last executing test programs:

1m3.426110759s ago: executing program 0 (id=1351):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x4, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b00000085000000d0de00009500000000000000d0839d6a480cfbaf4e868defcbc889eba06693df16e1620fc104ea9f348583abbdeaf92f291db743a74ae5985004c98ec723ee385b66a70bd31ed8311b0dc5c28a673f84ae9a58b8ab1e97f4ed5fb84e6dcc2980cceeddf30aa9284f7f40ceb68db865dbd4a302ef16c199d970b3504000afd6a40173657bafd684abef3c4454392d9b7aaed1619cb8fa8effffffffffffff7f417705cce67184381b2dfcdc5b5e"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$xdp(0x2c, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_extract_tcp_res(&(0x7f0000000040), 0x1, 0x8)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, &(0x7f0000000540)="12", 0x0, 0x2}, 0x50)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r2, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000040000000040100"})
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x0, 0x2002}, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x1, 0x2, 0x10000, 0x100, 0x8000000000000001, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0xb, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x8890, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x4, 0x8, 0x5c3e, 0x622, 0x1, 0x5, 0xfffffffffffffffa, 0x1, 0xe, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x6, 0xfffffffeffffffff, 0x8, 0xd, 0x9, 0xe8, 0x80000000, 0xc62, 0x2, 0x10004, 0x2, 0xcdc, 0x7, 0x2, 0xa, 0x2, 0x5, 0xfff, 0x9, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0x53a, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2293332f, 0x6, 0x34, 0x0, 0xd, 0x2, 0x0, 0x2, 0x2, 0x7, 0x8, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
setuid(0xee01)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r3, &(0x7f0000000e40)={&(0x7f0000000580)=@l2tp6={0xa, 0x0, 0xec, @loopback, 0x5, 0x3}, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000880)="90dbc83fcb6c375353573eed102f72a843d0bcfafbf237f5dfb3044db5ba2cfb802ee2a0cb62dccfde35c7fb38746d759ceddec7490eb0fd7534bf42ffe75a74792ac6d96c2e63c849a2c98b58193c5f9a0560fd6946633563507105210882cf13a9e32b30b3dca918dadc288e2aa43c5a9cc5ae75014ef10db65e51d419f3a5202d2af123f8b7a21611ebfa090ad5bdbad31ecb2469417188cb361901214b5f1163530d556b9d1d28ad4d635bcfa2836c5a334150761b6ed5775b58643b60cdd4131e86cd1f8e3420e27954659557", 0xcf}, {&(0x7f0000000780)}, {&(0x7f0000000980)="d1c09f310777535d88975d5e2e9f293d8707bd004585ec5b55c3590022a08194ecf6b3dcc45f4b812cf24d0aca0ebf5cee59a277e1533ba1b2e9ee5ca86c30f761681d9b1c8f8b558413f56f2fed7ab58868f803dade5af28311b4100f59f7c2c173d7d5", 0x64}, {&(0x7f0000000a00)="b4ecd056476f3e7f16b6ddf7ab08fa112f6b0ea1f066656bc048957fe5edddc81d527f65cd24aead06f321ac912b9d93abcafbbf32484d8c32fb1b34cec0460bfae7605116752091e00c8c0690bbe3de1df28518d70dcca1da4ac1445db4a8463702d7d8ee1d79fd56fea99c203c770eedaa783943a949751180ec5928201a17015e511b35693113dcde5a03b28de7cac74f7f7eb4986af5bcb9ea68b6759d224b4acdb93d2c16edec47718c020ed756882483d0d2cba3", 0xb7}, {&(0x7f0000000100)="4e50cbb043fa201b97c2415a9719ab5bc562e23f8ca8ee4bb84a67", 0x1b}], 0x5, &(0x7f0000000b00)=[{0x20, 0x84, 0x8, "b80af6de7880d9da8d98d078c6a76532aca1"}, {0xf8, 0x0, 0x7fff, "1150d4e6cd03b57a25ecb297d08ddd02c89fe7da601d2df95334810160ed7982dd668410c33bc577ce1356eaea820a06756bb6db3470a81b073a357223ac99720a072260fa9216219f5182e8535df466ee733bc6e66d3c562e090106483d0f794abcf2d5bca8f3a48309efae734e2ef85136544db016787ce1be3b9b0c186d94384b40088c41a899ea44054535fbd98a73858e55b68d2e0fa20613b7b91ccfb1d624a1ced82ed43095c3f79299ae9d374b7a42f1f963b631bc89f16aef33606157abd9c58c6d24df6d59e1544dbee357a9e3083324c45bac33e3a11bf659ae9d3b5ccfdd0c183226993181"}, {0x60, 0x104, 0x65a2, "9a7abfa048cb242ffd900bcfbf3ea8cf1e3837247f3e2841d4aad5086d8449661b9f8e5b2fd95f2ebbedf1a56fdc89e8add6f9e3b4291a35c754e1b92f6cbdd83630f207790e608a8860250b21ea5ea370"}, {0x98, 0x10e, 0xfffffff1, "d8e3132857243f15a953beca833525ed520c0b00ac0e424f3ee4595de23b2213b3ed1988d59b50174c4ad19b22725ec37f70036bccc7aaab195e340a7351d9cdda950679d4057b07d371d4d7a4cad61f0e1b2e0da4729dfbeca35b3d79dca5cfae7a5608544741f4d4392252300e72600c30652512a667414e0ccfe51d6fd6e2365f5ab3097467d6e4b5"}, {0xf4, 0x111, 0x8, "53a9dd2375ecbbda8375770deee0839938a0064fbea8034bd1e33b518824c3277dcd779e5448b3cd62d772fa55c41e6f04e867795e43d997eb309f8730a52c7d82cee7d8c7aae7065438cf18a147d46fc0d4fb6bb52dedd14ac031b0469766cf016ace21749237298039776902d9db4e2d8b19ee18ddcb02883624ceafc596aaf9e50141dd483a982ba0621e41878e0d619a88c42da46969201e0099e2c744037357a6578cb701add0921a7acbb9a5758e78601db6208194050567fb6d2c17efcd31fae1f547ad9abd12062c4d181d3555e2821745a89631fa21cf4953b86a057ba3753a460b"}], 0x304}, 0x20048014)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000300)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m2.017766406s ago: executing program 0 (id=1360):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
writev(r0, &(0x7f00000006c0)=[{&(0x7f00000005c0)="f3", 0x1}], 0x1)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
close_range(r1, 0xffffffffffffffff, 0x4000000)

1m0.561860653s ago: executing program 0 (id=1368):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x15)
r1 = dup(r0)
read$FUSE(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="f4000000410007010000000007000400017c00000400fc80dc00018006000600800a0000cd409080f1ff64a5", @ANYRES32=r2, @ANYBLOB='\b\x00;\x00', @ANYRES32=0x0, @ANYBLOB="c2bd11e6b4884b645d8a9e53fcbc725b3ebf28dfd270af4cd88d970c5c4833ad545b3b35c607fc5e0c77b677ca40871b98d3d8d733ff2d866b529274b7c5d01ca3f433785b5e3d6cf9ec95d871fddd86e61e4c1a148f418c6e0547b07852d42a8c1fe7aab167e856b09e3152ee8614475b0bf84400ce8040005f800400428007770693d4f256912a653bf1f6dbf150aebd87c29592d6161890663a64abb26d9304a916bcf59cc8aea92ff00369ad7408000800", @ANYRES32=0x0, @ANYBLOB="97855a38da2abe5df37ead45d0807701333d4dc383cb517a43d1ed35887f8637eedc750faacc32c78b28000000000000"], 0xf4}}, 0x4010)
r4 = dup(r2)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x708, 0x41e3, 0x0, 0x0, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x1)
r8 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_JOIN_GROUP(r8, 0x29, 0x2a, &(0x7f0000000180)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000040)={0x1, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108)
r9 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
r10 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r10, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x2, 0x0, 0x70bd2c}, 0x10}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r9, 0x40045542, &(0x7f00000001c0)=0x20)
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket(0x2, 0x80805, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='percpu_alloc_percpu\x00'}, 0x18)
r11 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

59.667265446s ago: executing program 0 (id=1370):
r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
open$dir(&(0x7f0000000100)='./file0\x00', 0x15b800, 0x0)
rmdir(&(0x7f0000000440)='./file0\x00')
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x11) (fail_nth: 2)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r2 = syz_open_dev$dri(&(0x7f0000000740), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000180), &(0x7f0000000340)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000600)=[r3, 0x0], 0x2, 0x800})
socket$netlink(0x10, 0x3, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getsockopt$bt_hci(0xffffffffffffffff, 0x11e, 0x1, 0x0, &(0x7f0000000040))
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_SELLOADLUT(r5, 0x541c, &(0x7f00000000c0))
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x16, 0x0)
ioctl$TIOCL_SCROLLCONSOLE(r5, 0x541c, &(0x7f0000000100)={0xd, 0x6})

59.506803351s ago: executing program 0 (id=1372):
fsopen(0x0, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
pidfd_getfd(0xffffffffffffffff, r2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0xdf, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB="200025bd7000fedbdf", @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x99fe681834aac99b, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, 0x0)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
unshare(0x6a040000)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r6, 0x0, 0xfffffffffffffffd}, 0x18)
open_tree(0xffffffffffffffff, 0x0, 0x800)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000007c0)=@IORING_OP_SYMLINKAT={0x26, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='./file0\x00'})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$inet6_udplite(0xa, 0x2, 0x88)

59.385424646s ago: executing program 0 (id=1373):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x12, 0x141341)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000080)=0x5924ba)
ioctl$USBDEVFS_RESET(r0, 0x5514)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
close(r1)
pipe2(0x0, 0x880)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
setgid(0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0x1a20484568097968}, 0xfd}, 0x18)
sendmsg$can_j1939(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)}}, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00'}, 0x14)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{}, {0xfbfffffa}]}})

59.331710687s ago: executing program 32 (id=1373):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x12, 0x141341)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000080)=0x5924ba)
ioctl$USBDEVFS_RESET(r0, 0x5514)
r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
close(r1)
pipe2(0x0, 0x880)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
setgid(0x0)
capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x0)
socket$nl_sock_diag(0x10, 0x3, 0x4)
setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, 0x0)
bind$can_j1939(r4, &(0x7f0000000040)={0x1d, 0x0, 0x0, {0x0, 0x1a20484568097968}, 0xfd}, 0x18)
sendmsg$can_j1939(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)}}, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000200)=@generic={&(0x7f00000001c0)='./file0\x00'}, 0x14)
setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x3b, 0x2, [{}, {0xfbfffffa}]}})

3.594611484s ago: executing program 4 (id=1659):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x101200)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000240)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000007c0)="16510fb70c0a8fbfbb7144dcc7afbdc3753d9d99ff9e863a552d3a9309c8e1db645c2b86507a519ddab4be9a70c6c07c1c681e99c74ebe4def6632e224ddaf6522cea656b92f106e6490b0bc66ace7a66bdc7e584e3aff8ce3be355bf1d445bd3035f1052a1d18011c578118a8fa216d099ee11c8e0475615b0f30ceda836a80bd906d3e8df81e8fdded6422a6d61e270ffaff4836fd6f7e4ac2ea17fe7a4f3f95846e322f955c70a1df81b1796b4fe62aed9cacef0228f10271579389cff1b9140000000000000000000000e340c9d04e2c7389ed0000b3bdacd6c35937aff589e77ef07d87fe24f70d624ef310937d772aaa2379ebf8186ef9e9bd34f224440c5397da86794c01bfd87409413ea2ef13c4ec9ef6110fe2a0f5693f7095dbef82", 0x121})
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0086426, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{}]})
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000200)={0x6, 0x2, 0x4})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x0, 0x48)
open_by_handle_at(r3, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0xfe, {0x80}}, 0xc80)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, 0x0, 0x0, 0x3, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f046, 0x100000})
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x5761, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)={0x0, <r6=>0x0})
sched_setattr(r6, 0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00')
r8 = open_tree(r7, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x26020480)
open_tree(r8, &(0x7f0000000100)='\x00', 0x89901)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="93fc85ff30d2", @random="2ecafcc67af2", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, {0x3200, 0x88be, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x100, @void}, "f439992d"}}}}}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.437074852s ago: executing program 4 (id=1660):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0xffffffd3, &(0x7f0000000440)={0x0, 0x0, 0x8c1f, 0x0, 0x0, 0x0, 0x400, 0x7, 0x0, 0x0, 0x0, 0x0, 0x8, 0x2, 0x0, 0xffffffffffff2ea6, 0xfffffffffffffffc, 0x1, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000000000})
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x11, 0xa, 0x0)
getsockname$packet(r2, 0x0, &(0x7f00000001c0))
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
bind$llc(0xffffffffffffffff, &(0x7f0000000080), 0x10)
listen(0xffffffffffffffff, 0x0)
accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x0)
mprotect(&(0x7f000029a000/0x4000)=nil, 0x4000, 0x2)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r3, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r5)
sendmsg$NLBL_UNLABEL_C_STATICADD(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[], 0x58}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$fou(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0)
clock_gettime(0x0, 0x0)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$FS_IOC_SETFLAGS(r6, 0x40186f40, &(0x7f0000000440)=0x20000)
ioctl$FS_IOC_SETFLAGS(r0, 0x40046f41, &(0x7f0000000440)=0x10)

