Adding interface: batadv_slave_0
[  839.585399][T18563] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  839.593777][T18563] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  839.606946][T18563] batman_adv: batadv0: Adding interface: batadv_slave_1
[  839.609182][T18563] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  839.617342][T18563] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  839.653074][ T6436] usb 5-1: USB disconnect, device number 40
[  839.667483][ T6436] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  839.839456][T18583] hub 6-0:1.0: USB hub found
[  839.841720][T18583] hub 6-0:1.0: 1 port detected
[  839.986064][T18563] hsr_slave_0: entered promiscuous mode
[  839.990772][T18563] hsr_slave_1: entered promiscuous mode
[  839.999681][T18563] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  840.002224][T18563] Cannot create hsr debugfs directory
[  840.409632][ T1144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.563834][ T1144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  840.796765][ T1144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  841.062445][T18586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2726'.
[  841.065289][T18586] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  841.113762][ T1144] bridge_slave_1: left allmulticast mode
[  841.115576][ T1144] bridge_slave_1: left promiscuous mode
[  841.117423][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  841.126497][ T1144] bridge_slave_0: left allmulticast mode
[  841.128272][ T1144] bridge_slave_0: left promiscuous mode
[  841.130204][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  841.192985][ T5953] Bluetooth: hci2: command tx timeout
[  841.583393][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  841.587607][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  841.592136][ T1144] bond0 (unregistering): Released all slaves
[  841.839471][   T53] usb 8-1: USB disconnect, device number 57
[  842.380939][   T29] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  842.430898][ T1144] hsr_slave_0: left promiscuous mode
[  842.452618][ T1144] hsr_slave_1: left promiscuous mode
[  842.454780][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  842.457101][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  842.466213][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  842.468560][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  842.492686][ T1144] veth1_macvtap: left promiscuous mode
[  842.494593][ T1144] veth0_macvtap: left promiscuous mode
[  842.496385][ T1144] veth1_vlan: left promiscuous mode
[  842.498086][ T1144] veth0_vlan: left promiscuous mode
[  842.563848][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  842.567791][   T29] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  842.570822][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  842.593116][   T29] usb 7-1: config 0 descriptor??
[  842.809232][   T29] usbhid 7-1:0.0: can't add hid device: -71
[  842.811271][   T29] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  842.816464][   T29] usb 7-1: USB disconnect, device number 28
[  843.123615][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  843.190160][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  843.262482][   T29] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  843.272734][ T5953] Bluetooth: hci2: command tx timeout
[  843.432489][   T29] usb 7-1: Using ep0 maxpacket: 32
[  843.436797][   T29] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  843.440819][   T29] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  843.444417][   T29] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  843.448187][   T29] usb 7-1: config 0 descriptor??
[  843.452675][   T29] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  843.458036][   T29] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  843.813883][T18563] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  843.839342][T18563] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  843.847410][T18563] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  843.854353][T18563] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  843.986336][T18563] 8021q: adding VLAN 0 to HW filter on device bond0
[  843.991108][T18655] vlan1: entered allmulticast mode
[  844.050168][T18563] 8021q: adding VLAN 0 to HW filter on device team0
[  844.056695][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  844.058996][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  844.065768][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  844.068033][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  844.087072][T18563] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  844.090425][T18563] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  844.261644][T18563] 8021q: adding VLAN 0 to HW filter on device batadv0
[  844.284685][T18563] veth0_vlan: entered promiscuous mode
[  844.290824][T18563] veth1_vlan: entered promiscuous mode
[  844.306640][T18563] veth0_macvtap: entered promiscuous mode
[  844.310610][T18563] veth1_macvtap: entered promiscuous mode
[  844.320067][T18563] batman_adv: batadv0: Interface activated: batadv_slave_0
[  844.327990][T18563] batman_adv: batadv0: Interface activated: batadv_slave_1
[  844.332561][T18563] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  844.335191][T18563] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  844.337861][T18563] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  844.340638][T18563] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  844.394692][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.397424][ T6495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  844.399506][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  844.399871][ T6495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  845.361469][T18682] vlan0: entered allmulticast mode
[  845.498524][T18685] openvswitch: netlink: Flow actions attr not present in new flow.
[  845.506520][T18685] vlan0: entered allmulticast mode
[  845.681889][   T24] usb 7-1: USB disconnect, device number 29
[  845.681944][    C1] ldusb 7-1:0.0: usb_submit_urb failed (-19)
[  845.707255][   T24] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  846.337018][T18701] netlink: 'syz.0.2745': attribute type 2 has an invalid length.
[  846.553624][   T60] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  847.515137][T18711] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2749'.
[  847.591680][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  847.598404][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  847.601876][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  847.605311][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  847.608039][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  847.637887][T18716] lo speed is unknown, defaulting to 1000
[  847.828511][T18716] chnl_net:caif_netlink_parms(): no params data found
[  847.906880][T18716] bridge0: port 1(bridge_slave_0) entered blocking state
[  847.909439][T18716] bridge0: port 1(bridge_slave_0) entered disabled state
[  847.912193][T18716] bridge_slave_0: entered allmulticast mode
[  847.915742][T18716] bridge_slave_0: entered promiscuous mode
[  847.919399][T18716] bridge0: port 2(bridge_slave_1) entered blocking state
[  847.922106][T18716] bridge0: port 2(bridge_slave_1) entered disabled state
[  847.924547][T18716] bridge_slave_1: entered allmulticast mode
[  847.927304][T18716] bridge_slave_1: entered promiscuous mode
[  847.968159][T18716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  847.973144][T18716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  848.031577][T18716] team0: Port device team_slave_0 added
[  848.035317][T18716] team0: Port device team_slave_1 added
[  848.048073][T18727] openvswitch: netlink: Flow actions attr not present in new flow.
