last executing test programs:

7.658014752s ago: executing program 1 (id=325):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x12001, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r1, 0x5000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r1, 0x0, 0xffffffdb)
syz_usb_connect$uac2(0x6, 0x96, &(0x7f0000000240)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x84, 0x3, 0x1, 0x8, 0x98, 0x67, {0x8, 0xb, 0x1, 0x0, 0x1, 0x1, 0x20, 0xf8}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x1ff, 0x8, 0x9, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x2, 0x6, 0xc, 0x7d, 0x3}, @format_type_i_descriptor={0x6, 0x24, 0x2, 0x1, 0x3, 0x8}]}, {{0x9, 0x5, 0x1, 0x9, 0x7f65394d9fbe0ba4, 0x40, 0x0, 0x4, {0x8, 0x25, 0x1, 0x7648513c41ea4e82, 0x3, 0x3, 0x57}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {[@format_type_ii_discrete={0xc, 0x24, 0x2, 0x2, 0x8, 0x9, 0x5, "b27276"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0xbe, 0x80, 0x3, {0x8, 0x25, 0x1, 0x80, 0x0, 0x7, 0x3}}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000300)={0xa, 0x6, 0x300, 0x81, 0x7, 0x8, 0x20, 0x2}, 0x52, &(0x7f0000000340)={0x5, 0xf, 0x52, 0x3, [@generic={0x3b, 0x10, 0x1, "ab327e48c93b265ef6eabf57f30597c8e31f5a2263d12d75cf00dbd7492f82a5c57c6d48acf85aed7bd9d031fba8a8cae00b2c9f1cabc402"}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x5, 0xc, 0xff}, @wireless={0xb, 0x10, 0x1, 0xc, 0x58, 0x80, 0x8, 0xff4, 0x8}]}, 0x1, [{0x92, &(0x7f00000003c0)=@string={0x92, 0x3, "a6e6a620bf0722ecb71ef2f632e74464409c6f8dfb9d9b6346b96ec254326d17a9b2e27d27b7270da91df2c84b50d669a500c6c400b852d1fa2177c44ab4663e1d2a19eb8062e9490afec0b4396bdb37fdb0e7aef697aa50c6576463c4c106e58608b7937b4d97aa72961627403449986973c47c400d83fead6c2e54322e5a6810cd432762b28b19200d3da35b9bb0c2"}}]})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
r2 = socket(0x10, 0x3, 0x0)
syz_usb_connect(0x2, 0x3b, &(0x7f0000000a40)=ANY=[@ANYBLOB="120100026e694b109911039024d7010203010902290001060780020904000000ffd36b050524260000020040"], &(0x7f0000001800)={0x0, 0x0, 0x0, 0x0})
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="400000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001800128008000100707070000c00028008000100", @ANYRES32=r3, @ANYBLOB='\b\x00', @ANYRES64=r0], 0x40}, 0x1, 0x0, 0x0, 0x20040010}, 0x4000)