2.746923662s ago: executing program 1 (id=1664):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x4, 0x5, &(0x7f0000000680)=ANY=[@ANYBLOB="18020000000000000000000000000000850000009b00000085000000d0de00009500000000000000d0839d6a480cfbaf4e868defcbc889eba06693df16e1620fc104ea9f348583abbdeaf92f291db743a74ae5985004c98ec723ee385b66a70bd31ed8311b0dc5c28a673f84ae9a58b8ab1e97f4ed5fb84e6dcc2980cceeddf30aa9284f7f40ceb68db865dbd4a302ef16c199d970b3504000afd6a40173657bafd684abef3c4454392d9b7aaed1619cb8fa8effffffffffffff7f417705cce67184381b2dfcdc5b5e"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$xdp(0x2c, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
syz_extract_tcp_res(&(0x7f0000000040), 0x1, 0x8)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, &(0x7f0000000540)="12", 0x0, 0x2}, 0x50)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r2, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000040000000040100"})
write$6lowpan_control(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x0, 0x2002}, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x2c0, 0x0, &(0x7f0000000180)=[0x6bd1a312, 0x2ec66, 0x8, 0x8, 0x7, 0x800000000000009, 0x1, 0x2, 0x10000, 0x100, 0x8000000000000001, 0x40000000000000, 0x3, 0x5, 0x5, 0x49, 0x3ff, 0x2, 0x0, 0xb, 0x8000000008, 0xb, 0x1c1, 0x1000000003, 0x2, 0x2, 0x6, 0x7, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x9, 0x7, 0x23b, 0x3, 0x2, 0x8890, 0x8, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x4, 0x8, 0x5c3e, 0x622, 0x1, 0x5, 0xfffffffffffffffa, 0x1, 0xe, 0x7, 0x4, 0x100000000, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x6, 0xfffffffeffffffff, 0x8, 0xd, 0x9, 0xe8, 0x80000000, 0xc62, 0x2, 0x10004, 0x2, 0xcdc, 0x7, 0x2, 0xa, 0x2, 0x5, 0xfff, 0x9, 0x4, 0x6, 0xab6, 0x0, 0x4, 0xfff, 0xffffffffffffff81, 0x9, 0xff, 0x5, 0x53a, 0x5, 0x400000000008061d, 0x6, 0x8, 0xf6, 0x7, 0x6, 0x200, 0x7, 0xe53e, 0x2c, 0x2, 0x2293332f, 0x6, 0x34, 0x0, 0xd, 0x2, 0x0, 0x2, 0x2, 0x7, 0x8, 0xfffd, 0x10, 0x8, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0x3ffc00000, 0x8, 0x3]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
setuid(0xee01)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r3 = socket$kcm(0x29, 0x5, 0x0)
sendmsg$kcm(r3, &(0x7f0000000e40)={&(0x7f0000000580)=@l2tp6={0xa, 0x0, 0xec, @loopback, 0x5, 0x3}, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000880)="90dbc83fcb6c375353573eed102f72a843d0bcfafbf237f5dfb3044db5ba2cfb802ee2a0cb62dccfde35c7fb38746d759ceddec7490eb0fd7534bf42ffe75a74792ac6d96c2e63c849a2c98b58193c5f9a0560fd6946633563507105210882cf13a9e32b30b3dca918dadc288e2aa43c5a9cc5ae75014ef10db65e51d419f3a5202d2af123f8b7a21611ebfa090ad5bdbad31ecb2469417188cb361901214b5f1163530d556b9d1d28ad4d635bcfa2836c5a334150761b6ed5775b58643b60cdd4131e86cd1f8e3420e27954659557", 0xcf}, {&(0x7f0000000780)="29f57a41ac53966b9e004fa3d1e6d7e22fa5ed2ef179500bff5275d7285b03e4683cf26ff7311c2a5d959052fdff5075338558dbd3b86f5b842f039b58c4de8f29355cb66a41ca0c5d524f5a793cc5a0073da831f8279a282ef7233f268a1bce9daaf86330528a0023b542bc9b593c3242c505fcf33213afc2ed9b618200151a37455593766f10926d8425c1b1ebfcf06cc33ea74397467f0482ff", 0x9b}, {&(0x7f0000000980)="d1c09f310777535d88975d5e2e9f293d8707bd004585ec5b55c3590022a08194ecf6b3dcc45f4b812cf24d0aca0ebf5cee59a277e1533ba1b2e9ee5ca86c30f761681d9b1c8f8b558413f56f2fed7ab58868f803dade5af28311b4100f59f7c2c173d7d5", 0x64}, {&(0x7f0000000a00)="b4ecd056476f3e7f16b6ddf7ab08fa112f6b0ea1f066656bc048957fe5edddc81d527f65cd24aead06f321ac912b9d93abcafbbf32484d8c32fb1b34cec0460bfae7605116752091e00c8c0690bbe3de1df28518d70dcca1da4ac1445db4a8463702d7d8ee1d79fd56fea99c203c770eedaa783943a949751180ec5928201a17015e511b35693113dcde5a03b28de7cac74f7f7eb4986af5bcb9ea68b6759d224b4acdb93d2c16edec47718c020ed756882483d0d2cba3", 0xb7}, {&(0x7f0000000100)="4e50cbb043fa201b97c2415a9719ab5bc562e23f8ca8ee4bb84a67", 0x1b}], 0x5, &(0x7f0000000b00)=[{0x20, 0x84, 0x8, "b80af6de7880d9da8d98d078c6a76532aca1"}, {0xf8, 0x0, 0x7fff, "1150d4e6cd03b57a25ecb297d08ddd02c89fe7da601d2df95334810160ed7982dd668410c33bc577ce1356eaea820a06756bb6db3470a81b073a357223ac99720a072260fa9216219f5182e8535df466ee733bc6e66d3c562e090106483d0f794abcf2d5bca8f3a48309efae734e2ef85136544db016787ce1be3b9b0c186d94384b40088c41a899ea44054535fbd98a73858e55b68d2e0fa20613b7b91ccfb1d624a1ced82ed43095c3f79299ae9d374b7a42f1f963b631bc89f16aef33606157abd9c58c6d24df6d59e1544dbee357a9e3083324c45bac33e3a11bf659ae9d3b5ccfdd0c183226993181"}, {0x60, 0x104, 0x65a2, "9a7abfa048cb242ffd900bcfbf3ea8cf1e3837247f3e2841d4aad5086d8449661b9f8e5b2fd95f2ebbedf1a56fdc89e8add6f9e3b4291a35c754e1b92f6cbdd83630f207790e608a8860250b21ea5ea370"}, {0x98, 0x10e, 0xfffffff1, "d8e3132857243f15a953beca833525ed520c0b00ac0e424f3ee4595de23b2213b3ed1988d59b50174c4ad19b22725ec37f70036bccc7aaab195e340a7351d9cdda950679d4057b07d371d4d7a4cad61f0e1b2e0da4729dfbeca35b3d79dca5cfae7a5608544741f4d4392252300e72600c30652512a667414e0ccfe51d6fd6e2365f5ab3097467d6e4b5"}, {0xf4, 0x111, 0x8, "53a9dd2375ecbbda8375770deee0839938a0064fbea8034bd1e33b518824c3277dcd779e5448b3cd62d772fa55c41e6f04e867795e43d997eb309f8730a52c7d82cee7d8c7aae7065438cf18a147d46fc0d4fb6bb52dedd14ac031b0469766cf016ace21749237298039776902d9db4e2d8b19ee18ddcb02883624ceafc596aaf9e50141dd483a982ba0621e41878e0d619a88c42da46969201e0099e2c744037357a6578cb701add0921a7acbb9a5758e78601db6208194050567fb6d2c17efcd31fae1f547ad9abd12062c4d181d3555e2821745a89631fa21cf4953b86a057ba3753a460b"}], 0x304}, 0x20048014)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000300)="e02742e8680d85ff9782762f86dd", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.057057399s ago: executing program 4 (id=1665):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f02f0ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd000000100001000d0c10000000000000000000", 0x58}], 0x1)
socket(0xa, 0x3, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
mkdir(0x0, 0x8)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x80)
ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0585605, &(0x7f00000005c0)={0x0, 0x2, @raw_data=[0x0, 0x0, 0x100c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfffffffe]})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40048820)
syz_open_procfs(0x0, &(0x7f0000000100)='syscall\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0x3, r4}]}, 0x44}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
dup(r5)
r6 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x3, 0x288}, &(0x7f0000000340)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000140)=@IORING_OP_WRITEV={0x2, 0x59, 0x4004, @fd, 0xfffffffffffffffd, 0x0, 0xff59, 0x18, 0x0, {0x3}})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.677068444s ago: executing program 4 (id=1668):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname$packet(r1, &(0x7f0000002780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000027c0)=0x14)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x2)
ioctl$TCSETS(r2, 0x404c4701, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3cffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800500110001000000"], 0x3c}}, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000240)="26b2a8dd3bb50b8ceb62f430e5885746b5fd58b5a47a2bf28b373c8660a05cf8181b4b7a61b8ce127e9a2c0e92dea9379d5ca6b58c15037915bb4319621bdbead01cade5fc0535760d2286578af05881b83e2c2007508ed17ff1e44b5f91fd57e1077aaaf77b6741f58c4e426bb9b1ac269ddb81ba7c1d6ee457f1bb8ceb4e8a69db85ebb1df95fec7f3b5bd95dd726c920792e9a54f1641d5578f4347df0d583f76f962383980e8c6a1c123a70212d089e9b35900b052f0ee59eed7cf1e133398f5f5bd78d5c9820ee007f32894a57377a97af57c6d6dd108231b10a94c67f18552a65b870b7a9afcdfb72b57b81b1e424f739df21dfeebfaca906901b2626cfa482aabcc62b510255ee5010b4c1b260471011275c7f242659df63a8de398c2b0dfa67422e519853a439752898451f9f02defd4ae71ecc8aadd28d21a339d35cb425e109a5452d01d1ca2fc9cd2572a1252582d4b179876cc489b1b3fe4767d0356c29e6e0b891991f1dd5acc3c3e35f9d0048ed0e28b9771295729aeb5a1e262ec2fcbb545c3e24799bc424924294928312b42be902842083b4d7383ed289b307b66c8568277b3c17fea747ee49b750d83dd7ea1f18a5eae198451bd2968f823e03a4656cbbb154145465ddc7bcdd0c7b1d07366c0a4090e4023fd98d0f77d3949d7788bf0b31c52c7704bbfd681c4691d16ef610708ad2ae5af88301c5b0451ae9f292f16aa44230e53874a432be156fc74c9690983928aff88c8d817c86913fdc8425cf2cc43297e89321dfbbba3f4f1b8bcb602a17f1f5918c0657a9e0230f2722f2aca5f2f931c8c91dca589c02a711db5b7ca36f3a49282c4ec3b447ddcbb2f94e257a384d8c17980a3962b2c7b5c0b661899fd1451ce783dfb29355650454b65479ef40a319e37e90757ec3e3e08a2bbe0b9bed99d8bb31e5d240ffa66d5162748f30635658f92d864dc6ee1d95d9b6e19e554f6a4a5cb4a067b3c7d7d882ed4f908337febfd5cf00a6fd68e95fe62f5c374399f6d3201d3482a0637ac4d9d8253fbbf6bfdc3feb9db0a3d8a85cb337dc7a1328973e20bb82bcc2ec03a637f4f29e1efcf4fec09568a42ece4ee0508a0da8206989d12e522a65e76c4d64bbaec9f328b927391f2b15c7e8b3f138ef345afcac4d566448f327f84ed41f69b4d40c8309d9d5ed6846f788198e151a48f654d29b659f923858d443e118409541cea176cda5c518a938d10086148efdecda55cd4990922cffc06633c59db0c21d12e4b311e3858e82001c24c2225844019f9d633679ee75a70521da58cb8809c193c0f3389dcf540884ff0b44f224cbe03623ee16ad37e00abd1bdda5972379bfb097aa2ffe5e881ff988644b1364d8117feb6859fa4a942260aa6ac51387bc4c9173b8656813929744af772742e69d78f5b127b3ec8a64a3781a603a56e05eb948a003e54f3095e56899dc6413c4317e12141b3409ee8d33dc77ff33b10c5294c5e6b969848dee370c19e732f3e75a6bf21ad433c99d3978f8a8254fcc589eb067e3663e6179cd7904e080048565f0d8aae47d0dec7830d5eb48cd386ea8ff0cebf7bf86eda674cabd0d06f2068817d1d85f39bff655bda536ca5d9727545b8202a982818c388ab0219021fdf4dcdc5de8731edb03e9170a8867b614e5317f76f44c33563fabb73eb4cf8a766b6299e52d00646262e6e7704748a35322cdd7c52e6bae2654295f7804f68e807d5ce420213a278b751b360bffbc1bb9a027b98e65e9dab8fd143e02c2e6192eb8f411d80aad0fa5ff40ced48d26e076cda037ffed74f19b1a35839239b5d14e57fcba05aad705435f998d5a85c05d944bfc472ecda2974332b9b44c448365682d00e271f0fd2a436057adfb7b8eca4abdb8c1329121d6dae395dd1506a95c0de8191bd69cd1f68ec5af9a88fbb1a37c082b9df5cb390379f2db48c63e9f779b875ef9891a84181900bec4d6f512e4633f6b43b6abcb87e2e72f74d8cb0ea3019860339fdcff45dfe7e0817de819eef61d6e91b05a6b8ce8b0e1416e0210813429ff7a75cbd6e7a8f5c1e41012f8b092c6f0b45896a3de1a278b80104157dec7e210aab22aebb54ec881291fee48bc1c413f6a0704e45c1b00f39d4618147e4e11f429592bc92044a772bb33349d3ee4b6c2c5a5a8fdd5ad65434943c3987be2ab99807e23db8b9ec30a3030be076b7871c1bc7a9d4506f3a1e7b986d2ea1b60f9240db71a360c919dc6dc24f6af5878efd95d83f5a9529266f2fef29af2b60d214b21b6e3b8e5b3555849453f66e3b2fe46c2547690b745cf6b850312d825c73049a9a009d66d0d58801f254e2dc32897d9f3bf6fc3fd9ca6fef5d0f0dc55e85a99d735d1800f418010986d80f04e7f5a37109b73432db749b569966e781e646c0e373c94d7797960e1b73cb6cf58ffed290c567d7b5dc54f7a9c911d19fab72aded28cb7c063c46fd530b6ea9efef61c4da2bd5bad7d317743314ab01046b0f92d9d428a13bf5ff427fe25bdce29637f916b2da55f2f5ff05ea17002bf139a5740b7f2b60d6048844cc3909c76eb9ea0735ebed9c201efb8228245373c97d8c565e1ddb4c4d07c1ee7e3a942eea3cb88b2b263a0e4eef9b5cbc99f0b1fde017d01b15820f55f51d325c77c298b6973ad694b1f3bd5440fe8e8ea72fb10b53bbfb84c7d2b7be416df5cb60ad3607c71b387687752a119afb71cdc53b8a395e0398a5be4ac9a175df444ea715fbb2703911bcc6867a85ae2d76d25af06ed0e3688660dad6d69c1f356d43e655811e4169ff9f3f275a8417c44a9b7f5cc3e6ae05ed6a226da85946e84144191b4018d2a226e957e583fb34af3d4bdfbb59da087565fdd7faca17d652208c129549f16541f8addf7be170c6041459600364f025362ea0726f48cf82521d47eb478c341da8b0ba94e96942787d4046d04e86b3ecdbf4b3579aa8f00ca70e132609df358d9183f6cf6b200dfd16fac3e0bcdb13cc5bfb20bde3cc139967c70fefe3c39f484c442b75a5606a2b4952c799b04957e151d3dd76eeac764170a1929a88a668926fd6c22e9c2327f85fe88d388f4eed175a5c13e82bd6f42a7669341d2f3012c75c9871e419e0f3c7e50e347856415b8584eb2d2a0214d5bb03b10a26505ea9ffc7d5aca844e24af916eebe7513d8dd9145049aa0dd8e2a5a9fc53cef6239f56f2ba429601ead8223b5d89e5326e09f9d7c409a466fe5781435b9c324efc040cface76eb40b2da68b71a8baf2f916303726256c772cf27806d5208724cdf9f4eef7c7f3084a25242479fbe759bde637a7cb96d98510f0a68876d04cb47a3e7614b0b51f8812727b0881da22bf270d4a44206a581e71a7150c4096dc1fbd9e724ac572adfa13d6c2129e51df101bd5fd45bc57c356d67b65f270168bd0601e0241e887becb130fcb72c398c6e50d5123f5e8cef49d7ae92ae8e7de2221677a8aa6a285824ef679c68f87330224ce2c11299878adf4f46ed510fa4286f6110dd9965c189c21e85654d44992593ad75bb264fa4c9c7f600224b8eee14e6bac1aa0f9c9bc8c10caee2826cc6d8a787a9b98f908d062732ac0226268047fb44fd950d8ae380620c1f594a68a0813b492bfa3a8560dc1458ba84ddbf9b58f0f7317589a36c66493d1b1093c50719fe4e7b3a7f9dc61e961b0a36b0d65bd14029ad5b9dacdb4edbf090c2455c6c1af080e5447ec7aad8d1a532a48ce280decb70918738b3dcd49d3ffe16e1a2099f7e083aec3a97866e51d43e2581530e53d269c4ff2a6f576ecadc018f4e233b6e7da57130bdd369bdf5973031b7280d7bfcfc443dfb578de9d60be87e741e3aabedffd7b46e6a1c342661b0a122d579623e6e86e745e6ec3ee53545e9a1f63c1db363f68ee2a693a8f8bcd5f97c575db2ce1e03fee213bbd7a38a288fb83a07b1adeb99932fa55dda4b7e6be199f8f008abaa88c63f59179b47c541d8707709c7cd5f5aa5ed5c4dc63093596b09858952e64133cbe6b7d02b60528d6a263c9b72aa3e751a99e9fd1664121fc0ba9018d61011edd23d29d05c2080e33c721e503113be23973351a68fb5da582205a0e89e69fc84e24f3d4e8629847f9b6ba77e2ffe6ce394f99b1a94576c677e7433aa8bdc4d9779cbb706c6e2f426806d111173ffb0cd4f7be3ccffcfc9e66a16ab2806b6118ce28bc935624f1cbef0c9c4da396e6dc0e87ff20d0fd0e07d49327d8c0c97c7d70c50b584fbe563cde1cb17f36a73ebbe6b331b6321ac5ceba510a35ee913c5542a9d7b12805a29a99d25a5d3bc13a330435d6f0305bf522cc71e261c39d82584440d47fd82b9b31ad4ea0d2922558e6bab6fb6d3f6da9eb2a2e824af6928ee2ce41baee61fd4b5f896bf92bb1cf06c0c5a1b9b81a8216084c8e90451823d6be884a735a2be130304a22d8168c06db9cb6d62ba30079ecc831952f2564b760153311226d2188bc523928aa63223e785e6cf67a01962eed4195d5b06f06f272fe27d38660153c1727cfb438b5d98da5778070791c5ace1fd3ae756c8f261ad9d1c6aec5722a8e0609c3bb672c628879b65fbba3692070781c13bd34a93a5b9fff4f9ac4cd6aa3fdf076eeb4c0cfa14d2a41193e723d6d013995f34c97bd5d438eae8ca9a8a2dfdadec39c84c11cc9e9506020e072908178a6b60c53321c0b857d12b9adb58d90197c090e558d20a29bfd9f2ae297c23f47a544daa537f5780ec75b1824be5c92c20785499143252dd2f6d1f8aaf47deccbabf74ee0d55793b046aee7dc763353249f03cf2f0c60f6dd6ff082a051ffe2c8ef4ae9b1d8a046af67ffab68a4587ccd0a503906cca13aac0b7309d5fed12abd5303d2803f928651b51dd8747db79c56c3e3f89e6799a9dac3a7c57257c6575e133379b6c616dbab839b530e7ede62dc529acf5a6fa061fd1244fbc82d6e883388291ecaf1130151c8da538f8bccb9b871d2ce3417a9212ad94fe94c6e13e06975d8ba285d7e937ac4c6fd89aae06db06940670463d6b86a18856cc978a49f7e407f2e4f042d7ee1b7791cb33697824c68b2535af6c803e7940512da7db39c98ed1030e615569c200bc3ab833156187c25c1f659dcde3434f47a8cce56d821617c58907f80d5628214a0a8aad3fa2087647d52ac1c9692c6b57b85d70cd12875f110e631f3a9e34f21afc401797d9a13753deabb43fef92d691efb19a7120167f838d283fc5f2f1d7b4c2ef736fb1c8a47befcfd320f98461756d6908f00cea4a252733db78b6f67620e1a209e39f788a8360b8f42ccf1776259c6f70ef7ca2b0ee8caf4bf27017730236669eab62ada6db1d381ec2f8c60bebf555425bab9fa4d46823d3b0a1b1f51add64961aa2a073929116f02ea230bfb354019e47800415edeacf72a7daf8930c64adff306aba841fbe75bb18da73441721c86d3a70f9e6025e7fc95516703372fcae04421b08d0edbc5f1b6b6a3c66225011dc19f575111180e8d173922c2e28123347036b3ff2418dd529c49beb2e335801a3a5473c73d71d084c8271c10d86f283a659deaa57fff6673519645e0ee4c915cc3b8c440584fe222b1bc0cc0888142b9753ad409ed41ca16a92a3126ee73f7237523c6c781959fd255c5c0dff4ff324dc3e2246da77281809ead68df57e4ae6c1f8001e6d292e8e42f897b59770ec26b508ac5d57b47ee9696f9d40ceb39f9653a14737ede3f3213147381417d9633d30cc1107dde46e5ead6e4e4dec617202e10b9093e3bb2dfd785dd96a6a64f44bef7465552dc2e391c978c7ac1ce2b8f774d7b3934d15fc6d96eb3de6f0e9402a8538c6081712e5affa5b67b4153217b38f3248b2565c804226f4a31688d5fafacfe2e4fc191791c7164cfa33a474f4a9cd90fb5f37f5268e1801a2a762b00e8b7b2bda1db7a90ccc74ccc0fb015eb49a6ed0236d8b6b0e67bcaeeb750a499cfc3b2dc34e9024ea9bf00e5f0013a15509992979b50617dc14aeb0bac46c6961eca1e96ab2b45d342bc68e88b765a79d73f1eec58167e8ea4752981fd898f1ce528e9ba947723bd4d2ce228b6e5787227697d52f2bd0d4ecbebf5c6164f5819313060579ebb3ddb3c6423adb999975427c2d3da65b3cf52849c75464b46ede138be670742b175474222a47755f8006d4752b6c271643aa622f8439903abe53595792e7856a6e5a5e1b309fa139c2e64e927620c87aec8f36b9509c1d5cdee296bdde21d2cc54e7738070d93552d9ecd799325fe6fae9f3d7046ef1459d401922e3da284b7f6ef67ae196f274f6ce94887bb5ec25c0101618d6118b4cf47e0dfcb8dc89e8f44b47ba19c326db51a75a5b790620a2e460110dbc0f923a7d3825e4ac1d04597c0693fd05d93aabe907b47b1581f915de89c16580ae484f864e583b43ddc0991d716e401f60b6f62ebd52178a9e0adfbecc706dfffe8eee93f67ba2c9da4515bdfffd764741527ec04c3503da653271f2051ddad922ae38cae98c9a2eba5f8470d2551d2224add25a32b9c4d573f69ed15445d2b72ab20d1cd07c2d897dd7c97edab293db9f217a5eee5de9ad08da2f734e617b9f5268a3b91336237f5e9738a65f4adde4279eea09ce40e577b97eb5c67772e4ebee5a33afc7de28c70d97a514cdcd95908d26ad62800900a7cb9dcb88955b5401ccd4d965d00ebf0da48bf43cd2f5b61331894f523685b17beb253c3f50db89e11e664d6427a2551b5bfb2cbbfbf1e8240909d5eef23ccfa23d185391713d1205078be21e99063ff6316c06cd77969dda4d7f3350d4f2f29a23f12e14788fd60cbe4c3c00685a5e42b861597fd3b70c5e0e4d9f02355b754bf353fa2bd5dc0225080c26eb39be11a5b3cfe5264f39399167ab55ae7286f09c1d7fd0fc69bc9c7fca34867b5bf11c43612d3e010d2918a0d9b620549402f2c56e9cf3aa53b7614337f0867fe08170ffb272c5d340f237cdca3e023d2e65b250acf4f265ab8794a5388c5358d7e1cccbf82d99dd1aeba50f3363b9c3b6ac43542334bde8cf2ffd29da1d516bb5d950938f410829e2e37684916e1eac5c2ea1352e7cf6d0bc19bf16bf4ee61e44cd339fadcdf18126c46c0aba43c927510f3b876b32f606bfd2f657254e9715f8151099da8897c287ec1eb9077c72a0a31171f5e2672c16d3907caf659a73a15ec1bbdf240cf5796c22a99933999dd36ab3c354736b45b990e1631be048cad72829f782504ccff0cfc2e1eb5fb3e52e9fa4c3a39ec9ae7ef7b4b9e7e9a721a3f6addace5ca68d525ab9dc0d26b05333dd638bba4e40ec0a716b29172fc84a26c046dcdd0a744af3a7da0eb295a6b0d2a4e45bd6222464cae11bdb5a6c02f8ebb9c8846ca03175d4cab8b9c9531ae686029cc740c296feee12fda2cfb130808a3fd435c13bfca388ab530b8c4b546c4fc9af86596daec4569b5e82c8fd452731e27f9dffdc5713562b99fde6b59948a46f2a44ed0e539469040bb04a54fdf390f589c6491f1057b3d44573838dd2a1271ef8ccec3796012d2debeddb9dd0e252bf622f2671d6940f1c89b3ae38b4fcaa37103d96f4504c5654e603b80f710dc575bfdf2f4fa01741ab79057c15b627cd03e7dc24aab3ee312dd1d7e96731c28e24df9b051fa5972615858f07572d07f6a6f947fecf8acb05d220b68a4962b0bb9e2bb6341b97b0bfb18dc92764ceca8f723592c02104a020dfb9ff06bebc81ea80c68a1fa6175ab4042abd3305c1a17b72ba5491dc812def91672873fdd98632871ed0387e00a80c173b9e8c75e185149d32a9945e2f9707301c96337cd1c44cc13a9f38dc23720558c31c4cf6ff72559794c04af4deccbeddb04f267308e220963bf64d0aa830af54a91ae3ae0eb1aa3d48dde97ddd0916e3c16f4d90ef3e66f06f8c4c3d4fcfe41094708f49ac8d4e7150a74d9378a75018dba062fd1ec331776aafdb64e5e1732ab0f0ce0bd8985ec4b1374a6245b6d714a1c02ababcdc1fe22481a6ad3276662d4c9adf65e9d275afa6d57d6c3bcc6ab68234f4a1dade56c852c86c0bb4f427387bc9ea23e7361b7f518039af614141a12499b9602f95e2a969c7f31cf1056fe3b1954ecaa3db219f546a28e954964268be0296ea2765a8194d88b14869d388996d645f34511d63a602d92e795a0b29773052ce44b008556b6a0fb418a9233ed13edf3bda3db479211d00c16d40ee6321241d884fffeb3c1e2c01707c7aa387778779a241699ef4bd5d7cb8e40986539d0778cc242e98f17e630a09d62155b469ef5dba920d2ef80686c8f9eaf1965b42935d6dc470de7fbe0f5083a4b6ced2fa06b255fc35c3325bcc57ae3ef95ef58edb0b45bbff699de88afa565ab9f98b1c98255dfd6bd3eb18af00b94cbe5f94421b2828b0583c91e7cecd4754003ad8f46a206da99e75056705f9cccc481b591d4c33d96b21acbbdb4e70dfd9b6a2fccaa6a0af7f97fca9da759e62a6fb222341cbab0c808d320ff13a5989ce707aabd7f7c569b3e22e0c91613c483c136fb5b94ff7bdc1f51cbb9f5c46e4b62a19cca73057b78d1f3f8a9b0e2a20b8b8d9f2e8d0459df86c18353fbb3cb6e8b804e28dee571349e16b5df662cdedf1aa5a44eea00b778bc79c16138d85fab98c15ad9f2b83eebdb9432634280768397d2895c10012da8c6659e02295cfa52d6d06ef1e6ed0546d46c676048e5a455261659c83492d355eee56596e520962467fa8b3ae99cea9547d99a6d6b674682363c0dd5c8bd5c63d3bc2d45a94fb4e090ca27028b29a61c53d96ade29f1c60cffb5053b494dd2d7c7ccffc7006e16eb2bdcb360a1e0a3fa1f380616d0298e315808db7ae9ad16b6c4bb7dece5c2c4ba52d514f7fdc9b00e66302d1b6c6a7b5b58adb313e0cec67448238f66f69dd480d304a9831833a1b94f8109c0d2f85e646077bbaf140f9c7e72301d8e452f13711be18bdb48e2f0031c38da789a9e4161b7f0a6da09075414aaf9984ab7f141647c532e3b2530f3fd8a93b4218ecbbff44c4a58cdde1f9d89eb60ebe8033dc10116cbc09d4903bfd0830ef8b0d33572ce61bc028133be720544872e4a205fed6b005e8ed240ceb6e9efdd313b6eb0aed6bdcd335cb1765f2d7ed7f1819e0c04a8989183abcaa3677c35c33d95b139ed63f9f67e51386206ee2a3ad54bd4312b1178ece5a5a76eac9534faf2bb8c7b5105811a34a110553c63f1b9168ec5758e39d1f1baa4fd3e8dec73026c08ddf1568fa04b1a36a98055b6912f4faa0741e0bb5f063dfab6e6a8605b997affc69369980188967e4655c954d31b3ebea8dff5face904366191f0695fd3ccdc5e82c5982243e16a895f8aaf9d63d37ee1d323b296862ad265760a392378bc2ae5d7b75039b77aec33aa00c134f554ca9e5fd162296e915ccd359976e7ce4099bcaa5494c8eb6fa4da2a2e245920762f3639fa4fd4eb0e5e167a5f2111bfa669576ff3e0711a4ad78d2f8477363b03e6a13cd5b479817a62614ef613ac2b03a340114909c7b21ee93adf74c2ee2d4c666f1ab8bc43368e7643f3ea8da5a919b1e3078875228d2b519387ac49b7b9990d7dc229fb9ff0d551d3dfbeb843c8b2782f50cf8c575dec6836259a160a9a047165791d1e759c74ea65f4f9da990fc0e789bcd4ddf716442864788be6f2c5b607b6ddc7f9575b4e8375eea50e98cd9320fe736114e03aa0a2c1430d5cb507b29b388ace6ab58393513724607102a0458a458998e94d71b758df51ed4ecb6c6f2b94c31fb480745fbc6f6dc595c9558161fa14462779952982adb70d70a9f9a734fcbde17652e1a91422f93a6ff7d6c80fc92a5005bedf58aefe9bbba9d0ab3441e86b863bb5a3fdfd2a9c6f6d10717d2cd35d3c2a892f0e58545b1794d9aae993d72c215a6673bbe38976cc7d03cda84999c637aec8036ea1a23b143ed6288dcbc7d1ee487b1b6a4f6e8ef63b378acd4ff888bf95d86336907939c29695b2e0cc58efab49056f88a9027cad6d724e635f94f45f4cbddd8188608663ec7e46547e2aac7dec6cc5609e9f5f41ef26a1f16ecf6bfe200b0a955f98d9a4d41a2a268f8857670e33fbd4f076aa11c49cebd8306a4de3c86f7726fde93c7fc984079ae60e63854ee9a14162c749d7e308530c6b84cb5cafdd09ec3411cc0302c77d316beff973e3108ddb9b249e206d5476d605b7b24603ca344c2263bda8d7d3db55b9e2fcdce69be9b1ce24f8c4df129cd62a299fcbbff3309031973b5da452654c0b8ca4cf65891a8bdb8dedd20f631a34964e3bb0fa45c618861da79b259d79ecde8394061c99c661851c016c35ee8c91d52bbbc25f52b5e2f77ef2f63c764b717e8cce4d291742d5a7ef7f5d7ec1a96620eda1f962fb2448c388873f8b8abea4d27a5da092833c43c57c4b14099597f83785a31190798826f4264ba8f998cfbf7f20f9678e10e05c793f5781f8accca245d047d3be6c10541b2610c02c6e916d3db9776c6964e4519cf2e30708c954ef2492d3418c552dd9b5db4320dab8be6ac3394cb4b3fb1b9d5222c6ca9bd06aae2fef510e541db1209cde21fae56507020e80862d0b875d958346c42ebb781955ab337be61a68534281100247904b81b86aed49544c2452ecffaf6cc116f9d3c7362fc2cc390ab2ad29928b6e8bf90a4f21442fb213dbeeea4b8f481792fc6579b608e3a9c4fbe2755010d7ab3cd122de7a40a1f7780350a31d83ee5006ade36854cbc8e8c648259b29f2f7042719ab4d4d4d1f0c5fe6b717d23a5504335922f84ea8b20c78a5f1ddf6009089ea221353c01963fb8cabd3d795831c86d084660fa7f7d08f3ff15780c5b301ee27ab8d98fb358b90e92de4c96687c37e327ac1f0f23208c41a36e67cc22356df854f2dc309c110cfae51c5cc69051d22477caa1d2a2f276ccfbe907b263bd79ad4c5f6ea2687466f325ff2b1a736fff687c14d477c4c744e9c82be5b8ebfb69db2b312ff540ec8cadfcba9b609cae7e54ff347ed3d2649f9214600870ecba27f98943b4fb72f93b5ecb6d64dc1c7b2e8c2f2cf1006e39a237c5818014df9281feb6e522f6cb2d5ca35aeada09a58d5a6bdc9a75cf81a1c51faa8a3824a58d192a27be9fee5098b2e71d0d3f12917d50667415e418b790e0942260f4d2589c57aa1bd36017bd2bece963f0776f9f76cc66876c3f88f8bdbc35e329ecb56887948fd2c05d49c664509a682c6ff60350070bfd111be86ad2eee8c0d76b851fdb75f08e11fa47b5fd29b57568abbf91d3760652d475558bce2a1393688c9e2b4ae06cb072c294e1396b58db00b09ba8dbdc047a1684cca6e5b04cb52a40dd7b7f72c55292e7af0f3b8dda380d45b4e71c6cf57179247923750551ffd955f815cfbc29dfe5e0b2689eafdf44ce362b9c5864e4003326b2f183df7d39de7632bf3b2a85dca04cda08d10a5bad9ed9b481227e39804c3fd52d8a8f03288e13eb09c9075e23f82123a416e58864d95a321a719f88c8633201eb7d5c429348dfd83b476510f71808f95ab3b11d521004acc6d9168771736ec0a5f7c73ca78a46787c19299a79b453e49317353d6bee5b", 0x2000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$nmem0(0xffffff9c, &(0x7f0000000000), 0x10040, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000002240)={0x0, 0x4, 0x0, &(0x7f0000002a80)=[{}, {}, {<r5=>0x80000000}, {}], 0x4, 0x0, &(0x7f0000002380)=[{}, {}, {}, {}], 0x0, 0x0, &(0x7f00000000c0), 0x6, 0x0, &(0x7f0000002540)=[{}, {}, {}, {}, {}, {}]})
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc01c7c02, &(0x7f0000002740)={r5, &(0x7f0000000100), &(0x7f00000026c0)})
syz_emit_ethernet(0xb6, &(0x7f0000002800)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c2000001810008000004ab013956cd665600f605cdcc16dfee06d360685f1ca0f9bc3cf86bab2be5c693fe6be46e0ae9bcefeeffd1e31e06bf1f12e17c674642e4cce2dcf9a1b37807b604dea6603c5cbc91b85d9d81a5572924dda858315d35ef03751278cf024fe7d548d592dda24a716b740f51d9922b9e6b4c91a58af27fbc93e98353fe28c7c86429ef54e7841f25375d2542044ce3203336bc72f55e24099493b8a0bb0e7123"], &(0x7f00000028c0)={0x0, 0x3, [0xdaf, 0x3cc, 0xb95, 0x672]})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2, 0x7}, 0x1c)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r10=>0x0})
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r10, @ANYBLOB="00001700000000001c0037800b0001006970768a616e08000c0002800600010000000000050027"], 0x44}, 0x1, 0x0, 0x0, 0x4008010}, 0x0)
setsockopt$sock_linger(r8, 0x1, 0xd, &(0x7f0000000100)={0x5, 0xfffefffb}, 0x8)
socket$netlink(0x10, 0x3, 0x9)
io_uring_setup(0x6e1e, &(0x7f0000000100)={0x0, 0xf351, 0x8, 0xfffffffd, 0x87})
close_range(r7, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x10000}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10)