[  848.057227][T18727] vlan2: entered allmulticast mode
[  848.086394][T18716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  848.088996][T18716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  848.097370][T18716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  848.101649][T18716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  848.104108][T18716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  848.113729][T18716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  848.177920][T18716] hsr_slave_0: entered promiscuous mode
[  848.180215][T18716] hsr_slave_1: entered promiscuous mode
[  848.206838][T18731] bridge_slave_0: left allmulticast mode
[  848.208684][T18731] bridge_slave_0: left promiscuous mode
[  848.211170][T18731] bridge0: port 1(bridge_slave_0) entered disabled state
[  848.217350][T18731] bridge_slave_1: left allmulticast mode
[  848.219330][T18731] bridge_slave_1: left promiscuous mode
[  848.222264][T18731] bridge0: port 2(bridge_slave_1) entered disabled state
[  848.231709][T18731] bond0: (slave bond_slave_0): Releasing backup interface
[  848.234797][T18731] bond_slave_0: left allmulticast mode
[  848.239636][T18731] bond0: (slave bond_slave_1): Releasing backup interface
[  848.243388][T18731] bond_slave_1: left allmulticast mode
[  848.257248][T18731] team0: Port device team_slave_0 removed
[  848.263287][T18731] team0: Port device team_slave_1 removed
[  848.266684][T18731] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  848.269053][T18731] batman_adv: batadv0: Removing interface: batadv_slave_0
[  848.272655][T18731] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  848.274966][T18731] batman_adv: batadv0: Removing interface: batadv_slave_1
[  848.296219][T18731] team0: Port device geneve0 removed
[  848.300586][T18731] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  848.303649][T18731] batman_adv: batadv0: Removing interface: ip6gretap1
[  848.343718][T18733] vlan2: entered allmulticast mode
[  848.423919][   T60] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.485980][   T60] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.573673][   T60] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  848.671593][   T60] bridge_slave_1: left allmulticast mode
[  848.673623][   T60] bridge_slave_1: left promiscuous mode
[  848.676359][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  848.680302][   T60] bridge_slave_0: left allmulticast mode
[  848.682071][   T60] bridge_slave_0: left promiscuous mode
[  848.684701][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  848.927870][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  848.932066][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  848.936033][   T60] bond0 (unregistering): Released all slaves
[  849.228137][T18754] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2756'.
[  849.256055][T18756] netlink: 'syz.2.2755': attribute type 2 has an invalid length.
[  849.356839][T18716] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  849.363341][T18716] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  849.374182][T18716] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  849.379293][T18716] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  849.399361][   T60] hsr_slave_0: left promiscuous mode
[  849.401699][   T60] hsr_slave_1: left promiscuous mode
[  849.406149][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  849.409222][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  849.414726][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  849.417359][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  849.468109][   T60] veth1_macvtap: left promiscuous mode
[  849.469961][   T60] veth0_macvtap: left promiscuous mode
[  849.471817][   T60] veth1_vlan: left promiscuous mode
[  849.473950][   T60] veth0_vlan: left promiscuous mode
[  849.682579][ T5953] Bluetooth: hci2: command tx timeout
[  850.088466][   T60] team0 (unregistering): Port device team_slave_1 removed
[  850.168346][   T60] team0 (unregistering): Port device team_slave_0 removed
[  850.762380][T18716] 8021q: adding VLAN 0 to HW filter on device bond0
[  850.775025][T18716] 8021q: adding VLAN 0 to HW filter on device team0
[  850.780322][T13502] bridge0: port 1(bridge_slave_0) entered blocking state
[  850.782709][T13502] bridge0: port 1(bridge_slave_0) entered forwarding state
[  850.788799][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  850.791212][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  850.917261][T18716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  850.938614][T18716] veth0_vlan: entered promiscuous mode
[  850.949883][T18716] veth1_vlan: entered promiscuous mode
[  850.985587][T18716] veth0_macvtap: entered promiscuous mode
[  850.992365][T18716] veth1_macvtap: entered promiscuous mode
[  851.002549][T18716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  851.008305][T18716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  851.015571][T18716] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  851.018356][T18716] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  851.021103][T18716] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  851.024429][T18716] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  851.061740][ T6495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  851.068205][ T6495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  851.079623][T13502] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  851.082261][T13502] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  851.091383][T18797] vlan0: entered allmulticast mode
[  851.610839][T18803] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2765'.
[  851.614004][T18803] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  852.493212][T18814] netlink: 'syz.0.2768': attribute type 2 has an invalid length.
[  852.742527][ T6062] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  852.906119][ T6062] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  852.909326][ T6062] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  852.913550][ T6062] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  852.916330][ T6062] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  852.920298][ T6062] usb 7-1: config 0 descriptor??
