last executing test programs:

10m31.900786267s ago: executing program 1 (id=1193):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r3, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0)
socket(0x10, 0x803, 0x0)

10m29.697354876s ago: executing program 1 (id=1196):
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x149040, 0x40)
r4 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r4, 0x800442d3, &(0x7f000000eec0)={0x6, 0x7, 0x2a4, @random="d60fea76ac0e", 'veth1_vlan\x00'})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r5 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc}, 0x94)
keyctl$KEYCTL_CAPABILITIES(0x1f, 0x0, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_inet_SIOCSIFBRDADDR(r6, 0x891a, &(0x7f0000000280)={'veth1_virt_wifi\x00', {0x2, 0x4e21, @rand_addr=0x64010100}})
fcntl$setlease(r3, 0x400, 0x2)

10m27.812264386s ago: executing program 1 (id=1200):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4}}, 0x50)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r6, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="379500000000000003e77200000708000300", @ANYRES32=r6, @ANYBLOB], 0x1c}}, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020)

10m25.525289219s ago: executing program 1 (id=1206):
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@tracing={0x0, 0x5}}, 0x20)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000680))
socket$packet(0x11, 0x3, 0x300)
mprotect(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000025300)=""/102392, 0x18ff8)
connect$inet(0xffffffffffffffff, 0x0, 0x39)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300), 0xcc17f, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)=0x1)

10m23.514444569s ago: executing program 1 (id=1209):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b27a9b3a6645cb3580000000400000001009a", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
fsopen(&(0x7f0000000100)='hugetlbfs\x00', 0x0)
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xa)
r0 = syz_io_uring_setup(0xf00, &(0x7f0000000400)={0x0, 0x5961, 0x10000, 0x0, 0x4e}, &(0x7f0000000100), &(0x7f0000000000), &(0x7f0000000080))
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioperm(0x5, 0x6, 0x1)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x40008c0}, 0x8040)
socket(0x2, 0x80805, 0x0)
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
read$FUSE(r1, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
syz_clone(0x2000, 0x0, 0xff36, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0)
pread64(r0, 0x0, 0xffffffffffffffdd, 0x1000000000000001)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000040)={0x6}, 0x0)

10m20.556832274s ago: executing program 1 (id=1213):
unshare(0x6a000000)
socket$l2tp(0x2, 0x2, 0x73)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x800)
recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0xfc}], 0x5, 0x40012102, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x90000000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{0x0}, {&(0x7f00000001c0)="66f7", 0x2}], 0x2}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000280)="0f01cf66f30f52af0060000066baf80cb808de698aef66bafc0c66b8000066efdbd5b9b50800000f32c4e2aaf5620ff3660f32c4e1fd6f4ed466b8da008ec866baf80cb86481d389ef66bafc0cb8d4600000ef", 0x53}], 0x1, 0x43, 0x0, 0x0)
r7 = socket(0x1d, 0x80802, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000540), r7)

10m4.292729369s ago: executing program 32 (id=1213):
unshare(0x6a000000)
socket$l2tp(0x2, 0x2, 0x73)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x800)
recvmmsg(r0, &(0x7f0000003dc0)=[{{0x0, 0x0, 0x0}, 0x200}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, 0x0}, 0x4}, {{0x0, 0x0, 0x0}, 0xfc}], 0x5, 0x40012102, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x90000000000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x8c4b815a5465c2b2, 0xffffffffffffffff, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{0x0}, {&(0x7f00000001c0)="66f7", 0x2}], 0x2}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, &(0x7f0000000280)="0f01cf66f30f52af0060000066baf80cb808de698aef66bafc0c66b8000066efdbd5b9b50800000f32c4e2aaf5620ff3660f32c4e1fd6f4ed466b8da008ec866baf80cb86481d389ef66bafc0cb8d4600000ef", 0x53}], 0x1, 0x43, 0x0, 0x0)
r7 = socket(0x1d, 0x80802, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
syz_genetlink_get_family_id$l2tp(&(0x7f0000000540), r7)

4m43.226880297s ago: executing program 4 (id=2139):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
mount$fuse(0x0, 0x0, 0x0, 0x1048001, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0])
mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x2, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x101000, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2}, './file0\x00'})

4m42.952339789s ago: executing program 4 (id=2144):
syz_open_procfs(0x0, &(0x7f0000001240)='task\x00')
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xfe, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x5, 0xff, 0x1f}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, {0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd, 0x0, 0x1000000}], 0x4000004})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m41.437649419s ago: executing program 4 (id=2150):
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x5, 0x448442)
ioctl$DRM_IOCTL_PANTHOR_DEV_QUERY_TIMESTAMP_INFO(r4, 0xc0106440, &(0x7f0000000400)={0x2, 0x2, &(0x7f00000001c0)})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000200)={0x1, @pix={0x8d8, 0x5, 0x58565559, 0x6, 0x8000002, 0xb, 0xb, 0xfffffffd, 0x0, 0x6, 0x0, 0x4}})
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x2, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x1, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x5, 0x8, 0xffffffff, 0x3, 0x100f5, 0x10009, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x2004, 0x3, 0x4, 0xf252, 0x4, 0xfffff76d, 0x300000, 0x10, 0xe, 0x4623b, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x2, 0xd, 0x3, 0xba55, 0x1000, 0x2, 0x200, 0x2, 0x400008, 0xa8, 0x4, 0x2, 0x0, 0x8, 0xc5, 0x1, 0x199f, 0x5, 0x2, 0x9, 0x1, 0x4, 0x6, 0x1000, 0x5, 0x80000040, 0x9, 0x5b, 0x5], [0x6, 0x1e, 0x3, 0x4ef4, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0x4, 0x39ca, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x297, 0x5, 0x0, 0x80, 0x4, 0x100, 0x89b, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0xffffffff, 0x6, 0x5, 0xd65, 0x1, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0xb, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x6, 0xbde], [0x401, 0xc584, 0xffff, 0x8cd4, 0x7, 0x20, 0xb, 0x4, 0x8, 0x10, 0x7, 0x44c, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x401000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe57, 0x6807, 0x80000001, 0x4, 0x7b, 0x10000005, 0x9, 0x2, 0x20000005, 0x80, 0x9, 0x9, 0x4a, 0x2, 0x3, 0x4, 0x20007, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0xffffffff, 0x44, 0x3, 0x6, 0x100fffd, 0x2005, 0x2000007, 0x4, 0xea, 0x9, 0x80000001, 0x2, 0xd9, 0x0, 0x807ff, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x20000800, 0x9, 0x1000, 0x7f, 0x5, 0x3fb6, 0x4, 0x8e8, 0x6348, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1800, 0x3b, 0xffffffff, 0x5, 0x800, 0xa80a, 0x65f413f9, 0x4, 0x8, 0x8a8, 0x2, 0x3e, 0x7, 0x2, 0x4, 0x4, 0x10, 0x0, 0x0, 0x801, 0x1, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0xbf3a, 0xfffffffd, 0x7, 0xe, 0x2, 0xe, 0xf, 0x132, 0x6]}, 0x45c)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000003c0)={0x7, 0x7f, 0x1}, 0x1001)
unshare(0x40020000)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='hfs\x00', 0x2000010, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x405}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x48}, 0x1, 0x0, 0x0, 0x8890}, 0x24008080)

4m38.819275208s ago: executing program 4 (id=2155):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = fsopen(&(0x7f0000000180)='btrfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r3 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r3, &(0x7f0000000280)={&(0x7f0000000440)=@l2={0x1f, 0x52, @any, 0xa, 0x2}, 0x80, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323"], 0x10b8}, 0x200008c0)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x10)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
ioctl$KVM_GET_XSAVE2(r4, 0x9000aecf, &(0x7f000004d000/0x2000)=nil)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

4m30.035190974s ago: executing program 4 (id=2170):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)}], 0x1}}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = socket$unix(0x1, 0x2, 0x0)
r4 = dup2(r3, r2)
close_range(r4, 0xffffffffffffffff, 0x0)

4m29.618783634s ago: executing program 4 (id=2174):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x320, 0x18c, 0x203, 0x320, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x1, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x15, 0x3, 0x4)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r2, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001980)=""/4080, 0xff0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000003100)=[{0x0}], 0x1}}], 0x3, 0x400122a0, 0x0)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

4m26.502220357s ago: executing program 3 (id=2178):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x303}, "9913d4ab2de66f9c", "dd79ff97261d7098a0723ec49ab4cfdc", 'i}oz', "ffca69dbc7b44302"}, 0x28)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r2)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000240)={0xffffffffffffffff, 0xfffffffffffffffe, 0x0}, 0x20)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000000300)=""/157, 0x9d}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
connect$inet6(r2, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @private1}, 0x1c)
shutdown(r2, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x3a, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1"})

4m22.810885688s ago: executing program 3 (id=2183):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @broadcast}, 0x10)
sendto$inet(r0, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfe, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bond0\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000)
r3 = openat$dlm_plock(0xffffffffffffff9c, 0x0, 0x41, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000000)=0xfff, 0x4)
write$nbd(r3, &(0x7f0000000340)={0x1000000, 0x0, 0x0, 0x40, 0x9, "82b0cfc4337965941538be09000000000000000000007400a391793ba70d0000000000fdf700000000baffda6e4a4d83"}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001880)={r3, 0x0}, 0x20)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', 0x0, 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x60b17f360213d71e, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

4m13.801536964s ago: executing program 3 (id=2194):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff2000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0)

4m11.290994988s ago: executing program 33 (id=2174):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x320, 0x18c, 0x203, 0x320, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x1, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket(0x15, 0x3, 0x4)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r2, &(0x7f0000004100)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001980)=""/4080, 0xff0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000980)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000003100)=[{0x0}], 0x1}}], 0x3, 0x400122a0, 0x0)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

4m7.988722158s ago: executing program 3 (id=2198):
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x12, 0x0, 0x0)
syz_emit_ethernet(0x4c8, &(0x7f0000000500)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x2f, 0x4ba, 0x2, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x4a6, 0x0, @gue={{0x2, 0x0, 0x0, 0x1, 0x100, @val=0x80}, "2b47019676fb912bfb3979bb82d94c42da0498ad601e4b92fe2c62ba4d6bdd44d280dada5a5650e1edaecb4fd923a6ded85d084df9d5e7bffddda34d04e5cdb51ef2fe8703b3988bb47989823d53b49308c5d2977c173d08535eaf56e740391766d74589e9806165ef3d4085755bbaa162e74e4dc541aa6004761f6a43e20556918bb04da9070b3cc89472820459902b3342031e1571d32a8b78f2da2a8e73e26af9389dced48cdcaf0a714363789e4acd9373813e2729986552c1cdbeabd3a03d7684ead62926c387b1552066f9751c9f0fa935afda36cf2fb30bba0cb8007f3bd1fea86ef3b7f8434e250f2a09e6a3b569c8c0519adc93f8b909470f39920551618ecfe04ff0cc4b1ed29eee56dcd976a79181e4d3218b51150ce595c25371293ec4d05e4aa411ef3b190554c6a2e06ee6374d80a3c511603a8a20b75f8075d0d83d31b86be7d2d785e6d60c07b515fe04bd55e20bcfe799a3e66c93744c52d0d34880ab42354859d5d1a9d0d65b52a0819b19c2d7f7a285d401825bf40ccc355b1aecb100c3f86c71607b00c59c7a8c0d8ae35a0a0e20f189568cb1a386c9d799f2c5ba6cce4e6ae0dce69f7391a4f4b011b27ad89ecaca95b90be9e517d39fa47ab5d08fd75233c1b0b604c169ebdc29efe713e9ecd551fc383be78cc5afccee1d8bb067e64054734b61c99f1055748b335ea261b9a6ccd1b3362a0c9d26c74bcda8e4d1efca7f614a61b8dfa2508a39f78901cf7ab2f15409f1da06432db0b50f00e16a77ceece0e315fc63c46cd418a1d259ba713bc5a26a49bdc202cf04e02149cf29c1f617f0898321ecf9d395f349e276480b42147d4dc1af6491e05cff9a33517437cb21125f6945e0b727576880a89ef6d53375bb901e14ae1a2dd27a5bf67012b8e4515023dba602d2e5293da914c199c0c0d610bf6461cd7bba6c8b948e96f395c39a7a0b93df65368f8eaa306fdcf87522ac1a36c427d98af77c3a3afa33dc3e8e070a1a2f66a4877abbeef23ff67befdcc9532cf3990918fb778d7799ee1f26b469c37f3c9578b8f8f2d00d32fc839171b9474e76f03d827a4eac2802322f3d68b03d1516aec9566bba3acc0bcf0d6a551c412f080d8c7fe0c60e23cdb328920263477470ea4f23e23d5aebbfda173aa781f89bf0cdfce2003ed3c010c511b3b489eab29453a365b839cca172e3abbcbab0203899bdb4f14a3423c2293166145760e61c3c188c3e0888ee817f0772ff89e02df8f42b9951e1661b39def34308c46e8ec1e4e5b68e88140ac7dc993523191fdb71db3a2677a3bd666e6180a96c9846bce6cb6c16e379bf29e1769a66da2f6781e79f082cb80662d72adbb21240cef87dc3079a822b2a791753fcd12a7ec362088d76237370bcd5d5daa440ba735b4e29cf2cb93583a5080270d1a3fd40183dc04f30e01c428f92e595c89fcbd1fc52962eedea82e2772b5f5fa3dad0f908fe6a48fffcc69df60f34ef9d9ba7609d16cdf733ca77785c0ab6f536b79ffde4ff9b835bfcaffef0d15ae69c26c0588f1acd5a648fde52568c713163717eb77f863d20dda0f1ca2c0306748544d3763c1cfa82f1785f047c842cadc4f8ac1906ab6ad8f6425bb9efbe97ee62ea7e40ec6ac342f457f00626f907ed939864"}}}}}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000480)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x80020}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000034c0)='\x00', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000009c0)=ANY=[], 0x1000f)

4m5.61435529s ago: executing program 3 (id=2202):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x4, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="adcd1a9a3fc36e961ed00fe41b0cd695", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1}, 0x40}], 0x1, 0x102, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86b", 0xf)
sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000008c0)=ANY=[@ANYBLOB="400001801400020070696d3672656730", @ANYBLOB="140002"], 0x17c}, 0x1, 0x0, 0x0, 0x4008004}, 0x20000080)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x44}}, 0x80)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000a80)=0x8, 0x4)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x8044)

4m3.088910928s ago: executing program 3 (id=2209):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, &(0x7f0000000100)={0x0, 0x4, 0x9, 0x3, 0xf, 0xa, 0xfffffffc})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)

3m44.948685481s ago: executing program 34 (id=2209):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(0xffffffffffffffff, 0xc01c64ae, &(0x7f0000000100)={0x0, 0x4, 0x9, 0x3, 0xf, 0xa, 0xfffffffc})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)

3m12.834343884s ago: executing program 0 (id=2270):
syz_open_procfs(0x0, &(0x7f0000001240)='task\x00')
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='batadv0\x00', 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0xfe, 0x0, 0x0, 0x0, 0xfe, 0x0, 0x5, 0xff, 0x1f}, {0x3, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, {0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xd, 0x0, 0x1000000}], 0x4000004})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3m11.957475135s ago: executing program 0 (id=2273):
pipe(&(0x7f0000019480)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet(r1, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r1, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000140)="1770", 0x2}], 0x1, &(0x7f0000000840)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x2}}], 0x18}}, {{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000000940)}, {&(0x7f0000001940)="d0", 0x1}, {&(0x7f0000001980)="1c", 0x1}], 0x3, &(0x7f0000001c40)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}], 0x18}}], 0x2, 0x4008440)