1.436949155s ago: executing program 2 (id=1670):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000440)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x5, 0x1, 0x2}, {0x8100, 0x6, 0x0, 0x6}}, {@canfd={0xd, {{0x0, 0x1, 0x1, 0x1}, 0x1c, 0x0, 0x0, 0x0, "2cac45527586dba8670c0469e29e8423e0d4711e02d62adc97eec7325f104ccff2855a7465eb9dbef28fe5615f287eae5aee5fcf0d0a8409d36bbb457e706065"}}}}, 0x0)

1.379249256s ago: executing program 1 (id=1671):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x17, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4800)

1.306989003s ago: executing program 2 (id=1672):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f00000002c0)={'#! ', '', [{0x20, ','}, {0x20, '\x80+%#+!'}, {0x20, '\x00'}], 0xa, "4db01ffe626319f04ba25c95dd4158e84ce34d7472cae1198d978c74569a7b68458b7c667fc378173b11a7c852a44e0a86261b86ef78824aba449c9eccabcc12326d23d97cc08fe5faf222dd41f140b1cbb446f3e5c598d44ecc7d95d4229f758e58bf4011bbba361945c32fbdc878d8854f8d124a72d5302883f74bbb0a0d2dfd1d1b63875dcb3791ca9b2f25cd"}, 0x9d)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0x5)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r1}, 0x10)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigaction(0x6, 0x0, 0x0, 0x8, &(0x7f0000000980))

1.306663439s ago: executing program 1 (id=1673):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socketpair$tipc(0x1e, 0x1, 0x0, 0x0)
syslog(0x3, &(0x7f0000000700)=""/231, 0xe7)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000400)=""/248, 0xf8}, {&(0x7f0000000540)=""/149, 0x95}, {&(0x7f0000000600)=""/223, 0xdf}, {&(0x7f0000000100)=""/20, 0x14}, {&(0x7f0000000080)=""/17, 0x11}, {&(0x7f0000000900)=""/82, 0x52}], 0x6, 0x0, 0x0, 0xf5ffffff}, 0x100)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xfdef)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000000c0)='writeback_queue_io\x00', r2, 0x0, 0x7}, 0x18)
prlimit64(0x0, 0xd, &(0x7f0000000380)={0x10, 0x1000087}, 0x0)
getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340), 0x1c9243, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
syz_open_dev$loop(0x0, 0x47ffffa, 0x122c42)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@delqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r7)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})

1.306470451s ago: executing program 2 (id=1674):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
inotify_init()
open(0x0, 0x14000, 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)
r4 = socket$inet6_icmp(0xa, 0x2, 0x3a)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e25, 0x1, @mcast2, 0x7}, 0x1c)
sendto$inet6(r4, &(0x7f0000000140)="80006466d3805699", 0x8, 0x24008818, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000000bc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/7, 0x7}, 0x1}], 0x40000000000025b, 0x40000002, 0x0)

785.815768ms ago: executing program 4 (id=1675):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="3000000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="a070000008a93a0b000000000010001e9ee7ea0b55dd3c7524139697f0a4013fd577d63827a27dee071ee98f8ddd9089a88fd08afaa41d65dcc574bd97991bd0c3f6cfa177562e397699604789c3756e861d4ef4d4260ebfa480a2592196f1b0315e817e45fb925c7de76715a9995c1225408c89baff3363fc7b7acaf1396d43b0f5bca3371eea03881ac8c32b556420d6c1100fe61ccab42ab1dcfd2061cf31e5135e000000000000000000000063fcdb9254155545a18cc4fb7eb991cf2dd5fc96cf321e465d08b3d2db31973a02d1bf623da456e75bbc76f879c809dadd0f0ec57db86568b7c95e9847c555b5400e6b7da080212925403d9db89207571514d1310dc2c568aa9f3920e1a28f8f517b7414f2b8f1b71c068c514340adbca5b1d31d9dbd24a93510bcd13cdfd3fabd0880b929363eb1939c4851ac1287f8bb2d2d19bde1dcee6c26a1fcc2b43c6798f8a149bf88b3a2aad589"], 0x30}}, 0x0)

785.529212ms ago: executing program 4 (id=1676):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x5, 0xb, &(0x7f0000000040)=ANY=[@ANYRES16=r1, @ANYRES8=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
dup3(r4, r3, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0)
ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r1, 0x4008af23, &(0x7f00000001c0)={0x3, 0x2})
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x400, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r6=>0x0, 0x0)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000080)=0x13)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(r6, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x80000})
listen(0xffffffffffffffff, 0xfffffff7)
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000080)={0x8000, 0x0, 0x0, 0x1, 0x0, "000100"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$pfkey(0xffffff9c, 0x0, 0x14000, 0x0)
unshare(0x6e060000)

615.8491ms ago: executing program 3 (id=1678):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x80, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x52}}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x5f)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a060f0200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c100000000200", 0x54}, {&(0x7f0000000280)="9a026d85", 0x4}], 0x2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f0000000540), 0x4, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r0, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

417.241236ms ago: executing program 1 (id=1679):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in=@dev={0xac, 0x14, 0x14, 0x28}, 0x0, 0x33}, @in6=@dev={0xfe, 0x80, '\x00', 0x20}, {}, {}, {}, 0x0, 0x3502, 0x2}, [@offload={0xc, 0x1c, {r1, 0x6}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x148}}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000200)={{0xa, 0x4e24, 0x6, @loopback, 0x1}, {0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0xffffffffffffffff, {[0x0, 0x200, 0x10, 0x1, 0x8, 0x6, 0x3, 0x3]}}, 0x5c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000000)={<r3=>0x0, @in={{0x2, 0x4e21, @private=0xa010100}}, 0x1, 0x4f, 0x8, 0x0, 0xa8, 0x8, 0x8}, &(0x7f00000000c0)=0x9c)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000100)={r3, 0x0, 0x20, 0xfffffffffffff2a6, 0x3}, &(0x7f0000000140)=0x18)
openat$tun(0xffffff9c, &(0x7f00000001c0), 0x0, 0x0)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="041d0504c900fbff1162f8504f4556f28183aa"], 0x8)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b37090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f383b6c090890e0879b0a0ac6e70a9b3361959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
setsockopt$inet_udp_encap(r5, 0x11, 0x64, &(0x7f0000000680)=0x1, 0x4)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000040)=@x86={0x5, 0x3, 0x6, 0x0, 0x8, 0x7, 0x6, 0x0, 0x4, 0x9, 0x48, 0x9, 0x0, 0x7, 0x1, 0xa, 0x1, 0x40, 0x10, '\x00', 0x4d, 0x1f})
r6 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000300)=@o_path={&(0x7f0000000280)='./file0\x00', 0x0, 0x8, r0}, 0x14)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@map, 0x27, 0x1, 0x53a6, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f00000003c0)=[0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], <r7=>0x0}, 0x40)
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000540), r5)
sendmsg$WG_CMD_GET_DEVICE(r5, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000827bd7000ffdbdf25000000000800070007000000060006004e200000060006004e2300000600060064240000060006004e2300001400020077673200"/74], 0x50}, 0x1, 0x0, 0x0, 0x24000010}, 0x800)
r9 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r9, 0x40046f41, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000280)='rxrpc_local\x00', r9, 0x0, 0x5}, 0xfffffe2e)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)=ANY=[@ANYRES32=r9, @ANYRES32=r5, @ANYBLOB='#\x00\x00\x00\"\x00\x00\x00', @ANYRES32=r6, @ANYBLOB, @ANYRES32, @ANYRES64=r7], 0x20)

326.115347ms ago: executing program 2 (id=1680):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x101200)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000240)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r1, 0xc01064bd, &(0x7f0000000280)={&(0x7f00000007c0)="16510fb70c0a8fbfbb7144dcc7afbdc3753d9d99ff9e863a552d3a9309c8e1db645c2b86507a519ddab4be9a70c6c07c1c681e99c74ebe4def6632e224ddaf6522cea656b92f106e6490b0bc66ace7a66bdc7e584e3aff8ce3be355bf1d445bd3035f1052a1d18011c578118a8fa216d099ee11c8e0475615b0f30ceda836a80bd906d3e8df81e8fdded6422a6d61e270ffaff4836fd6f7e4ac2ea17fe7a4f3f95846e322f955c70a1df81b1796b4fe62aed9cacef0228f10271579389cff1b9140000000000000000000000e340c9d04e2c7389ed0000b3bdacd6c35937aff589e77ef07d87fe24f70d624ef310937d772aaa2379ebf8186ef9e9bd34f224440c5397da86794c01bfd87409413ea2ef13c4ec9ef6110fe2a0f5693f7095dbef82", 0x121})
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0086426, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{}]})
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000200)={0x6, 0x2, 0x4})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x0, 0x48)
open_by_handle_at(r3, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0xfe, {0x80}}, 0xc80)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000002c0)={0x48, 0x1, 0x0, 0x0, 0x3, 0x2})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f046, 0x100000})
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x5761, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000200)={0x0, <r6=>0x0})
sched_setattr(r6, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/sockstat\x00')
r8 = open_tree(r7, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x26020480)
open_tree(r8, &(0x7f0000000100)='\x00', 0x89901)
syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="93fc85ff30d2", @random="2ecafcc67af2", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x2f, 0x0, @rand_addr, @multicast1}, {0x3200, 0x88be, 0x10, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x100, @void}, "f439992d"}}}}}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

256.82534ms ago: executing program 3 (id=1681):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000440)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@val={0x88a8, 0x5, 0x1, 0x2}, {0x8100, 0x6, 0x0, 0x6}}, {@canfd={0xd, {{0x0, 0x1, 0x1, 0x1}, 0x1c, 0x0, 0x0, 0x0, "2cac45527586dba8670c0469e29e8423e0d4711e02d62adc97eec7325f104ccff2855a7465eb9dbef28fe5615f287eae5aee5fcf0d0a8409d36bbb457e706065"}}}}, 0x0)

127.072854ms ago: executing program 3 (id=1682):
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, 0x17, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x2}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x4800)

126.912333ms ago: executing program 3 (id=1683):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x4814)

126.604566ms ago: executing program 3 (id=1684):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f040000000000000000008500000005000000850000007d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r1, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @multicast1}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r0)
r2 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x205f3d, 0x8256, 0x5e, 0x0, 0x0)

88.512919ms ago: executing program 1 (id=1685):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000010000000001000000800000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0xe) (async)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r0 = openat$fb1(0xffffffffffffff9c, &(0x7f0000000080), 0x3001, 0x0)
ioctl$FBIOPUT_CON2FBMAP(r0, 0x4610, &(0x7f0000000180)={0x1}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) (async)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000), 0x10) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000140)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) (async)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000800)={0x0, {0xfffffff9, 0x0, 0x8, 0x3, 0x3, 0xbb}}) (async)
write$uinput_user_dev(r2, &(0x7f0000000880)={'syz0\x00', {0x9, 0x1, 0x2, 0x3}, 0x2, [0x5, 0x5, 0x81, 0x8, 0x4, 0x1000, 0x50000, 0x1, 0x10001, 0x2, 0x3, 0x6, 0x6, 0x6, 0x7, 0x3, 0x6, 0x0, 0x40, 0x5, 0x1cac, 0x3ea, 0xb8f, 0x3, 0x400, 0x40, 0x6, 0x0, 0xfffffffa, 0xdc, 0xffffffff, 0xa1bc, 0x200, 0x7, 0x6, 0x5, 0x3, 0x1, 0x0, 0x0, 0x2, 0x400, 0x7a08, 0x200, 0x3, 0x6, 0x7ff, 0x7c, 0x1c, 0x7, 0xe, 0xb, 0x5, 0xa, 0x3, 0x2, 0xf7, 0xfff, 0x71, 0x5, 0x1ac0, 0x4f, 0x6, 0x8], [0x5, 0x3ff, 0x6, 0xea, 0x3, 0x0, 0xca, 0x1c5936c5, 0x9, 0xfffffff8, 0x4, 0x1, 0x7, 0x6, 0xa, 0x4, 0x2, 0x4, 0x5, 0x2, 0x0, 0x6, 0x9, 0x1, 0x9, 0x6, 0x5e5893ee, 0xfffffff7, 0x9, 0x10000, 0x3, 0x8001, 0x2e6d, 0x7ff, 0x1, 0x1000, 0x877, 0x7ff, 0x8, 0x8, 0x4, 0xfff, 0x5, 0x7, 0x8, 0x5, 0x75da, 0x2, 0x5, 0xe8, 0x3, 0x9, 0x5, 0x7, 0xb99c, 0x2, 0x1, 0x4, 0x4, 0x1, 0x1, 0x9, 0x2, 0xc406], [0x80000001, 0x2, 0x9, 0x9, 0x0, 0xb9, 0x897, 0x5, 0x3, 0x4, 0x2, 0x5, 0x3, 0x9, 0x9, 0x7, 0x9, 0x61, 0x9, 0x5, 0x9, 0x8, 0x2, 0x6, 0x8001, 0x4, 0xc, 0x80000000, 0x7fffffff, 0x1, 0x1, 0x6, 0x8, 0x3, 0x2, 0x8, 0x3, 0x2, 0x1, 0x24, 0x9, 0x2000000, 0x4, 0xff, 0x7, 0x3eef6cc9, 0x1, 0x7, 0x6, 0x8bd, 0x9, 0xfffffff9, 0x80000001, 0x5, 0xffffff1d, 0x6, 0x0, 0xa, 0xfff, 0xfff, 0x1, 0x1, 0x19ee, 0xfffffff9], [0x0, 0x10, 0x101, 0x2, 0x4, 0x9c500, 0xef, 0x8, 0xc61, 0x7, 0xd, 0x358, 0xd567, 0x1d5, 0xc8b, 0x658, 0xcbfd, 0x101, 0x6, 0x5, 0xb, 0x5, 0x6, 0x3, 0x75d6, 0xb26, 0x3ff, 0x6, 0x9, 0x0, 0x1, 0xf412, 0x2, 0x2, 0x2, 0x3, 0x3, 0x9, 0x3, 0x5, 0x3, 0x3, 0xfffffff3, 0x8000, 0x6, 0x6, 0xffff, 0x80, 0xf, 0xfff, 0xfff, 0xffff, 0xfffffffe, 0x80, 0xb975, 0x5, 0x5e2, 0xa, 0xffff58ee, 0x2, 0x2530, 0x4, 0x26da282, 0xc]}, 0x45c) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
fsopen(0x0, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) (async)
write$uinput_user_dev(r2, &(0x7f0000000d80)={'syz0\x00', {0xb, 0x3, 0x4, 0x9}, 0x3, [0xfffff47e, 0x0, 0x0, 0x3, 0xf, 0x0, 0x7ff, 0xa, 0x5, 0x3, 0x5, 0x40, 0x1, 0x1, 0x100, 0x1006, 0x0, 0x7, 0x1, 0xdef, 0x5, 0x7, 0x1ff, 0x5, 0x73c, 0x5, 0x4, 0x7f, 0x1, 0x6, 0xfffffff9, 0x8, 0x6, 0x4, 0x7, 0x7, 0x1939, 0x8, 0x7, 0x2, 0xe12c, 0x8162, 0x8, 0x3, 0x1, 0x41, 0x7, 0x10000, 0x101, 0x8, 0xc000, 0x6, 0x4, 0x4, 0x5, 0x6, 0xfff, 0x0, 0x104, 0xf8ac, 0x2, 0x3, 0x7fffdfff], [0xfffffff8, 0xff, 0x4, 0x8, 0x1e0f, 0xfffffff7, 0x5, 0x7, 0xffffffff, 0x0, 0x6, 0x100, 0x8, 0xe63, 0x1, 0xa3a5, 0x2, 0x2, 0xb9, 0x6, 0x3, 0x43d, 0x6, 0xe, 0x4, 0x3, 0x6, 0x9, 0x1, 0x11, 0x5, 0x4, 0x8, 0x30000, 0x81, 0xfffffe00, 0x0, 0x10001, 0x7ff, 0x9, 0x8, 0xffffa467, 0x5, 0xfffffffb, 0x0, 0xff, 0x9, 0x6aac, 0x0, 0x3, 0x4, 0xfff, 0x200, 0xc1a, 0xe456, 0x100, 0x2, 0x0, 0x1c00000, 0x6, 0x3, 0xfffffff6, 0xffff1068, 0xff], [0x9, 0x611, 0x6, 0xff, 0x101, 0x5, 0x0, 0x2, 0x80000001, 0x96, 0x7, 0x1, 0xfffffffa, 0x1, 0x4, 0xfb, 0x10001, 0x8, 0x8, 0x3, 0x1, 0x100001, 0x1, 0x7, 0x3, 0x40000000, 0x8, 0x3, 0x5, 0x3, 0xb89, 0xf, 0x0, 0x9, 0x3, 0xff, 0x0, 0x2, 0x1ff, 0x4501, 0x9, 0x0, 0x9, 0x7, 0x966, 0x6, 0x10000, 0xf, 0xffffffff, 0x9, 0xe2, 0x1, 0x8, 0x1, 0x8, 0x3ff, 0x5, 0xfffeffff, 0x3, 0x0, 0x80, 0x6, 0x7, 0x9], [0x5, 0x7f, 0x7, 0x9, 0x2, 0x6, 0x45c, 0x5, 0xab73, 0x5, 0x7, 0x0, 0x5, 0xed5a, 0x9, 0x4, 0x9, 0x8, 0x8, 0x3, 0xeb, 0x6, 0x5, 0xff, 0x800, 0x7fff, 0x4, 0xcb7, 0xa3, 0xffff, 0x8, 0x80000000, 0x3, 0x1ff, 0xfffff26e, 0xf81e, 0x6, 0x9, 0x3, 0x8, 0x5, 0xe5, 0x2, 0x4, 0x4, 0x3, 0x0, 0xfffffff9, 0x7, 0x1ff, 0x204000, 0x5, 0x80, 0x9, 0x7, 0x5078, 0xd, 0x8001, 0x8000, 0x3000000, 0x200, 0x45, 0x0, 0x3]}, 0x45c) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x4e1, &(0x7f0000000380)={0x0, 0x33f8, 0x10100, 0x4}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x708, 0x41e3, 0x0, 0x0, 0x0)