[  852.923708][ T6062] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  852.938625][T18820] netlink: 'syz.3.2770': attribute type 2 has an invalid length.
[  853.126122][T16516] usb 7-1: USB disconnect, device number 30
[  853.762481][T16516] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  853.852216][T18830] netlink: 'syz.3.2773': attribute type 2 has an invalid length.
[  853.912647][T16516] usb 7-1: Using ep0 maxpacket: 32
[  853.919408][T16516] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  853.923879][T16516] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  853.927944][T16516] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  853.930948][T16516] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.935071][T16516] usb 7-1: config 0 descriptor??
[  853.938274][T16516] ldusb 7-1:0.0: Interrupt in endpoint not found
[  853.941127][T16516] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  854.213662][T18816] random: crng reseeded on system resumption
[  854.276831][T18836] hub 6-0:1.0: USB hub found
[  854.278575][T18836] hub 6-0:1.0: 1 port detected
[  854.315830][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  854.443650][T16516] usb 7-1: USB disconnect, device number 31
[  855.126552][T18839] batman_adv: batadv0: Interface deactivated: ip6gretap1
[  855.130226][T18839] batman_adv: batadv0: Removing interface: ip6gretap1
[  855.229390][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  855.233405][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  855.237655][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  855.240448][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  855.243271][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  855.261296][T18845] lo speed is unknown, defaulting to 1000
[  855.464558][T18845] chnl_net:caif_netlink_parms(): no params data found
[  855.550066][T18845] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.552679][T18845] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.554984][T18845] bridge_slave_0: entered allmulticast mode
[  855.563431][T18845] bridge_slave_0: entered promiscuous mode
[  855.566774][T18845] bridge0: port 2(bridge_slave_1) entered blocking state
[  855.569104][T18845] bridge0: port 2(bridge_slave_1) entered disabled state
[  855.571418][T18845] bridge_slave_1: entered allmulticast mode
[  855.575662][T18845] bridge_slave_1: entered promiscuous mode
[  855.615363][T18845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  855.624814][T18845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  855.674241][T18845] team0: Port device team_slave_0 added
[  855.678817][T18845] team0: Port device team_slave_1 added
[  855.715113][T18845] batman_adv: batadv0: Adding interface: batadv_slave_0
[  855.717424][T18845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.726619][T18845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  855.730717][T18845] batman_adv: batadv0: Adding interface: batadv_slave_1
[  855.733335][T18845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  855.741534][T18845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  855.783094][T18845] hsr_slave_0: entered promiscuous mode
[  855.785296][T18845] hsr_slave_1: entered promiscuous mode
[  855.787387][T18845] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  855.789738][T18845] Cannot create hsr debugfs directory
[  856.051849][   T46] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  856.196362][   T46] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  856.356502][   T46] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  857.016867][   T46] bridge_slave_1: left allmulticast mode
[  857.019998][   T46] bridge_slave_1: left promiscuous mode
[  857.023045][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  857.037512][   T46] bridge_slave_0: left allmulticast mode
[  857.039308][   T46] bridge_slave_0: left promiscuous mode
[  857.041242][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  857.103065][T18869] Cache volume key already in use (9p,syz,)
[  857.283342][ T5951] Bluetooth: hci2: command tx timeout
[  857.342682][   T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  857.347493][   T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  857.351157][   T46] bond0 (unregistering): Released all slaves
[  857.664084][   T34] usb 8-1: new high-speed USB device number 58 using dummy_hcd
[  857.809203][T18845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  857.818714][T18900] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2785'.
[  857.819228][T18845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  857.824209][   T34] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  857.828579][   T34] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  857.834097][   T34] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  857.837825][   T34] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.842112][T18845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  857.843451][   T34] usb 8-1: config 0 descriptor??
[  857.851831][T18845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  857.853900][   T34] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  857.938771][   T46] hsr_slave_0: left promiscuous mode
[  857.940955][   T46] hsr_slave_1: left promiscuous mode
[  857.946139][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  857.948472][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  857.951349][   T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  857.953934][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  857.978553][   T46] veth1_macvtap: left promiscuous mode
[  857.981560][   T46] veth0_macvtap: left promiscuous mode
[  857.986634][   T46] veth1_vlan: left promiscuous mode
[  857.988870][   T46] veth0_vlan: left promiscuous mode
[  858.056640][ T5995] usb 8-1: USB disconnect, device number 58
[  858.522569][  T839] usb 8-1: new high-speed USB device number 59 using dummy_hcd
[  858.683002][  T839] usb 8-1: Using ep0 maxpacket: 32
[  858.688108][  T839] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  858.691359][  T839] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  858.695808][  T839] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  858.698624][  T839] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  858.711508][  T839] usb 8-1: config 0 descriptor??
[  858.716367][  T839] ldusb 8-1:0.0: Interrupt in endpoint not found
[  858.718968][  T839] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  858.752859][   T46] team0 (unregistering): Port device team_slave_1 removed
[  858.824767][   T46] team0 (unregistering): Port device team_slave_0 removed
[  859.098618][T18926] random: crng reseeded on system resumption
[  859.341802][T18929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2787'.