5.508162828s ago: executing program 0 (id=339):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb78a405e0483020b990102030109022400010000000009040000025c291d0009050900000000000009050b01", @ANYBLOB="ebab23807f"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000200)=0x7, 0x4)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x44000, 0x0)
write$sndseq(r1, &(0x7f0000000340)=[{0x4e, 0x0, 0x6, 0x5, @time={0x8, 0x80}, {0x5, 0x9}, {0xbc}, @connect={{0xff, 0xdf}, {0xf8, 0x7}}}, {0x2, 0x9, 0x4, 0x8, @time={0x288f, 0x200}, {0x7, 0x3}, {0x3}, @raw8={"5806a5fef823ac337c29ea0b"}}, {0xf7, 0xd6, 0x23, 0xe, @tick=0x7, {0x4}, {0x40, 0xf9}, @queue={0x80, {0x0, 0x1}}}, {0x2, 0xf, 0x52, 0xf5, @time={0xaf56, 0x2}, {0xa, 0x7}, {0x1, 0x9}, @ext={0xd9, &(0x7f0000000240)="89005781c8463d521b9bcc17d674505bf115a5680c9747317e31c69bcc6cc63e0acd5abd9e8ec4db835dc34e4ad6bc455ebba158cc8adae3810dfc49c60e6baa2acbd4138e971970dee828e60f4aff1431c89f63dff4aff7ff1e12ffb7e322040dbbf5b29678a352a4296f99b6a2391fafaf11367bcf034f81e935d22116edadc7cc3bd6d78b16b8adfc17e60785b75be5974ec860105ba27e3767ed54f3a4a252920a97d955ec3453d1b376b13c8c629df958d9e16c27d9bfa949f3d17cde16f1de993286bd91fcc80adba9ebc69aaf46f5d72c18f0db309f"}}, {0x5, 0x9, 0x4, 0x1, @tick=0x9, {0x2}, {0x4, 0x8}, @note={0x0, 0x9, 0x9, 0x9, 0x7ff}}, {0xc, 0x5, 0xe, 0x7, @time={0x9dd, 0x7}, {0x7, 0x4}, {0x4, 0x81}, @queue={0x7, {0x10001, 0x1}}}, {0x0, 0x3, 0x1, 0x2, @tick=0x3, {0x0, 0x9}, {0xf, 0x8}, @result={0x0, 0x3}}, {0x8, 0x2, 0x4, 0x0, @time={0x6adad9d6, 0x1ff}, {0x9, 0x10}, {0x4, 0x8}, @raw32={[0x764, 0x4, 0x9]}}], 0xe0)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000100)=""/92, &(0x7f00000001c0)=0x11)

5.304399812s ago: executing program 1 (id=340):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt(r0, 0x84, 0x80, &(0x7f00000002c0)="1400000009000000", 0x8)

5.083195573s ago: executing program 1 (id=343):
bind$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x2}, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x3, @local, 0x40009}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(0xffffffffffffffff, 0x204)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000097000000000000000000000018110000", @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000058000000bf0900000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000", @ANYRES32], &(0x7f0000000040)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703110000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84d0", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x50, 0x2c, 0xd27, 0x170bd3b, 0x2, {0x0, 0x0, 0x0, r3, {0xa, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'hsr0\x00'}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x53f}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008014}, 0x2)

4.815920051s ago: executing program 1 (id=348):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x2)

4.601268513s ago: executing program 1 (id=350):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0x1000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x1, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc})
getpeername$tipc(0xffffffffffffffff, &(0x7f0000000080)=@name, &(0x7f0000000180)=0x10)
r4 = open(&(0x7f0000000040)='.\x00', 0x0, 0x6c)
fcntl$notify(r4, 0x402, 0x5)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
ftruncate(r5, 0x6000000)
ioctl$IOMMU_IOAS_UNMAP$ALL(0xffffffffffffffff, 0x3b86, &(0x7f00000012c0)={0x18})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000000680)={0x0, 0x0, {0x0, @struct}, {0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x2e, &(0x7f00000001c0)=ANY=[], 0x0)
sendmsg$NFT_BATCH(r5, 0x0, 0x1050)
r6 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x40, 0x0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r7, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000020000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000004000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x108)
ioctl$LOOP_CTL_REMOVE(r6, 0x4c81, 0x0)
symlink(&(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
file_setattr(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x6000, 0xfffffffc, 0xed, 0x0, 0x405}, 0x18, 0x1000)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @empty}, 0x1c)

4.007381579s ago: executing program 0 (id=352):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034060000014640000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000003800038034000080040001800c000540000000000000004914000b8010009eac4fd901006f626a72656600000c0004"], 0xd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

4.002956592s ago: executing program 0 (id=353):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000001300050000000900010073797a30000000002c000000030a05000000000000000000050000000900010073797a30000000000900030073797a30000000005c000000060a010400040000000000000500000008000b40000000000900010073797a300000000034000480300001800b00010074617267657400002000028008000300d614404208000240000000010c0001004e465155455545"], 0xd0}}, 0x0)