87.931654ms ago: executing program 2 (id=1686):
r0 = socket(0x10, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r2, 0xfffffffc)
recvmmsg(r0, 0x0, 0x0, 0x100, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r5, 0x1, 0x0, 0x9000000, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)

31.607872ms ago: executing program 3 (id=1687):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000d80)=0x101, 0x4)
sendto$inet6(r2, &(0x7f0000000000)='X', 0x1, 0x4000000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_usbip_server_init(0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0f000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x400}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r4, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x300, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e77, 0x20000000, 0x94a, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r5 = gettid()
sched_setscheduler(r5, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)

31.141559ms ago: executing program 2 (id=1688):
unlinkat(0xffffffffffffff9c, &(0x7f0000000400)='.\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0xd)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
socket$netlink(0x10, 0x3, 0x15)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r1, 0x0, 0x5004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r6, 0x0, 0x1}, 0x18)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=@ipv4_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x12}}, 0x1c}}, 0x48850)

0s ago: executing program 1 (id=1689):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f0000000000)={0x1f, 0x80, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x52}}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x5f)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a060f0200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c100000000200", 0x54}, {&(0x7f0000000280)="9a026d85", 0x4}], 0x2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f0000000540), 0x4, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r4 = socket$unix(0x1, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
recvmmsg(r0, &(0x7f0000007700), 0x318, 0xfc0, 0x0)

kernel console output (not intermixed with test programs):