[  859.352520][ T5951] Bluetooth: hci2: command tx timeout
[  859.529997][T18845] 8021q: adding VLAN 0 to HW filter on device bond0
[  859.555258][T18845] 8021q: adding VLAN 0 to HW filter on device team0
[  859.564357][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  859.566643][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  859.572935][T13502] bridge0: port 2(bridge_slave_1) entered blocking state
[  859.575199][T13502] bridge0: port 2(bridge_slave_1) entered forwarding state
[  859.634130][ T5995] usb 8-1: USB disconnect, device number 59
[  859.711817][T18845] 8021q: adding VLAN 0 to HW filter on device batadv0
[  859.714351][T17484] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  859.734595][T18845] veth0_vlan: entered promiscuous mode
[  859.739486][T18845] veth1_vlan: entered promiscuous mode
[  859.762046][T18845] veth0_macvtap: entered promiscuous mode
[  859.766992][T18845] veth1_macvtap: entered promiscuous mode
[  859.778892][T18845] batman_adv: batadv0: Interface activated: batadv_slave_0
[  859.785215][T18845] batman_adv: batadv0: Interface activated: batadv_slave_1
[  859.789938][T18845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  859.793684][T18845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  859.797035][T18845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  859.800377][T18845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  859.834709][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  859.837426][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  859.850549][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  859.854644][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  859.865478][T17484] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  859.868907][T17484] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  859.871787][T17484] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.877350][T17484] usb 7-1: config 0 descriptor??
[  859.900485][T18945] netlink: 'syz.0.2791': attribute type 2 has an invalid length.
[  860.083151][T17484] usbhid 7-1:0.0: can't add hid device: -71
[  860.085108][T17484] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  860.089117][T17484] usb 7-1: USB disconnect, device number 32
[  860.533901][T16516] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  860.692476][T16516] usb 7-1: Using ep0 maxpacket: 32
[  860.695405][T16516] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  860.698785][T16516] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  860.701568][T16516] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.706213][T16516] usb 7-1: config 0 descriptor??
[  860.710063][T16516] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  860.715465][T16516] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  860.735210][T18956] hub 6-0:1.0: USB hub found
[  860.742578][T18956] hub 6-0:1.0: 1 port detected
[  861.184832][ T1144] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  861.671026][ T1144] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.401369][ T5953] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  862.409751][ T5953] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  862.413566][ T5953] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  862.417215][ T5953] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  862.421158][ T5953] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  862.459578][T18966] lo speed is unknown, defaulting to 1000
[  862.490288][T17315] usb 7-1: USB disconnect, device number 33
[  862.513589][T17315] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  862.695731][T18978] 9pnet_virtio: no channels available for device syz
[  862.742017][T18966] chnl_net:caif_netlink_parms(): no params data found
[  862.747577][T18981] hub 6-0:1.0: USB hub found
[  862.751785][T18981] hub 6-0:1.0: 1 port detected
[  862.839906][ T1144] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.900074][T18966] bridge0: port 1(bridge_slave_0) entered blocking state
[  862.902612][T18966] bridge0: port 1(bridge_slave_0) entered disabled state
[  862.904806][T18966] bridge_slave_0: entered allmulticast mode
[  862.907491][T18966] bridge_slave_0: entered promiscuous mode
[  863.011172][ T1144] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.027529][T18966] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.029841][T18966] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.032181][T18966] bridge_slave_1: entered allmulticast mode
[  863.034995][T18966] bridge_slave_1: entered promiscuous mode
[  863.073094][T18966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  863.078409][T18966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  863.125082][T18966] team0: Port device team_slave_0 added
[  863.128519][T18966] team0: Port device team_slave_1 added
[  863.207196][T18966] batman_adv: batadv0: Adding interface: batadv_slave_0
[  863.209402][T18966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  863.218066][T18966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  863.251880][T18966] batman_adv: batadv0: Adding interface: batadv_slave_1
[  863.254450][T18966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  863.262611][T18966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  863.303136][T18988] hub 6-0:1.0: USB hub found
[  863.304931][T18988] hub 6-0:1.0: 1 port detected
[  863.523833][T18966] hsr_slave_0: entered promiscuous mode
[  863.662825][T18966] hsr_slave_1: entered promiscuous mode
[  863.668145][ T1144] bridge_slave_1: left allmulticast mode
[  863.669942][ T1144] bridge_slave_1: left promiscuous mode
[  863.671755][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.676371][ T1144] bridge_slave_0: left allmulticast mode
[  863.678219][ T1144] bridge_slave_0: left promiscuous mode
[  863.680044][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.951724][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  863.956289][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  863.960042][ T1144] bond0 (unregistering): Released all slaves
[  864.308027][T19016] netlink: 'syz.3.2801': attribute type 2 has an invalid length.
[  864.381794][ T1144] hsr_slave_0: left promiscuous mode
[  864.383080][T19019] netlink: 'syz.0.2802': attribute type 2 has an invalid length.
[  864.386163][ T1144] hsr_slave_1: left promiscuous mode
[  864.388237][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  864.390596][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  864.402935][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  864.405259][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  864.430650][ T1144] veth1_macvtap: left promiscuous mode
[  864.432488][ T1144] veth0_macvtap: left promiscuous mode
[  864.434287][ T1144] veth1_vlan: left promiscuous mode
[  864.435956][ T1144] veth0_vlan: left promiscuous mode
[  864.472565][ T5953] Bluetooth: hci2: command tx timeout
[  864.674273][T19024] hub 6-0:1.0: USB hub found
[  864.677547][T19024] hub 6-0:1.0: 1 port detected
[  865.156775][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  865.241716][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  865.420956][T19026] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2804'.