3m9.650988059s ago: executing program 0 (id=2276):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000010000000180100002020732500000000002020207b1af8ff00000000bfa10000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0xfff, 0x4000000007}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = fanotify_init(0x500, 0x400)
r4 = fcntl$dupfd(r2, 0x406, r2)
fanotify_mark(r3, 0x21, 0x40001049, r4, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000400)={0xc, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000640)={0x48, 0x2, r5})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))
sendmsg$kcm(r6, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000540)=ANY=[@ANYBLOB="63050000000000008400000008000000fe800000000000000200000000000000be1f6c93f5a619c82ca50485ea14c003ca013facd42d6c58cb4b9480a066a6c2216b8d3cee1d511d0f94cbf709ae236a639db4f1b897dffcdecc99e202880d2c07480927e8d23652d34481c005dd46a6ed51035c7726a0f6d72ad82ceff06606006a3ceba39bf1283832702887ed62307e146cfc1720f1992686833b1e4a76dc7dae034f"], 0x20}, 0x41)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'icmp\x00'}, &(0x7f0000000080)=0x1e)
syz_usb_connect(0x0, 0x2d, &(0x7f00000006c0)=ANY=[@ANYBLOB="12015002a10c8f08120a105d0b70010203010902390001040090100904"], &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0})

3m6.842379708s ago: executing program 0 (id=2283):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x34, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}, @MPTCP_PM_ATTR_ADDR={0x4}]}, 0x34}}, 0x10)

3m3.884605302s ago: executing program 0 (id=2290):
r0 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000580), &(0x7f0000000200)=0x4)
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pwrite64(r1, 0x0, 0x0, 0x8000c61)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000005580)=""/102392, 0x18ff8)
syz_emit_ethernet(0x56, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x10, &(0x7f00000000c0)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000c500"], &(0x7f0000000640)='GPL\x00', 0x2, 0x8b, &(0x7f0000000340)=""/139, 0x0, 0x4}, 0x94)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
setsockopt$sock_linger(r3, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8)
connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x33}}, 0x10)
close(r3)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x2, 0x0, 0xa, 0xb, 0x4, 0x401, 0x801, 0x100}, 0x0, 0x0, &(0x7f00000046c0), 0x0)

3m1.10570785s ago: executing program 0 (id=2293):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/35, 0x23}, {0x0, 0x36}], 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000040)={0x5, 0xffffffffffffffff, 0x3e, {0xe8, 0x3}, 0x7f}, 0x1)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000600)={r2, r2, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
unshare(0x0)
r4 = socket$inet(0x2, 0x1, 0x0)
shutdown(r4, 0x0)
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2m44.204880299s ago: executing program 35 (id=2293):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
readv(0xffffffffffffffff, &(0x7f00000013c0)=[{&(0x7f0000001300)=""/35, 0x23}, {0x0, 0x36}], 0x2)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000040)={0x5, 0xffffffffffffffff, 0x3e, {0xe8, 0x3}, 0x7f}, 0x1)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r3 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r3, 0x400448c8, &(0x7f0000000600)={r2, r2, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
unshare(0x0)
r4 = socket$inet(0x2, 0x1, 0x0)
shutdown(r4, 0x0)
recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

12.947851178s ago: executing program 2 (id=2658):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000c3c0)={0x2020, 0x0, <r3=>0x0}, 0x1c84)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4}}, 0x50)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r9, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="379500000000000003e77200000708000300", @ANYRES32=r9], 0x1c}}, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020)

10.496869182s ago: executing program 2 (id=2659):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000002c0), 0x80042, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
r0 = socket(0x2c, 0x3, 0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x100000001, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="480000001000030400000000fdffff0000000300", @ANYRES32=0x0, @ANYBLOB="0000000040000000140012800900010076657468000000000400028008004040", @ANYRES32=0x0], 0x48}}, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
syz_io_uring_setup(0x4ad8, &(0x7f0000000300)={0x0, 0x9824, 0x20, 0xffffffff, 0x145}, &(0x7f0000000100), 0x0, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r4, &(0x7f0000001240)=""/102400, 0xffffff8c, 0x200000)

9.082087272s ago: executing program 6 (id=2665):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x6, 0x80800)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000040)={0x2, r2})
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x1})

8.889006947s ago: executing program 7 (id=2666):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=ANY=[@ANYBLOB="7400000002060104000000000000000006000002050005000200000005000400000000001400078008001240001000000800134000005bad05000100070000000500010007000000090002"], 0x74}}, 0x4000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[], 0xa4}}, 0x0)

8.128592008s ago: executing program 6 (id=2667):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.95558762s ago: executing program 7 (id=2668):
io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4000})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000001000000080000000b"], 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r0, 0xffffffffffffffff, 0x7}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r0, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6}, 0x20)
write$eventfd(0xffffffffffffffff, &(0x7f0000000640)=0x9, 0x8)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0958730", 0x4c}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

7.546485184s ago: executing program 7 (id=2669):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000c3c0)={0x2020, 0x0, <r3=>0x0}, 0x1c84)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4}}, 0x50)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r9, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="379500000000000003e77200000708000300", @ANYBLOB], 0x1c}}, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020)

7.003833947s ago: executing program 2 (id=2671):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x200005}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xe}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

6.420070072s ago: executing program 5 (id=2672):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x2, 0x400)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000040)={{0x404, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x2, 0x8, 0x3, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa7, 0x7f, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xb, 0x0, 0x6, 0x0, 0xfffffffd, 0x0, 0xfffffffffffffffe, 0x0, 0x4e, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7, 0x0, 0x20000, 0xfffffffc, 0x8, 0x0, 0x4, 0x0, 0x0, 0x4, 0x4, 0x0, 0x0, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x2000100, 0x80000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd, 0x8, 0x9, 0x1, 0x6, 0x0, 0x101, 0x1, 0x10001, 0x0, 0x4, 0x2, 0x0, 0x3, 0xfffffffa, 0x0, 0x0, 0x0, 0x58, 0x4, 0x0, 0x3, 0x4000000, 0x7, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000006fd, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x4]})
listns(&(0x7f00000000c0)={0x20, 0x0, 0xc, 0x4000000, 0x0, 0x3}, 0x0, 0xf4240, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002140)='rdma.current\x00', 0x275a, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
getsockname$packet(r2, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
bind$netlink(r4, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc)
getsockname$packet(r4, 0x0, &(0x7f00000000c0))
sendmsg$nl_route(r3, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x401, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40018}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=@newtfilter={0x6c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r8, {0x8, 0xa}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x3c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x20, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x1c, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x5, 0x4, 0x9}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x5}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={0xffffffffffffffff, r8, 0x25, 0x3, @void}, 0x10)

6.318346345s ago: executing program 6 (id=2673):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x1, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5d, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x4, 0x9, '\x00', 0x1})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.281069465s ago: executing program 7 (id=2674):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r3 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)={0x18, 0x69, 0x1, 0x70bd2d, 0x25dfdbff, "", [@nested={0x8, 0x94, 0x0, 0x1, [@typed={0x4, 0x132}]}]}, 0x18}], 0x1, 0x0, 0x0, 0x20004880}, 0x0)
sendmsg$TIPC_NL_LINK_GET(r4, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000e40)={0x24, r5, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x8000)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000100)='%\xff:2\x82|\x9a\xe0\xadA\xde\xd5\x03\x00\x00\x00\xb7\xe5\xee:\xb5\x0e\xec\xe5\xdc\xe5\x8d?\x16BE\x8b\xe8)\xa9H\x99\x10\x02q\xf7\xd3\xc5*\x15\xdf_\xb2_`\x92|\x7f\xff9\xf7o$e&1\xfd\xea\xb0\xb0', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000002c0)='s\xefurce', &(0x7f0000000300)='\xb0\xfb\xd9\x9a\xbe\r\xcc:\x9b\xd0}\xe8\xff\xff\xff\xff\xff\xff\xff\x7f\xce\xf5\x1a\x01\xd6\a\xfe\xb8\x92~wS\x87\xd9\x9e0y\xc9\x8cw-zu(ht\xa1~\x9a\x8d^+\x9f\xee\x9a(&W\\\xbb\xd5W\xeb\x06\x9dva\x06\xe3\x97\xa1\x88\x83W{\x00\xff\xff\xff\xff\xff\xff\xff\xe9\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00)o\b~\xe3t`\xc9=;o\xe5\xb4T)\x04\xf9k\xfb%t\xa7\x80c\xbb\xeb\x10\xb8\x01', 0x0)
r6 = userfaultfd(0x1)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x44, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x8000000)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000040)=""/40, 0x28}, {0x0}, {&(0x7f0000001680)=""/4082, 0xff2}], 0x3)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x40000)
r9 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa4601, 0x0)
dup2(r9, r9)

6.014836204s ago: executing program 5 (id=2675):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r0, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0x10000d33})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = open(0x0, 0x0, 0x109)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r2=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000006, 0x204031, 0xffffffffffffffff, 0x18a42000)
fremovexattr(r1, &(0x7f0000000000)=@known='system.posix_acl_default\x00')
open(&(0x7f0000000000)='./file0\x00', 0x840, 0x191)

5.962012954s ago: executing program 2 (id=2676):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x13, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ffffff858500000010000000180100002020732500000000002020207b1af8ff00000000bfa10000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0xfff, 0x4000000007}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = fanotify_init(0x500, 0x400)
r4 = fcntl$dupfd(r2, 0x406, r2)
fanotify_mark(r3, 0x21, 0x40001049, r4, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000400)={0xc, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000640)={0x48, 0x2, r5})
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
r6 = socket$kcm(0xa, 0x5, 0x0)
syz_open_dev$video(&(0x7f0000000000), 0x3, 0x0)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))
sendmsg$kcm(r6, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000000000)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000000540)=ANY=[@ANYBLOB="63050000000000008400000008000000fe800000000000000200000000000000be1f6c93f5a619c82ca50485ea14c003ca013facd42d6c58cb4b9480a066a6c2216b8d3cee1d511d0f94cbf709ae236a639d"], 0x20}, 0x41)
getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000040)={'icmp\x00'}, &(0x7f0000000080)=0x1e)
syz_usb_connect(0x0, 0x2d, &(0x7f00000006c0)=ANY=[@ANYBLOB="12015002a10c8f08120a105d0b70010203010902390001040090100904"], &(0x7f0000001500)={0x0, 0x0, 0x0, 0x0})

5.20200659s ago: executing program 6 (id=2677):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYBLOB="000000000000000014"], 0x34}}, 0x0)

5.176948627s ago: executing program 8 (id=2678):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=ANY=[@ANYBLOB="7400000002060104000000000000000006000002050005000200000005000400000000001400078008001240001000000800134000005bad05000100070000000500010007000000090002"], 0x74}}, 0x4000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="500000000001010400000000141a000002000010240001801400018008000100e000000108000200e00000010c00028005000100000000001800028014000180080001"], 0x50}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[], 0xa4}}, 0x0)

4.768458442s ago: executing program 6 (id=2679):
r0 = mq_open(&(0x7f0000000080)='eth0\x00#~\x02\x00\x00\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfd\x05\x00\x00\x00\x00\x00\x80\x00\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94uu_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18A\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x05\x00\x00\x000\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xce\x00\x00\x00\xe8\vq+\xbb\xc7\xaf\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r0, &(0x7f0000000600)='m', 0x1, 0x6, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = syz_usb_connect(0x5, 0xf4, &(0x7f0000000700)=ANY=[@ANYBLOB="120110014c306f10da0b38011230010203010902e20002a60000000904b10403d7b5d25b09210400020122c705090500100004f40804072501832f08000905000040008103ff0905091b08000c078009042201040e010003090509000000030004090502020002f7810671300c458e9532438d4aae3ef0c9bf5c520b1aaab11a8cae9a60c3160adc1dfedebf5a6ead8834c7780c2eb777ef0caf96cd8b3b77f357f4aa1b662ab40651e6ae8cc63dd9f6e2d24afaed81a927ca2e0354281cfeffffffffffffffbf09aac591308e5c0c3c419bb288a21890e1af4af409050303ff030840040705a6c6415a9f09058503"], 0x0)
syz_usb_control_io(r3, &(0x7f00000009c0)={0x2c, 0x0, &(0x7f0000000800)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r3, &(0x7f0000000540)={0x14, 0x0, &(0x7f0000000500)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_control_io$hid(r3, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000240)=ANY=[@ANYBLOB="209f010000002e"], 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x2040, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4000, 0x0, &(0x7f00008e8000/0x4000)=nil)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r5, &(0x7f0000000100)='./file0\x00', 0x220)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, r7, &(0x7f0000000000), 0x4001)
waitid(0x0, r7, 0x0, 0x4, 0xfffffffffffffffe)
r8 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)

4.696813876s ago: executing program 5 (id=2680):
r0 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
r1 = dup(0xffffffffffffffff)
syz_open_dev$loop(0x0, 0xf, 0x183043)
syz_open_dev$loop(0x0, 0xf, 0x183043)
write$UHID_INPUT(r1, &(0x7f0000002080)={0x200f, {"20e30a30ed0d09f91b5e070987f70e06d038e7ff7fc6e5539b0d3e0e8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c526db51b1b5b31070d0773090acd3b78130daa61d8e8040001000000b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19300305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f6709000000a141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a027d5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf050000008000000000f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b3f3f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7af1d0e54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c01008e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2f5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d21488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e1a63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e09d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a603336c00000077cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046ca5b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe6531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e6586df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59555e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0d8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb601203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000930dedf800", 0x1000}}, 0x1006)
write(r0, &(0x7f0000000040)="1c0000001a", 0x5)

4.385094256s ago: executing program 8 (id=2681):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
sendto$inet(r0, &(0x7f0000000500)="ad02da73b0bf2981ebf3577526b5cfa18e81f870dccda555138093a43c6867ffa9be67400f66d8a6e5d265211d764a4ca96601ea5590caf651834ea34ceb47a0b3f8aefb554df8ebbb27311ab3fedd433d2cf8c4c31c811218840e83571f570100000000000000d6cf794b47ee5c069164651ce0351cc90ba34fbcf4267f024a1c0eeae9d31fb32e85850e5f6a", 0x8d, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

4.27796432s ago: executing program 5 (id=2682):
kexec_load(0x3, 0x3, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b7f932e124796f1aba03e031312bd7e67403651abac282b310f420dbcdea31d52854783d6952a2a7b10f3", 0xa9, 0x5, 0xffffffff}, {&(0x7f0000000340)="8c4e55be8948c65379def4df90ce301f71e7", 0x12, 0x100, 0x9}, {0x0, 0x0, 0x7, 0x2}], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000003c00)={0x0, 0x0, &(0x7f0000000700)=[{0x0}, {0x0}, {&(0x7f0000000740)}], 0x3}, 0x41)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x1}, 0x20005005)
sendmmsg$alg(r2, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d9307", 0xe7}], 0x1, &(0x7f00000008c0)=[@iv={0xb8, 0x117, 0x2, 0xa0, "bd19a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4a0342bed8a3c79acd4bb1f9f46ef28a63b329e09a86c62f907539c9af6f1b0bc00510c3b27f64245b6f4f80e00bca3c91538839a52c3c393aada6ed6155fa03c988b6658e106d043cc8652373dd8e2a7"}, @assoc={0x18, 0x117, 0x4, 0x6}], 0xd0, 0x40800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc0}], 0x2, 0x48040)
r3 = socket$alg(0x26, 0x5, 0x0)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0xc0400)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4.001526965s ago: executing program 8 (id=2683):
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8010)
r1 = syz_ublk_setup_io_uring(0x20, &(0x7f0000000040)={0x0, 0x2, 0x1000, 0xfffffffd}, 0x0, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_ublk_add_dev(r1, 0x0, r2, r3, &(0x7f0000000180)={0x2e, 0x0, 0x0, 0xffffffffffffffff, 0xc0207504, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, <r4=>0x0, '\x00', {0xffffffff, 0xffff, 0x40, &(0x7f00000000c0)=@any_dev={0x1, 0xe50, 0x0, 0x0, 0x1000, 0x2000003, 0x0, 0x0, 0x16}}}, &(0x7f0000000280)=<r5=>0x0)
r6 = socket$inet6(0xa, 0x3, 0xff)
r7 = dup2(r6, r6)
syz_ublk_setup_queues(r1, r5, &(0x7f0000000540)={0x0, 0x145f, 0x10, 0x3, 0xb2, 0x0, r7}, &(0x7f00000002c0)=[{0x0, 0x0, 0xffffffffffffffff, {0x0, 0xcd26, 0x0, 0x3, 0x213}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x1e3c, 0xb155c4dedb2408a4, 0x9, 0x102, 0x0, r1}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0xf39, 0x1000, 0x3, 0x102c4, 0x0, r1}}, {0x0, 0x0, 0xffffffffffffffff, {0x0, 0x2e84, 0x8, 0x1, 0x21b, 0x0, r1}}], 0x4, &(0x7f0000001540)={0x2e, 0x40, 0x0, r7, 0xc0107520, 0x0, 0x0, 0x0, 0x1, {0x6}, 0x0, r4, '\x00', {0x1, 0x48a, 0x0, 0x0}}, 0x0)