1][ T9650] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  255.272479][ T9650] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  255.276603][ T9650] vhci_hcd vhci_hcd.0: Device attached
[  255.342213][ T6065] usb 42-1: SetAddress Request (39) to port 0
[  255.346212][ T6065] usb 42-1: new SuperSpeed USB device number 39 using vhci_hcd
[  255.442239][  T840] usb 38-1: SetAddress Request (38) to port 0
[  255.445764][  T840] usb 38-1: new SuperSpeed USB device number 38 using vhci_hcd
[  255.696241][ T9648] vhci_hcd: connection reset by peer
[  255.698467][   T87] vhci_hcd: stop threads
[  255.700106][   T87] vhci_hcd: release socket
[  255.701947][   T87] vhci_hcd: disconnect device
[  255.927233][ T9651] vhci_hcd: connection reset by peer
[  255.929283][   T13] vhci_hcd: stop threads
[  255.931044][   T13] vhci_hcd: release socket
[  255.932929][   T13] vhci_hcd: disconnect device
[  256.621740][ T9659] orangefs_mount: mount request failed with -4
[  256.706324][ T9671] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  256.708982][ T9671] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  256.713899][ T9671] vhci_hcd vhci_hcd.0: Device attached
[  257.777159][   T60] usb 44-1: SetAddress Request (23) to port 0
[  257.779419][   T60] usb 44-1: new SuperSpeed USB device number 23 using vhci_hcd
[  258.239261][ T9696] netlink: 'syz.1.1003': attribute type 3 has an invalid length.
[  258.242586][ T9672] vhci_hcd: connection reset by peer
[  258.245347][   T13] vhci_hcd: stop threads
[  258.247223][   T13] vhci_hcd: release socket
[  258.249372][   T13] vhci_hcd: disconnect device
[  258.533428][ T9700] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  258.535503][ T9700] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  258.552392][ T9700] vhci_hcd vhci_hcd.0: Device attached
[  259.160393][ T9701] vhci_hcd: connection closed
[  259.162893][   T13] vhci_hcd: stop threads
[  259.166228][   T13] vhci_hcd: release socket
[  259.167798][   T13] vhci_hcd: disconnect device
[  259.182400][ T6047] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  259.332282][ T6047] usb 7-1: Using ep0 maxpacket: 8
[  259.335970][ T6047] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  259.338586][ T6047] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  259.341517][ T6047] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  259.345730][ T6047] usb 7-1: config 250 has no interface number 0
[  259.347755][ T6047] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  259.351421][ T6047] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  259.355165][ T6047] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  259.358618][ T6047] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  259.364718][ T6047] usb 7-1: config 250 interface 228 has no altsetting 0
[  259.369544][ T6047] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  259.372627][ T6047] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  259.376216][ T6047] usb 7-1: Product: syz
[  259.377612][ T6047] usb 7-1: SerialNumber: syz
[  259.384462][ T6047] hub 7-1:250.228: bad descriptor, ignoring hub
[  259.386553][ T6047] hub 7-1:250.228: probe with driver hub failed with error -5
[  259.597976][ T6047] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 10 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  259.623254][ T6047] usb 7-1: USB disconnect, device number 10
[  259.628083][ T6047] usblp0: removed
[  259.984628][ T9707] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  259.987103][ T9707] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  259.989552][ T9707] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  259.991872][ T9707] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  260.402184][ T6065] usb 42-1: device descriptor read/8, error -110
[  260.482234][  T840] usb 38-1: device descriptor read/8, error -110
[  260.512591][ T6065] usb usb42-port1: attempt power cycle
[  260.882973][  T840] usb usb38-port1: attempt power cycle
[  261.083702][ T6065] usb usb42-port1: unable to enumerate USB device
[  261.282168][ T5991] Bluetooth: hci0: command 0x0c1a tx timeout
[  261.443291][  T840] usb usb38-port1: unable to enumerate USB device
[  261.684859][ T9729] netlink: 'syz.0.1012': attribute type 10 has an invalid length.
[  261.880836][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1013'.
[  261.891759][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1013'.
[  261.896782][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1013'.
[  261.900836][ T9735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1013'.
[  262.002312][ T5977] Bluetooth: hci2: command 0x0c1a tx timeout
[  262.002448][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout
[  262.004381][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout
[  262.225412][ T9738] syz.3.1014 (9738): drop_caches: 2
[  262.228137][ T9738] syz.3.1014 (9738): drop_caches: 2
[  262.840859][ T9758] netlink: 'syz.0.1016': attribute type 3 has an invalid length.
[  262.875947][   T60] usb 44-1: device descriptor read/8, error -110
[  262.999957][ T9760] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  263.002043][ T9760] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  263.006702][ T9760] vhci_hcd vhci_hcd.0: Device attached
[  263.142194][   T60] usb 44-1: SetAddress Request (24) to port 0
[  263.144415][   T60] usb 44-1: new SuperSpeed USB device number 24 using vhci_hcd
[  263.865431][ T9761] vhci_hcd: connection reset by peer
[  263.891818][   T13] vhci_hcd: stop threads
[  263.893270][   T13] vhci_hcd: release socket
[  263.894942][   T13] vhci_hcd: disconnect device
[  264.689435][ T9789] netlink: 'syz.3.1026': attribute type 10 has an invalid length.
[  264.819920][ T9794] tipc: Started in network mode
[  264.821837][ T9794] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  264.824435][ T9794] tipc: Enabled bearer <eth:team0>, priority 0
[  264.833031][ T9794] /dev/nullb0: Can't open blockdev
[  265.398738][ T9800] syz.0.1027 (9800): drop_caches: 2
[  265.403103][ T9800] syz.0.1027 (9800): drop_caches: 2
[  265.823535][ T9524] tipc: Node number set to 11578026
[  265.852286][   T53] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  265.917280][ T9816] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  265.919188][ T9816] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  265.922416][ T9816] vhci_hcd vhci_hcd.0: Device attached
[  266.043570][   T53] usb 6-1: config 0 has no interfaces?
[  266.754228][   T53] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  266.758009][   T53] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.761787][   T53] usb 6-1: Product: syz
[  266.764595][   T53] usb 6-1: Manufacturer: syz
[  266.769344][   T53] usb 6-1: SerialNumber: syz
[  266.784053][   T53] usb 6-1: config 0 descriptor??
[  267.078786][ T9817] vhci_hcd: connection closed
[  267.082001][   T46] vhci_hcd: stop threads
[  267.090835][   T46] vhci_hcd: release socket
[  267.092401][   T46] vhci_hcd: disconnect device
[  267.276608][ T1459] usb 6-1: USB disconnect, device number 17
[  267.797654][ T9827] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  267.800620][ T9827] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  267.804268][ T9827] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  267.806992][ T9827] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  268.242355][   T60] usb 44-1: device descriptor read/8, error -110
[  268.352359][   T60] usb usb44-port1: attempt power cycle
[  268.575296][ T9851] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1041'.
[  268.581275][ T9851] overlayfs: failed to resolve 'redirect_dir=off': -2
[  268.593501][ T9850] tipc: Started in network mode
[  268.595110][ T9850] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[  268.597539][ T9850] tipc: Enabled bearer <eth:team0>, priority 0
[  268.947920][   T60] usb usb44-port1: unable to enumerate USB device
[  268.962256][ T5991] Bluetooth: hci0: command 0x0c1a tx timeout
[  269.748209][   T60] tipc: Node number set to 11578026
[  269.798987][ T9867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1045'.
[  269.801849][ T9867] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1045'.
[  269.842203][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout
[  269.842230][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout
[  269.842253][ T5977] Bluetooth: hci1: command 0x0c1a tx timeout
[  270.102226][ T9873] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  270.105043][ T9873] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  270.131775][ T9873] vhci_hcd vhci_hcd.0: Device attached
[  270.646105][ T9887] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  270.648155][ T9887] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  270.660137][ T9887] vhci_hcd vhci_hcd.0: Device attached
[  270.774113][ T9874] vhci_hcd: connection closed
[  270.774546][ T1139] vhci_hcd: stop threads
[  270.778548][ T1139] vhci_hcd: release socket
[  270.781139][ T1139] vhci_hcd: disconnect device
[  270.802570][   T60] usb 42-1: enqueue for inactive port 0
[  271.051475][ T9888] vhci_hcd: connection closed
[  271.051687][ T1139] vhci_hcd: stop threads
[  271.052187][ T9524] usb 40-1: SetAddress Request (30) to port 0
[  271.054969][ T1139] vhci_hcd: release socket
[  271.056495][ T9524] usb 40-1: new SuperSpeed USB device number 30 using vhci_hcd
[  271.062323][ T1139] vhci_hcd: disconnect device
[  271.072259][ T9524] usb 40-1: enqueue for inactive port 0
[  271.302695][   T60] usb usb42-port1: attempt power cycle
[  271.414376][ T9898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1053'.
[  271.471632][ T9901] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1053'.
[  271.475684][ T9524] usb usb40-port1: attempt power cycle
[  271.889273][ T1459] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  272.712216][ T1459] usb 5-1: Using ep0 maxpacket: 8
[  273.104318][ T1459] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  273.602181][   T40] audit: type=1800 audit(1756695788.032:88): pid=9909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1055" name="blkio.throttle.io_service_bytes_recursive" dev="9p" ino=35913975 res=0 errno=0
[  273.602222][ T1459] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  273.614125][ T1459] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  273.617006][ T1459] usb 5-1: config 250 has no interface number 0
[  273.622267][ T1459] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  273.632192][ T1459] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  273.635447][ T1459] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  273.638650][ T1459] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  273.642934][ T1459] usb 5-1: config 250 interface 228 has no altsetting 0
[  273.664843][ T1459] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  273.673302][ T1459] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  273.677234][ T1459] usb 5-1: Product: syz
[  273.679743][ T1459] usb 5-1: SerialNumber: syz
[  273.692563][ T1459] hub 5-1:250.228: bad descriptor, ignoring hub
[  273.695737][ T1459] hub 5-1:250.228: probe with driver hub failed with error -5
[  273.862263][  T840] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  273.895891][ T9524] usb usb40-port1: unable to enumerate USB device
[  273.952625][   T60] usb usb42-port1: unable to enumerate USB device
[  274.052297][  T840] usb 7-1: Using ep0 maxpacket: 8
[  274.053203][ T1459] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 13 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  274.072527][  T840] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  274.075126][  T840] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  274.077902][  T840] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  274.080791][  T840] usb 7-1: config 250 has no interface number 0
[  274.083051][  T840] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  274.086857][  T840] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  274.090053][  T840] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  274.093927][  T840] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  274.099160][  T840] usb 7-1: config 250 interface 228 has no altsetting 0
[  274.104252][ T1459] usb 5-1: USB disconnect, device number 13
[  274.104475][  T840] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  274.113709][  T840] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  274.116649][  T840] usb 7-1: Product: syz
[  274.117987][  T840] usb 7-1: SerialNumber: syz
[  274.158900][ T1459] usblp0: removed
[  274.159470][  T840] hub 7-1:250.228: bad descriptor, ignoring hub
[  274.162808][  T840] hub 7-1:250.228: probe with driver hub failed with error -5
[  274.375023][  T840] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  274.414168][  T840] usb 7-1: USB disconnect, device number 11
[  274.427705][  T840] usblp0: removed
[  274.845152][ T9926] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  274.847834][ T9926] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  274.853043][ T9926] vhci_hcd vhci_hcd.0: Device attached
[  275.132787][   T60] usb 38-1: SetAddress Request (42) to port 0
[  275.137857][   T60] usb 38-1: new SuperSpeed USB device number 42 using vhci_hcd
[  275.296627][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'.
[  275.307667][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'.
[  275.312951][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'.
[  275.319188][ T9940] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1064'.
[  275.434052][ T9927] vhci_hcd: connection reset by peer
[  275.436292][   T13] vhci_hcd: stop threads
[  275.437750][   T13] vhci_hcd: release socket
[  275.439194][   T13] vhci_hcd: disconnect device
[  277.364417][ T9516] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  277.542276][ T9516] usb 8-1: Using ep0 maxpacket: 8
[  277.554267][ T9516] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  277.562248][ T1459] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  277.564630][ T9516] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  277.594278][ T9516] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  277.609292][ T9516] usb 8-1: config 250 has no interface number 0
[  277.612013][ T9516] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  277.626312][ T9516] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  277.629642][ T9516] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  277.640650][ T9516] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  277.648826][ T9516] usb 8-1: config 250 interface 228 has no altsetting 0
[  277.663257][ T9516] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  277.670371][ T9516] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  277.685185][ T9516] usb 8-1: Product: syz
[  277.692060][ T9516] usb 8-1: SerialNumber: syz
[  277.771559][ T9516] hub 8-1:250.228: bad descriptor, ignoring hub
[  277.772210][ T1459] usb 7-1: Using ep0 maxpacket: 8
[  277.781854][ T1459] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  277.783608][ T9516] hub 8-1:250.228: probe with driver hub failed with error -5
[  277.785431][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1073'.
[  277.795062][ T1459] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  277.815141][ T1459] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  277.836702][ T1459] usb 7-1: config 250 has no interface number 0
[  277.853409][ T1459] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  277.860311][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1073'.
[  277.865971][ T1459] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  277.871951][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1073'.
[  277.877327][ T1459] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  277.881500][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1073'.
[  277.886840][ T1459] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  277.912061][ T1459] usb 7-1: config 250 interface 228 has no altsetting 0
[  277.932423][ T1459] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  277.935865][ T1459] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  277.946023][ T1459] usb 7-1: Product: syz
[  277.959216][ T1459] usb 7-1: SerialNumber: syz
[  278.074681][ T1459] hub 7-1:250.228: bad descriptor, ignoring hub
[  278.097701][ T1459] hub 7-1:250.228: probe with driver hub failed with error -5
[  279.165010][ T9516] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 13 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  279.212633][ T9516] usb 8-1: USB disconnect, device number 13
[  279.215924][ T9516] usblp0: removed
[  279.828219][ T1459] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 12 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  279.863699][ T1459] usb 7-1: USB disconnect, device number 12
[  279.874534][ T1459] usblp0: removed
[  279.881291][ T9985] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  279.883373][ T9985] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  279.887088][ T9985] vhci_hcd vhci_hcd.0: Device attached
[  280.162262][  T840] usb 40-1: SetAddress Request (34) to port 0
[  280.164318][  T840] usb 40-1: new SuperSpeed USB device number 34 using vhci_hcd
[  280.252648][   T60] usb 38-1: device descriptor read/8, error -110
[  280.463167][ T9986] vhci_hcd: connection reset by peer
[  280.585116][   T13] vhci_hcd: stop threads
[  280.586530][   T13] vhci_hcd: release socket
[  280.592608][   T13] vhci_hcd: disconnect device
[  280.655157][   T60] usb usb38-port1: attempt power cycle
[  281.371700][   T60] usb usb38-port1: unable to enumerate USB device
[  281.792333][ T1471] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  281.963297][ T1471] usb 6-1: Using ep0 maxpacket: 32
[  281.972679][ T1471] usb 6-1: no configurations
[  281.974488][ T1471] usb 6-1: can't read configurations, error -22
[  282.199985][ T1471] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  282.362244][ T1471] usb 6-1: Using ep0 maxpacket: 32
[  282.372596][ T1471] usb 6-1: no configurations
[  282.374029][ T1471] usb 6-1: can't read configurations, error -22
[  282.381369][ T1471] usb usb6-port1: attempt power cycle
[  282.723214][ T1471] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  282.742656][ T1471] usb 6-1: Using ep0 maxpacket: 32
[  282.744738][ T1471] usb 6-1: no configurations
[  282.746181][ T1471] usb 6-1: can't read configurations, error -22
[  282.885046][ T1471] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  282.906375][ T1471] usb 6-1: Using ep0 maxpacket: 32
[  282.911044][ T1471] usb 6-1: no configurations
[  282.913205][ T1471] usb 6-1: can't read configurations, error -22
[  282.916036][ T1471] usb usb6-port1: unable to enumerate USB device
[  283.062422][T10055] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  283.064490][T10055] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  283.066378][T10055] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  283.068349][T10055] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  283.194024][T10069] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  283.196061][T10069] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  283.210761][T10069] vhci_hcd vhci_hcd.0: Device attached
[  283.504234][   T60] usb 44-1: SetAddress Request (27) to port 0
[  283.506375][   T60] usb 44-1: new SuperSpeed USB device number 27 using vhci_hcd
[  283.847755][T10070] vhci_hcd: connection reset by peer
[  283.850137][   T59] vhci_hcd: stop threads
[  283.851825][   T59] vhci_hcd: release socket
[  283.858043][   T59] vhci_hcd: disconnect device
[  284.332274][ T5987] Bluetooth: hci0: command 0x0c1a tx timeout
[  285.122443][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout
[  285.122492][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  285.122502][ T5977] Bluetooth: hci1: command 0x0c1a tx timeout
[  285.202331][  T840] usb 40-1: device descriptor read/8, error -110
[  285.593737][T10122] netlink: 'syz.1.1095': attribute type 13 has an invalid length.
[  285.600327][T10122] gretap0: refused to change device tx_queue_len
[  285.603328][T10122] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  285.606889][  T840] usb usb40-port1: attempt power cycle
[  285.738440][T10124] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1096'.
[  285.778455][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'.
[  285.782022][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'.
[  285.785196][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'.
[  285.788161][T10127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1097'.
[  287.218064][T10134] block device autoloading is deprecated and will be removed.
[  287.832661][  T840] usb usb40-port1: unable to enumerate USB device
[  287.987668][ T5991] Bluetooth: hci3: unexpected event for opcode 0x000c
[  288.094687][T10161] netlink: 'syz.0.1105': attribute type 10 has an invalid length.
[  288.103374][T10161] syz_tun: entered promiscuous mode
[  288.117913][T10161] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  288.303377][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  288.316618][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  288.319616][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  288.326130][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  288.562242][   T60] usb 44-1: device descriptor read/8, error -110
[  289.012398][   T60] usb usb44-port1: attempt power cycle
[  289.592636][   T60] usb usb44-port1: unable to enumerate USB device
[  289.884252][T10186] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  289.886323][T10186] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  289.896076][T10186] vhci_hcd vhci_hcd.0: Device attached
[  290.162338][  T840] usb 44-1: SetAddress Request (31) to port 0
[  290.164437][  T840] usb 44-1: new SuperSpeed USB device number 31 using vhci_hcd
[  290.525097][T10187] vhci_hcd: connection reset by peer
[  290.528325][  T223] vhci_hcd: stop threads
[  290.530291][  T223] vhci_hcd: release socket
[  290.534956][  T223] vhci_hcd: disconnect device
[  291.016170][ T5991] Bluetooth: hci3: unexpected event for opcode 0x000c
[  291.182325][T10202] tipc: Started in network mode
[  291.184204][T10202] tipc: Node identity a24e2bd76e23, cluster identity 4711
[  291.186580][T10202] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  291.189243][T10202] syzkaller0: entered promiscuous mode
[  291.191048][T10202] syzkaller0: entered allmulticast mode
[  291.208041][T10202] syzkaller0: mtu less than device minimum
[  291.211338][T10201] tipc: Resetting bearer <eth:syzkaller0>
[  291.224856][T10201] tipc: Disabling bearer <eth:syzkaller0>
[  291.637463][T10213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1122'.
[  291.641056][T10213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1122'.
[  291.644870][T10213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1122'.
[  291.647837][T10213] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1122'.
[  292.127705][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'.
[  292.131476][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'.
[  292.135211][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'.
[  292.138102][T10230] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1128'.
[  292.565977][T10249] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1131'.
[  292.980723][T10236] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  293.626777][T10270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1137'.
[  294.112733][T10283] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  294.114794][T10283] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  294.117861][T10283] vhci_hcd vhci_hcd.0: Device attached
[  294.383487][   T60] usb 40-1: SetAddress Request (38) to port 0
[  294.387474][   T60] usb 40-1: new SuperSpeed USB device number 38 using vhci_hcd
[  294.706922][T10295] nbd: must specify a device to reconfigure
[  294.791193][T10284] vhci_hcd: connection reset by peer
[  294.799253][ T1139] vhci_hcd: stop threads
[  294.801036][ T1139] vhci_hcd: release socket
[  294.804971][ T1139] vhci_hcd: disconnect device
[  294.908442][T10303] fuse: Bad value for 'user_id'
[  294.910404][T10303] fuse: Bad value for 'user_id'
[  295.212193][  T840] usb 44-1: device descriptor read/8, error -110
[  295.613690][  T840] usb usb44-port1: attempt power cycle
[  295.897712][T10325] bridge_slave_1: left allmulticast mode
[  295.900046][T10325] bridge_slave_1: left promiscuous mode
[  295.908891][T10325] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.966271][T10325] bridge_slave_0: left allmulticast mode
[  295.984694][T10325] bridge_slave_0: left promiscuous mode
[  295.991841][T10325] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.213862][  T840] usb usb44-port1: unable to enumerate USB device
[  296.944043][T10345] __nla_validate_parse: 17 callbacks suppressed
[  296.944054][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1160'.
[  297.128768][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1164'.
[  297.131794][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1164'.
[  297.136909][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1164'.
[  297.142262][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1164'.
[  297.236840][T10357] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  297.239032][T10357] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  297.248791][T10357] vhci_hcd vhci_hcd.0: Device attached
[  297.256238][T10357] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1162'.
[  297.383365][T10373] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1169'.
[  297.482212][  T840] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[  297.746578][T10363] vhci_hcd: connection reset by peer
[  297.748396][ T1139] vhci_hcd: stop threads
[  297.749805][ T1139] vhci_hcd: release socket
[  297.751269][ T1139] vhci_hcd: disconnect device
[  298.525762][T10385] syz.0.1171 uses obsolete (PF_INET,SOCK_PACKET)
[  298.620629][T10402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1175'.
[  298.625502][T10402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1175'.
[  298.630744][T10402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1175'.
[  299.452244][   T60] usb 40-1: device descriptor read/8, error -110
[  299.574173][T10407] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  299.576938][T10407] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  299.579550][T10407] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  299.650248][T10423] input: syz1 as /devices/virtual/input/input6
[  299.749777][T10427] netlink: 'syz.1.1182': attribute type 3 has an invalid length.
[  299.852731][   T60] usb usb40-port1: attempt power cycle
[  300.033134][   T53] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  300.196605][   T53] usb 7-1: Using ep0 maxpacket: 8
[  300.222199][   T53] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  300.224497][   T53] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  300.227788][   T53] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  300.230610][   T53] usb 7-1: config 250 has no interface number 0
[  300.243150][   T53] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  300.246754][   T53] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  300.249973][   T53] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  300.254073][   T53] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  300.258281][   T53] usb 7-1: config 250 interface 228 has no altsetting 0
[  300.266297][   T53] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  300.269123][   T53] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  300.271683][   T53] usb 7-1: Product: syz
[  300.274168][   T53] usb 7-1: SerialNumber: syz
[  300.278570][   T53] hub 7-1:250.228: bad descriptor, ignoring hub
[  300.281703][   T53] hub 7-1:250.228: probe with driver hub failed with error -5
[  300.422793][   T60] usb usb40-port1: unable to enumerate USB device
[  300.526926][   T53] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 13 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  300.553411][   T53] usb 7-1: USB disconnect, device number 13
[  300.556716][   T53] usblp0: removed
[  300.882214][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  301.612947][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout
[  301.612968][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout
[  302.013072][ T1328] libceph: connect (1)[c::]:6789 error -101
[  302.015227][ T1328] libceph: mon0 (1)[c::]:6789 connect error
[  302.019177][ T1328] libceph: connect (1)[c::]:6789 error -101
[  302.021136][ T1328] libceph: mon0 (1)[c::]:6789 connect error
[  302.062220][T10467] ceph: No mds server is up or the cluster is laggy
[  302.219316][T10448] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  302.221614][T10448] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  302.224396][T10448] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  302.522458][T10475] netlink: 'syz.1.1195': attribute type 3 has an invalid length.
[  302.632353][  T840] vhci_hcd: vhci_device speed not set
[  302.670416][T10479] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  302.672753][T10479] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  302.677081][T10479] vhci_hcd vhci_hcd.0: Device attached
[  302.969460][T10486] __nla_validate_parse: 3 callbacks suppressed
[  302.969471][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  302.975937][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  302.979770][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  302.983290][T10486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1197'.
[  303.022312][   T60] usb 38-1: SetAddress Request (46) to port 0
[  303.024494][   T60] usb 38-1: new SuperSpeed USB device number 46 using vhci_hcd
[  303.533205][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  303.781493][T10499] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  303.786480][T10499] block device autoloading is deprecated and will be removed.
[  303.880153][T10480] vhci_hcd: connection reset by peer
[  303.882425][  T223] vhci_hcd: stop threads
[  303.883796][  T223] vhci_hcd: release socket
[  303.885273][  T223] vhci_hcd: disconnect device
[  304.242367][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  304.244406][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout
[  304.736321][T10527] fuse: Bad value for 'fd'
[  305.116788][T10513] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  305.119548][T10513] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  305.121875][T10513] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  305.173485][T10530] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  305.177041][T10530] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  305.180054][T10530] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  305.183139][T10530] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1207'.
[  305.268254][T10533] netlink: 'syz.3.1208': attribute type 3 has an invalid length.
[  305.356918][T10537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'.
[  305.360506][T10537] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1210'.
[  306.132213][  T840] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  306.322207][  T840] usb 5-1: Using ep0 maxpacket: 8
[  306.329087][  T840] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  306.331664][  T840] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  306.334401][  T840] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  306.334472][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  306.337244][  T840] usb 5-1: config 250 has no interface number 0
[  306.337268][  T840] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  306.337282][  T840] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  306.337294][  T840] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  306.351127][  T840] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  306.372743][  T840] usb 5-1: config 250 interface 228 has no altsetting 0
[  306.401683][  T840] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  306.407863][  T840] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  306.410456][  T840] usb 5-1: Product: syz
[  306.411807][  T840] usb 5-1: SerialNumber: syz
[  306.421405][  T840] hub 5-1:250.228: bad descriptor, ignoring hub
[  306.423479][  T840] hub 5-1:250.228: probe with driver hub failed with error -5
[  306.701168][  T840] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 14 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  306.722958][ T6656] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  306.733590][  T840] usb 5-1: USB disconnect, device number 14
[  306.740372][  T840] usblp0: removed
[  306.854421][ T6656] usb 6-1: device descriptor read/64, error -71
[  307.122248][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout
[  307.124215][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  307.142318][ T6656] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  307.265764][T10563] syz.0.1216 (10563): /proc/10562/oom_adj is deprecated, please use /proc/10562/oom_score_adj instead.
[  307.282183][ T6656] usb 6-1: device descriptor read/64, error -71
[  307.393932][ T6656] usb usb6-port1: attempt power cycle
[  307.732177][ T6656] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  307.752601][ T6656] usb 6-1: device descriptor read/8, error -71
[  307.992164][ T6656] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  308.012865][ T6656] usb 6-1: device descriptor read/8, error -71
[  308.123766][ T6656] usb usb6-port1: unable to enumerate USB device
[  308.162326][   T60] usb 38-1: device descriptor read/8, error -110
[  308.299333][T10573] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  308.301595][T10573] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  308.303775][T10573] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  308.563833][   T60] usb usb38-port1: attempt power cycle
[  308.566442][T10591] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  308.568551][T10591] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  308.575448][T10591] vhci_hcd vhci_hcd.0: Device attached
[  308.636104][T10595] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  308.641812][T10595] syzkaller0: entered promiscuous mode
[  308.644406][T10595] syzkaller0: entered allmulticast mode
[  308.657296][T10595] tipc: Resetting bearer <eth:syzkaller0>
[  308.842249][ T6656] usb 42-1: SetAddress Request (46) to port 0
[  308.844327][ T6656] usb 42-1: new SuperSpeed USB device number 46 using vhci_hcd
[  309.143238][   T60] usb usb38-port1: unable to enumerate USB device
[  309.201454][T10592] vhci_hcd: connection reset by peer
[  309.203475][  T223] vhci_hcd: stop threads
[  309.204921][  T223] vhci_hcd: release socket
[  309.206617][  T223] vhci_hcd: disconnect device
[  309.362284][ T5991] Bluetooth: hci4: command 0x1003 tx timeout
[  309.362299][ T5987] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  309.486027][T10599] mkiss: ax0: crc mode is auto.
[  309.513106][T10599] __nla_validate_parse: 2 callbacks suppressed
[  309.513139][T10599] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1224'.
[  309.580228][T10594] tipc: Resetting bearer <eth:syzkaller0>
[  309.610301][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout
[  309.610429][T10594] tipc: Disabling bearer <eth:syzkaller0>
[  310.322245][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout
[  310.333731][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout
[  310.736001][T10607] netlink: 'syz.1.1225': attribute type 3 has an invalid length.
[  311.125342][T10612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  311.128397][T10612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  311.131340][T10612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  311.134921][T10612] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1228'.
[  311.764818][ T1328] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  311.883474][T10633] netlink: 'syz.0.1235': attribute type 3 has an invalid length.
[  311.922919][ T1328] usb 8-1: Using ep0 maxpacket: 16
[  311.926592][ T1328] usb 8-1: config 0 has an invalid interface number: 41 but max is -1
[  311.929129][ T1328] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 0
[  311.932919][ T1328] usb 8-1: config 0 has no interface number 0
[  311.934828][ T1328] usb 8-1: config 0 interface 41 has no altsetting 0
[  311.938706][ T1328] usb 8-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  311.941613][ T1328] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.944117][ T1328] usb 8-1: Product: syz
[  311.945401][ T1328] usb 8-1: Manufacturer: syz
[  311.946818][ T1328] usb 8-1: SerialNumber: syz
[  311.949734][ T1328] usb 8-1: config 0 descriptor??
[  311.955133][ T1328] CoreChips 8-1:0.41: probe with driver CoreChips failed with error -22
[  312.157720][T10628] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1234'.
[  312.232851][T10636] libceph: resolve '0.' (ret=-3): failed
[  312.396006][ T1328] usb 8-1: USB disconnect, device number 14
[  312.493673][T10648] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  312.495683][T10648] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  312.498651][T10648] vhci_hcd vhci_hcd.0: Device attached
[  312.983762][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'.
[  312.986882][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'.
[  312.990518][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'.
[  312.995997][T10656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1240'.
[  313.160563][T10649] vhci_hcd: connection closed
[  313.164222][   T13] vhci_hcd: stop threads
[  313.168069][   T13] vhci_hcd: release socket
[  313.172652][   T13] vhci_hcd: disconnect device
[  313.875599][T10660] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  313.879247][T10660] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  313.885129][T10660] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  313.922187][ T6656] usb 42-1: device descriptor read/8, error -110
[  314.153283][ T6047] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  314.282166][ T6047] usb 5-1: device descriptor read/64, error -71
[  314.313242][ T6656] usb usb42-port1: attempt power cycle
[  314.522273][ T6047] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  314.534992][T10678] tls_set_device_offload_rx: netdev not found
[  314.654028][ T6047] usb 5-1: device descriptor read/64, error -71
[  314.782640][ T6047] usb usb5-port1: attempt power cycle
[  314.902725][ T6656] usb usb42-port1: unable to enumerate USB device
[  315.122198][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout
[  315.142248][ T6047] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  315.162856][ T6047] usb 5-1: device descriptor read/8, error -71
[  315.297619][T10691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  315.301093][T10691] syzkaller0: entered promiscuous mode
[  315.303077][T10691] syzkaller0: entered allmulticast mode
[  315.313175][T10691] tipc: Resetting bearer <eth:syzkaller0>
[  315.422204][ T6047] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  315.749094][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1251'.
[  315.752295][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1251'.
[  315.756262][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1251'.
[  315.759337][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1251'.
[  315.792819][T10702] netlink: 'syz.3.1252': attribute type 3 has an invalid length.
[  315.922253][ T5987] Bluetooth: hci3: command 0x0c1a tx timeout
[  315.922296][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  315.972572][ T6047] usb 5-1: device descriptor read/8, error -71
[  316.039112][T10690] tipc: Resetting bearer <eth:syzkaller0>
[  316.048835][T10690] tipc: Disabling bearer <eth:syzkaller0>
[  316.082504][ T6047] usb usb5-port1: unable to enumerate USB device