[  865.839136][T19031] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2806'.
[  865.849485][T19031] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  865.931000][T18966] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  865.935881][T18966] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  865.939746][T18966] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  865.944003][T18966] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  866.020995][T18966] 8021q: adding VLAN 0 to HW filter on device bond0
[  866.052297][T18966] 8021q: adding VLAN 0 to HW filter on device team0
[  866.066301][ T6495] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.068600][ T6495] bridge0: port 1(bridge_slave_0) entered forwarding state
[  866.096617][T19052] rdma_rxe: rxe_newlink: failed to add lo
[  866.098091][T18966] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  866.101682][T18966] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  866.107006][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.109236][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  866.212699][T18966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  866.238135][T18966] veth0_vlan: entered promiscuous mode
[  866.244397][T18966] veth1_vlan: entered promiscuous mode
[  866.277436][T18966] veth0_macvtap: entered promiscuous mode
[  866.281122][T18966] veth1_macvtap: entered promiscuous mode
[  866.291450][T18966] batman_adv: batadv0: Interface activated: batadv_slave_0
[  866.295679][T18966] batman_adv: batadv0: Interface activated: batadv_slave_1
[  866.302236][T18966] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  866.306073][T18966] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  866.308776][T18966] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  866.311559][T18966] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  866.354870][  T102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.357588][  T102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  866.369939][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.373916][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  866.412477][   T53] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  866.474264][ T5953] Bluetooth: hci1: command 0x0406 tx timeout
[  866.474695][T19020] Bluetooth: hci4: command 0x0406 tx timeout
[  866.564016][   T53] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  866.567541][   T53] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  866.570621][   T53] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  866.573776][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.578061][T19052] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  866.582061][   T53] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  866.983715][   T53] usb 8-1: new high-speed USB device number 60 using dummy_hcd
[  867.133849][   T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.137346][   T53] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  867.140330][   T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.144307][   T53] usb 8-1: config 0 descriptor??
[  867.357621][   T53] usbhid 8-1:0.0: can't add hid device: -71
[  867.363917][   T53] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  867.373896][   T53] usb 8-1: USB disconnect, device number 60
[  867.793707][T17315] usb 8-1: new high-speed USB device number 61 using dummy_hcd
[  868.154530][T17315] usb 8-1: Using ep0 maxpacket: 32
[  868.157665][T17315] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  868.161032][T17315] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  868.164116][T17315] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.168703][T17315] usb 8-1: config 0 descriptor??
[  868.172212][T17315] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  868.177083][T17315] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  869.034357][   T46] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  869.052614][   T40] kauditd_printk_skb: 52 callbacks suppressed
[  869.052626][   T40] audit: type=1326 audit(1749265910.864:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.060404][   T40] audit: type=1326 audit(1749265910.864:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.068188][   T40] audit: type=1326 audit(1749265910.894:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.078180][   T40] audit: type=1326 audit(1749265910.894:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.085384][   T40] audit: type=1326 audit(1749265910.894:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.091336][   T40] audit: type=1326 audit(1749265910.894:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.097481][   T40] audit: type=1326 audit(1749265910.894:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.104840][   T40] audit: type=1326 audit(1749265910.894:3636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.111194][   T40] audit: type=1326 audit(1749265910.894:3637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19083 comm="syz.2.2811" exe="/syz-executor" sig=0 arch=40000003 syscall=337 compat=1 ip=0xf704e579 code=0x7ffc0000
[  869.144058][   T53] usb 5-1: USB disconnect, device number 41
[  869.514533][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  869.516569][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  870.043846][T19102] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2812'.