3.929258513s ago: executing program 5 (id=2684):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f000000c3c0)={0x2020, 0x0, <r3=>0x0}, 0x1c84)
write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x4}}, 0x50)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r9, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc00080005000a000000140004"], 0x58}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="379500000000000003e77200000708000300", @ANYBLOB], 0x1c}}, 0x0)
read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020)

3.875756889s ago: executing program 7 (id=2685):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000003c0)=ANY=[@ANYBLOB="2c010000130005002cbd7000fbdbdf2500000000", @ANYRES32, @ANYBLOB="12030000000d000008000f0002000000c80016801c0001800c00090003000000060000000c00090002000000070000006800018014000a000800000000000000070000000000000010000600dc010000040000000900000d18000c8014000100ffffffffba0700000001000088a800000c000900040000000e0000000c000700c90800000300000010000200990600002802000001000000400001802c000c8014000100010400005d030000060000008100000014000100050000005b0300007f00000088a800001000020010000000ff0c00000100000008002e0003"], 0x12c}, 0x1, 0x0, 0x0, 0x40000}, 0x42)

3.561194811s ago: executing program 2 (id=2686):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x200005}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xe}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

2.225827157s ago: executing program 5 (id=2687):
syz_emit_ethernet(0x56, 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af25, &(0x7f00000001c0)={@host})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
clock_adjtime(0x0, &(0x7f0000000280)={0x1000000000066fb, 0x800000000004, 0x2000000d, 0x0, 0x0, 0x51, 0x0, 0x4, 0x0, 0x0, 0x0, 0x240b, 0x3f, 0x9, 0x0, 0x7ca53c09, 0xfffffffffffffffd, 0x1fff, 0xfffffffffffffffc, 0x4, 0x10000000000, 0x0, 0x0, 0x100000000003f89, 0x0, 0x18ab})
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
ioctl$int_in(r3, 0x5421, &(0x7f0000000440)=0x6)
connect$bt_rfcomm(r3, &(0x7f00000001c0)={0x1f, @any, 0x6}, 0xa)
close(r3)
r4 = socket$inet6(0xa, 0x80006, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev={0xfe, 0x80, '\x00', 0xfd}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x2, 0x7}}, 0xe4)
sendmmsg(r4, &(0x7f0000000480), 0x0, 0x4040081)

2.203954218s ago: executing program 7 (id=2688):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x60, 0x2, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x200005}, @IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0xe}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x20004080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat(0xffffffffffffff9c, 0x0, 0x42042, 0x85)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)

2.162712776s ago: executing program 8 (id=2689):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES32=r2, @ANYBLOB="000000000000000014"], 0x34}}, 0x0)

1.766358226s ago: executing program 8 (id=2690):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0x6, 0x7}, @mss={0x2, 0x7}, @window={0x3, 0x0, 0x4}, @window={0x3, 0x8, 0x6}, @timestamp, @window={0x3, 0xfffe}, @sack_perm], 0x200000000000005e)
sendto$inet(r0, &(0x7f0000000500)="ad02da73b0bf2981ebf3577526b5cfa18e81f870dccda555138093a43c6867ffa9be67400f66d8a6e5d265211d764a4ca96601ea5590caf651834ea34ceb47a0b3f8aefb554df8ebbb27311ab3fedd433d2cf8c4c31c811218840e83571f570100000000000000d6cf794b47ee5c069164651ce0351cc90ba34fbcf4267f024a1c0eeae9d31fb32e85850e5f6a", 0x8d, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

1.389512852s ago: executing program 8 (id=2691):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f8484300", 0x16}], 0x1}, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010ac054402000000002d7b09022400010000000009040000"], 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002600)='/proc/bus/input/devices\x00', 0x0, 0x0)
read$FUSE(r2, &(0x7f00000001c0)={0x2020}, 0x1906)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e29004218030018258000", 0x23}], 0x1}, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
eventfd(0x5f0)
readv(0xffffffffffffffff, &(0x7f0000002740)=[{0x0}], 0x1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xfc778000)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

979.914666ms ago: executing program 2 (id=2692):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000020303000000000000000000000100000800010001"], 0x1c}}, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0xc000})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001c80))
write(0xffffffffffffffff, &(0x7f0000000000)="240000001a005f0400f9f4070009040180000000200000000000000008001e", 0x1f)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008081}, 0x800)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000100))
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$USBDEVFS_RELEASE_PORT(r4, 0x80045519, &(0x7f0000000080)=0x5)
quotactl_fd$Q_QUOTAON(r2, 0xffffffff80000201, 0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00')
syz_emit_ethernet(0xa2, &(0x7f00000002c0)=ANY=[@ANYBLOB="ffffffffffff00000000000086dd6099d5a6006c0003fe8000000000000000000000000000bbff02000000000000000000000000000189090000000000000743a963cfa4ffac475f637c538f23dae231ddc4de9e674558bc488b00568eaeb0adc6c7f85bb4"], 0x0)
sendmsg$NFQNL_MSG_VERDICT(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB="20000000010301040000000000000000010000000c0002000000000000000000e2b0e6e57177b78f19fa67f0216d4655a0dda5db787cdcb979545cf7e5b7574f842ebee4665f9aa366cb18bcbfbe460fce9f4a388a32130b399be509079b9ed3fbf234cbd2c6a8fe24737640f5224919070e0628a18e44a1138aab52c201cdf37ea0ed25987f57bb2d5a77e543599e0fc364f8ebb9ad3d934364"], 0x20}, 0x1, 0x0, 0x0, 0x804}, 0x4004840)

0s ago: executing program 6 (id=2693):
pipe(0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x11, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f00000015c0)={0x1, 0x0, [{0x1, 0x9, 0x7, 0x1, 0x8}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x3)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000880)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1000700000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd673c1eeda4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d06c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235eaa92143ce4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05be23dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6f89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