[  316.350110][T10715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1257'.
[  316.353185][T10715] netlink: 'syz.0.1257': attribute type 5 has an invalid length.
[  316.355868][T10715] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1257'.
[  316.375545][T10715] geneve2: entered promiscuous mode
[  316.377908][T10715] geneve2: entered allmulticast mode
[  316.383832][   T59] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[  316.388677][   T59] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[  316.392793][   T59] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[  316.392891][T10715] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1257'.
[  316.395713][   T59] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[  316.402365][T10715] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1257'.
[  316.645043][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  316.647326][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  316.878440][T10707] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  316.881575][T10707] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  316.884981][T10707] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  317.187488][T10718] tls_set_device_offload_rx: netdev not found
[  317.398535][T10734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'.
[  317.403524][T10734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1262'.
[  318.113842][T10748] tipc: Started in network mode
[  318.115453][T10748] tipc: Node identity cedc74a67846, cluster identity 4711
[  318.117741][T10748] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  318.121533][T10748] syzkaller0: entered promiscuous mode
[  318.123666][T10748] syzkaller0: entered allmulticast mode
[  318.133280][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  318.142947][T10748] tipc: Resetting bearer <eth:syzkaller0>
[  318.150008][T10747] tipc: Resetting bearer <eth:syzkaller0>
[  318.170685][T10747] tipc: Disabling bearer <eth:syzkaller0>
[  318.361258][ T1459] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  318.532233][ T1459] usb 8-1: Using ep0 maxpacket: 8
[  318.536281][ T1459] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  318.540957][ T1459] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  318.548724][ T1459] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  318.556694][ T1459] usb 8-1: config 250 has no interface number 0
[  318.560565][ T1459] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  318.568573][ T1459] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  318.573224][ T1459] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  318.577030][ T1459] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  318.584986][ T1459] usb 8-1: config 250 interface 228 has no altsetting 0
[  318.591217][ T1459] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  318.604307][ T1459] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  318.607484][ T1459] usb 8-1: Product: syz
[  318.608906][ T1459] usb 8-1: SerialNumber: syz
[  318.616420][ T1459] hub 8-1:250.228: bad descriptor, ignoring hub
[  318.619044][ T1459] hub 8-1:250.228: probe with driver hub failed with error -5
[  318.832317][ T6047] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  318.882488][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  318.902526][T10769] trusted_key: encrypted_key: master key parameter 'c�Y�
�?(<��`Ͼ3Q�#' is invalid
[  318.972297][ T5991] Bluetooth: hci3: command 0x0c1a tx timeout
[  318.982325][ T6047] usb 5-1: device descriptor read/64, error -71
[  319.252773][ T6047] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  319.298175][ T1459] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 15 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  319.343183][ T1459] usb 8-1: USB disconnect, device number 15
[  319.352517][ T1459] usblp0: removed
[  319.392242][ T6047] usb 5-1: device descriptor read/64, error -71
[  319.520117][ T6047] usb usb5-port1: attempt power cycle
[  319.790354][T10777] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  319.792676][T10777] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  319.798803][T10777] vhci_hcd vhci_hcd.0: Device attached
[  319.922626][ T6047] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  320.036700][ T6047] usb 5-1: device descriptor read/8, error -71
[  320.282395][   T60] usb 40-1: SetAddress Request (42) to port 0
[  320.284734][   T60] usb 40-1: new SuperSpeed USB device number 42 using vhci_hcd
[  320.552211][ T6047] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  320.559235][T10778] vhci_hcd: connection reset by peer
[  320.561784][  T223] vhci_hcd: stop threads
[  320.563291][  T223] vhci_hcd: release socket
[  320.564662][  T223] vhci_hcd: disconnect device
[  320.573013][ T6047] usb 5-1: device descriptor read/8, error -71
[  320.683578][ T6047] usb usb5-port1: unable to enumerate USB device
[  320.949064][ T5991] block nbd3: Receive control failed (result -32)
[  320.956659][T10793] block nbd3: shutting down sockets
[  321.073011][T10802] __nla_validate_parse: 6 callbacks suppressed
[  321.073054][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1279'.
[  321.077626][T10802] bridge_slave_1: left allmulticast mode
[  321.079443][T10802] bridge_slave_1: left promiscuous mode
[  321.081482][T10802] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.087897][T10802] bridge_slave_0: left allmulticast mode
[  321.089682][T10802] bridge_slave_0: left promiscuous mode
[  321.091794][T10802] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.901510][T10811] netlink: 360 bytes leftover after parsing attributes in process `syz.3.1282'.
[  321.952491][T10813] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.1283' resets device
[  321.957226][T10813] capability: warning: `syz.2.1283' uses deprecated v2 capabilities in a way that may be insecure
[  322.005161][T10822] loop6: detected capacity change from 0 to 63
[  322.009671][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.027894][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.031126][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.037327][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.041300][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.046637][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.051036][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.053885][T10822] Buffer I/O error on dev loop6, logical block 0, async page read
[  322.056244][T10822] ldm_validate_partition_table(): Disk read failed.
[  322.058333][T10822]  loop6: unable to read partition table
[  322.058432][T10829] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  322.060285][T10822] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  322.067254][T10829] Buffer I/O error on dev loop6, logical block 1, lost async page write
[  322.138515][T10839] fuse: Unknown parameter '000000000000000000000000xffffffffffffffff0000000000000000000300000000000000000000184467440737095516150000000000000000000000000000000000000000003'
[  323.185953][T10859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1295'.
[  323.329186][T10866] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1296'.
[  323.969009][ T5991] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  324.009108][T10889] netlink: 'syz.2.1305': attribute type 3 has an invalid length.
[  324.015535][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  325.362335][   T60] usb 40-1: device descriptor read/8, error -110
[  325.450013][T10925] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  325.454527][T10925] syzkaller0: entered promiscuous mode
[  325.456693][T10925] syzkaller0: entered allmulticast mode
[  325.467133][T10925] tipc: Resetting bearer <eth:syzkaller0>
[  325.470975][T10924] tipc: Resetting bearer <eth:syzkaller0>
[  325.483749][T10924] tipc: Disabling bearer <eth:syzkaller0>
[  325.567950][    C3] vxcan1: j1939_tp_rxtimer: 0xffff888023687400: rx timeout, send abort
[  325.573166][    C3] vxcan1: j1939_xtp_rx_abort_one: 0xffff888023687400: 0x1f000: (3) A timeout occurred and this is the connection abort to close the session.
[  325.748313][T10930] netlink: 'syz.2.1316': attribute type 3 has an invalid length.
[  325.772868][   T60] usb usb40-port1: attempt power cycle
[  325.953377][T10933] pim6reg: entered allmulticast mode
[  326.385383][   T60] usb usb40-port1: unable to enumerate USB device
[  327.215276][T10959] dvmrp0: entered allmulticast mode
[  327.219432][T10959] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  327.225449][T10958] dvmrp0: left allmulticast mode
[  327.353625][T10963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'.
[  327.357017][T10963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'.
[  327.359958][T10963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'.
[  327.364043][T10963] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'.
[  327.393493][T10960] ptrace attach of "/syz-executor exec"[10961] was attempted by "/syz-executor exec"[10960]
[  327.996804][T10991] netlink: 'syz.3.1330': attribute type 1 has an invalid length.
[  329.982461][T11011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1335'.
[  329.996171][T11011] bridge_slave_1: left allmulticast mode
[  329.999306][T11011] bridge_slave_1: left promiscuous mode
[  330.009126][T11011] bridge0: port 2(bridge_slave_1) entered disabled state
[  330.028067][T11011] bridge_slave_0: left allmulticast mode
[  330.030745][T11011] bridge_slave_0: left promiscuous mode
[  330.034263][T11011] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.224253][T11016] random: crng reseeded on system resumption
[  330.482210][ T9516] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  330.642260][ T9516] usb 5-1: Using ep0 maxpacket: 32
[  330.649304][ T9516] usb 5-1: config 120 has an invalid descriptor of length 0, skipping remainder of the config
[  330.652745][ T9516] usb 5-1: config 120 has 0 interfaces, different from the descriptor's value: 1
[  330.658871][ T9516] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  330.661717][ T9516] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  330.666025][ T9516] usb 5-1: Product: syz
[  330.667654][ T9516] usb 5-1: Manufacturer: syz
[  330.669381][ T9516] usb 5-1: SerialNumber: syz
[  330.725384][T11023] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  330.729578][T11023] tipc: Enabled bearer <udp:syz0>, priority 10
[  330.878637][ T9516] usb 5-1: USB disconnect, device number 23
[  331.749000][ T5991] Bluetooth: hci1: unexpected event for opcode 0x202d
[  332.026797][T11042] usb 2-1: USB disconnect, device number 2
[  332.029200][ T9516] tipc: Node number set to 3429706711
[  332.313793][ T1459] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  332.602301][ T1459] usb 5-1: Using ep0 maxpacket: 8
[  332.918850][ T1459] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  332.921558][ T1459] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  332.934219][ T1459] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  332.937153][ T1459] usb 5-1: config 250 has no interface number 0
[  332.942271][ T1459] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  332.946379][ T1459] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  332.956993][ T1459] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  332.977083][ T1459] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  332.983311][ T1459] usb 5-1: config 250 interface 228 has no altsetting 0
[  332.990945][ T1459] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  332.998460][ T1459] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  333.001698][ T1459] usb 5-1: Product: syz
[  333.003648][ T1459] usb 5-1: SerialNumber: syz
[  333.034461][ T1459] hub 5-1:250.228: bad descriptor, ignoring hub
[  333.036546][ T1459] hub 5-1:250.228: probe with driver hub failed with error -5
[  333.348134][T11055] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1347'.
[  333.746497][ T1459] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 24 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  333.772811][ T1459] usb 5-1: USB disconnect, device number 24
[  333.787377][ T1459] usblp0: removed
[  333.957038][T11057] sctp: [Deprecated]: syz.1.1348 (pid 11057) Use of struct sctp_assoc_value in delayed_ack socket option.
[  333.957038][T11057] Use struct sctp_sack_info instead
[  334.566502][T11073] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1353'.
[  334.626269][T11073] evm: overlay not supported
[  334.781642][T11081] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  335.700461][T11097] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1357'.
[  336.123420][   T53] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  336.273906][   T53] usb 5-1: Using ep0 maxpacket: 8
[  336.279278][   T53] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  336.282528][   T53] usb 5-1: config 0 has no interface number 0
[  336.287877][   T53] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  336.291769][   T53] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  336.297114][   T53] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  336.301021][   T53] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  336.305894][   T53] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  336.309148][   T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.310477][T11117] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.1371' resets device
[  336.313425][   T53] usb 5-1: config 0 descriptor??
[  336.319515][   T53] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  336.961861][T11128] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  336.963978][T11128] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  336.966757][T11128] vhci_hcd vhci_hcd.0: Device attached
[  337.132271][    C1] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  337.274533][   T53] usb 5-1: USB disconnect, device number 25
[  337.281597][   T53] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  337.292237][  T840] usb 44-1: SetAddress Request (35) to port 0
[  337.294278][  T840] usb 44-1: new SuperSpeed USB device number 35 using vhci_hcd
[  337.476665][T11137] netlink: zone id is out of range
[  337.478341][T11137] netlink: zone id is out of range
[  337.480040][T11137] netlink: zone id is out of range
[  337.481638][T11137] netlink: zone id is out of range
[  337.492390][T11137] netlink: zone id is out of range
[  337.495212][T11137] netlink: zone id is out of range
[  337.502312][T11137] netlink: zone id is out of range
[  337.504703][T11137] netlink: zone id is out of range
[  337.787301][T11141] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  337.789419][T11141] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  337.795891][T11141] vhci_hcd vhci_hcd.0: Device attached
[  337.915870][T11129] vhci_hcd: connection reset by peer
[  337.919612][  T223] vhci_hcd: stop threads
[  337.921503][  T223] vhci_hcd: release socket
[  337.926250][  T223] vhci_hcd: disconnect device
[  338.045210][T11150] =======================================================
[  338.045210][T11150] WARNING: The mand mount option has been deprecated and
[  338.045210][T11150]          and is ignored by this kernel. Remove the mand
[  338.045210][T11150]          option from the mount to silence this warning.
[  338.045210][T11150] =======================================================
[  338.082974][   T60] usb 40-1: SetAddress Request (46) to port 0
[  338.084954][   T60] usb 40-1: new SuperSpeed USB device number 46 using vhci_hcd
[  338.277768][T11154] FAULT_INJECTION: forcing a failure.
[  338.277768][T11154] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  338.281999][T11154] CPU: 3 UID: 0 PID: 11154 Comm: syz.0.1370 Not tainted syzkaller #0 PREEMPT(full) 
[  338.282013][T11154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  338.282020][T11154] Call Trace:
[  338.282025][T11154]  <TASK>
[  338.282029][T11154]  dump_stack_lvl+0x16c/0x1f0
[  338.282062][T11154]  should_fail_ex+0x512/0x640
[  338.282095][T11154]  strncpy_from_user+0x3b/0x2e0
[  338.282111][T11154]  getname_flags.part.0+0x8f/0x550
[  338.282128][T11154]  getname_flags+0x93/0xf0
[  338.282140][T11154]  do_sys_openat2+0xb8/0x1d0
[  338.282167][T11154]  ? __pfx_do_sys_openat2+0x10/0x10
[  338.282185][T11154]  ? __fget_files+0x20e/0x3c0
[  338.282195][T11154]  ? handle_mm_fault+0x1d0/0xd10
[  338.282208][T11154]  __ia32_compat_sys_open+0x146/0x1e0
[  338.282218][T11154]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  338.282230][T11154]  ? rcu_is_watching+0x12/0xc0
[  338.282241][T11154]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  338.282261][T11154]  __do_fast_syscall_32+0x7c/0x3a0
[  338.282277][T11154]  do_fast_syscall_32+0x32/0x80
[  338.282291][T11154]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  338.282304][T11154] RIP: 0023:0xf7fa2579
[  338.282312][T11154] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  338.282322][T11154] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000005
[  338.282333][T11154] RAX: ffffffffffffffda RBX: 0000000080000140 RCX: 0000000000000000
[  338.282339][T11154] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000
[  338.282345][T11154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  338.282351][T11154] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  338.282356][T11154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  338.282369][T11154]  </TASK>
[  338.435221][ T5988] bond0: (slave syz_tun): Releasing backup interface
[  338.535282][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.538565][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  338.649446][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.654884][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  338.758340][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.762078][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  338.791888][ T5987] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  338.796096][ T5987] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  338.800149][ T5987] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  338.805477][ T5987] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  338.809118][ T5987] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  338.886324][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  338.889791][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0
[  339.101228][T11163] chnl_net:caif_netlink_parms(): no params data found
[  339.189927][T11142] vhci_hcd: connection reset by peer
[  339.192027][   T13] vhci_hcd: stop threads
[  339.193547][   T13] vhci_hcd: release socket
[  339.195084][   T13] vhci_hcd: disconnect device
[  339.247710][T11163] bridge0: port 1(bridge_slave_0) entered blocking state
[  339.250023][T11163] bridge0: port 1(bridge_slave_0) entered disabled state
[  339.252783][T11163] bridge_slave_0: entered allmulticast mode
[  339.255368][T11163] bridge_slave_0: entered promiscuous mode
[  339.262003][T11163] bridge0: port 2(bridge_slave_1) entered blocking state
[  339.264488][T11163] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.267034][T11163] bridge_slave_1: entered allmulticast mode
[  339.269601][T11163] bridge_slave_1: entered promiscuous mode
[  339.306198][T11163] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  339.485851][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  339.494066][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  339.499099][   T12] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  339.502676][   T12] bond0 (unregistering): Released all slaves
[  339.509923][T11163] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  339.586226][T11163] team0: Port device team_slave_0 added
[  339.589091][   T12] tipc: Left network mode
[  339.591011][T11163] team0: Port device team_slave_1 added
[  339.643208][T11163] batman_adv: batadv0: Adding interface: batadv_slave_0
[  339.645912][T11163] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  339.654374][T11163] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  339.701351][T11163] batman_adv: batadv0: Adding interface: batadv_slave_1
[  339.704436][T11163] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  339.715017][T11163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  339.848369][T11163] hsr_slave_0: entered promiscuous mode
[  339.880071][T11163] hsr_slave_1: entered promiscuous mode
[  339.903418][T11185] mac80211_hwsim hwsim3 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  340.427629][T11178] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  340.429913][T11178] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  340.431896][T11178] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  340.433953][T11178] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  340.614250][T11178] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  340.980486][   T12] hsr_slave_0: left promiscuous mode
[  340.982259][ T6047] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  340.991879][   T12] hsr_slave_1: left promiscuous mode
[  341.000914][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.004070][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  341.007930][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.010224][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  341.132335][ T6047] usb 8-1: Using ep0 maxpacket: 8
[  341.147204][ T6047] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  341.152538][   T12] veth1_macvtap: left promiscuous mode
[  341.155780][   T12] veth0_macvtap: left promiscuous mode
[  341.157537][   T12] veth1_vlan: left promiscuous mode
[  341.159234][   T12] veth0_vlan: left promiscuous mode
[  341.173962][ T6047] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  341.189794][ T6047] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  341.212000][ T6047] usb 8-1: config 250 has no interface number 0
[  341.228719][ T6047] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  341.234693][   T12] pim6reg (unregistering): left allmulticast mode
[  341.238428][ T6047] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  341.241905][ T6047] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  341.247771][ T6047] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  341.254368][ T6047] usb 8-1: config 250 interface 228 has no altsetting 0
[  341.264989][ T6047] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  341.268810][ T6047] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  341.271952][ T6047] usb 8-1: Product: syz
[  341.273716][ T6047] usb 8-1: SerialNumber: syz
[  341.352356][ T6047] hub 8-1:250.228: bad descriptor, ignoring hub
[  341.354742][ T6047] hub 8-1:250.228: probe with driver hub failed with error -5
[  341.472183][ T6656] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  341.616910][ T6047] usblp 8-1:250.228: usblp0: USB Bidirectional printer dev 16 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  341.633136][ T6656] usb 6-1: Using ep0 maxpacket: 8
[  341.636956][ T6656] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  341.639848][ T6656] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  341.642399][ T6047] usb 8-1: USB disconnect, device number 16
[  341.643651][ T6656] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  341.647294][ T6047] usblp0: removed
[  341.648261][ T6656] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  341.653316][ T6656] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  341.658961][ T6656] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  341.664475][ T6656] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.763055][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  341.879365][ T6656] usb 6-1: usb_control_msg returned -32
[  341.881870][ T6656] usbtmc 6-1:16.0: can't read capabilities
[  341.953236][   T12] team0 (unregistering): Port device team_slave_1 removed
[  342.015763][   T12] team0 (unregistering): Port device team_slave_0 removed
[  342.204612][   T40] audit: type=1326 audit(1756695856.852:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11200 comm="syz.3.1383" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf710e579 code=0x0
[  342.240521][T11202] usb 6-1: usbtmc_ioctl_clear_in_halt returned -32
[  342.425314][  T840] usb 44-1: device descriptor read/8, error -110
[  342.492304][ T5991] Bluetooth: hci3: command 0x041b tx timeout
[  342.492387][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout
[  342.545703][T11207] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  342.548046][T11207] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  342.550801][T11207] vhci_hcd vhci_hcd.0: Device attached
[  342.617946][T11163] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  342.622844][T11163] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  342.626748][T11163] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  342.633455][T11163] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  342.680426][T11163] 8021q: adding VLAN 0 to HW filter on device bond0
[  342.693269][T11163] 8021q: adding VLAN 0 to HW filter on device team0
[  342.700079][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.702784][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  342.713974][ T1187] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.716682][ T1187] bridge0: port 2(bridge_slave_1) entered forwarding state
[  342.822338][ T6656] usb 42-1: SetAddress Request (50) to port 0
[  342.824320][ T6656] usb 42-1: new SuperSpeed USB device number 50 using vhci_hcd
[  342.844535][  T840] usb usb44-port1: attempt power cycle
[  342.867961][T11163] 8021q: adding VLAN 0 to HW filter on device batadv0
[  343.018294][T11163] veth0_vlan: entered promiscuous mode
[  343.023432][T11163] veth1_vlan: entered promiscuous mode
[  343.049230][T11163] veth0_macvtap: entered promiscuous mode
[  343.053523][T11163] veth1_macvtap: entered promiscuous mode
[  343.062370][T11163] batman_adv: batadv0: Interface activated: batadv_slave_0
[  343.067772][T11163] batman_adv: batadv0: Interface activated: batadv_slave_1
[  343.085816][ T1139] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  343.092696][ T1139] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  343.097523][ T1139] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  343.106053][ T1139] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  343.138286][   T87] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.144589][   T87] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.159834][ T1187] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.164863][ T1187] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.167698][T11208] vhci_hcd: connection reset by peer
[  343.169676][ T1139] vhci_hcd: stop threads
[  343.172353][ T1139] vhci_hcd: release socket
[  343.173842][ T1139] vhci_hcd: disconnect device
[  343.276809][T11254] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  343.278903][T11254] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  343.282380][T11254] vhci_hcd vhci_hcd.0: Device attached
[  343.492184][  T840] usb 44-1: SetAddress Request (38) to port 0
[  343.494195][  T840] usb 44-1: new SuperSpeed USB device number 38 using vhci_hcd
[  343.532240][   T60] usb 40-1: device descriptor read/8, error -110
[  343.643685][   T34] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  343.793771][   T34] usb 9-1: Using ep0 maxpacket: 8
[  343.800530][   T34] usb 9-1: config index 0 descriptor too short (expected 5924, got 36)
[  343.803628][   T34] usb 9-1: config 250 has an invalid interface number: 228 but max is -1
[  343.812475][   T34] usb 9-1: config 250 has 1 interface, different from the descriptor's value: 0
[  343.815284][T11260] program syz.2.1386 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  343.815516][   T34] usb 9-1: config 250 has no interface number 0
[  343.820670][   T34] usb 9-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  343.831859][   T34] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  343.837167][   T34] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  343.840755][   T34] usb 9-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  343.845769][   T34] usb 9-1: config 250 interface 228 has no altsetting 0
[  343.852814][   T34] usb 9-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  343.855806][   T34] usb 9-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  343.858955][   T34] usb 9-1: Product: syz
[  343.860349][   T34] usb 9-1: SerialNumber: syz
[  343.920280][T11255] vhci_hcd: connection reset by peer
[  343.922226][ T1139] vhci_hcd: stop threads
[  343.932909][   T60] usb usb40-port1: attempt power cycle
[  343.940535][ T1139] vhci_hcd: release socket
[  343.945807][ T1139] vhci_hcd: disconnect device
[  343.976183][   T34] hub 9-1:250.228: bad descriptor, ignoring hub
[  343.979267][   T34] hub 9-1:250.228: probe with driver hub failed with error -5
[  344.257578][ T6064] usb 6-1: USB disconnect, device number 26
[  344.384811][   T34] usblp 9-1:250.228: usblp0: USB Bidirectional printer dev 2 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  344.413616][   T34] usb 9-1: USB disconnect, device number 2
[  344.417068][   T34] usblp0: removed
[  344.517997][   T60] usb usb40-port1: unable to enumerate USB device
[  344.564773][ T5987] Bluetooth: hci3: command 0x041b tx timeout
[  344.962862][T11281] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1391'.
[  344.977689][T11283] netlink: 'syz.2.1392': attribute type 2 has an invalid length.
[  344.996144][T11285] netlink: 'syz.4.1393': attribute type 10 has an invalid length.
[  345.002248][ T5991] Bluetooth: hci3: unexpected event for opcode 0x0c1a
[  345.168285][T11267] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  345.170859][T11267] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  345.176704][T11267] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  346.402280][ T5987] Bluetooth: hci1: command 0x0c1a tx timeout
[  346.762476][T11317] net_ratelimit: 8 callbacks suppressed
[  346.762487][T11317] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  347.203838][ T5987] Bluetooth: hci2: command 0x0c1a tx timeout
[  347.205822][ T5987] Bluetooth: hci3: command 0x041b tx timeout
[  347.589023][T11329] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  347.661030][T11333] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1407'.
[  347.665593][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1407'.
[  347.922497][ T6656] usb 42-1: device descriptor read/8, error -110
[  348.313832][ T6656] usb usb42-port1: attempt power cycle
[  348.445304][T11331] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  348.448004][T11331] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  348.450657][T11331] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  348.762344][  T840] usb 44-1: device descriptor read/8, error -110
[  349.190384][  T840] usb usb44-port1: unable to enumerate USB device
[  349.303063][ T6656] usb usb42-port1: unable to enumerate USB device
[  349.474629][ T9516] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  349.663528][ T9516] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.666854][ T9516] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.670305][ T9516] usb 8-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  349.682687][ T9516] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.772204][ T5991] Bluetooth: hci1: command 0x0c1a tx timeout
[  349.786523][ T9516] usb 8-1: config 0 descriptor??
[  349.839599][T11364] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1413'.
[  350.412894][T11374] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  350.415214][T11375] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  350.418664][T11373] syzkaller0: entered promiscuous mode
[  350.420485][T11373] syzkaller0: entered allmulticast mode
[  350.449365][T11373] tipc: Resetting bearer <eth:syzkaller0>
[  350.453947][T11372] tipc: Resetting bearer <eth:syzkaller0>
[  350.461475][T11372] tipc: Disabling bearer <eth:syzkaller0>
[  350.482195][ T5991] Bluetooth: hci3: command 0x041b tx timeout
[  350.492592][ T5991] Bluetooth: hci2: command 0x0c1a tx timeout
[  350.581771][ T9516] usbhid 8-1:0.0: can't add hid device: -71
[  350.584907][ T9516] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  350.588284][ T9516] usb 8-1: USB disconnect, device number 17
[  350.780280][T11388] mmap: syz.2.1422 (11388) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  351.892456][T11415] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  351.894481][T11415] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  351.897421][T11415] vhci_hcd vhci_hcd.0: Device attached
[  352.024461][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  352.070630][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  352.106243][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  352.109701][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  352.116164][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  352.119310][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  352.158579][T11417] vhci_hcd: connection closed
[  352.158834][ T1139] vhci_hcd: stop threads
[  352.161977][ T1139] vhci_hcd: release socket
[  352.164056][ T1139] vhci_hcd: disconnect device
[  352.182203][ T6656] usb 40-1: enqueue for inactive port 0
[  352.562281][ T5991] Bluetooth: hci3: command 0x041b tx timeout
[  352.683122][ T6656] usb usb40-port1: attempt power cycle
[  353.192382][T11440] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.226725][T11443] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1436'.
[  353.263290][ T6656] usb usb40-port1: unable to enumerate USB device
[  353.295416][T11440] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.332180][   T53] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  353.344764][T11444] /dev/sr0: Can't open blockdev
[  353.392182][T11440] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.455766][T11440] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.482192][   T53] usb 7-1: Using ep0 maxpacket: 8
[  353.491609][   T53] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  353.494345][   T53] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  353.496971][   T53] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  353.499841][   T53] usb 7-1: config 250 has no interface number 0
[  353.501843][   T53] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  353.516062][   T53] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  353.519367][   T53] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  353.527561][   T53] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  353.534659][   T53] usb 7-1: config 250 interface 228 has no altsetting 0
[  353.539934][   T53] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  353.543088][   T53] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  353.545687][   T53] usb 7-1: Product: syz
[  353.547041][   T53] usb 7-1: SerialNumber: syz
[  353.558086][   T53] hub 7-1:250.228: bad descriptor, ignoring hub
[  353.558196][   T59] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  353.560220][   T53] hub 7-1:250.228: probe with driver hub failed with error -5
[  353.576136][   T12] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  353.588224][   T12] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  353.599514][   T12] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  353.803094][   T53] usblp 7-1:250.228: usblp0: USB Bidirectional printer dev 14 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  353.823263][   T53] usb 7-1: USB disconnect, device number 14
[  353.837054][   T53] usblp0: removed
[  353.857973][T11469] hub 6-0:1.0: USB hub found
[  353.859671][T11469] hub 6-0:1.0: 1 port detected
[  353.901282][ T5991] Bluetooth: hci3: SCO packet for unknown connection handle 200
[  353.962281][ T6047] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  354.123955][ T6047] usb 8-1: config 0 has too many interfaces: 33, using maximum allowed: 32
[  354.126807][ T6047] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 33
[  354.129615][ T6047] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.133388][ T6047] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  354.136428][ T6047] usb 8-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  354.139946][ T6047] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.150607][ T6047] usb 8-1: config 0 descriptor??
[  354.364499][T11488] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  354.366861][T11488] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  354.374464][T11488] vhci_hcd vhci_hcd.0: Device attached
[  354.585860][T11462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.589310][T11462] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.643886][ T5991] Bluetooth: hci3: command 0x041b tx timeout
[  354.682189][  T840] usb 46-1: SetAddress Request (2) to port 0
[  354.684125][  T840] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  354.703570][ T6047] usbhid 8-1:0.0: can't add hid device: -71
[  354.706106][ T6047] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  354.709961][ T6047] usb 8-1: USB disconnect, device number 18
[  354.863033][T11511] bond0: (slave macvlan0): Releasing backup interface
[  354.911296][T11489] vhci_hcd: connection reset by peer
[  354.914450][   T87] vhci_hcd: stop threads
[  354.915884][   T87] vhci_hcd: release socket
[  354.918517][   T87] vhci_hcd: disconnect device
[  355.414234][T11523] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  355.417431][T11523] block device autoloading is deprecated and will be removed.
[  355.431808][T11522] md: md2 stopped.
[  356.112358][   T53] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  356.273794][   T53] usb 9-1: Using ep0 maxpacket: 8
[  356.323782][   T53] usb 9-1: config index 0 descriptor too short (expected 5924, got 36)
[  356.371552][   T53] usb 9-1: config 250 has an invalid interface number: 228 but max is -1
[  356.472037][   T53] usb 9-1: config 250 has 1 interface, different from the descriptor's value: 0
[  356.638255][   T53] usb 9-1: config 250 has no interface number 0
[  356.668355][   T53] usb 9-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  356.722186][ T5991] Bluetooth: hci3: command 0x041b tx timeout
[  356.870025][   T53] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  356.985938][   T53] usb 9-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  357.024092][   T53] usb 9-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  357.065088][   T53] usb 9-1: config 250 interface 228 has no altsetting 0
[  357.115316][   T53] usb 9-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  357.156445][   T53] usb 9-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  357.209089][   T53] usb 9-1: Product: syz
[  357.230212][   T53] usb 9-1: SerialNumber: syz
[  357.388061][   T53] hub 9-1:250.228: bad descriptor, ignoring hub
[  357.417760][   T53] hub 9-1:250.228: probe with driver hub failed with error -5
[  357.440888][ T9524] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  357.613316][ T9524] usb 7-1: Using ep0 maxpacket: 8
[  357.618834][ T9524] usb 7-1: config index 0 descriptor too short (expected 5924, got 36)
[  357.621409][ T9524] usb 7-1: config 250 has an invalid interface number: 228 but max is -1
[  357.635032][ T9524] usb 7-1: config 250 has 1 interface, different from the descriptor's value: 0
[  357.651731][ T9524] usb 7-1: config 250 has no interface number 0
[  357.659925][ T9524] usb 7-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  357.685692][ T9524] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  357.689024][ T9524] usb 7-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  357.750704][ T9524] usb 7-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  357.805685][ T9524] usb 7-1: config 250 interface 228 has no altsetting 0
[  357.831380][ T9524] usb 7-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  357.871489][ T9524] usb 7-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  357.910660][ T9524] usb 7-1: Product: syz