[  870.138107][ T5951] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  870.142251][ T5951] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  870.145676][ T5951] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  870.150325][ T5951] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  870.156941][ T5951] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  870.182514][T19103] lo speed is unknown, defaulting to 1000
[  870.302571][ T1419] ==================================================================
[  870.305083][ T1419] BUG: KASAN: slab-use-after-free in handle_tx+0x5a5/0x630
[  870.307325][ T1419] Read of size 8 at addr ffff88806f7d6020 by task aoe_tx0/1419
[  870.311019][ T1419] 
[  870.312160][ T1419] CPU: 0 UID: 0 PID: 1419 Comm: aoe_tx0 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) 
[  870.312174][ T1419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  870.312182][ T1419] Call Trace:
[  870.312187][ T1419]  <TASK>
[  870.312192][ T1419]  dump_stack_lvl+0x116/0x1f0
[  870.312213][ T1419]  print_report+0xcd/0x680
[  870.312224][ T1419]  ? __virt_addr_valid+0x81/0x610
[  870.312236][ T1419]  ? __phys_addr+0xe8/0x180
[  870.312247][ T1419]  ? handle_tx+0x5a5/0x630
[  870.312257][ T1419]  kasan_report+0xe0/0x110
[  870.312268][ T1419]  ? handle_tx+0x5a5/0x630
[  870.312279][ T1419]  handle_tx+0x5a5/0x630
[  870.312292][ T1419]  dev_hard_start_xmit+0x97/0x740
[  870.312309][ T1419]  __dev_queue_xmit+0x7eb/0x43e0
[  870.312326][ T1419]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.312343][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.312356][ T1419]  ? __pfx___dev_queue_xmit+0x10/0x10
[  870.312371][ T1419]  ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0
[  870.312403][ T1419]  ? __lock_acquire+0xb8a/0x1c90
[  870.312419][ T1419]  ? __lock_acquire+0xb8a/0x1c90
[  870.312434][ T1419]  ? do_raw_spin_lock+0x12c/0x2b0
[  870.312451][ T1419]  ? find_held_lock+0x2b/0x80
[  870.312461][ T1419]  ? skb_dequeue+0x126/0x180
[  870.312475][ T1419]  ? find_held_lock+0x2b/0x80
[  870.312486][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.312497][ T1419]  tx+0xcc/0x190
[  870.312510][ T1419]  ? __pfx_tx+0x10/0x10
[  870.312521][ T1419]  kthread+0x1e1/0x3e0
[  870.312535][ T1419]  ? find_held_lock+0x2b/0x80
[  870.312545][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.312555][ T1419]  ? __pfx_default_wake_function+0x10/0x10
[  870.312566][ T1419]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.312583][ T1419]  ? __kthread_parkme+0x19e/0x250
[  870.312596][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.312606][ T1419]  kthread+0x3c2/0x780
[  870.312620][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.312635][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.312648][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.312666][ T1419]  ret_from_fork+0x5d7/0x6f0
[  870.312681][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.312695][ T1419]  ret_from_fork_asm+0x1a/0x30
[  870.312710][ T1419]  </TASK>
[  870.312714][ T1419] 
[  870.369462][T19110] netlink: 'syz.0.2814': attribute type 2 has an invalid length.
[  870.370044][ T1419] Allocated by task 19081:
[  870.381384][ T1419]  kasan_save_stack+0x33/0x60
[  870.382887][ T1419]  kasan_save_track+0x14/0x30
[  870.384353][ T1419]  __kasan_kmalloc+0xaa/0xb0
[  870.385804][ T1419]  alloc_tty_struct+0x96/0x8c0
[  870.387298][ T1419]  tty_init_dev.part.0+0x1e/0x500
[  870.388858][ T1419]  tty_open+0xa50/0xf90
[  870.390161][ T1419]  chrdev_open+0x234/0x6a0
[  870.391560][ T1419]  do_dentry_open+0x741/0x1c10
[  870.393080][ T1419]  vfs_open+0x82/0x3f0
[  870.394366][ T1419]  path_openat+0x1de4/0x2cb0
[  870.395815][ T1419]  do_filp_open+0x20b/0x470
[  870.397241][ T1419]  do_sys_openat2+0x11b/0x1d0
[  870.398714][ T1419]  __ia32_compat_sys_openat+0x16d/0x210
[  870.400421][ T1419]  __do_fast_syscall_32+0x7c/0x3a0
[  870.402043][ T1419]  do_fast_syscall_32+0x32/0x80
[  870.403553][ T1419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.405497][ T1419] 
[  870.406257][ T1419] Freed by task 34:
[  870.407459][ T1419]  kasan_save_stack+0x33/0x60
[  870.408925][ T1419]  kasan_save_track+0x14/0x30
[  870.410396][ T1419]  kasan_save_free_info+0x3b/0x60
[  870.411992][ T1419]  __kasan_slab_free+0x51/0x70
[  870.413502][ T1419]  kfree+0x2b4/0x4d0
[  870.414731][ T1419]  process_one_work+0x9cf/0x1b70
[  870.416278][ T1419]  worker_thread+0x6c8/0xf10
[  870.417736][ T1419]  kthread+0x3c2/0x780
[  870.419014][ T1419]  ret_from_fork+0x5d7/0x6f0
[  870.420460][ T1419]  ret_from_fork_asm+0x1a/0x30
[  870.421990][ T1419] 
[  870.422751][ T1419] Last potentially related work creation:
[  870.424499][ T1419]  kasan_save_stack+0x33/0x60
[  870.425976][ T1419]  kasan_record_aux_stack+0xa7/0xc0
[  870.427596][ T1419]  insert_work+0x36/0x230
[  870.428944][ T1419]  __queue_work+0x97e/0x10f0
[  870.430394][ T1419]  queue_work_on+0x1a4/0x1f0