3.919033799s ago: executing program 0 (id=354):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_bond\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r2, &(0x7f0000000580)={&(0x7f00000002c0)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000000700)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x30}, 0x0)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7feee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
socket$packet(0x11, 0x3, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth0_to_bond\x00'}) (async)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x19ca, 0x4) (async)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) (async)
socket$rds(0x15, 0x5, 0x0) (async)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) (async)
sendmsg$inet(r2, &(0x7f0000000580)={&(0x7f00000002c0)={0x2, 0x4e23, @local}, 0x10, 0x0, 0x0, &(0x7f0000000700)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}], 0x30}, 0x0) (async)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7feee8140006001e0089e9aaa911d7c2290f0086dd1327c9167c642b4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c153cfdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) (async)

3.759820874s ago: executing program 0 (id=356):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r1, 0x18}, 0x38)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r2 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x161d21)
r3 = dup(r2)
write$6lowpan_enable(r3, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket(0x15, 0x80005, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
getsockopt(r4, 0x200000000114, 0x271a, 0xffffffffffffffff, &(0x7f0000000000)=0x7ffff000)

3.681070352s ago: executing program 0 (id=358):
syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582"], 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000280)={0x7})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0xffffffffffffffff, 0x0, 0x9}, 0x3})
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r1, 0x4068aea3, &(0x7f0000000200)={0xc1, 0x0, 0x1})
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f00000000c0)="af3e64f08189ef001601ba6100ec0f2264ba4100b80600ef660f38351d0f212666b94006000066b80000010066ba000000000f300f211a2e0f013c", 0x3b}], 0x1, 0xe, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0xffc3, 0x0, 0x3, 0x1}, 0x8)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.90270219s ago: executing program 3 (id=366):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'veth0_to_bond\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x92e5e}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x4}, @IFLA_VLAN_INGRESS_QOS={0x4}]}}}, @IFLA_LINK={0x4100, 0x5, r2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)

2.670304202s ago: executing program 3 (id=370):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000000)="660f388151ed67642e0f01c46766c7442400050000006766c7442402a5fa7a836766c744240600000000670f0114240f21340f08660f5f18baf80c66b8ea22d28d66efbafc0ced36650f092664f30fc77400640f01c9", 0x56}], 0x1, 0x53, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd9000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {}, {'\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008bc584c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f6f38740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a4900"}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fcc000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000000)="660f388151ed67642e0f01c46766c7442400050000006766c7442402a5fa7a836766c744240600000000670f0114240f21340f08660f5f18baf80c66b8ea22d28d66efbafc0ced36650f092664f30fc77400640f01c9", 0x56}], 0x1, 0x53, 0x0, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd9000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0xa, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94) (async)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {}, {'\x00', "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008bc584c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f6f38740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a4900"}}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)

2.44977644s ago: executing program 4 (id=372):
r0 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000540)={0x0, 0x0, 0x8, &(0x7f0000000040)={0x1, "fd5a44512b7e1b0020ed2abb4301002700"}})

2.389437905s ago: executing program 1 (id=373):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

2.203765087s ago: executing program 4 (id=374):
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000140)=@in6={0x21, 0x3, 0x2, 0x0, {0xa, 0x4e20, 0x4, @loopback, 0x7f}}, 0x44)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000040000701feffffff00000000017c0000040042880c00018006000600800a000014000280080018"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
write$nbd(r0, &(0x7f0000000340)=ANY=[], 0x40)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000600)={0x6, 0x0, @ioapic={0x0, 0x200009fc, 0x0, 0x0, 0x0, [{0x4, 0x7, 0xc5, '\x00', 0x81}, {0x4, 0x4, 0x8, '\x00', 0xc}, {0x0, 0xc, 0xfc, '\x00', 0x13}, {0xa, 0x10, 0x1d, '\x00', 0x1f}, {0xf, 0xfb, 0x2, '\x00', 0x3}, {0x0, 0x3, 0x7, '\x00', 0x78}, {0x4b, 0x8e, 0x7, '\x00', 0x4e}, {0x3, 0x9, 0x6, '\x00', 0x1}, {0x0, 0x18, 0x40, '\x00', 0x4}, {0xd, 0x1, 0x4, '\x00', 0x2}, {0x7f, 0xc, 0xff, '\x00', 0x9d}, {0x9, 0x1, 0x2, '\x00', 0x77}, {0x5, 0xa, 0x3b, '\x00', 0x2}, {0x7, 0x10, 0x8c, '\x00', 0x9}, {0xfe, 0xb, 0x1, '\x00', 0x44}, {0xe, 0x5, 0x4}, {0x8, 0x42, 0x7, '\x00', 0x8}, {0x6, 0x0, 0x2, '\x00', 0x42}, {0xed, 0x6, 0x8e, '\x00', 0x81}, {0x81, 0x0, 0x10, '\x00', 0x7}, {0x2, 0x8, 0x97, '\x00', 0x83}, {0x8, 0x29, 0x9b, '\x00', 0x4}, {0x7f, 0x4, 0x3, '\x00', 0xd3}, {0x0, 0x8, 0x3a, '\x00', 0x5}]}})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d002, 0x0)
r6 = accept4$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private2}, &(0x7f00000001c0)=0x1c, 0x0)
ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000000200)={'caif0\x00', 0x5})
r7 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x28011, r7, 0x2c93a000)
r8 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r8, 0xc4c85512, &(0x7f0000000b80)={{0x5, 0x3, 0x10, 0xfffffffc, 'syz1\x00', 0x1}, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})