vsim2: renamed from eth2
[  641.861986][T10137] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  642.361344][T10137] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  642.769978][T10137] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  644.147810][T10137] 8021q: adding VLAN 0 to HW filter on device bond0
[  644.572066][T10137] 8021q: adding VLAN 0 to HW filter on device team0
[  644.631450][ T1027] bridge0: port 1(bridge_slave_0) entered blocking state
[  644.631626][ T1027] bridge0: port 1(bridge_slave_0) entered forwarding state
[  644.666095][ T7062] bridge0: port 2(bridge_slave_1) entered blocking state
[  644.666240][ T7062] bridge0: port 2(bridge_slave_1) entered forwarding state
[  645.127206][T10290] block nbd3: NBD_DISCONNECT
[  648.035363][T10300] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1276'.
[  648.087363][ T5846] bridge_slave_1: left allmulticast mode
[  648.087606][ T5846] bridge_slave_1: left promiscuous mode
[  648.120400][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.322446][ T5846] bridge_slave_0: left allmulticast mode
[  648.322480][ T5846] bridge_slave_0: left promiscuous mode
[  648.322735][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  650.015573][T10342] netlink: 'syz.3.1285': attribute type 10 has an invalid length.
[  650.728343][ T5846] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  650.807846][ T5846] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  650.867692][ T5846] bond0 (unregistering): (slave team0): Releasing backup interface
[  651.488902][T10345] futex_wake_op: syz.4.1288 tries to shift op by 36; fix this program
[  652.265205][ T5846] bond0 (unregistering): Released all slaves
[  652.558412][T10351] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1290'.
[  652.631865][ T5261] 8021q: adding VLAN 0 to HW filter on device eth1
[  655.157361][   T31] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  655.577356][   T31] usb 4-1: Using ep0 maxpacket: 8
[  655.584773][   T31] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.584844][   T31] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  655.584967][   T31] usb 4-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00
[  655.585041][   T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.418816][   T31] usb 4-1: config 0 descriptor??
[  657.793356][   T31] ntrig 0003:1B96:0012.0005: unknown global tag 0xc
[  657.793380][   T31] ntrig 0003:1B96:0012.0005: item 0 0 1 12 parsing failed
[  657.828948][   T31] ntrig 0003:1B96:0012.0005: parse failed
[  657.829057][   T31] ntrig 0003:1B96:0012.0005: probe with driver ntrig failed with error -22
[  658.003460][   T31] usb 4-1: USB disconnect, device number 18
[  658.285223][T10372] netlink: 1688 bytes leftover after parsing attributes in process `syz.0.1295'.
[  658.880812][ T5261] 8021q: adding VLAN 0 to HW filter on device eth2
[  660.355866][T10423] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1301'.
[  660.557269][  T824] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  660.568805][ T5261] 8021q: adding VLAN 0 to HW filter on device eth3
[  660.729375][  T824] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  660.729393][  T824] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  660.729404][  T824] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  660.729430][  T824] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  660.730840][  T824] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  660.730856][  T824] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  660.730867][  T824] usb 3-1: Product: syz
[  660.730874][  T824] usb 3-1: Manufacturer: syz
[  661.065576][T10137] 8021q: adding VLAN 0 to HW filter on device batadv0
[  661.120781][T10421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.123479][T10421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.217342][  T824] usb 3-1: USB disconnect, device number 23
[  661.509933][ T5846] hsr_slave_0: left promiscuous mode
[  661.549649][ T5846] hsr_slave_1: left promiscuous mode
[  661.550822][ T5846] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  661.550932][ T5846] batman_adv: batadv0: Removing interface: batadv_slave_0
[  661.577063][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  661.595423][ T5846] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  661.595451][ T5846] batman_adv: batadv0: Removing interface: batadv_slave_1
[  661.758060][    T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  661.758091][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  661.758110][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  661.758157][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  661.778696][    T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  661.778726][    T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  661.778745][    T9] usb 5-1: Product: syz
[  661.778763][    T9] usb 5-1: Manufacturer: syz
[  662.113693][T10433] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.127152][T10433] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  663.027705][ T5846] veth1_macvtap: left promiscuous mode
[  663.175296][ T5846] veth0_macvtap: left promiscuous mode
[  663.214041][ T5846] veth1_vlan: left promiscuous mode
[  663.381059][ T5846] veth0_vlan: left promiscuous mode
[  663.754583][T10457] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1307'.
[  665.069250][ T5846] team0 (unregistering): Port device team_slave_1 removed
[  665.758350][ T5846] team0 (unregistering): Port device team_slave_0 removed
[  666.115455][ T5261] 8021q: adding VLAN 0 to HW filter on device eth4
[  667.244423][T10480] futex_wake_op: syz.0.1315 tries to shift op by 36; fix this program
[  667.272002][    T9] usb 5-1: USB disconnect, device number 16
[  668.110802][T10137] veth0_vlan: entered promiscuous mode
[  668.235205][T10137] veth1_vlan: entered promiscuous mode
[  668.347391][T10137] veth0_macvtap: entered promiscuous mode
[  668.472934][T10137] veth1_macvtap: entered promiscuous mode
[  668.648825][T10137] batman_adv: batadv0: Interface activated: batadv_slave_0
[  668.696437][T10137] batman_adv: batadv0: Interface activated: batadv_slave_1
[  668.857834][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  668.857877][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  668.857905][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  668.857932][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  669.526975][T10507] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  670.729150][  T166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  670.729170][  T166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  670.884352][ T1290] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  670.884373][ T1290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  671.589509][ T5607] Bluetooth: hci5: unexpected event 0x03 length: 12 > 11
[  672.744958][T10533] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1326'.
[  673.943004][T10547] hfs: can't find a HFS filesystem on dev nullb0
[  675.240846][T10540] futex_wake_op: syz.5.1329 tries to shift op by 36; fix this program
[  679.699639][ T5734] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  679.828583][  T823] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  679.981710][ T5734] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  680.007633][ T5734] usb 3-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  680.007676][ T5734] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.007731][ T5734] usb 3-1: Product: syz
[  680.007745][ T5734] usb 3-1: Manufacturer: syz
[  680.007809][ T5734] usb 3-1: SerialNumber: syz
[  680.077079][  T823] usb 5-1: Using ep0 maxpacket: 8
[  680.105990][  T823] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  680.106051][  T823] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  680.106230][  T823] usb 5-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00
[  680.106352][  T823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.668128][ T5734] usb 3-1: config 0 descriptor??
[  681.038480][ T5734] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  681.343751][  T823] usb 5-1: config 0 descriptor??
[  682.682090][  T823] usb 5-1: can't set config #0, error -71
[  682.682520][ T5734] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  682.682611][ T5734] gspca_pac7302 3-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  682.859441][  T823] usb 5-1: USB disconnect, device number 17
[  686.419651][ T9247] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  687.025725][T10639] futex_wake_op: syz.3.1354 tries to shift op by 36; fix this program
[  688.028721][ T9247] usb 6-1: Using ep0 maxpacket: 8
[  688.055559][ T9247] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.055607][ T9247] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  688.055778][ T9247] usb 6-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00
[  688.055841][ T9247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.324540][ T9247] usb 6-1: config 0 descriptor??
[  689.717284][ T5615] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  689.845865][ T9247] ntrig 0003:1B96:0012.0006: unknown global tag 0xc
[  689.846277][ T9247] ntrig 0003:1B96:0012.0006: item 0 0 1 12 parsing failed
[  689.894000][ T9247] ntrig 0003:1B96:0012.0006: parse failed
[  689.896345][ T9247] ntrig 0003:1B96:0012.0006: probe with driver ntrig failed with error -22
[  690.059322][ T5615] usb 5-1: Using ep0 maxpacket: 32
[  690.300052][ T5615] usb 5-1: config 0 has no interfaces?
[  690.450059][ T5615] usb 5-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.06
[  690.450090][ T5615] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.450110][ T5615] usb 5-1: Product: syz
[  690.450131][ T5615] usb 5-1: Manufacturer: syz
[  690.450145][ T5615] usb 5-1: SerialNumber: syz
[  690.668811][ T9247] usb 6-1: USB disconnect, device number 2
[  690.851631][ T5615] usb 5-1: config 0 descriptor??
[  690.885423][ T5734] usb 3-1: USB disconnect, device number 24
[  691.068555][ T5615] usb 5-1: USB disconnect, device number 18
[  692.227122][T10653] futex_wake_op: syz.2.1357 tries to shift op by 36; fix this program
[  693.846734][T10691] loop5: detected capacity change from 0 to 7
[  693.854357][T10691] Dev loop5: unable to read RDB block 7
[  693.854387][T10691]  loop5: unable to read partition table
[  693.854509][T10691] loop5: partition table beyond EOD, truncated
[  693.854519][T10691] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  694.445501][T10712] netlink: 'syz.0.1368': attribute type 11 has an invalid length.
[  694.465479][T10711] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1369'.
[  695.392856][  T824] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  695.546956][  T824] usb 5-1: Using ep0 maxpacket: 16
[  695.594822][  T824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  695.594854][  T824] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  695.594893][  T824] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  695.594916][  T824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  695.999812][  T824] usb 5-1: config 0 descriptor??
[  696.023824][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  696.023893][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  697.481210][T10739] netlink: 1624 bytes leftover after parsing attributes in process `syz.0.1375'.
[  697.567999][  T824] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  697.568043][  T824] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  697.568069][  T824] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  697.568108][  T824] konepure 0003:1E7D:2DB4.0007: unknown main item tag 0x0
[  697.616079][  T824] konepure 0003:1E7D:2DB4.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.4-1/input0
[  698.571384][ T5846] Bluetooth: (null): Invalid header checksum
[  698.662303][ T5827] Bluetooth: (null): Invalid header checksum
[  699.356699][  T122] Bluetooth: (null): Invalid header checksum
[  699.359882][  T122] Bluetooth: (null): Invalid header checksum
[  699.360217][  T122] Bluetooth: (null): Invalid header checksum
[  699.368457][  T122] Bluetooth: (null): Invalid header checksum
[  699.368553][  T122] Bluetooth: (null): Invalid header checksum
[  699.368625][  T122] Bluetooth: (null): Invalid header checksum
[  699.394451][T10761] 8021q: adding VLAN 0 to HW filter on device team0
[  699.520504][T10764] netlink: 'syz.0.1381': attribute type 11 has an invalid length.
[  699.618726][  T122] Bluetooth: (null): Invalid header checksum
[  699.743485][T10769] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1382'.
[  700.379089][T10772] futex_wake_op: syz.5.1383 tries to shift op by 36; fix this program
[  701.261170][ T5734] usb 5-1: USB disconnect, device number 19
[  702.100150][T10784] netlink: 1624 bytes leftover after parsing attributes in process `syz.4.1388'.
[  703.439291][T10801] netlink: 'syz.0.1394': attribute type 11 has an invalid length.
[  703.506984][ T9247] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  703.666948][ T9247] usb 4-1: Using ep0 maxpacket: 32
[  703.669862][ T9247] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  703.669889][ T9247] usb 4-1: config 0 has no interface number 0
[  703.669933][ T9247] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  703.669959][ T9247] usb 4-1: config 0 interface 196 has no altsetting 0
[  703.718651][ T9247] usb 4-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a
[  703.718669][ T9247] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.718683][ T9247] usb 4-1: Product: syz
[  703.718696][ T9247] usb 4-1: Manufacturer: syz
[  703.718711][ T9247] usb 4-1: SerialNumber: syz
[  703.799079][ T9247] usb 4-1: config 0 descriptor??
[  703.800659][T10799] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  704.087893][T10799] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  704.087919][T10799] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  704.122564][T10799] vhci_hcd vhci_hcd.0: Device attached
[  704.136770][T10808] vhci_hcd: connection closed
[  704.152033][ T9247] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  704.152217][ T9247] ipheth 4-1:0.196: probe with driver ipheth failed with error -71
[  704.154688][  T170] vhci_hcd vhci_hcd.3: stop threads
[  704.154711][  T170] vhci_hcd vhci_hcd.3: release socket
[  704.154746][  T170] vhci_hcd vhci_hcd.3: disconnect device
[  704.233717][ T9247] usb 4-1: USB disconnect, device number 19
[  704.602804][T10812] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  705.507962][T10814] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1397'.
[  707.203798][T10831] netlink: 'syz.0.1403': attribute type 10 has an invalid length.
[  713.941276][T10877] fuse: Bad value for 'fd'
[  716.680779][T10890] siw: device registration error -23
[  717.044230][T10896] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  720.845996][T10927] block nbd4: NBD_DISCONNECT
[  722.777541][T10937] block nbd3: shutting down sockets
[  723.747057][  T823] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  723.896986][  T823] usb 4-1: Using ep0 maxpacket: 32
[  723.901980][  T823] usb 4-1: unable to get BOS descriptor or descriptor too short
[  723.903571][  T823] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[  723.903597][  T823] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  723.903618][  T823] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[  723.903637][  T823] usb 4-1: config 128 has no interface number 0
[  723.903682][  T823] usb 4-1: config 128 interface 127 altsetting 14 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  723.903710][  T823] usb 4-1: config 128 interface 127 has no altsetting 0
[  723.906815][  T823] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  723.938604][  T823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.938632][  T823] usb 4-1: Product: syz
[  723.938646][  T823] usb 4-1: Manufacturer: syz
[  723.938661][  T823] usb 4-1: SerialNumber: syz
[  724.621410][  T823] usb 4-1: USB disconnect, device number 20
[  724.691203][ T5801] udevd[5801]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  726.269342][T10976] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1449'.
[  729.363428][T11024] tap0: tun_chr_ioctl cmd 1074025675
[  729.363442][T11024] tap0: persist disabled
[  730.390313][T11037] fuse: fd is not a fuse device
[  731.452341][ T5734] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  731.756979][ T5734] usb 6-1: Using ep0 maxpacket: 16
[  731.759508][ T5734] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  731.759541][ T5734] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  731.759580][ T5734] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  731.759603][ T5734] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.766391][ T5734] usb 6-1: config 0 descriptor??
[  732.235905][ T5734] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  732.235944][ T5734] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  732.235972][ T5734] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  732.236016][ T5734] konepure 0003:1E7D:2DB4.0008: unknown main item tag 0x0
[  732.277053][ T5734] konepure 0003:1E7D:2DB4.0008: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.5-1/input0
[  732.630620][ T5847] Bluetooth: (null): Invalid header checksum
[  732.851269][  T154] Bluetooth: (null): Invalid header checksum
[  733.622366][ T5615] usb 6-1: USB disconnect, device number 3
[  741.297299][ T5606] Bluetooth: hci5: command 0x0405 tx timeout
[  742.856473][T11153] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  744.030880][T11162] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  744.763007][T11170] netlink: 'syz.3.1514': attribute type 11 has an invalid length.
[  745.878803][T10590] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  746.623722][T10590] usb 6-1: Using ep0 maxpacket: 32
[  746.742660][T10590] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  746.742703][T10590] usb 6-1: config 0 has no interface number 0
[  747.219048][T10590] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  747.219080][T10590] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.219100][T10590] usb 6-1: Product: syz
[  747.219114][T10590] usb 6-1: Manufacturer: syz
[  747.219128][T10590] usb 6-1: SerialNumber: syz
[  747.723538][T10590] usb 6-1: config 0 descriptor??
[  747.893575][T10590] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  748.051694][ T5720] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  748.087373][ T5799] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  748.287788][ T5799] usb 5-1: Using ep0 maxpacket: 8
[  748.419307][ T5720] usb 4-1: Using ep0 maxpacket: 8
[  748.496250][ T5720] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  748.496424][ T5720] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  748.509411][ T5720] usb 4-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00
[  748.509592][ T5720] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.775247][ T5799] usb 5-1: unable to get BOS descriptor or descriptor too short
[  748.780733][ T5799] usb 5-1: config index 0 descriptor too short (expected 57, got 27)
[  748.780858][ T5799] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  748.878819][ T5799] usb 5-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[  748.879135][ T5799] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.879191][ T5799] usb 5-1: Product: syz
[  748.879538][ T5799] usb 5-1: Manufacturer: syz
[  748.879714][ T5799] usb 5-1: SerialNumber: syz
[  749.832783][ T5720] usb 4-1: config 0 descriptor??
[  752.682907][T10590] usb 6-1: qt2_attach - failed to power on unit: -71
[  752.683169][T10590] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  752.705608][ T5799] usb 5-1: can't set config #4, error -71
[  752.784759][ T5799] usb 5-1: USB disconnect, device number 20
[  752.896241][T11196] netlink: 'syz.2.1524': attribute type 10 has an invalid length.
[  752.905834][T11196] 8021q: adding VLAN 0 to HW filter on device team0
[  752.908483][T11196] bond0: (slave team0): Enslaving as an active interface with an up link
[  753.331724][T10590] usb 6-1: USB disconnect, device number 4
[  753.381381][ T5720] usbhid 4-1:0.0: can't add hid device: -71
[  753.381506][ T5720] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  753.487323][ T5720] usb 4-1: USB disconnect, device number 21
[  754.580582][ T5607] Bluetooth: hci5: command 0x0405 tx timeout
[  754.921243][T11221] netlink: 'syz.5.1532': attribute type 11 has an invalid length.
[  756.883676][T11232] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.1535'.
[  758.102494][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  758.102589][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  760.434329][T11265] netlink: 'syz.2.1545': attribute type 11 has an invalid length.
[  760.575393][T11272] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.1548'.
[  761.687377][T10590] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  762.329581][T10590] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  762.329640][T10590] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  762.341792][T10590] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  762.341821][T10590] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  762.341840][T10590] usb 5-1: Manufacturer: syz
[  763.204805][T10590] usb 5-1: config 0 descriptor??
[  763.210362][T10590] igorplugusb 5-1:0.0: incorrect number of endpoints
[  765.492009][ T9247] usb 5-1: USB disconnect, device number 21
[  767.468392][T11340] siw: device registration error -23
[  768.818910][ T5606] Bluetooth: hci4: unexpected event 0x03 length: 12 > 11
[  769.887272][ T9247] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  770.036983][ T9247] usb 6-1: Using ep0 maxpacket: 8
[  770.039955][ T9247] usb 6-1: config index 0 descriptor too short (expected 74, got 45)
[  770.040007][ T9247] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  770.040032][ T9247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  770.040055][ T9247] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  770.040082][ T9247] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  770.040104][ T9247] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  770.040144][ T9247] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  770.040166][ T9247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.413155][ T9247] usb 6-1: usb_control_msg returned -32
[  770.413185][ T9247] usbtmc 6-1:16.0: can't read capabilities
[  770.839952][    C0] usbtmc 6-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  770.887160][T11367] usbtmc 6-1:16.0: Unable to send data, error -71
[  770.906255][T11367] usbtmc 6-1:16.0: usb_control_msg returned -32
[  770.967292][  T823] usb 6-1: USB disconnect, device number 5
[  772.585425][T11380] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1580'.