[  870.431836][ T1419]  release_tty+0x4de/0x5d0
[  870.433262][ T1419]  tty_release_struct+0xb7/0xe0
[  870.434789][ T1419]  tty_release+0xe2d/0x1430
[  870.436206][ T1419]  __fput+0x402/0xb70
[  870.437461][ T1419]  task_work_run+0x150/0x240
[  870.438901][ T1419]  do_exit+0x864/0x2bd0
[  870.440197][ T1419]  do_group_exit+0xd3/0x2a0
[  870.441624][ T1419]  get_signal+0x2673/0x26d0
[  870.443041][ T1419]  arch_do_signal_or_restart+0x8f/0x790
[  870.444740][ T1419]  exit_to_user_mode_loop+0x84/0x110
[  870.446383][ T1419]  __do_fast_syscall_32+0x2ac/0x3a0
[  870.447980][ T1419]  do_fast_syscall_32+0x32/0x80
[  870.449491][ T1419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.451429][ T1419] 
[  870.452218][ T1419] The buggy address belongs to the object at ffff88806f7d6000
[  870.452218][ T1419]  which belongs to the cache kmalloc-cg-2k of size 2048
[  870.456521][ T1419] The buggy address is located 32 bytes inside of
[  870.456521][ T1419]  freed 2048-byte region [ffff88806f7d6000, ffff88806f7d6800)
[  870.460464][ T1419] 
[  870.461222][ T1419] The buggy address belongs to the physical page:
[  870.463253][ T1419] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6f7d0
[  870.465899][ T1419] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  870.468477][ T1419] memcg:ffff88806cdc1c01
[  870.469802][ T1419] flags: 0x4fff00000000040(head|node=1|zone=1|lastcpupid=0x7ff)
[  870.472154][ T1419] page_type: f5(slab)
[  870.473400][ T1419] raw: 04fff00000000040 ffff88801b44c140 ffffea0001aae600 dead000000000002
[  870.475883][ T1419] raw: 0000000000000000 0000000000080008 00000000f5000000 ffff88806cdc1c01
[  870.478514][ T1419] head: 04fff00000000040 ffff88801b44c140 ffffea0001aae600 dead000000000002
[  870.481159][ T1419] head: 0000000000000000 0000000000080008 00000000f5000000 ffff88806cdc1c01
[  870.483831][ T1419] head: 04fff00000000003 ffffea0001bdf401 00000000ffffffff 00000000ffffffff
[  870.486468][ T1419] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  870.489083][ T1419] page dumped because: kasan: bad access detected
[  870.491044][ T1419] page_owner tracks the page as allocated
[  870.492817][ T1419] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 18359, tgid 18358 (syz.2.2690), ts 827068668077, free_ts 826995112048
[  870.499619][ T1419]  post_alloc_hook+0x1c0/0x230
[  870.501167][ T1419]  get_page_from_freelist+0x1321/0x3890
[  870.502995][ T1419]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  870.504832][ T1419]  alloc_pages_mpol+0x1fb/0x550
[  870.506364][ T1419]  new_slab+0x23b/0x330
[  870.507626][ T1419]  ___slab_alloc+0xd9c/0x1940
[  870.509028][ T1419]  __slab_alloc.constprop.0+0x56/0xb0
[  870.510701][ T1419]  __kmalloc_cache_noprof+0xfb/0x3e0
[  870.512359][ T1419]  bpf_prog_alloc_no_stats+0x116/0x630
[  870.514052][ T1419]  bpf_prog_alloc+0x3b/0x230
[  870.515493][ T1419]  bpf_prog_load+0x1a04/0x2490
[  870.516987][ T1419]  __sys_bpf+0x433c/0x4d80
[  870.518377][ T1419]  __ia32_sys_bpf+0x76/0xe0
[  870.519786][ T1419]  __do_fast_syscall_32+0x7c/0x3a0
[  870.521369][ T1419]  do_fast_syscall_32+0x32/0x80
[  870.522907][ T1419]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  870.524852][ T1419] page last free pid 23 tgid 23 stack trace:
[  870.526714][ T1419]  __free_frozen_pages+0x7fe/0x1180
[  870.528321][ T1419]  __folio_put+0x329/0x450
[  870.529724][ T1419]  put_netmem+0x26e/0x2e0
[  870.531065][ T1419]  __pskb_trim_head+0x5c7/0x7b0
[  870.532609][ T1419]  tcp_trim_head+0x85/0x5f0
[  870.533916][ T1419]  tcp_ack+0x1c34/0x5c90
[  870.535248][ T1419]  tcp_rcv_established+0xda1/0x22e0
[  870.536859][ T1419]  tcp_v4_do_rcv+0x5ca/0xa90
[  870.538306][ T1419]  tcp_v4_rcv+0x3609/0x4650
[  870.539719][ T1419]  ip_protocol_deliver_rcu+0xba/0x4c0
[  870.541377][ T1419]  ip_local_deliver_finish+0x316/0x570
[  870.543089][ T1419]  ip_local_deliver+0x18e/0x1f0
[  870.544593][ T1419]  ip_sublist_rcv_finish+0x2c1/0x620
[  870.546220][ T1419]  ip_list_rcv_finish+0x552/0x720
[  870.547781][ T1419]  ip_list_rcv+0x335/0x450
[  870.549163][ T1419]  __netif_receive_skb_list_core+0x752/0x950
[  870.551058][ T1419] 
[  870.551817][ T1419] Memory state around the buggy address:
[  870.553562][ T1419]  ffff88806f7d5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  870.556001][ T1419]  ffff88806f7d5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  870.558452][ T1419] >ffff88806f7d6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  870.560895][ T1419]                                ^
[  870.562504][ T1419]  ffff88806f7d6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  870.564953][ T1419]  ffff88806f7d6100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  870.567404][ T1419] ==================================================================
[  870.569927][ T1419] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  870.572170][ T1419] CPU: 0 UID: 0 PID: 1419 Comm: aoe_tx0 Not tainted 6.15.0-syzkaller-13473-gc0c9379f235d #0 PREEMPT(full) 