[  357.933210][ T9524] usb 7-1: SerialNumber: syz
[  358.027172][ T9524] hub 7-1:250.228: bad descriptor, ignoring hub
[  358.044792][ T9524] hub 7-1:250.228: probe with driver hub failed with error -5
[  358.552466][ T9516] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  358.964047][ T9516] usb 8-1: Using ep0 maxpacket: 8
[  358.999878][ T9516] usb 8-1: config index 0 descriptor too short (expected 5924, got 36)
[  359.035625][ T9516] usb 8-1: config 250 has an invalid interface number: 228 but max is -1
[  359.076723][ T9516] usb 8-1: config 250 has 1 interface, different from the descriptor's value: 0
[  359.138054][ T9516] usb 8-1: config 250 has no interface number 0
[  359.170313][ T9516] usb 8-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  359.216491][ T9516] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  359.256385][ T9516] usb 8-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  359.296028][ T9516] usb 8-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  359.317584][   T53] usblp 9-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  359.321605][ T9516] usb 8-1: config 250 interface 228 has no altsetting 0
[  359.349482][ T9516] usb 8-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  359.372249][ T9516] usb 8-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  359.396402][ T9516] usb 8-1: Product: syz
[  359.416286][ T9516] usb 8-1: SerialNumber: syz
[  359.496221][ T9516] hub 8-1:250.228: bad descriptor, ignoring hub
[  359.499018][ T9516] hub 8-1:250.228: probe with driver hub failed with error -5
[  359.527530][T11547] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  359.762725][  T840] usb 46-1: device descriptor read/8, error -110
[  359.951696][ T9524] usblp 7-1:250.228: usblp1: USB Bidirectional printer dev 15 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  359.972569][ T9524] usb 7-1: USB disconnect, device number 15
[  359.978635][ T9524] usblp1: removed
[  360.175228][  T840] usb usb46-port1: attempt power cycle
[  360.196587][T11554] netlink: 'syz.2.1462': attribute type 4 has an invalid length.
[  360.382906][   T53] usb 9-1: USB disconnect, device number 3
[  360.401828][ T9516] usblp 8-1:250.228: usblp1: USB Bidirectional printer dev 19 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  360.405820][   T53] usblp0: removed
[  360.425583][ T9516] usb 8-1: USB disconnect, device number 19
[  360.429037][ T9516] usblp1: removed
[  360.722258][ T6656] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  360.829247][  T840] usb usb46-port1: unable to enumerate USB device
[  360.955214][ T6656] usb 6-1: unable to get BOS descriptor or descriptor too short
[  360.958304][ T6656] usb 6-1: not running at top speed; connect to a high speed hub
[  360.962368][ T6656] usb 6-1: config 233 has an invalid interface number: 0 but max is -1
[  360.964959][ T6656] usb 6-1: config 233 has 1 interface, different from the descriptor's value: 0
[  360.967854][ T6656] usb 6-1: config 233 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 959, setting to 64
[  360.971238][ T6656] usb 6-1: config 233 interface 0 has no altsetting 0
[  360.991238][ T6656] usb 6-1: New USB device found, idVendor=03ff, idProduct=0000, bcdDevice= 0.40
[  360.995835][ T6656] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.999005][ T6656] usb 6-1: Product: syz
[  361.000809][ T6656] usb 6-1: Manufacturer: syz
[  361.002845][ T6656] usb 6-1: SerialNumber: syz
[  361.264747][T11576] loop0: detected capacity change from 0 to 128
[  361.290074][T11566] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  361.323345][T11576] loop0: detected capacity change from 128 to 0
[  361.372393][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  361.604215][ T6656] usbhid 6-1:233.0: can't add hid device: -71
[  361.606277][ T6656] usbhid 6-1:233.0: probe with driver usbhid failed with error -71
[  361.626377][ T6656] usb 6-1: USB disconnect, device number 27
[  361.725457][T11588] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  363.828768][T11627] "syz.3.1482" (11627) uses obsolete ecb(arc4) skcipher
[  363.937994][T11632] netlink: 'syz.3.1483': attribute type 1 has an invalid length.
[  363.940530][T11633] netlink: 'syz.3.1483': attribute type 1 has an invalid length.
[  364.429539][T11642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  364.435323][T11642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  364.438242][T11642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  364.442490][T11642] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  364.546533][T11645] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  364.604762][T11646] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1486'.
[  364.752569][   T40] audit: type=1400 audit(1756695879.402:90): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=11651 comm="syz.1.1491"
[  365.433980][T11661] overlay: Unknown parameter 'fowner'
[  365.489334][T11664] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1494'.
[  365.559885][   T59] Bluetooth: hci4: Frame reassembly failed (-84)
[  367.112207][ T9516] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  367.272191][ T9516] usb 6-1: Using ep0 maxpacket: 8
[  367.275527][ T9516] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  367.278186][ T9516] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  367.280936][ T9516] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  367.284508][ T9516] usb 6-1: config 250 has no interface number 0
[  367.286481][ T9516] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  367.290020][ T9516] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  367.293600][ T9516] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 513
[  367.296879][ T9516] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  367.300996][ T9516] usb 6-1: config 250 interface 228 has no altsetting 0
[  367.304573][ T9516] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  367.307442][ T9516] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  367.309979][ T9516] usb 6-1: Product: syz
[  367.311298][ T9516] usb 6-1: SerialNumber: syz
[  367.317271][ T9516] hub 6-1:250.228: bad descriptor, ignoring hub
[  367.319338][ T9516] hub 6-1:250.228: probe with driver hub failed with error -5
[  367.602306][ T5991] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  367.602320][ T5987] Bluetooth: hci4: command 0x1003 tx timeout
[  367.641352][T11696] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  367.643999][T11696] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  367.650174][T11696] vhci_hcd vhci_hcd.0: Device attached
[  367.912497][ T9524] usb 42-1: SetAddress Request (54) to port 0
[  367.915104][ T9524] usb 42-1: new SuperSpeed USB device number 54 using vhci_hcd
[  368.041082][T11697] vhci_hcd: connection reset by peer
[  368.051807][   T87] vhci_hcd: stop threads
[  368.053189][   T87] vhci_hcd: release socket
[  368.055015][   T87] vhci_hcd: disconnect device
[  368.172574][   T40] audit: type=1804 audit(1756695882.802:91): pid=11709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1506" name="/newroot/374/bus" dev="tmpfs" ino=2022 res=1 errno=0
[  368.550727][ T9516] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 28 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  368.594700][ T9516] usb 6-1: USB disconnect, device number 28
[  368.606590][ T9516] usblp0: removed
[  369.406582][T11721] QAT: failed to copy from user cfg_data.
[  369.500708][T11727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1513'.
[  369.640170][T11733] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  369.861636][T11743] netlink: 'syz.3.1517': attribute type 12 has an invalid length.
[  371.210664][T11764] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  371.668511][T11776] binder_alloc: binder_alloc_mmap_handler: 11775 80ffd000-80ffe000 already mapped failed -16
[  372.975075][ T9524] usb 42-1: device descriptor read/8, error -110
[  373.110440][T11796] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  373.112603][T11796] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  373.122953][T11796] vhci_hcd vhci_hcd.0: Device attached
[  373.239331][   T40] audit: type=1326 audit(1756695887.882:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.246689][   T40] audit: type=1326 audit(1756695887.892:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=384 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.253775][   T40] audit: type=1326 audit(1756695887.902:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.260607][   T40] audit: type=1326 audit(1756695887.902:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.267798][   T40] audit: type=1326 audit(1756695887.912:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.277958][   T40] audit: type=1326 audit(1756695887.922:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.293567][   T40] audit: type=1326 audit(1756695887.922:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.326815][   T40] audit: type=1326 audit(1756695887.922:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.345887][   T40] audit: type=1326 audit(1756695887.922:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.357934][   T40] audit: type=1326 audit(1756695887.922:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11794 comm="syz.2.1534" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe6579 code=0x7ffc0000
[  373.424507][ T9524] usb usb42-port1: attempt power cycle
[  373.582225][ T6656] usb 46-1: SetAddress Request (6) to port 0
[  373.584691][ T6656] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  373.740473][T11812] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  373.742540][T11812] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  373.746098][T11812] vhci_hcd vhci_hcd.0: Device attached
[  373.849701][T11816] netlink: 'syz.1.1537': attribute type 21 has an invalid length.
[  373.852681][T11816] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1537'.
[  373.944980][T11798] vhci_hcd: connection reset by peer
[  374.022993][ T9524] usb usb42-port1: unable to enumerate USB device
[  374.025088][   T29] usb 44-1: SetAddress Request (39) to port 0
[  374.027000][   T29] usb 44-1: new SuperSpeed USB device number 39 using vhci_hcd
[  374.570412][T11813] vhci_hcd: connection reset by peer
[  374.605617][   T59] vhci_hcd: stop threads
[  374.607315][   T59] vhci_hcd: release socket
[  374.609140][   T59] vhci_hcd: disconnect device
[  374.611127][   T59] vhci_hcd: stop threads
[  374.612914][   T59] vhci_hcd: release socket
[  374.623620][   T59] vhci_hcd: disconnect device
[  374.758033][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1539'.
[  374.764198][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1539'.
[  374.767684][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1539'.
[  374.770592][T11821] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1539'.
[  374.827015][T11819] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303
[  374.958543][T11841] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  375.011347][T11837] capability: warning: `syz.1.1543' uses 32-bit capabilities (legacy support in use)
[  375.042248][ T6047] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  375.215743][ T6047] usb 7-1: config index 0 descriptor too short (expected 39, got 27)
[  375.219365][ T6047] usb 7-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  375.223687][ T6047] usb 7-1: config 0 interface 0 has no altsetting 0
[  375.228331][ T6047] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  375.231950][ T6047] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  375.235449][ T6047] usb 7-1: Product: syz
[  375.237188][ T6047] usb 7-1: Manufacturer: syz
[  375.239106][ T6047] usb 7-1: SerialNumber: syz
[  375.243040][ T6047] usb 7-1: config 0 descriptor??
[  375.248029][ T6047] hub 7-1:0.0: bad descriptor, ignoring hub
[  375.250265][ T6047] hub 7-1:0.0: probe with driver hub failed with error -5
[  375.256908][ T6047] usb 7-1: selecting invalid altsetting 0
[  375.904405][T11853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1547'.
[  375.963334][ T5991] Bluetooth: hci3: unexpected event for opcode 0x1002
[  376.212368][T11860] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1550'.
[  377.068003][T11884] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  378.031888][T11893] overlay: filesystem on ./bus not supported as upperdir
[  378.085322][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  378.087710][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  378.332994][T11903] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1562'.
[  378.586506][T11910] input: syz0 as /devices/virtual/input/input8
[  378.642630][ T6656] usb 46-1: device descriptor read/8, error -110
[  378.914842][ T1471] usb 7-1: USB disconnect, device number 16
[  378.926059][T11912] FAULT_INJECTION: forcing a failure.
[  378.926059][T11912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  378.930520][T11912] CPU: 3 UID: 0 PID: 11912 Comm: syz.2.1564 Not tainted syzkaller #0 PREEMPT(full) 
[  378.930534][T11912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  378.930540][T11912] Call Trace:
[  378.930545][T11912]  <TASK>
[  378.930550][T11912]  dump_stack_lvl+0x16c/0x1f0
[  378.930569][T11912]  should_fail_ex+0x512/0x640
[  378.930586][T11912]  strncpy_from_user+0x3b/0x2e0
[  378.930601][T11912]  getname_flags.part.0+0x8f/0x550
[  378.930619][T11912]  getname_flags+0x93/0xf0
[  378.930630][T11912]  fs_index+0x1c/0x150
[  378.930645][T11912]  __ia32_sys_sysfs+0xdf/0x1a0
[  378.930658][T11912]  __do_fast_syscall_32+0x7c/0x3a0
[  378.930674][T11912]  do_fast_syscall_32+0x32/0x80
[  378.930688][T11912]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  378.930702][T11912] RIP: 0023:0xf7fe6579
[  378.930710][T11912] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  378.930720][T11912] RSP: 002b:00000000f54f655c EFLAGS: 00000296 ORIG_RAX: 0000000000000087
[  378.930731][T11912] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000000000
[  378.930737][T11912] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  378.930743][T11912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  378.930749][T11912] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  378.930755][T11912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  378.930767][T11912]  </TASK>
[  379.052882][ T5991] Bluetooth: hci2: Unable to find connection with handle 0x0000
[  379.104404][T11920] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  379.160608][ T6656] usb usb46-port1: attempt power cycle
[  379.486957][   T29] usb 44-1: device descriptor read/8, error -110
[  379.526854][T11928] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  379.640948][T11930] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1569'.
[  379.859785][T11939] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1570'.
[  379.862599][T11939] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1570'.
[  379.865449][T11939] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1570'.
[  379.872738][   T29] usb usb44-port1: attempt power cycle
[  379.948297][T11942] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1571'.
[  380.045079][ T6656] usb usb46-port1: unable to enumerate USB device
[  380.695086][   T29] usb usb44-port1: unable to enumerate USB device
[  380.745549][T11959] ata1.00: invalid multi_count 1 ignored
[  380.900699][ T6047] hid-generic 00A0:0008:0003.0003: unknown main item tag 0x7
[  381.035071][ T6047] hid-generic 00A0:0008:0003.0003: item fetching failed at offset 14/15
[  381.042687][ T6047] hid-generic 00A0:0008:0003.0003: probe with driver hid-generic failed with error -22
[  381.220120][T11960] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1577'.
[  381.222991][T11960] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1577'.
[  381.597185][T11969] trusted_key: encrypted_key: keylen parameter is missing
[  381.835376][T11974] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  381.922248][ T5987] Bluetooth: hci3: command 0x041b tx timeout
[  382.012998][T11979] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1582'.
[  382.052370][T11979] 8021q: adding VLAN 0 to HW filter on device bond2
[  382.119768][T11979] vlan2: entered allmulticast mode
[  382.121482][T11979] bond2: entered allmulticast mode
[  383.359964][T11991] trusted_key: encrypted_key: keyword 'neul�' not recognized
[  383.679181][T11996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1587'.
[  383.683047][T11996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1587'.
[  383.686306][T11996] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1587'.
[  384.088983][T12020] IPVS: length: 139 != 8
[  385.478640][T12049] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4.
[  385.837884][T12062] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  386.612200][ T9516] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  386.763920][ T9516] usb 9-1: config 0 has too many interfaces: 33, using maximum allowed: 32
[  386.767532][ T9516] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 33
[  386.771225][ T9516] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.775033][ T9516] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.778133][ T9516] usb 9-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  386.781301][ T9516] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.786119][ T9516] usb 9-1: config 0 descriptor??
[  386.896479][T12081] sctp: [Deprecated]: syz.1.1614 (pid 12081) Use of struct sctp_assoc_value in delayed_ack socket option.
[  386.896479][T12081] Use struct sctp_sack_info instead
[  386.939207][T12084] __nla_validate_parse: 1 callbacks suppressed
[  386.939218][T12084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'.
[  386.944851][T12084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'.
[  386.948056][T12084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'.
[  386.952030][T12084] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'.
[  387.052320][T12089] autofs: Unknown parameter 'Z�qD���C�7D��&C$��뙾�4�_�4DY!�I�u���&�}Ƌ�m{DL�"fa&�]���J��A'
[  387.194839][T12077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.197601][T12077] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.337802][ T9516] usbhid 9-1:0.0: can't add hid device: -71
[  387.339778][ T9516] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  387.343987][ T9516] usb 9-1: USB disconnect, device number 4
[  387.994667][T12100] netlink: 'syz.4.1621': attribute type 1 has an invalid length.
[  387.997119][T12100] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1621'.
[  387.999990][T12100] netlink: 'syz.4.1621': attribute type 2 has an invalid length.
[  388.002828][T12100] netlink: 'syz.4.1621': attribute type 1 has an invalid length.
[  388.005237][T12100] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1621'.
[  388.023103][T12102] overlay: Unknown parameter 'subj_type'
[  388.194954][T12108] netlink: 129704 bytes leftover after parsing attributes in process `syz.1.1622'.
[  388.485727][ T5991] Bluetooth: hci2: SCO packet for unknown connection handle 200
[  388.650521][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1626'.
[  388.657177][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1626'.
[  388.661041][T12118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1626'.
[  388.846801][   T40] kauditd_printk_skb: 21 callbacks suppressed
[  388.846812][   T40] audit: type=1326 audit(1756695903.492:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12119 comm="syz.4.1627" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fc8579 code=0x0
[  389.312307][ T9516] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  389.442342][ T5987] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  389.482279][ T9516] usb 9-1: Using ep0 maxpacket: 32
[  389.485611][ T9516] usb 9-1: config 0 has an invalid interface number: 12 but max is 0
[  389.488417][ T9516] usb 9-1: config 0 has no interface number 0
[  389.490450][ T9516] usb 9-1: config 0 interface 12 has no altsetting 0
[  389.496782][ T9516] usb 9-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  389.500474][ T9516] usb 9-1: New USB device strings: Mfr=16, Product=2, SerialNumber=3
[  389.504659][ T9516] usb 9-1: Product: syz
[  389.506211][ T9516] usb 9-1: Manufacturer: syz
[  389.507834][ T9516] usb 9-1: SerialNumber: syz
[  389.516093][ T9516] usb 9-1: config 0 descriptor??
[  390.086626][T12151] loop6: detected capacity change from 0 to 2560
[  390.091638][ T5976] buffer_io_error: 5 callbacks suppressed
[  390.091684][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.096240][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.099520][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.104001][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.107395][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.110788][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.115988][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.119608][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.123173][ T5976] ldm_validate_partition_table(): Disk read failed.
[  390.126050][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.129376][ T5976] Buffer I/O error on dev loop6, logical block 0, async page read
[  390.136828][ T5976] Dev loop6: unable to read RDB block 0
[  390.139626][ T5976]  loop6: unable to read partition table
[  390.159980][T12151] ldm_validate_partition_table(): Disk read failed.
[  390.164048][T12151] Dev loop6: unable to read RDB block 0
[  390.166347][T12151]  loop6: unable to read partition table
[  390.168301][T12151] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  390.587879][T12155] binder: 12154:12155 ioctl 80089418 800008c0 returned -22
[  390.640780][T12160] syz.1.1637: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  390.646741][T12160] CPU: 1 UID: 0 PID: 12160 Comm: syz.1.1637 Not tainted syzkaller #0 PREEMPT(full) 
[  390.646763][T12160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  390.646774][T12160] Call Trace:
[  390.646780][T12160]  <TASK>
[  390.646786][T12160]  dump_stack_lvl+0x16c/0x1f0
[  390.646814][T12160]  warn_alloc+0x248/0x3a0
[  390.646836][T12160]  ? __pfx_warn_alloc+0x10/0x10
[  390.646866][T12160]  ? frame_vector_create+0x5c/0x100
[  390.646885][T12160]  ? __vmalloc_node_noprof+0xad/0xf0
[  390.646905][T12160]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  390.646931][T12160]  ? frame_vector_create+0x5c/0x100
[  390.646954][T12160]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  390.646975][T12160]  ? ___kmalloc_large_node+0xed/0x160
[  390.647006][T12160]  __kvmalloc_node_noprof+0x30a/0x620
[  390.647025][T12160]  ? frame_vector_create+0x5c/0x100
[  390.647064][T12160]  ? frame_vector_create+0x5c/0x100
[  390.647088][T12160]  ? frame_vector_create+0x5c/0x100
[  390.647103][T12160]  frame_vector_create+0x5c/0x100
[  390.647121][T12160]  vb2_create_framevec+0x3f/0xd0
[  390.647145][T12160]  vb2_vmalloc_get_userptr+0x13b/0x540
[  390.647168][T12160]  ? __pfx_vb2_vmalloc_get_userptr+0x10/0x10
[  390.647184][T12160]  __prepare_userptr.constprop.0+0x744/0x1680
[  390.647203][T12160]  ? __pfx___prepare_userptr.constprop.0+0x10/0x10
[  390.647219][T12160]  ? bpf_ksym_find+0x124/0x1c0
[  390.647252][T12160]  ? __lock_acquire+0xb97/0x1ce0
[  390.647276][T12160]  __buf_prepare+0x63a/0x820
[  390.647306][T12160]  vb2_core_qbuf+0x833/0x14d0
[  390.647320][T12160]  ? trace_contention_end+0xdd/0x130
[  390.647341][T12160]  ? __mutex_lock+0x1c5/0x1060
[  390.647363][T12160]  ? __might_fault+0xe3/0x190
[  390.647382][T12160]  vb2_qbuf+0x24a/0x380
[  390.647393][T12160]  ? __pfx_vb2_qbuf+0x10/0x10
[  390.647402][T12160]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  390.647426][T12160]  v4l2_m2m_qbuf+0x150/0x8b0
[  390.647441][T12160]  ? check_fmt+0x234/0x910
[  390.647452][T12160]  v4l_qbuf+0x96/0xc0
[  390.647465][T12160]  __video_do_ioctl+0xb3d/0xfc0
[  390.647481][T12160]  ? __pfx___video_do_ioctl+0x10/0x10
[  390.647496][T12160]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  390.647513][T12160]  video_usercopy+0x47c/0x1440
[  390.647527][T12160]  ? __pfx___video_do_ioctl+0x10/0x10
[  390.647540][T12160]  ? __pfx_video_usercopy+0x10/0x10
[  390.647559][T12160]  ? hook_file_ioctl_common+0x145/0x410
[  390.647577][T12160]  v4l2_ioctl+0x1ba/0x250
[  390.647588][T12160]  ? __ia32_compat_sys_openat+0x131/0x210
[  390.647600][T12160]  v4l2_compat_ioctl32+0x214/0x2c0
[  390.647612][T12160]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  390.647624][T12160]  __ia32_compat_sys_ioctl+0x23f/0x370
[  390.647642][T12160]  __do_fast_syscall_32+0x7c/0x3a0
[  390.647658][T12160]  do_fast_syscall_32+0x32/0x80
[  390.647672][T12160]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  390.647685][T12160] RIP: 0023:0xf706e579
[  390.647694][T12160] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  390.647704][T12160] RSP: 002b:00000000f543d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  390.647714][T12160] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c04c560f
[  390.647721][T12160] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  390.647727][T12160] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  390.647732][T12160] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  390.647738][T12160] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  390.647751][T12160]  </TASK>
[  390.647754][T12160] Mem-Info:
[  390.767362][T12160] active_anon:8491 inactive_anon:116 isolated_anon:0
[  390.767362][T12160]  active_file:9173 inactive_file:35608 isolated_file:0
[  390.767362][T12160]  unevictable:1768 dirty:116 writeback:0
[  390.767362][T12160]  slab_reclaimable:6212 slab_unreclaimable:55075
[  390.767362][T12160]  mapped:23919 shmem:3632 pagetables:1465
[  390.767362][T12160]  sec_pagetables:322 bounce:0
[  390.767362][T12160]  kernel_misc_reclaimable:0
[  390.767362][T12160]  free:50406 free_pcp:8664 free_cma:0
[  390.786065][T12160] Node 0 active_anon:272kB inactive_anon:416kB active_file:908kB inactive_file:8kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:796kB dirty:4kB writeback:0kB shmem:4588kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:8504kB pagetables:2540kB sec_pagetables:1172kB all_unreclaimable? no Balloon:0kB
[  390.798524][T12160] Node 1 active_anon:33632kB inactive_anon:48kB active_file:35784kB inactive_file:142424kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:94860kB dirty:480kB writeback:0kB shmem:9940kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4956kB pagetables:3312kB sec_pagetables:128kB all_unreclaimable? no Balloon:0kB
[  390.811454][T12160] Node 0 DMA free:2088kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:676kB local_pcp:232kB free_cma:0kB
[  390.823382][T12160] lowmem_reserve[]: 0 288 288 288 288
[  390.825653][T12160] Node 0 DMA32 free:18112kB boost:2048kB min:15268kB low:18572kB high:21876kB reserved_highatomic:4096KB free_highatomic:728KB active_anon:272kB inactive_anon:412kB active_file:908kB inactive_file:8kB unevictable:3536kB writepending:4kB present:1032196kB managed:295132kB mlocked:0kB bounce:0kB free_pcp:6444kB local_pcp:3364kB free_cma:0kB
[  390.837942][T12160] lowmem_reserve[]: 0 0 0 0 0
[  390.839903][T12160] Node 1 DMA32 free:181360kB boost:16384kB min:63524kB low:75308kB high:87092kB reserved_highatomic:2048KB free_highatomic:1664KB active_anon:33632kB inactive_anon:48kB active_file:35784kB inactive_file:142424kB unevictable:3536kB writepending:480kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:28008kB local_pcp:532kB free_cma:0kB
[  390.852005][T12160] lowmem_reserve[]: 0 0 0 0 0
[  390.854194][T12160] Node 0 DMA: 8*4kB (UM) 11*8kB (UM) 5*16kB (U) 7*32kB (U) 2*64kB (U) 0*128kB 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2088kB
[  390.860242][T12160] Node 0 DMA32: 419*4kB (UMEH) 367*8kB (UMEH) 147*16kB (UMEH) 29*32kB (UMH) 34*64kB (UME) 14*128kB (UM) 10*256kB (UME) 5*512kB (UME) 1*1024kB (E) 0*2048kB 0*4096kB = 18004kB
[  390.868087][T12160] Node 1 DMA32: 756*4kB (UME) 622*8kB (UME) 422*16kB (UMEH) 491*32kB (UMEH) 178*64kB (UMEH) 209*128kB (UMEH) 58*256kB (UMEH) 41*512kB (UMEH) 33*1024kB (UM) 17*2048kB (UM) 2*4096kB (UM) = 181248kB
[  390.875858][T12160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  390.876538][ T5987] Bluetooth: hci1: unexpected event for opcode 0x040d
[  390.879699][T12160] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  390.886109][T12160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  390.889206][T12160] Node 1 hugepages_total=6 hugepages_free=6 hugepages_surp=4 hugepages_size=2048kB
[  390.891956][T12160] 48950 total pagecache pages
[  390.893618][T12160] 541 pages in swap cache
[  390.895440][T12160] Free swap  = 117428kB
[  390.897198][T12160] Total swap = 124996kB
[  390.898984][T12160] 524155 pages RAM
[  390.900575][T12160] 0 pages HighMem/MovableOnly
[  390.902631][T12160] 209477 pages reserved
[  390.904077][T12160] 0 pages cma reserved
[  391.052355][   T40] audit: type=1804 audit(1756695905.692:124): pid=12170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1640" name="/newroot/404/file0/file0" dev="9p" ino=35913893 res=1 errno=0
[  391.412860][T12177] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  391.858365][ T9516] f81534 9-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  391.860902][ T9516] f81534 9-1:0.12: f81534_find_config_idx: read failed: -71
[  391.863262][ T9516] f81534 9-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  391.867658][ T9516] f81534 9-1:0.12: probe with driver f81534 failed with error -71
[  391.874111][ T9516] usb 9-1: USB disconnect, device number 5
[  392.046449][T12187] netlink: 'syz.1.1645': attribute type 1 has an invalid length.
[  392.122583][T12195] __nla_validate_parse: 5 callbacks suppressed
[  392.122598][T12195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1648'.
[  392.128904][T12195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1648'.
[  392.131947][T12195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1648'.
[  392.136816][T12195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1648'.
[  392.423875][T12214] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  392.982250][   T10] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  393.132185][   T10] usb 8-1: Using ep0 maxpacket: 8
[  393.135280][   T10] usb 8-1: config 0 has an invalid interface number: 55 but max is 0
[  393.137879][   T10] usb 8-1: config 0 has no interface number 0
[  393.140149][   T10] usb 8-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  393.143916][   T10] usb 8-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  393.147645][   T10] usb 8-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  393.151171][   T10] usb 8-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  393.155524][   T10] usb 8-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  393.158587][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.163513][   T10] usb 8-1: config 0 descriptor??
[  393.168807][   T10] ldusb 8-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  394.636404][T12236] ubi0: attaching mtd0
[  394.640230][T12236] ubi0: scanning is finished
[  394.642710][T12236] ubi0: empty MTD device detected
[  394.729130][T12237] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.755350][T12236] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  394.758684][T12236] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  394.761216][T12236] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  394.764571][T12236] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  394.770660][T12236] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  394.775240][T12236] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  394.780782][T12236] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2535651413
[  394.785738][T12236] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  394.791102][T12239] ubi0: background thread "ubi_bgt0d" started, PID 12239
[  394.793835][T12238] ubi0: detaching mtd0
[  394.801762][T12238] ubi0: mtd0 is detached
[  394.983528][T12237] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.071852][T12243] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1662'.
[  395.233923][T12237] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.489272][T12237] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.744824][   T59] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.747542][   T59] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.780105][   T59] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.790870][   T59] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.826965][    C0] ldusb 8-1:0.55: usb_submit_urb failed (-1)
[  395.835384][ T9516] usb 8-1: USB disconnect, device number 20
[  395.859578][ T9516] ldusb 8-1:0.55: LD USB Device #0 now disconnected
[  396.340452][T12269] netlink: 'syz.4.1668': attribute type 1 has an invalid length.
[  396.347772][T12269] netlink: 'syz.4.1668': attribute type 2 has an invalid length.
[  396.897257][T12288] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  397.109836][T12290] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1675'.
[  397.323464][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'.
[  397.327435][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'.
[  397.331321][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'.
[  397.335310][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1678'.
[  397.477018][T12300] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1679'.
[  397.921628][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1689'.
[  397.925100][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1689'.
[  397.928079][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1689'.
[  397.931762][T12327] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1689'.
[  397.956532][   T40] audit: type=1326 audit(1756695912.602:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12319 comm="syz.3.1687" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf710e579 code=0x0
[  398.044252][T12329] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  398.046696][T12329] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  398.052859][T12329] vhci_hcd vhci_hcd.0: Device attached
[  398.062327][ T6047] ==================================================================
[  398.062335][ T6047] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x1a6f/0x1e60
[  398.062352][ T6047] Write of size 8 at addr ffffc90004ce90e0 by task kworker/3:3/6047
[  398.062360][ T6047] 
[  398.062366][ T6047] CPU: 3 UID: 0 PID: 6047 Comm: kworker/3:3 Not tainted syzkaller #0 PREEMPT(full) 
[  398.062378][ T6047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  398.062390][ T6047] Workqueue: events_power_efficient fb_flashcursor
[  398.062403][ T6047] Call Trace:
[  398.062407][ T6047]  <TASK>
[  398.062411][ T6047]  dump_stack_lvl+0x116/0x1f0
[  398.062426][ T6047]  print_report+0xcd/0x630
[  398.062452][ T6047]  ? __virt_addr_valid+0x81/0x610
[  398.062466][ T6047]  ? sys_imageblit+0x1a6f/0x1e60
[  398.062475][ T6047]  kasan_report+0xe0/0x110
[  398.062488][ T6047]  ? sys_imageblit+0x1a6f/0x1e60
[  398.062499][ T6047]  sys_imageblit+0x1a6f/0x1e60
[  398.062510][ T6047]  ? __pfx_sys_imageblit+0x10/0x10
[  398.062522][ T6047]  ? rcu_is_watching+0x12/0xc0
[  398.062536][ T6047]  ? trace_kmalloc+0x2b/0xd0
[  398.062554][ T6047]  ? __kmalloc_noprof+0x242/0x510
[  398.062571][ T6047]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  398.062586][ T6047]  soft_cursor+0x521/0xa10
[  398.062601][ T6047]  ? fb_get_color_depth+0x120/0x250
[  398.062614][ T6047]  bit_cursor+0xe8c/0x17e0
[  398.062630][ T6047]  ? __pfx_bit_cursor+0x10/0x10
[  398.062656][ T6047]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  398.062677][ T6047]  ? get_color+0x1da/0x450
[  398.062693][ T6047]  ? __pfx_bit_cursor+0x10/0x10
[  398.062713][ T6047]  fb_flashcursor+0x30d/0x400
[  398.062726][ T6047]  process_one_work+0x9cf/0x1b70
[  398.062744][ T6047]  ? __pfx_free_obj_work+0x10/0x10
[  398.062756][ T6047]  ? __pfx_process_one_work+0x10/0x10
[  398.062781][ T6047]  ? assign_work+0x1a0/0x250
[  398.062803][ T6047]  worker_thread+0x6c8/0xf10
[  398.062820][ T6047]  ? __kthread_parkme+0x19e/0x250
[  398.062839][ T6047]  ? __pfx_worker_thread+0x10/0x10
[  398.062857][ T6047]  kthread+0x3c5/0x780
[  398.062872][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.062894][ T6047]  ? rcu_is_watching+0x12/0xc0
[  398.062908][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.062929][ T6047]  ret_from_fork+0x5d7/0x6f0
[  398.062952][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.062987][ T6047]  ret_from_fork_asm+0x1a/0x30
[  398.063013][ T6047]  </TASK>
[  398.063018][ T6047] 
[  398.063022][ T6047] The buggy address belongs to a vmalloc virtual mapping
[  398.063034][ T6047] Memory state around the buggy address:
[  398.063042][ T6047]  ffffc90004ce8f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  398.063053][ T6047]  ffffc90004ce9000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  398.063063][ T6047] >ffffc90004ce9080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  398.063071][ T6047]                                                        ^
[  398.063079][ T6047]  ffffc90004ce9100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  398.063085][ T6047]  ffffc90004ce9180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  398.063093][ T6047] ==================================================================
[  398.063116][ T6047] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  398.063126][ T6047] CPU: 3 UID: 0 PID: 6047 Comm: kworker/3:3 Not tainted syzkaller #0 PREEMPT(full) 
[  398.063143][ T6047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  398.063166][ T6047] Workqueue: events_power_efficient fb_flashcursor
[  398.063181][ T6047] Call Trace:
[  398.063186][ T6047]  <TASK>
[  398.063192][ T6047]  dump_stack_lvl+0x3d/0x1f0
[  398.063212][ T6047]  vpanic+0x6e8/0x7a0
[  398.063233][ T6047]  ? __pfx_vpanic+0x10/0x10
[  398.063257][ T6047]  ? sys_imageblit+0x1a6f/0x1e60
[  398.063269][ T6047]  panic+0xca/0xd0
[  398.063285][ T6047]  ? __pfx_panic+0x10/0x10
[  398.063309][ T6047]  ? check_panic_on_warn+0x1f/0xb0
[  398.063331][ T6047]  check_panic_on_warn+0xab/0xb0
[  398.063352][ T6047]  end_report+0x107/0x170
[  398.063370][ T6047]  kasan_report+0xee/0x110
[  398.063391][ T6047]  ? sys_imageblit+0x1a6f/0x1e60
[  398.063410][ T6047]  sys_imageblit+0x1a6f/0x1e60
[  398.063428][ T6047]  ? __pfx_sys_imageblit+0x10/0x10
[  398.063450][ T6047]  ? rcu_is_watching+0x12/0xc0
[  398.063465][ T6047]  ? trace_kmalloc+0x2b/0xd0
[  398.063485][ T6047]  ? __kmalloc_noprof+0x242/0x510
[  398.063502][ T6047]  drm_fbdev_shmem_defio_imageblit+0x20/0x130
[  398.063518][ T6047]  soft_cursor+0x521/0xa10
[  398.063541][ T6047]  ? fb_get_color_depth+0x120/0x250
[  398.063561][ T6047]  bit_cursor+0xe8c/0x17e0
[  398.063583][ T6047]  ? __pfx_bit_cursor+0x10/0x10
[  398.063601][ T6047]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  398.063624][ T6047]  ? get_color+0x1da/0x450
[  398.063641][ T6047]  ? __pfx_bit_cursor+0x10/0x10
[  398.063660][ T6047]  fb_flashcursor+0x30d/0x400
[  398.063678][ T6047]  process_one_work+0x9cf/0x1b70
[  398.063698][ T6047]  ? __pfx_free_obj_work+0x10/0x10
[  398.063714][ T6047]  ? __pfx_process_one_work+0x10/0x10
[  398.063739][ T6047]  ? assign_work+0x1a0/0x250
[  398.063761][ T6047]  worker_thread+0x6c8/0xf10
[  398.063777][ T6047]  ? __kthread_parkme+0x19e/0x250
[  398.063794][ T6047]  ? __pfx_worker_thread+0x10/0x10
[  398.063814][ T6047]  kthread+0x3c5/0x780
[  398.063835][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.063857][ T6047]  ? rcu_is_watching+0x12/0xc0
[  398.063872][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.063893][ T6047]  ret_from_fork+0x5d7/0x6f0
[  398.063912][ T6047]  ? __pfx_kthread+0x10/0x10
[  398.063931][ T6047]  ret_from_fork_asm+0x1a/0x30
[  398.063953][ T6047]  </TASK>
[  398.065570][ T6047] Kernel Offset: disabled