[  772.625656][T11386] siw: device registration error -23
[  772.723353][T11388] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1583'.
[  772.847004][  T823] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  773.019664][  T823] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  773.019683][  T823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  773.019693][  T823] usb 5-1: Product: syz
[  773.019701][  T823] usb 5-1: Manufacturer: syz
[  773.019709][  T823] usb 5-1: SerialNumber: syz
[  773.062817][  T823] usb 5-1: config 0 descriptor??
[  773.603651][  T823] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  774.399783][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  774.557148][   T10] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  774.557204][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  774.559253][   T10] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  774.559281][   T10] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  774.559300][   T10] usb 6-1: Manufacturer: syz
[  774.613516][   T10] usb 6-1: config 0 descriptor??
[  774.640433][   T10] igorplugusb 6-1:0.0: incorrect number of endpoints
[  775.173644][T11415] futex_wake_op: syz.3.1593 tries to shift op by 36; fix this program
[  775.968516][  T823] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  775.986380][  T823] usb 5-1: USB disconnect, device number 22
[  777.370534][T11426] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1597'.
[  777.413140][  T823] usb 6-1: USB disconnect, device number 6
[  777.842694][T11434] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1601'.
[  780.526972][T11449] futex_wake_op: syz.5.1605 tries to shift op by 36; fix this program
[  784.368190][T11477] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1614'.
[  784.685946][ T5604] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  785.224007][ T5604] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  785.224063][ T5604] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  785.225358][ T5604] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  785.225385][ T5604] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  785.225404][ T5604] usb 6-1: Manufacturer: syz
[  785.282740][ T5604] usb 6-1: config 0 descriptor??
[  785.298748][ T5604] igorplugusb 6-1:0.0: incorrect number of endpoints
[  786.010525][T11493] futex_wake_op: syz.4.1620 tries to shift op by 36; fix this program
[  787.416486][T11497] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1622'.
[  788.309728][  T823] usb 6-1: USB disconnect, device number 7
[  788.654468][T11518] siw: device registration error -23
[  791.255790][T11530] futex_wake_op: syz.4.1634 tries to shift op by 36; fix this program
[  797.809666][T11604] hfs: can't find a HFS filesystem on dev nullb0
[  798.600029][T11614] ubi16: attaching mtd0
[  798.600225][T11614] ubi16 error: ubi_attach_mtd_dev: bad VID header (655360) or data offsets (655424)
[  801.534535][  T823] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  801.534725][ T5604] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  801.693364][  T823] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  801.693400][  T823] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  801.694779][  T823] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  801.694806][  T823] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  801.694904][  T823] usb 6-1: Manufacturer: syz
[  801.697081][ T5604] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  801.697108][ T5604] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.697128][ T5604] usb 4-1: Product: syz
[  801.697141][ T5604] usb 4-1: Manufacturer: syz
[  801.697150][ T5604] usb 4-1: SerialNumber: syz
[  801.783255][  T823] usb 6-1: config 0 descriptor??
[  801.792474][ T5604] usb 4-1: config 0 descriptor??
[  801.892491][  T823] rc_core: IR keymap rc-hauppauge not found
[  801.892510][  T823] Registered IR keymap rc-empty
[  801.932077][  T823] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  801.981406][  T823] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input14
[  802.006875][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.007106][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  802.007153][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.007383][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  802.007426][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.007637][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  802.007680][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.007930][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  802.007974][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.008191][    C1] raw-gadget.0 gadget.5: ignoring, device is not running
[  802.008231][    C1] igorplugusb 6-1:0.0: Error: urb status = -32
[  802.091338][  T823] usb 6-1: USB disconnect, device number 8
[  802.112802][ T5604] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  804.547215][ T5604] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  804.606247][ T5604] usb 4-1: USB disconnect, device number 22
[  804.612076][ T5607] Bluetooth: hci5: command 0x0405 tx timeout
[  806.859924][   T37] audit: type=1800 audit(1780788393.447:7): pid=11703 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1695" name="SYSV798dd824" dev="hugetlbfs" ino=0 res=0 errno=0
[  808.740620][ T9247] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  808.913503][ T9247] usb 5-1: Using ep0 maxpacket: 16
[  808.920852][ T9247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  808.920872][ T9247] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  808.920894][ T9247] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  808.920907][ T9247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.983807][ T9247] usb 5-1: config 0 descriptor??
[  809.482530][ T9247] konepure 0003:1E7D:2DB4.0009: unknown main item tag 0x0
[  809.482570][ T9247] konepure 0003:1E7D:2DB4.0009: unknown main item tag 0x0
[  809.482598][ T9247] konepure 0003:1E7D:2DB4.0009: unknown main item tag 0x0
[  809.482626][ T9247] konepure 0003:1E7D:2DB4.0009: unknown main item tag 0x0
[  809.533822][ T9247] konepure 0003:1E7D:2DB4.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.4-1/input0
[  810.247671][ T5720] usb 5-1: USB disconnect, device number 23
[  813.900106][ T9247] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  814.116428][ T9247] usb 5-1: Using ep0 maxpacket: 8
[  814.119264][ T9247] usb 5-1: config index 0 descriptor too short (expected 74, got 45)
[  814.119320][ T9247] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  814.119347][ T9247] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  814.119371][ T9247] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  814.119398][ T9247] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  814.119421][ T9247] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  814.119461][ T9247] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  814.119483][ T9247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  814.540728][ T9247] usb 5-1: usb_control_msg returned -32
[  814.540777][ T9247] usbtmc 5-1:16.0: can't read capabilities
[  814.824917][ T9247] usb 5-1: USB disconnect, device number 24
[  816.550815][T11838] netlink: 'syz.4.1744': attribute type 10 has an invalid length.
[  817.878969][T11854] block device autoloading is deprecated and will be removed.
[  817.884150][T11856] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  818.323548][T11862] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1754'.
[  820.137965][T11868] hfs: can't find a HFS filesystem on dev nullb0
[  820.857168][T11879] block nbd4: NBD_DISCONNECT
[  821.554613][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  821.554688][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  822.855764][ T5799] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  822.947260][T11899] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1766'.
[  823.018440][ T5799] usb 5-1: Using ep0 maxpacket: 8
[  823.021461][ T5799] usb 5-1: unable to get BOS descriptor or descriptor too short
[  823.022458][ T5799] usb 5-1: config index 0 descriptor too short (expected 57, got 27)
[  823.022473][ T5799] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  823.024623][ T5799] usb 5-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[  823.024644][ T5799] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.024654][ T5799] usb 5-1: Product: syz
[  823.024662][ T5799] usb 5-1: Manufacturer: syz
[  823.024669][ T5799] usb 5-1: SerialNumber: syz
[  823.286084][ T9247] usb 5-1: USB disconnect, device number 25
[  826.805828][T11954] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1786'.
[  827.844592][T11965] futex_wake_op: syz.4.1789 tries to shift op by 36; fix this program
[  828.802206][ T9247] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  828.975467][ T9247] usb 4-1: Using ep0 maxpacket: 8
[  829.011183][ T9247] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  829.011232][ T9247] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  829.011249][ T9247] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.016407][ T9247] usb 4-1: config 0 descriptor??
[  829.266655][ T9247] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  829.718476][  T823] usb 4-1: USB disconnect, device number 23
[  848.424024][T12010] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  849.667091][ T5604] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  850.240532][ T5604] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  850.240567][ T5604] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  850.240589][ T5604] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  850.240601][ T5604] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  850.247627][T12026] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  850.299971][ T5604] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  854.212288][    C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending?
[  854.291711][T12051] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  854.486806][ T5604] usb 5-1: USB disconnect, device number 26
[  855.358740][T12062] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  855.817475][T12065] fuse: fd is not a fuse device
[  856.828109][T12071] hfs: can't find a HFS filesystem on dev nullb0
[  861.874228][T12109] hfs: can't find a HFS filesystem on dev nullb0
[  863.340061][T12124] netlink: 'syz.5.1842': attribute type 10 has an invalid length.
[  863.346446][T12124] 8021q: adding VLAN 0 to HW filter on device team0
[  863.349041][T12124] bond0: (slave team0): Enslaving as an active interface with an up link
[  864.930900][T12133] block nbd3: NBD_DISCONNECT
[  866.984543][ T5799] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  868.244079][T12155] netlink: 'syz.0.1852': attribute type 11 has an invalid length.
[  868.284606][ T5799] usb 6-1: Using ep0 maxpacket: 8
[  868.287651][ T5799] usb 6-1: unable to get BOS descriptor or descriptor too short
[  868.289210][ T5799] usb 6-1: config index 0 descriptor too short (expected 57, got 27)
[  868.289237][ T5799] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  868.292308][ T5799] usb 6-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[  868.292336][ T5799] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.292356][ T5799] usb 6-1: Product: syz
[  868.292371][ T5799] usb 6-1: Manufacturer: syz
[  868.292385][ T5799] usb 6-1: SerialNumber: syz
[  868.594409][ T9247] usb 6-1: USB disconnect, device number 9
[  868.826145][ T5604] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  869.055759][ T5604] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  869.055795][ T5604] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  869.055835][ T5604] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  869.055859][ T5604] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  869.153732][T12161] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  869.169261][ T5604] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  873.295491][  T824] usb 5-1: USB disconnect, device number 27
[  874.336846][T12183] netlink: 'syz.3.1865': attribute type 11 has an invalid length.
[  874.832991][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  875.000291][   T10] usb 6-1: Using ep0 maxpacket: 16
[  875.003566][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  875.003585][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  875.005625][   T10] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  875.005642][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.005653][   T10] usb 6-1: Product: syz
[  875.005660][   T10] usb 6-1: Manufacturer: syz
[  875.005667][   T10] usb 6-1: SerialNumber: syz
[  875.079849][   T10] usb 6-1: config 0 descriptor??
[  875.104888][   T10] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  875.104947][   T10] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  875.747557][ T5604] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  875.752941][   T10] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  875.756997][   T10] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  875.757447][   T10] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  876.010488][ T5604] usb 5-1: Using ep0 maxpacket: 16
[  876.532937][ T5604] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  876.532972][ T5604] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  876.537488][ T5604] usb 5-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  876.537518][ T5604] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  876.537538][ T5604] usb 5-1: Product: syz
[  876.537553][ T5604] usb 5-1: Manufacturer: syz
[  876.537567][ T5604] usb 5-1: SerialNumber: syz
[  876.562403][ T5604] usb 5-1: config 0 descriptor??
[  876.582544][ T5604] hub 5-1:0.0: bad descriptor, ignoring hub
[  876.582580][ T5604] hub 5-1:0.0: probe with driver hub failed with error -5
[  876.607964][ T5604] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  876.751429][   T10] em28xx 6-1:0.0: No AC97 audio processor
[  876.803335][   T10] usb 6-1: USB disconnect, device number 10
[  876.845550][   T10] em28xx 6-1:0.0: Disconnecting em28xx
[  876.949324][   T10] em28xx 6-1:0.0: Freeing device
[  877.161609][ T5604] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -12
[  877.226096][ T5604] usb 5-1: USB disconnect, device number 28
[  877.241960][T12027] udevd[12027]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  878.038007][T12225] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1879'.
[  880.133661][T12248] siw: device registration error -23
[  882.079134][T12269] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1893'.
[  883.758700][ T9247] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  883.925183][ T9247] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  883.925215][ T9247] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  883.925250][ T9247] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  883.925272][ T9247] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  883.935938][T12305] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  883.942521][ T9247] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  887.047808][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  887.047878][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  887.677496][    T9] usb 5-1: USB disconnect, device number 29
[  888.917507][T12324] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1912'.
[  895.466431][ T5604] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  895.633009][ T5604] usb 6-1: Using ep0 maxpacket: 8
[  895.636781][ T5604] usb 6-1: unable to get BOS descriptor or descriptor too short
[  895.637741][ T5604] usb 6-1: config index 0 descriptor too short (expected 57, got 27)
[  895.637761][ T5604] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  895.644966][ T5604] usb 6-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[  895.644993][ T5604] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  895.645012][ T5604] usb 6-1: Product: syz
[  895.645026][ T5604] usb 6-1: Manufacturer: syz
[  895.645039][ T5604] usb 6-1: SerialNumber: syz
[  895.957069][    T9] usb 6-1: USB disconnect, device number 11
[  897.337164][  T824] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  897.569648][  T824] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  897.572034][  T824] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  897.572061][  T824] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.572082][  T824] usb 5-1: Product: syz
[  897.572095][  T824] usb 5-1: Manufacturer: syz
[  897.572109][  T824] usb 5-1: SerialNumber: syz
[  897.628102][  T824] usb 5-1: config 0 descriptor??
[  897.639543][  T824] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  898.391732][  T824] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  898.391801][  T824] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  898.462397][ T5834] usb 5-1: USB disconnect, device number 30
[  901.116230][T12446] siw: device registration error -23
[  902.828063][T12473] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1964'.
[  903.040583][T12474] ubi16: attaching mtd0
[  903.040812][T12474] ubi16 error: ubi_attach_mtd_dev: bad VID header (655360) or data offsets (655424)
[  903.909780][T12481] netlink: 'syz.0.1967': attribute type 10 has an invalid length.
[  907.198610][T12492] netlink: 'syz.4.1971': attribute type 11 has an invalid length.
[  908.875838][T12522] netlink: 'syz.4.1980': attribute type 10 has an invalid length.
[  911.183787][T12549] netlink: 'syz.0.1991': attribute type 10 has an invalid length.
[  912.664634][T12573] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.2001'.
[  919.493992][  T823] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  919.677462][  T823] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  919.702857][  T823] usb 5-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  919.702877][  T823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  919.702888][  T823] usb 5-1: Product: syz
[  919.702896][  T823] usb 5-1: Manufacturer: syz
[  919.702903][  T823] usb 5-1: SerialNumber: syz
[  919.748843][  T823] usb 5-1: config 0 descriptor??
[  919.767625][  T823] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  920.368757][  T823] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  920.368854][  T823] gspca_pac7302 5-1:0.0: probe with driver gspca_pac7302 failed with error -110
[  920.395328][  T823] usb 5-1: USB disconnect, device number 31
[  923.912908][T12698] autofs: Unknown parameter 'fd0x0000000000000004'
[  923.933848][T12699] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2047'.
[  924.050442][T12702] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2049'.
[  924.617436][ T5834] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  924.782989][ T5834] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  924.783024][ T5834] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  924.783065][ T5834] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  924.783185][ T5834] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.863493][T12704] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  924.886351][ T5834] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  925.978442][ T5834] usb 5-1: USB disconnect, device number 32
[  930.047966][T12755] siw: device registration error -23
[  932.237256][T12784] futex_wake_op: syz.3.2077 tries to shift op by 36; fix this program
[  935.306337][ T5606] Bluetooth: hci5: command 0x0405 tx timeout
[  935.944013][T12834] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2093'.
[  940.626544][T12870] siw: device registration error -23
[  943.707273][T12895] netlink: 'syz.3.2115': attribute type 11 has an invalid length.
[  943.707287][T12895] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2115'.
[  943.980529][T12901] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2117'.
[  944.101639][T12907] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2121'.
[  945.595843][T12930] netlink: 'syz.4.2129': attribute type 11 has an invalid length.
[  945.595995][T12930] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2129'.
[  946.116528][T12935] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2133'.
[  946.164090][T12939] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2132'.
[  949.329298][T12971] netlink: 'syz.0.2145': attribute type 11 has an invalid length.
[  949.329312][T12971] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2145'.
[  949.439629][T12975] netlink: 'syz.3.2148': attribute type 1 has an invalid length.
[  949.439663][T12975] netlink: 'syz.3.2148': attribute type 1 has an invalid length.
[  949.439675][T12975] netlink: 'syz.3.2148': attribute type 1 has an invalid length.
[  949.439769][T12975] netlink: 'syz.3.2148': attribute type 1 has an invalid length.
[  950.811561][T12983] hfs: can't find a HFS filesystem on dev nullb0
[  953.519673][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[  953.519743][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[  955.147890][T13003] ubi16: attaching mtd0
[  955.148346][T13003] ubi16 error: ubi_attach_mtd_dev: bad VID header (655360) or data offsets (655424)
[  957.322538][T13012] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2163'.
[  960.931905][T13026] No control pipe specified
[  964.164794][T13046] futex_wake_op: syz.3.2176 tries to shift op by 36; fix this program
[  979.039333][T13104] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2192'.
[  986.051303][ T5614] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  986.095808][ T5614] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  986.097880][ T5614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  986.128496][ T5614] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  986.129291][ T5614] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  987.464981][ T5817] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  988.449851][T12833] Bluetooth: hci1: command tx timeout
[  988.864577][T13152] siw: device registration error -23
[  989.153915][T13152] kAFS: No cell specified
[  990.702801][T12833] Bluetooth: hci1: command tx timeout
[  992.948071][T12833] Bluetooth: hci1: command tx timeout
[  993.862054][ T5817] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  995.152161][T13173] fuse: fd is not a fuse device
[  995.198934][T12833] Bluetooth: hci1: command tx timeout
[ 1004.982246][ T5817] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1008.980481][ T5817] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1009.070957][ T5614] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1009.267389][ T5614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1009.284763][ T5614] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1009.288802][ T5614] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1009.323631][ T5614] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1010.683564][T13218] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2229'.