[  870.575639][ T1419] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  870.578899][ T1419] Call Trace:
[  870.579945][ T1419]  <TASK>
[  870.580877][ T1419]  dump_stack_lvl+0x3d/0x1f0
[  870.582361][ T1419]  panic+0x71c/0x800
[  870.583592][ T1419]  ? __pfx_panic+0x10/0x10
[  870.584986][ T1419]  ? irqentry_exit+0x3b/0x90
[  870.586441][ T1419]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.588046][ T1419]  ? handle_tx+0x5a5/0x630
[  870.589438][ T1419]  ? check_panic_on_warn+0x1f/0xb0
[  870.591030][ T1419]  ? handle_tx+0x5a5/0x630
[  870.592459][ T1419]  check_panic_on_warn+0xab/0xb0
[  870.594022][ T1419]  end_report+0x107/0x170
[  870.595367][ T1419]  kasan_report+0xee/0x110
[  870.596759][ T1419]  ? handle_tx+0x5a5/0x630
[  870.598312][ T1419]  handle_tx+0x5a5/0x630
[  870.600015][ T1419]  dev_hard_start_xmit+0x97/0x740
[  870.601606][ T1419]  __dev_queue_xmit+0x7eb/0x43e0
[  870.603184][ T1419]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.604812][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.606317][ T1419]  ? __pfx___dev_queue_xmit+0x10/0x10
[  870.607993][ T1419]  ? __pv_queued_spin_lock_slowpath+0x28d/0xcf0
[  870.609941][ T1419]  ? __lock_acquire+0xb8a/0x1c90
[  870.611485][ T1419]  ? __lock_acquire+0xb8a/0x1c90
[  870.613062][ T1419]  ? do_raw_spin_lock+0x12c/0x2b0
[  870.614650][ T1419]  ? find_held_lock+0x2b/0x80
[  870.616113][ T1419]  ? skb_dequeue+0x126/0x180
[  870.617559][ T1419]  ? find_held_lock+0x2b/0x80
[  870.619017][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.620455][ T1419]  tx+0xcc/0x190
[  870.621572][ T1419]  ? __pfx_tx+0x10/0x10
[  870.622886][ T1419]  kthread+0x1e1/0x3e0
[  870.624155][ T1419]  ? find_held_lock+0x2b/0x80
[  870.625625][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.627064][ T1419]  ? __pfx_default_wake_function+0x10/0x10
[  870.628861][ T1419]  ? lockdep_hardirqs_on+0x7c/0x110
[  870.630484][ T1419]  ? __kthread_parkme+0x19e/0x250
[  870.632074][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.633516][ T1419]  kthread+0x3c2/0x780
[  870.634797][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.636242][ T1419]  ? rcu_is_watching+0x12/0xc0
[  870.637879][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.639452][ T1419]  ret_from_fork+0x5d7/0x6f0
[  870.640922][ T1419]  ? __pfx_kthread+0x10/0x10
[  870.642423][ T1419]  ret_from_fork_asm+0x1a/0x30
[  870.643931][ T1419]  </TASK>
[  870.645583][ T1419] Kernel Offset: disabled
[  870.646957][ T1419] Rebooting in 86400 seconds..

VM DIAGNOSIS:
03:11:52  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8557c485 RDI=ffffffff9ae6ca40 RBP=ffffffff9ae6ca00 RSP=ffffc9000784f458
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=20666f2064616552
R12=0000000000000000 R13=0000000000000064 R14=ffffffff9ae6ca00 R15=ffffffff8557c420
RIP=ffffffff8557c4af RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097762000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080bc6000 CR3=000000000e182000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000002558069 RBX=0000000000000001 RCX=ffffffff8b7bcc69 RDX=0000000000000000
RSI=ffffffff8dc12ef0 RDI=ffffffff8bf55a60 RBP=ffffed1003b5c488 RSP=ffffc9000046fdf8
R8 =0000000000000001 R9 =ffffed1005666645 R10=ffff88802b33322b R11=0000000000000001
R12=0000000000000001 R13=ffff88801dae2440 R14=ffffffff90883450 R15=0000000000000000
RIP=ffffffff8b7bb7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097862000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002eb00ff8 CR3=0000000065603000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000003 RCX=0000000000000002 RDX=ffff88801bf82440
RSI=ffffffff8169e3e1 RDI=ffffffff8bf55a60 RBP=ffff888027b93d40 RSP=ffffc9000051f6a8
R8 =0000000000000001 R9 =0000000000000001 R10=ffffffff90883457 R11=0000000000000001
R12=0000000000000003 R13=0000000000000003 R14=ffff88802b43cd40 R15=ffffed1004f727a8
RIP=ffffffff8b7bb7cf RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097962000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f721d840 CR3=0000000065603000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=000000000151da27 RBX=0000000000000003 RCX=ffffffff8b7bcc69 RDX=0000000000000000
RSI=ffffffff8dc12ef0 RDI=ffffffff8bf55a60 RBP=ffffed10037e1000 RSP=ffffc9000048fdf8
R8 =0000000000000001 R9 =ffffed10056a6645 R10=ffff88802b53322b R11=0000000000000001
R12=0000000000000003 R13=ffff88801bf08000 R14=ffffffff90883450 R15=0000000000000000
RIP=ffffffff8b7bb7cf RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff888097a62000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7236744 CR3=0000000061f8f000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000600
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000ff0000000000 00000000ff000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000