VM DIAGNOSIS:
03:05:12  Registers:
info registers vcpu 0

CPU#0
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81605750 RDX=ffffffff8e2977c0
RSI=ffffffff81605798 RDI=ffffffff93db1fe0 RBP=0000000000000000 RSP=ffffc90000007fd0
R8 =0000000000000001 R9 =fffffbfff27b63fc R10=ffffffff93db1fe7 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81605799 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000032124220 CR3=0000000024a5c000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000080010000 RBX=0000000000000000 RCX=ffffffff81605750 RDX=ffff8880288ac880
RSI=ffffffff81605798 RDI=ffffffff93db1fe0 RBP=0000000000000001 RSP=ffffc90000590fd0
R8 =0000000000000001 R9 =fffffbfff27b63fc R10=ffffffff93db1fe7 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81605799 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880975c0000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080d9e000 CR3=00000000274c0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000080010001 RBX=0000000000000000 RCX=ffffffff81605750 RDX=ffff88801ff5c880
RSI=ffffffff81605798 RDI=ffffffff93db1fe0 RBP=0000000000000002 RSP=ffffc90000538fd0
R8 =0000000000000001 R9 =fffffbfff27b63fc R10=ffffffff93db1fe7 R11=0000000000000000
R12=0000000000000000 R13=0000000000000000 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff81605799 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880976c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007fa8510facf0 CR3=000000000e380000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000004000000 Opmask01=0000000000000000 Opmask02=0000000000000002 Opmask03=0000000000000000
Opmask04=00000000fffffffe Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc90f0a5eb 00007ffc90f0a5eb
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc90f0aaf0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc90f0aaf0 0000003000000018
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 205b3e363c0a2938 2864666b636f7320 29302874726f7068 7220293328766564
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 7020303024646362 5563636276206463 6255636362762057 3332333231545157
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 69702064656e6966 6e6f636e753d6a62 7573203539323736 39343932343d7365
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3078303d65646f63 2039373565303137 6678303d70692031 3d7461706d6f6320
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3235323d6c6c6163 7379732033303030 303030343d686372 6120393d67697320
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 22726f7475636578 652d7a79732f223d 6578652022373836 312e332e7a797322
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3d6d6d6f63203931 3332313d64697020 64656e69666e6f63 6e753d6a62757320
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 746e657365727020 426b3038343a676e 69646e6570657469 727720426b363335
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff856170b5 RDI=ffffffff9b0fc700 RBP=ffffffff9b0fc6c0 RSP=ffffc90000bef2f0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000034303654
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0fc6c0 R15=ffffffff85617050
RIP=ffffffff856170df RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977c0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f7fe7434 CR3=00000000677b2000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 84e432611c9fe88d 6ee88961c06218dc
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ee52946409b61a8e b07fd65ead3dcf6e
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 c47fef0b6d20611d cbc55cfe1bd1cb96
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 63b7096d7108b1a4 8d8bc498d321413e
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001080
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000040
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 242f7a7e256a355e 000000f2256b53e8
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0080010000800100 00800100257adec2
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000f200800100 25692592000000f2
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00800100000000f2 000000f200800100
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2982aac87d2bc43a 4d6e10ee91ee0863
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 b52955b55c6bbc2e 946e6b4e0e42f7d3
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 a54ff53a3c6ef372 bb67ae856a09e667
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 5be0cd191f83d9ab 9b05688c510e527f
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000