[ 1011.576180][ T5614] Bluetooth: hci4: command tx timeout
[ 1012.636899][T13113] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1012.637020][T13113] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1012.641303][T13113] bridge_slave_0: entered allmulticast mode
[ 1012.747334][T13113] bridge_slave_0: entered promiscuous mode
[ 1012.999902][T13113] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1013.000023][T13113] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1013.013959][T13113] bridge_slave_1: entered allmulticast mode
[ 1013.050894][T13113] bridge_slave_1: entered promiscuous mode
[ 1013.828947][T12833] Bluetooth: hci4: command tx timeout
[ 1014.496100][T13113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1014.579181][T13113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1015.817460][T13113] team0: Port device team_slave_0 added
[ 1016.055950][T13113] team0: Port device team_slave_1 added
[ 1016.082700][ T5614] Bluetooth: hci4: command tx timeout
[ 1018.338570][ T5614] Bluetooth: hci4: command tx timeout
[ 1019.947444][T13113] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1019.947462][T13113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1019.947488][T13113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1020.078206][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1020.078279][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1020.284088][T13113] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1020.284104][T13113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1020.284130][T13113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1022.557685][T13113] hsr_slave_0: entered promiscuous mode
[ 1022.578973][T13113] hsr_slave_1: entered promiscuous mode
[ 1022.580706][T13113] debugfs: 'hsr0' already exists in 'hsr'
[ 1022.580732][T13113] Cannot create hsr debugfs directory
[ 1023.886654][T13264] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1025.029367][ T5817] bridge_slave_1: left allmulticast mode
[ 1025.029403][ T5817] bridge_slave_1: left promiscuous mode
[ 1025.029658][ T5817] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1025.955930][ T5817] bridge_slave_0: left allmulticast mode
[ 1025.955967][ T5817] bridge_slave_0: left promiscuous mode
[ 1025.956253][ T5817] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1030.687842][ T5817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1031.611898][ T5817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1031.778753][ T5817] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1031.882653][ T5817] bond0 (unregistering): Released all slaves
[ 1034.819842][T13315] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2265'.
[ 1037.250441][T13343] netlink: 'syz.5.2268': attribute type 10 has an invalid length.
[ 1038.500133][ T5261] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1039.070144][T13207] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1039.070280][T13207] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1039.070519][T13207] bridge_slave_0: entered allmulticast mode
[ 1039.076668][T13207] bridge_slave_0: entered promiscuous mode
[ 1039.143384][T13207] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1039.144304][T13207] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1039.144877][T13207] bridge_slave_1: entered allmulticast mode
[ 1039.148579][T13207] bridge_slave_1: entered promiscuous mode
[ 1039.394230][T13364] netlink: 'syz.5.2272': attribute type 10 has an invalid length.
[ 1040.080256][T13113] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1040.818182][T13113] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1041.101723][T13207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1041.201018][T13113] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1041.324280][T13113] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1041.326615][ T5261] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1041.330197][T13207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1041.431546][T13113] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1041.512498][T13113] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1041.585678][T13113] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1041.667979][T13113] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1042.729990][ T5817] hsr_slave_0: left promiscuous mode
[ 1042.781606][ T5817] hsr_slave_1: left promiscuous mode
[ 1042.794726][ T5817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1042.794760][ T5817] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1042.882036][ T5817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1042.882064][ T5817] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1042.985939][ T5817] veth1_macvtap: left promiscuous mode
[ 1042.986049][ T5817] veth0_macvtap: left promiscuous mode
[ 1042.986504][ T5817] veth1_vlan: left promiscuous mode
[ 1042.986667][ T5817] veth0_vlan: left promiscuous mode
[ 1045.276049][T12833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1045.319046][T12833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1045.325631][T12833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1045.346693][T12833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1045.379907][T12833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1046.282744][ T5817] team0 (unregistering): Port device team_slave_1 removed
[ 1046.602389][ T5817] team0 (unregistering): Port device team_slave_0 removed
[ 1046.928913][T13113] kthread_run failed with err -4
[ 1046.962429][T13207] team0: Port device team_slave_0 added
[ 1047.083182][T13207] team0: Port device team_slave_1 added
[ 1047.296634][T13207] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1047.296652][T13207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1047.296677][T13207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1047.624615][T12833] Bluetooth: hci3: command tx timeout
[ 1047.838324][T13207] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1047.838341][T13207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1047.838366][T13207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1048.260378][T13207] hsr_slave_0: entered promiscuous mode
[ 1048.273523][T13207] hsr_slave_1: entered promiscuous mode
[ 1048.289055][T13207] debugfs: 'hsr0' already exists in 'hsr'
[ 1048.289084][T13207] Cannot create hsr debugfs directory
[ 1049.932562][T12833] Bluetooth: hci3: command tx timeout
[ 1052.130619][T12833] Bluetooth: hci3: command tx timeout
[ 1053.234387][T13469] netlink: 'syz.5.2296': attribute type 10 has an invalid length.
[ 1053.991143][ T5261] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1054.383583][T12833] Bluetooth: hci3: command tx timeout
[ 1054.780206][T13469] team0: Port device vlan0 added
[ 1069.723388][ T5614] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1069.774518][ T5614] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1070.000343][ T5614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1070.028973][ T5614] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1070.032091][ T5614] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1072.841168][T12833] Bluetooth: hci1: command tx timeout
[ 1074.672692][ T5614] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1074.720348][ T5614] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1074.740203][ T5614] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1074.742260][ T5614] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1074.743104][ T5614] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1075.097772][T12833] Bluetooth: hci1: command tx timeout
[ 1076.055530][T13207] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1076.886718][T13207] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1077.089235][T12833] Bluetooth: hci6: command tx timeout
[ 1077.347160][T12833] Bluetooth: hci1: command tx timeout
[ 1077.570046][ T5261] 8021q: adding VLAN 0 to HW filter on device eth8
[ 1079.340141][T12833] Bluetooth: hci6: command tx timeout
[ 1079.600088][T12833] Bluetooth: hci1: command tx timeout
[ 1080.534819][T13552] netlink: 'syz.5.2319': attribute type 10 has an invalid length.
[ 1081.596747][T12833] Bluetooth: hci6: command tx timeout
[ 1083.846227][T12833] Bluetooth: hci6: command tx timeout
[ 1086.233775][T13409] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1086.233897][T13409] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1086.234124][T13409] bridge_slave_0: entered allmulticast mode
[ 1086.315093][T13409] bridge_slave_0: entered promiscuous mode
[ 1086.621904][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1086.621974][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1090.866405][T13409] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1090.866540][T13409] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1090.866778][T13409] bridge_slave_1: entered allmulticast mode
[ 1090.910055][T13409] bridge_slave_1: entered promiscuous mode
[ 1091.775679][T13409] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1094.657664][T13409] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1095.462552][T13409] team0: Port device team_slave_0 added
[ 1095.544090][T13409] team0: Port device team_slave_1 added
[ 1095.830869][T13409] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1095.830887][T13409] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1095.830913][T13409] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1096.166530][T13409] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1096.166638][T13409] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1096.166707][T13409] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1101.884535][T13632] fuse: fd is not a fuse device
[ 1103.422638][T13409] hsr_slave_0: entered promiscuous mode
[ 1103.424015][T13409] hsr_slave_1: entered promiscuous mode
[ 1103.425114][T13409] debugfs: 'hsr0' already exists in 'hsr'
[ 1103.425139][T13409] Cannot create hsr debugfs directory
[ 1105.368157][  T170] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1106.769205][T13512] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1106.769337][T13512] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1106.769588][T13512] bridge_slave_0: entered allmulticast mode
[ 1106.775622][T13512] bridge_slave_0: entered promiscuous mode
[ 1107.736427][  T170] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1107.807698][T13512] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1107.807820][T13512] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1107.808021][T13512] bridge_slave_1: entered allmulticast mode
[ 1107.811050][T13512] bridge_slave_1: entered promiscuous mode
[ 1108.611069][T13512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1109.021867][  T170] bond0: (slave netdevsim1): Releasing backup interface
[ 1109.134999][  T170] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1109.223948][T13512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1109.288104][T13528] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1109.288390][T13528] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1109.288609][T13528] bridge_slave_0: entered allmulticast mode
[ 1109.323690][T13528] bridge_slave_0: entered promiscuous mode
[ 1109.558414][T13528] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1109.558533][T13528] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1109.558781][T13528] bridge_slave_1: entered allmulticast mode
[ 1109.605452][T13528] bridge_slave_1: entered promiscuous mode
[ 1110.356316][ T5614] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1110.399873][ T5614] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1110.416268][ T5614] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1110.433522][ T5614] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1110.434303][ T5614] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1110.531972][  T170] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1110.844549][T13512] team0: Port device team_slave_0 added
[ 1111.664455][T13512] team0: Port device team_slave_1 added
[ 1112.343922][T13528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1112.591429][T13528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1112.704283][T12833] Bluetooth: hci0: command tx timeout
[ 1112.902984][T13512] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1112.903002][T13512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1112.903037][T13512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1112.979879][T13512] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1112.979896][T13512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1112.979922][T13512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1113.087913][T13528] team0: Port device team_slave_0 added
[ 1113.243234][T13528] team0: Port device team_slave_1 added
[ 1113.858384][T13512] hsr_slave_0: entered promiscuous mode
[ 1113.859769][T13512] hsr_slave_1: entered promiscuous mode
[ 1113.877545][T13512] debugfs: 'hsr0' already exists in 'hsr'
[ 1113.877575][T13512] Cannot create hsr debugfs directory
[ 1113.996296][T13528] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1113.996314][T13528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1113.996340][T13528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1114.156790][T13528] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1114.156808][T13528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1114.156834][T13528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1114.959560][T12833] Bluetooth: hci0: command tx timeout
[ 1117.059386][T13528] hsr_slave_0: entered promiscuous mode
[ 1117.064122][T13528] hsr_slave_1: entered promiscuous mode
[ 1117.085498][T13528] debugfs: 'hsr0' already exists in 'hsr'
[ 1117.085526][T13528] Cannot create hsr debugfs directory
[ 1117.208532][T12833] Bluetooth: hci0: command tx timeout
[ 1117.691320][  T170] bridge_slave_1: left allmulticast mode
[ 1117.691356][  T170] bridge_slave_1: left promiscuous mode
[ 1117.691606][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1117.908340][  T170] bridge_slave_0: left allmulticast mode
[ 1117.908375][  T170] bridge_slave_0: left promiscuous mode
[ 1117.908652][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1118.373953][  T170] bridge_slave_1: left allmulticast mode
[ 1118.373989][  T170] bridge_slave_1: left promiscuous mode
[ 1118.374221][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1118.456888][  T170] bridge_slave_0: left allmulticast mode
[ 1118.456922][  T170] bridge_slave_0: left promiscuous mode
[ 1118.457167][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1119.461875][T12833] Bluetooth: hci0: command tx timeout
[ 1119.938815][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1119.990761][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1120.070490][  T170] bond0 (unregistering): Released all slaves
[ 1120.709679][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1120.911828][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1120.933620][  T154] smbdirect: ib_dev[syz1] removed
[ 1121.021273][  T170] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1121.081057][  T170] bond0 (unregistering): Released all slaves
[ 1125.521228][ T5261] 8021q: adding VLAN 0 to HW filter on device eth9
[ 1127.204340][T13512] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1127.297758][T13512] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1127.483952][T13512] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1127.658063][T13512] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1127.901639][T13512] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1128.109460][T13512] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1128.209018][T13512] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1128.914717][T13512] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1129.326620][ T5261] 8021q: adding VLAN 0 to HW filter on device eth10
[ 1129.622181][  T170] hsr_slave_0: left promiscuous mode
[ 1129.680884][  T170] hsr_slave_1: left promiscuous mode
[ 1129.682872][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1129.720553][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1129.958885][  T170] hsr_slave_0: left promiscuous mode
[ 1130.001914][  T170] hsr_slave_1: left promiscuous mode
[ 1130.002980][  T170] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1130.003004][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1130.062332][  T170] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1130.062361][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1130.231011][  T170] veth1_macvtap: left promiscuous mode
[ 1130.231079][  T170] veth0_macvtap: left promiscuous mode
[ 1130.231261][  T170] veth1_vlan: left promiscuous mode
[ 1130.231365][  T170] veth0_vlan: left promiscuous mode
[ 1130.871378][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1130.911443][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1131.790375][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1131.994691][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1132.280866][ T5614] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1132.346210][ T5614] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1132.369723][ T5614] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1132.371108][ T5614] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1132.391654][ T5614] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1132.956691][T13715] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1132.956815][T13715] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1132.957043][T13715] bridge_slave_0: entered allmulticast mode
[ 1133.032996][T13715] bridge_slave_0: entered promiscuous mode
[ 1133.071948][T13715] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1133.072021][T13715] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1133.072198][T13715] bridge_slave_1: entered allmulticast mode
[ 1133.077999][T13715] bridge_slave_1: entered promiscuous mode
[ 1134.133997][T13715] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1134.150503][T13715] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1134.255395][T13918] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2417'.
[ 1134.298581][T13715] team0: Port device team_slave_0 added
[ 1134.352222][T13715] team0: Port device team_slave_1 added
[ 1134.456285][T13715] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1134.456301][T13715] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.456324][T13715] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1134.458746][T13715] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1134.458759][T13715] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.458778][T13715] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1134.762680][T12833] Bluetooth: hci3: command tx timeout
[ 1135.120669][T13715] hsr_slave_0: entered promiscuous mode
[ 1135.122051][T13715] hsr_slave_1: entered promiscuous mode
[ 1135.787688][T13528] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1135.866407][T13528] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1135.893441][T13528] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1135.945991][T13528] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1135.984484][T13528] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1136.015705][T13528] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1136.033202][T13528] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1136.078435][T13528] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1136.976696][T12833] Bluetooth: hci3: command tx timeout
[ 1137.151485][ T5261] 8021q: adding VLAN 0 to HW filter on device eth11
[ 1137.566473][ T5614] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1137.588347][ T5614] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1137.590618][ T5614] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1137.600054][ T5614] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1137.638876][ T5614] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1137.851192][T13715] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1137.894213][T13715] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1138.317449][T13715] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1138.346792][T13715] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1138.348041][T13880] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1138.348237][T13880] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1138.348437][T13880] bridge_slave_0: entered allmulticast mode
[ 1138.356896][T13880] bridge_slave_0: entered promiscuous mode
[ 1138.682165][T13715] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1138.723130][T13715] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1138.724365][T13880] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1138.724447][T13880] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1138.724576][T13880] bridge_slave_1: entered allmulticast mode
[ 1138.726040][T13880] bridge_slave_1: entered promiscuous mode
[ 1138.740047][T13715] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1138.814578][T13715] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1139.229593][T12833] Bluetooth: hci3: command tx timeout
[ 1139.422260][T13880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1139.462318][T13880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1139.998897][T12833] Bluetooth: hci1: command tx timeout
[ 1140.092513][ T5261] 8021q: adding VLAN 0 to HW filter on device eth12
[ 1140.095507][T13880] team0: Port device team_slave_0 added
[ 1140.170699][T13880] team0: Port device team_slave_1 added
[ 1140.803242][T13880] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1140.803259][T13880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1140.803284][T13880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1140.823364][T13880] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1140.823380][T13880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1140.823401][T13880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1140.980559][T13880] hsr_slave_0: entered promiscuous mode
[ 1140.983033][T13880] hsr_slave_1: entered promiscuous mode
[ 1140.983630][T13880] debugfs: 'hsr0' already exists in 'hsr'
[ 1140.983646][T13880] Cannot create hsr debugfs directory
[ 1141.471720][T12833] Bluetooth: hci3: command tx timeout
[ 1142.251625][T12833] Bluetooth: hci1: command tx timeout
[ 1143.733093][  T170] bridge_slave_1: left allmulticast mode
[ 1143.733127][  T170] bridge_slave_1: left promiscuous mode
[ 1143.733380][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1144.050370][T14109] netlink: 'syz.5.2452': attribute type 10 has an invalid length.
[ 1144.512063][T12833] Bluetooth: hci1: command tx timeout
[ 1144.831955][  T170] bridge_slave_0: left allmulticast mode
[ 1144.831987][  T170] bridge_slave_0: left promiscuous mode
[ 1144.834556][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.100680][  T170] bridge_slave_1: left allmulticast mode
[ 1145.100702][  T170] bridge_slave_1: left promiscuous mode
[ 1145.100871][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1145.256265][  T170] bridge_slave_0: left allmulticast mode
[ 1145.256287][  T170] bridge_slave_0: left promiscuous mode
[ 1145.256432][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.512192][  T170] bridge_slave_1: left allmulticast mode
[ 1145.512217][  T170] bridge_slave_1: left promiscuous mode
[ 1145.512384][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1145.600314][  T170] bridge_slave_0: left allmulticast mode
[ 1145.600347][  T170] bridge_slave_0: left promiscuous mode
[ 1145.600592][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1145.980603][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1146.043406][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1146.089207][  T170] bond0 (unregistering): Released all slaves
[ 1146.433622][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1146.499000][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1146.542406][  T170] bond0 (unregistering): Released all slaves
[ 1146.757722][T12833] Bluetooth: hci1: command tx timeout
[ 1146.909925][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1146.975396][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1147.022809][  T170] bond0 (unregistering): Released all slaves
[ 1147.779195][T13715] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1147.917013][T13989] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1147.917416][T13989] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1147.917609][T13989] bridge_slave_0: entered allmulticast mode
[ 1147.925487][T13989] bridge_slave_0: entered promiscuous mode
[ 1147.999658][T13989] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1147.999777][T13989] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1148.000028][T13989] bridge_slave_1: entered allmulticast mode
[ 1148.002057][T13989] bridge_slave_1: entered promiscuous mode
[ 1148.695497][T13715] 8021q: adding VLAN 0 to HW filter on device team0
[ 1148.755207][T13989] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1148.965620][T13989] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1149.086780][  T170] hsr_slave_0: left promiscuous mode
[ 1149.108611][  T170] hsr_slave_1: left promiscuous mode
[ 1149.109652][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1149.132691][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1149.325590][  T170] hsr_slave_0: left promiscuous mode
[ 1149.368626][  T170] hsr_slave_1: left promiscuous mode
[ 1149.369585][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1149.423437][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1149.651735][  T170] hsr_slave_0: left promiscuous mode
[ 1149.682422][  T170] hsr_slave_1: left promiscuous mode
[ 1149.683431][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1149.738305][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1150.304630][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1150.343903][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1150.864795][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1150.908293][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1151.401113][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1151.461744][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1151.680843][ T8416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1151.680978][ T8416] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1151.873711][ T8416] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1151.873924][ T8416] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1151.877739][T13989] team0: Port device team_slave_0 added
[ 1151.883711][T13989] team0: Port device team_slave_1 added
[ 1152.229926][T13989] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1152.229940][T13989] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.229959][T13989] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1152.234799][T13989] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1152.234813][T13989] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.234838][T13989] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1152.340684][T13989] hsr_slave_0: entered promiscuous mode
[ 1152.341563][T13989] hsr_slave_1: entered promiscuous mode
[ 1152.343343][T13989] debugfs: 'hsr0' already exists in 'hsr'
[ 1152.343359][T13989] Cannot create hsr debugfs directory
[ 1153.246156][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1153.246228][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1154.105406][T13880] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1154.196682][T13880] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1154.208922][T13880] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1154.298189][T13880] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1154.369633][T13880] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1154.397152][T13880] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1154.842579][T13880] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1154.899272][T13880] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1155.973866][T13715] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1156.178880][T13880] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1156.699517][T13880] 8021q: adding VLAN 0 to HW filter on device team0
[ 1156.826184][  T166] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.826388][  T166] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1156.869959][  T122] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.901263][  T122] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1157.879827][T13715] veth0_vlan: entered promiscuous mode
[ 1157.955010][T13715] veth1_vlan: entered promiscuous mode
[ 1158.197447][  T170] bridge_slave_1: left allmulticast mode
[ 1158.197481][  T170] bridge_slave_1: left promiscuous mode
[ 1158.197742][  T170] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1158.340078][  T170] bridge_slave_0: left allmulticast mode
[ 1158.340111][  T170] bridge_slave_0: left promiscuous mode
[ 1158.340380][  T170] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1158.495342][T14321] netlink: 212368 bytes leftover after parsing attributes in process `syz.5.2506'.
[ 1158.949355][T14333] fuse: fd is not a fuse device
[ 1159.402715][  T170] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1159.651878][  T170] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1159.771409][  T170] bond0 (unregistering): Released all slaves
[ 1160.360716][T13989] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1160.393371][T13989] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1160.473566][T13715] veth0_macvtap: entered promiscuous mode
[ 1160.565501][T13989] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1160.676366][T13989] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1160.685509][T13989] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1160.723962][T13989] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1160.726783][T13989] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1160.802215][T13989] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1160.815328][T13715] veth1_macvtap: entered promiscuous mode
[ 1161.248103][T14375] fuse: fd is not a fuse device
[ 1161.258356][  T170] hsr_slave_0: left promiscuous mode
[ 1161.294464][  T170] hsr_slave_1: left promiscuous mode
[ 1161.295428][  T170] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1161.389242][  T170] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1162.086100][  T170] team0 (unregistering): Port device team_slave_1 removed
[ 1162.130058][  T170] team0 (unregistering): Port device team_slave_0 removed
[ 1162.412065][T13880] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1162.478918][T13715] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1162.587686][T13715] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1162.680994][ T5827] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.690017][ T5827] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.697393][ T5827] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1162.715350][ T5827] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1163.819253][T14428] fuse: fd is not a fuse device
[ 1163.935952][ T7062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1163.935973][ T7062] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1164.228935][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1164.228956][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1164.292449][T13989] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1164.520845][T13880] veth0_vlan: entered promiscuous mode
[ 1164.557156][T13989] 8021q: adding VLAN 0 to HW filter on device team0
[ 1164.683306][ T8416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1164.688254][ T8416] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1164.706875][T13880] veth1_vlan: entered promiscuous mode
[ 1164.720020][  T122] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1164.720155][  T122] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1164.969667][T13880] veth0_macvtap: entered promiscuous mode
[ 1165.025206][T13880] veth1_macvtap: entered promiscuous mode
[ 1165.371692][T13880] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1165.391158][ T8886] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1165.425535][T13880] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1165.461763][ T5847] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1165.463934][ T5847] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1165.470351][ T5847] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1165.471584][ T5847] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1165.551704][ T8886] usb 7-1: Using ep0 maxpacket: 16
[ 1165.553484][ T8886] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1165.553538][ T8886] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1165.561102][ T8886] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[ 1165.561131][ T8886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.561150][ T8886] usb 7-1: Product: syz
[ 1165.561164][ T8886] usb 7-1: Manufacturer: syz
[ 1165.561178][ T8886] usb 7-1: SerialNumber: syz
[ 1165.579907][ T8886] usb 7-1: config 0 descriptor??
[ 1165.673837][ T8886] hub 7-1:0.0: bad descriptor, ignoring hub
[ 1165.673876][ T8886] hub 7-1:0.0: probe with driver hub failed with error -5
[ 1165.702569][ T8886] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[ 1165.794312][T14461] tipc: Started in network mode
[ 1165.794327][T14461] tipc: Node identity -, cluster identity 4711
[ 1165.822533][T14461] netlink: 232 bytes leftover after parsing attributes in process `syz.5.2533'.
[ 1166.197407][ T8886] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -2
[ 1166.404591][ T8886] usb 7-1: USB disconnect, device number 2
[ 1166.528705][T14299] udevd[14299]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1166.832441][  T166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1166.832459][  T166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1167.080255][T14483] fuse: fd is not a fuse device
[ 1167.141555][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1167.141576][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1167.566028][T13989] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1167.705826][T14496] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2539'.
[ 1168.430255][T13989] veth0_vlan: entered promiscuous mode
[ 1168.453986][ T8886] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[ 1168.483807][T13989] veth1_vlan: entered promiscuous mode
[ 1168.561900][T13989] veth0_macvtap: entered promiscuous mode
[ 1168.578525][T13989] veth1_macvtap: entered promiscuous mode
[ 1168.634538][ T8886] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1168.635126][ T8886] usb 9-1: not running at top speed; connect to a high speed hub
[ 1168.636414][ T8886] usb 9-1: config 9 has an invalid interface number: 124 but max is 0
[ 1168.636437][ T8886] usb 9-1: config 9 has no interface number 0
[ 1168.636494][ T8886] usb 9-1: config 9 interface 124 altsetting 195 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1168.636513][ T8886] usb 9-1: config 9 interface 124 has no altsetting 0
[ 1168.660848][T13989] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1168.684230][ T8886] usb 9-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=42.b4
[ 1168.684260][ T8886] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.684280][ T8886] usb 9-1: Product: syz
[ 1168.684293][ T8886] usb 9-1: Manufacturer: syz
[ 1168.684307][ T8886] usb 9-1: SerialNumber: syz
[ 1168.763030][T13989] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1168.893934][  T170] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1168.910560][  T170] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1168.911806][  T170] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1168.918441][  T170] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1169.010444][ T8886] usbtest 9-1:9.124: couldn't get endpoints, -22
[ 1169.010521][ T8886] usbtest 9-1:9.124: probe with driver usbtest failed with error -22
[ 1169.033544][ T8886] usb 9-1: USB disconnect, device number 2
[ 1170.114154][ T5847] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1170.114174][ T5847] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1170.215649][ T5847] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1170.215669][ T5847] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1171.565029][ T5614] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1171.586475][ T5834] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[ 1171.606027][  T823] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[ 1171.668413][ T5614] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1171.684588][ T5614] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1171.690593][ T5614] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1171.691398][ T5614] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1171.777395][ T5834] usb 9-1: Using ep0 maxpacket: 8
[ 1171.780422][ T5834] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1171.782042][ T5834] usb 9-1: config index 0 descriptor too short (expected 57, got 27)
[ 1171.782066][ T5834] usb 9-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1171.785160][ T5834] usb 9-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[ 1171.785186][ T5834] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1171.785206][ T5834] usb 9-1: Product: syz
[ 1171.785220][ T5834] usb 9-1: Manufacturer: syz
[ 1171.785235][ T5834] usb 9-1: SerialNumber: syz
[ 1171.832819][T14560] syz_tun: entered allmulticast mode
[ 1171.862939][  T823] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1171.870838][  T823] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1171.870867][  T823] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1171.870886][  T823] usb 8-1: Product: syz
[ 1171.870900][  T823] usb 8-1: Manufacturer: syz
[ 1171.870913][  T823] usb 8-1: SerialNumber: syz
[ 1171.911188][T14559] syz_tun: left allmulticast mode
[ 1172.087587][  T823] usb 8-1: config 0 descriptor??
[ 1172.269187][  T823] usb 9-1: USB disconnect, device number 3
[ 1173.021496][  T122] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1173.021532][  T122] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1173.276902][T14582] mmap: syz.8.2560 (14582) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[ 1173.577630][  T122] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1173.577662][  T122] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1174.140727][ T5614] Bluetooth: hci4: command tx timeout
[ 1174.165295][  T122] bond0: (slave netdevsim1): Releasing backup interface
[ 1174.214537][  T122] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1174.214560][  T122] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1174.597264][T10590] usb 8-1: USB disconnect, device number 2
[ 1174.839445][  T122] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1174.839480][  T122] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1175.304991][T14556] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1175.305869][T14556] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1175.306018][T14556] bridge_slave_0: entered allmulticast mode
[ 1175.307957][T14556] bridge_slave_0: entered promiscuous mode
[ 1175.316458][T14556] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1175.317067][T14556] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1175.317306][T14556] bridge_slave_1: entered allmulticast mode
[ 1175.319744][T14556] bridge_slave_1: entered promiscuous mode
[ 1175.425910][T14556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1175.438318][T14556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1175.679427][T14556] team0: Port device team_slave_0 added
[ 1175.685814][T14556] team0: Port device team_slave_1 added
[ 1176.255779][T14556] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1176.255794][T14556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1176.255820][T14556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1176.400937][ T5614] Bluetooth: hci4: command tx timeout
[ 1177.351307][T14556] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1177.351317][T14556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1177.351333][T14556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1177.767466][T14556] hsr_slave_0: entered promiscuous mode
[ 1177.772838][T14556] hsr_slave_1: entered promiscuous mode
[ 1177.776991][T14556] debugfs: 'hsr0' already exists in 'hsr'
[ 1177.777018][T14556] Cannot create hsr debugfs directory
[ 1177.900969][T14643] Set syz1 is full, maxelem 14 reached
[ 1178.544208][  T122] bridge_slave_1: left allmulticast mode
[ 1178.544242][  T122] bridge_slave_1: left promiscuous mode
[ 1178.544498][  T122] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1178.646776][ T5614] Bluetooth: hci4: command tx timeout
[ 1178.744851][  T122] bridge_slave_0: left allmulticast mode
[ 1178.744875][  T122] bridge_slave_0: left promiscuous mode
[ 1178.745041][  T122] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1178.809360][T12985] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[ 1179.457320][T14664] netlink: 'syz.6.2584': attribute type 11 has an invalid length.
[ 1180.204982][T12985] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1180.214817][T12985] usb 8-1: unable to read config index 0 descriptor/start: -71
[ 1180.214853][T12985] usb 8-1: can't read configurations, error -71
[ 1180.871577][T14669] qrtr: Invalid version 0
[ 1180.913668][ T5614] Bluetooth: hci4: command tx timeout
[ 1181.247499][  T122] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1181.335637][  T122] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1181.365617][T12985] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1181.389607][T10590] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[ 1181.406128][  T122] bond0 (unregistering): (slave team0): Releasing backup interface
[ 1181.454773][  T122] bond0 (unregistering): Released all slaves
[ 1181.549708][T10590] usb 9-1: Using ep0 maxpacket: 8
[ 1181.570045][T10590] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1181.584140][T10590] usb 9-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1181.584165][T10590] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1181.584176][T10590] usb 9-1: Product: syz
[ 1181.584184][T10590] usb 9-1: Manufacturer: syz
[ 1181.584191][T10590] usb 9-1: SerialNumber: syz
[ 1181.587356][T10590] usb 9-1: config 0 descriptor??
[ 1181.610177][T10590] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1182.157612][T10590] gspca_sonixj: reg_w1 err -110
[ 1182.157747][T10590] sonixj 9-1:0.0: probe with driver sonixj failed with error -110
[ 1182.401226][ T8886] usb 9-1: USB disconnect, device number 4
[ 1182.483730][T12985] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1182.484764][T12985] usb 8-1: unable to read config index 0 descriptor/start: -71
[ 1182.484785][T12985] usb 8-1: can't read configurations, error -71
[ 1182.485051][T12985] usb usb8-port1: attempt power cycle
[ 1182.491739][T14677] fuse: fd is not a fuse device
[ 1183.654209][ T5820] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[ 1184.070527][T14702] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2593'.
[ 1185.460496][ T5820] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1185.461349][ T5820] usb 9-1: unable to read config index 0 descriptor/start: -71
[ 1185.461370][ T5820] usb 9-1: can't read configurations, error -71
[ 1185.685743][ T5261] 8021q: adding VLAN 0 to HW filter on device eth13
[ 1185.912851][T14714] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1186.484221][T14722] hfs: can't find a HFS filesystem on dev nullb0
[ 1186.976564][  T122] hsr_slave_0: left promiscuous mode
[ 1187.173248][T14736] netlink: 'syz.6.2599': attribute type 11 has an invalid length.
[ 1187.194830][  T122] hsr_slave_1: left promiscuous mode
[ 1187.197596][  T122] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1187.197622][  T122] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1187.360255][  T122] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1187.360280][  T122] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1188.077152][  T122] veth1_macvtap: left promiscuous mode
[ 1188.077244][  T122] veth0_macvtap: left promiscuous mode
[ 1188.107984][  T122] veth1_vlan: left promiscuous mode
[ 1188.108162][  T122] veth0_vlan: left promiscuous mode
[ 1188.341318][T10590] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1188.507076][T10590] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[ 1188.507129][T10590] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1188.507153][T10590] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1188.507175][T10590] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1188.507215][T10590] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1188.507235][T10590] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1188.513297][T10590] usb 9-1: config 0 descriptor??
[ 1189.002512][T10590] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[ 1189.043595][T10590] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[ 1189.435972][  T122] team0 (unregistering): Port device team_slave_1 removed
[ 1189.632667][  T122] team0 (unregistering): Port device team_slave_0 removed
[ 1190.043146][  T823] usb 9-1: USB disconnect, device number 7
[ 1191.425536][T14786] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1192.931614][T14809] hfs: can't find a HFS filesystem on dev nullb0
[ 1193.896679][T14556] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1194.023917][T14556] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1194.080290][  T122] IPVS: stop unused estimator thread 0...
[ 1194.084959][T14556] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1194.324539][T14556] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1194.355128][T14556] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1194.411846][T14556] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1194.436588][T14556] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1194.524264][T14556] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1194.826950][T14834] netlink: 'syz.7.2614': attribute type 11 has an invalid length.
[ 1196.208193][T14848] netlink: 28 bytes leftover after parsing attributes in process `syz.8.2616'.
[ 1196.734135][T14556] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1197.036279][T14556] 8021q: adding VLAN 0 to HW filter on device team0
[ 1197.095087][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1197.095297][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1197.159616][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1197.163603][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1199.065311][T14885] hfs: can't find a HFS filesystem on dev nullb0
[ 1200.429847][T13198] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1200.649929][T13198] usb 7-1: Using ep0 maxpacket: 8
[ 1200.738123][T13198] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1200.742522][T13198] usb 7-1: config index 0 descriptor too short (expected 57, got 27)
[ 1200.742539][T13198] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1200.751924][T13198] usb 7-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[ 1200.751958][T13198] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.751978][T13198] usb 7-1: Product: syz
[ 1200.751992][T13198] usb 7-1: Manufacturer: syz
[ 1200.752006][T13198] usb 7-1: SerialNumber: syz
[ 1201.210140][T13198] usb 7-1: USB disconnect, device number 3
[ 1201.326487][T14556] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1201.630686][T14556] veth0_vlan: entered promiscuous mode
[ 1201.657736][T14556] veth1_vlan: entered promiscuous mode
[ 1201.718034][T14556] veth0_macvtap: entered promiscuous mode
[ 1201.787423][T14556] veth1_macvtap: entered promiscuous mode
[ 1202.335322][T14556] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1202.352575][T14556] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1202.426664][ T8421] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.430853][ T8421] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.431879][ T8421] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.431922][ T8421] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1204.528433][  T166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1204.528452][  T166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1204.814930][   T37] audit: type=1326 audit(1780788761.344:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.5.2635" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f9c2ce59 code=0x7ffc0000
[ 1204.931966][T14975] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2635'.
[ 1205.018449][   T37] audit: type=1326 audit(1780788761.483:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.5.2635" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f09f9c2ce59 code=0x7ffc0000
[ 1205.157238][   T37] audit: type=1326 audit(1780788761.547:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.5.2635" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f9c2ce59 code=0x7ffc0000
[ 1205.282401][ T1290] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1205.282422][ T1290] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1205.353261][   T37] audit: type=1326 audit(1780788761.732:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14964 comm="syz.5.2635" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f09f9c2ce59 code=0x7ffc0000
[ 1205.386548][T14974] process 'syz.5.2635' launched './file2' with NULL argv: empty string added
[ 1205.726480][    T9] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[ 1205.910752][    T9] usb 8-1: Using ep0 maxpacket: 8
[ 1205.913457][    T9] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1205.915457][    T9] usb 8-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1205.915478][    T9] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1205.915518][    T9] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 28
[ 1205.993047][T14988] kAFS: unable to lookup cell 'ÿ'
[ 1206.016844][    T9] usb 8-1: New USB device found, idVendor=10f5, idProduct=0200, bcdDevice= 0.40
[ 1206.016872][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.016890][    T9] usb 8-1: Product: syz
[ 1206.016903][    T9] usb 8-1: Manufacturer: syz
[ 1206.016916][    T9] usb 8-1: SerialNumber: syz
[ 1206.341100][T14986] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2639'.
[ 1206.425931][T15001] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2639'.
[ 1207.735763][T14986] bond1 (unregistering): Released all slaves
[ 1210.008397][T15014] dummy0: entered allmulticast mode
[ 1210.255175][T15011] dummy0: left allmulticast mode
[ 1210.571730][    T9] usb 8-1: USB disconnect, device number 6
[ 1211.424263][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1211.959567][    T9] usb 3-1: Using ep0 maxpacket: 16
[ 1212.653512][    T9] usb 3-1: config 166 has an invalid interface number: 177 but max is 1
[ 1212.653530][    T9] usb 3-1: config 166 has an invalid interface number: 34 but max is 1
[ 1212.653541][    T9] usb 3-1: config 166 has no interface number 0
[ 1212.653549][    T9] usb 3-1: config 166 has no interface number 1
[ 1212.653581][    T9] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1212.653592][    T9] usb 3-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1212.653612][    T9] usb 3-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[ 1212.653637][    T9] usb 3-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1212.653655][    T9] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[ 1212.653669][    T9] usb 3-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[ 1212.653681][    T9] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1212.653752][    T9] usb 3-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1212.653764][    T9] usb 3-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 1212.653778][    T9] usb 3-1: config 166 interface 177 has no altsetting 0
[ 1212.653788][    T9] usb 3-1: config 166 interface 34 has no altsetting 0
[ 1212.662259][    T9] usb 3-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[ 1212.662288][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.662308][    T9] usb 3-1: Product: syz
[ 1212.662321][    T9] usb 3-1: Manufacturer: syz
[ 1212.662335][    T9] usb 3-1: SerialNumber: syz
[ 1212.738241][  T823] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1212.918900][  T823] usb 9-1: Using ep0 maxpacket: 32
[ 1212.924799][  T823] usb 9-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1212.924870][  T823] usb 9-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1213.191844][    T9] ums-realtek 3-1:166.177: USB Mass Storage device detected
[ 1213.597603][    T9] ums-realtek 3-1:166.34: USB Mass Storage device detected
[ 1213.849089][    T9] ums-realtek 3-1:166.34: probe with driver ums-realtek failed with error -5
[ 1213.901631][T15050] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2649'.
[ 1214.326025][T15055] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2651'.
[ 1216.230025][    T9] uvcvideo 3-1:166.34: Found UVC 0.00 device syz (0bda:0138)
[ 1216.230117][    T9] uvcvideo 3-1:166.34: No valid video chain found.
[ 1216.269458][T15055] vxlan0: entered promiscuous mode
[ 1216.285345][    T9] usb 3-1: USB disconnect, device number 25
[ 1216.692380][   T13] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1216.708227][   T13] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1216.831030][   T13] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1216.831068][   T13] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1217.460365][  T823] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1217.460384][  T823] usb 9-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1217.460396][  T823] usb 9-1: Product: syz
[ 1217.464013][  T823] usb 9-1: can't set config #4, error -71
[ 1217.469131][T13198] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1217.483197][  T823] usb 9-1: USB disconnect, device number 8
[ 1217.685066][T13198] usb 8-1: Using ep0 maxpacket: 32
[ 1217.687772][T13198] usb 8-1: unable to get BOS descriptor or descriptor too short
[ 1217.688921][T13198] usb 8-1: config 14 has an invalid interface number: 57 but max is 1
[ 1217.688936][T13198] usb 8-1: config 14 has an invalid interface number: 228 but max is 1
[ 1217.688947][T13198] usb 8-1: config 14 has no interface number 0
[ 1217.688956][T13198] usb 8-1: config 14 has no interface number 1
[ 1217.688994][T13198] usb 8-1: config 14 interface 228 altsetting 5 has a duplicate endpoint with address 0x8, skipping
[ 1217.689006][T13198] usb 8-1: config 14 interface 228 altsetting 5 has an endpoint descriptor with address 0xD1, changing to 0x81
[ 1217.689019][T13198] usb 8-1: config 14 interface 228 altsetting 5 endpoint 0x81 has an invalid bInterval 109, changing to 10
[ 1217.689033][T13198] usb 8-1: config 14 interface 228 altsetting 5 endpoint 0x81 has invalid maxpacket 57993, setting to 1024
[ 1217.689047][T13198] usb 8-1: config 14 interface 228 altsetting 5 endpoint 0x9 has an invalid bInterval 122, changing to 10
[ 1217.689061][T13198] usb 8-1: config 14 interface 228 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1217.689075][T13198] usb 8-1: config 14 interface 57 has no altsetting 0
[ 1217.689084][T13198] usb 8-1: config 14 interface 228 has no altsetting 0
[ 1217.691462][T13198] usb 8-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=78.13
[ 1217.691488][T13198] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1217.691508][T13198] usb 8-1: Product: syz
[ 1217.691523][T13198] usb 8-1: Manufacturer: syz
[ 1217.691536][T13198] usb 8-1: SerialNumber: syz
[ 1218.300048][T13198] legousbtower 8-1:14.57: interrupt endpoints not found
[ 1218.621161][T15081] netlink: 'syz.2.2658': attribute type 11 has an invalid length.
[ 1219.725719][ T1338] ieee802154 phy0 wpan0: encryption failed: -22
[ 1219.725788][ T1338] ieee802154 phy1 wpan1: encryption failed: -22
[ 1220.543358][T13198] legousbtower 8-1:14.228: get version request failed: -71
[ 1220.543544][T13198] legousbtower 8-1:14.228: probe with driver legousbtower failed with error -71
[ 1220.654900][T13198] usb 8-1: USB disconnect, device number 7
[ 1221.166334][   T37] audit: type=1326 audit(1780788776.448:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.236465][   T37] audit: type=1326 audit(1780788776.512:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.236515][   T37] audit: type=1326 audit(1780788776.512:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.296519][   T37] audit: type=1326 audit(1780788776.512:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.603800][   T37] audit: type=1326 audit(1780788776.826:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.647664][   T37] audit: type=1326 audit(1780788776.872:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.691752][   T37] audit: type=1326 audit(1780788776.937:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.783317][   T37] audit: type=1326 audit(1780788777.020:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f15438dd68e code=0x7ffc0000
[ 1221.869687][   T37] audit: type=1326 audit(1780788777.094:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1221.902379][T13198] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1221.913899][   T37] audit: type=1326 audit(1780788777.103:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15090 comm="syz.2.2659" exe="/root/ci-upstream-kasan-gce-smack-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f154391ce59 code=0x7ffc0000
[ 1222.060951][T13198] usb 9-1: Using ep0 maxpacket: 16
[ 1222.063173][T13198] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1222.063206][T13198] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1222.063239][T13198] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[ 1222.063261][T13198] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.069627][T13198] usb 9-1: config 0 descriptor??
[ 1222.514510][T15113] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2666'.
[ 1222.838859][T13198] usbhid 9-1:0.0: can't add hid device: -71
[ 1222.838933][T13198] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[ 1222.861645][T13198] usb 9-1: USB disconnect, device number 9
[ 1223.739584][T15123] netlink: 'syz.7.2669': attribute type 11 has an invalid length.
[ 1224.778867][T15129] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1224.893436][T15136] Set syz1 is full, maxelem 14 reached
[ 1225.188523][T15142] kAFS: unable to lookup cell 'ÿ'
[ 1226.082511][T15149] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2678'.
[ 1226.144621][ T5834] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1226.329142][ T5834] usb 3-1: Using ep0 maxpacket: 8
[ 1226.331334][ T5834] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1226.332310][ T5834] usb 3-1: config index 0 descriptor too short (expected 57, got 27)
[ 1226.332324][ T5834] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1226.334271][ T5834] usb 3-1: New USB device found, idVendor=0a12, idProduct=5d10, bcdDevice=70.0b
[ 1226.334287][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1226.334298][ T5834] usb 3-1: Product: syz
[ 1226.334305][ T5834] usb 3-1: Manufacturer: syz
[ 1226.334313][ T5834] usb 3-1: SerialNumber: syz
[ 1226.630752][ T5834] usb 3-1: USB disconnect, device number 26
[ 1226.881216][  T823] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1227.043738][  T823] usb 7-1: Using ep0 maxpacket: 16
[ 1227.045709][  T823] usb 7-1: config 166 has an invalid interface number: 177 but max is 1
[ 1227.045735][  T823] usb 7-1: config 166 has an invalid interface number: 34 but max is 1
[ 1227.045756][  T823] usb 7-1: config 166 has no interface number 0
[ 1227.045769][  T823] usb 7-1: config 166 has no interface number 1
[ 1227.045799][  T823] usb 7-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1227.045811][  T823] usb 7-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[ 1227.045830][  T823] usb 7-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping
[ 1227.045843][  T823] usb 7-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1227.045856][  T823] usb 7-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024
[ 1227.045870][  T823] usb 7-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024
[ 1227.045883][  T823] usb 7-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1227.045896][  T823] usb 7-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1227.045907][  T823] usb 7-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4
[ 1227.045920][  T823] usb 7-1: config 166 interface 177 has no altsetting 0
[ 1227.045930][  T823] usb 7-1: config 166 interface 34 has no altsetting 0
[ 1227.048104][  T823] usb 7-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12
[ 1227.048128][  T823] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1227.048138][  T823] usb 7-1: Product: syz
[ 1227.048146][  T823] usb 7-1: Manufacturer: syz
[ 1227.048153][  T823] usb 7-1: SerialNumber: syz
[ 1228.410587][T15164] netlink: 'syz.5.2684': attribute type 11 has an invalid length.
[ 1228.638517][T15168] netlink: 52 bytes leftover after parsing attributes in process `syz.7.2685'.
[ 1228.661999][  T823] ums-realtek 7-1:166.177: USB Mass Storage device detected
[ 1228.872131][  T823] ums-realtek 7-1:166.34: USB Mass Storage device detected
[ 1228.955946][  T823] ums-realtek 7-1:166.34: probe with driver ums-realtek failed with error -5
[ 1229.014313][  T823] uvcvideo 7-1:166.34: Found UVC 0.00 device syz (0bda:0138)
[ 1229.014347][  T823] uvcvideo 7-1:166.34: No valid video chain found.
[ 1229.055196][  T823] usb 7-1: USB disconnect, device number 4
[ 1230.143347][ T5604] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[ 1230.340692][ T5604] usb 9-1: Using ep0 maxpacket: 16
[ 1230.341687][ T5604] usb 9-1: too many configurations: 123, using maximum allowed: 8
[ 1230.403484][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.428526][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.432976][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.454433][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.456447][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.458760][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.481021][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.482430][ T5604] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.484682][ T5604] usb 9-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1230.484707][ T5604] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=45
[ 1230.484726][ T5604] usb 9-1: SerialNumber: syz
[ 1230.489724][ T5604] usb 9-1: config 0 descriptor??
[ 1230.599020][ T5799] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1230.738185][ T5799] usb 3-1: Using ep0 maxpacket: 8
[ 1230.740477][ T5799] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1230.777832][ T5799] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[ 1230.777864][ T5799] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1230.777884][ T5799] usb 3-1: Product: syz
[ 1230.777898][ T5799] usb 3-1: Manufacturer: syz
[ 1230.777913][ T5799] usb 3-1: SerialNumber: syz
[ 1230.831168][ T5799] usb 3-1: config 0 descriptor??
[ 1230.871202][ T5799] gspca_main: sonixj-2.14.0 probing 0c45:613a
[ 1231.035071][ T5799] gspca_sonixj: reg_w1 err -71
[ 1231.035161][ T5799] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[ 1231.091261][ T5799] usb 3-1: USB disconnect, device number 27
[ 1231.294300][ T5615] usb 9-1: USB disconnect, device number 10
[ 1231.487442][ T5799] ==================================================================
[ 1231.487527][ T5799] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130
[ 1231.487670][ T5799] Read of size 8 at addr ffffc9000ed3a008 by task kworker/1:6/5799
[ 1231.487686][ T5799] 
[ 1231.487710][ T5799] CPU: 1 UID: 0 PID: 5799 Comm: kworker/1:6 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1231.487764][ T5799] Tainted: [L]=SOFTLOCKUP
[ 1231.487771][ T5799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1231.487784][ T5799] Workqueue: usb_hub_wq hub_event
[ 1231.487894][ T5799] Call Trace:
[ 1231.487930][ T5799]  <TASK>
[ 1231.487986][ T5799]  dump_stack_lvl+0xe8/0x150
[ 1231.488087][ T5799]  print_address_description+0x55/0x1e0
[ 1231.488118][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.488147][ T5799]  print_report+0x58/0x70
[ 1231.488165][ T5799]  kasan_report+0x117/0x150
[ 1231.488239][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.488267][ T5799]  __list_add_valid_or_report+0x4e/0x130
[ 1231.488300][ T5799]  kcov_remote_stop+0x457/0x680
[ 1231.488379][ T5799]  hub_event+0x49d8/0x4f60
[ 1231.488409][ T5799]  ? __lock_acquire+0x6b5/0x2cf0
[ 1231.488514][ T5799]  ? __pfx_hub_event+0x10/0x10
[ 1231.488539][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.488579][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.488598][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.488618][ T5799]  process_scheduled_works+0xb5d/0x1860
[ 1231.488651][ T5799]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1231.488673][ T5799]  ? assign_work+0x3d5/0x5e0
[ 1231.488693][ T5799]  worker_thread+0xa53/0xfc0
[ 1231.488724][ T5799]  kthread+0x388/0x470
[ 1231.488747][ T5799]  ? __pfx_worker_thread+0x10/0x10
[ 1231.488766][ T5799]  ? __pfx_kthread+0x10/0x10
[ 1231.488789][ T5799]  ret_from_fork+0x514/0xb70
[ 1231.488825][ T5799]  ? __pfx_ret_from_fork+0x10/0x10
[ 1231.488844][ T5799]  ? __switch_to+0xc79/0x1410
[ 1231.488872][ T5799]  ? __pfx_kthread+0x10/0x10
[ 1231.488896][ T5799]  ret_from_fork_asm+0x1a/0x30
[ 1231.488925][ T5799]  </TASK>
[ 1231.488956][ T5799] 
[ 1231.488961][ T5799] The buggy address belongs to a vmalloc virtual mapping
[ 1231.489002][ T5799] Memory state around the buggy address:
[ 1231.489039][ T5799]  ffffc9000ed39f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1231.489052][ T5799]  ffffc9000ed39f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1231.489092][ T5799] >ffffc9000ed3a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1231.489103][ T5799]                       ^
[ 1231.489113][ T5799]  ffffc9000ed3a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1231.489125][ T5799]  ffffc9000ed3a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1231.489135][ T5799] ==================================================================
[ 1231.490913][ T5799] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1231.490931][ T5799] CPU: 1 UID: 0 PID: 5799 Comm: kworker/1:6 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1231.490955][ T5799] Tainted: [L]=SOFTLOCKUP
[ 1231.490959][ T5799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1231.490969][ T5799] Workqueue: usb_hub_wq hub_event
[ 1231.490992][ T5799] Call Trace:
[ 1231.491017][ T5799]  <TASK>
[ 1231.491023][ T5799]  vpanic+0x56c/0xa60
[ 1231.491042][ T5799]  ? __pfx_vpanic+0x10/0x10
[ 1231.491058][ T5799]  ? __pfx___schedule+0x10/0x10
[ 1231.491169][ T5799]  panic+0xc5/0xd0
[ 1231.491184][ T5799]  ? __pfx_panic+0x10/0x10
[ 1231.491200][ T5799]  ? preempt_schedule_thunk+0x16/0x30
[ 1231.491225][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.491245][ T5799]  check_panic_on_warn+0x89/0xb0
[ 1231.491267][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.491295][ T5799]  end_report+0x73/0x170
[ 1231.491313][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.491329][ T5799]  kasan_report+0x128/0x150
[ 1231.491344][ T5799]  ? __list_add_valid_or_report+0x4e/0x130
[ 1231.491363][ T5799]  __list_add_valid_or_report+0x4e/0x130
[ 1231.491381][ T5799]  kcov_remote_stop+0x457/0x680
[ 1231.491399][ T5799]  hub_event+0x49d8/0x4f60
[ 1231.491422][ T5799]  ? __lock_acquire+0x6b5/0x2cf0
[ 1231.491452][ T5799]  ? __pfx_hub_event+0x10/0x10
[ 1231.491472][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.491490][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.491505][ T5799]  ? process_scheduled_works+0xa70/0x1860
[ 1231.491519][ T5799]  process_scheduled_works+0xb5d/0x1860
[ 1231.491544][ T5799]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1231.491561][ T5799]  ? assign_work+0x3d5/0x5e0
[ 1231.491578][ T5799]  worker_thread+0xa53/0xfc0
[ 1231.491603][ T5799]  kthread+0x388/0x470
[ 1231.491622][ T5799]  ? __pfx_worker_thread+0x10/0x10
[ 1231.491638][ T5799]  ? __pfx_kthread+0x10/0x10
[ 1231.491659][ T5799]  ret_from_fork+0x514/0xb70
[ 1231.491679][ T5799]  ? __pfx_ret_from_fork+0x10/0x10
[ 1231.491696][ T5799]  ? __switch_to+0xc79/0x1410
[ 1231.491717][ T5799]  ? __pfx_kthread+0x10/0x10
[ 1231.491736][ T5799]  ret_from_fork_asm+0x1a/0x30
[ 1231.491759][ T5799]  </TASK>
[ 1231.492935][ T5799] Kernel Offset: disabled