1.841369999s ago: executing program 4 (id=375):
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd601823"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd69010000001406fffe800000000000000000000039fe8000000000000000000000000000aa4e224e24000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="51c2"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x10007, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00db6072000001ea89de2b4410000e60080b8785d960000100000000000000000000000000000000000527000", "2809e8dbe108598948224ad44afac11d875397bdb22d0000b420a1a93c5240f45f819ef6167d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000000000000000000100", [0x0, 0x2000000000001]}})

1.703621531s ago: executing program 3 (id=377):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=@framed={{}, [@jmp={0x4, 0x0, 0xc}]}, &(0x7f0000000040)='GPL\x00'}, 0x90)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r1) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b700000001c300ffc3000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a740000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48) (async)
sendto$inet6(r0, &(0x7f00000008c0)="20d3cc72", 0x4, 0xfb90, 0x0, 0x0)

1.618317138s ago: executing program 2 (id=378):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0x5015, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x8000, 0x5a)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x100000)

1.537033392s ago: executing program 3 (id=379):
futex(0x0, 0xd, 0x1, &(0x7f0000000440), 0x0, 0x1) (async)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0x3, &(0x7f0000000080)=0x1000, 0x4) (async)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f00000001c0)={0x10, 0x30, 0xfffffffb})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f00000002c0)) (async)
unshare(0x8040480) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) (async)
fstat(0xffffffffffffffff, 0x0)
r5 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x7, '\x00', @string=&(0x7f00000000c0)}}) (async)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x4e20, @multicast2}, 0x10) (async)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x260, 0xc8, 0xc8, 0x8, 0x0, 0x5803, 0x190, 0x2e8, 0x2e8, 0x190, 0x2e8, 0x3, 0x0, {[{{@ipv6={@private0={0xfc, 0x0, '\x00', 0x41}, @private1={0xfc, 0x1, '\x00', 0xfd}, [0xffffff00, 0xff000000, 0x0, 0xff000000], [0xff, 0x34da508f3e8fb0eb, 0xffffff00, 0xff], 'veth0_to_batadv\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x8, 0x7, 0x7, 0x4a}, 0x0, 0xa8, 0xc8, 0x0, {0x0, 0x2000000000000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xa8, 0xc8}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x31d) (async)
setsockopt$inet_tcp_int(r6, 0x6, 0x2, &(0x7f0000000040)=0xce, 0x4) (async)
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) (async)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_score_adj\x00')
write$tcp_mem(r8, &(0x7f0000000100)={0xffffffffffffffff, 0x20, 0x7418, 0x20, 0x6e}, 0x48) (async)
sendmsg$inet(r6, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xa2732}], 0x1}, 0x0) (async)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00')
ioctl$XFS_IOC_FD_TO_HANDLE(r4, 0xc038586a, &(0x7f0000000800)={r7, &(0x7f0000000700)='.-^\x00', 0x121800, &(0x7f0000000740)={@_ha_fsid={[0x147, 0x80]}, {0xfff3, 0x61, 0x6, 0x6}}, 0x7fff, &(0x7f0000000780)={@_ha_fsid}, &(0x7f00000007c0)=0x22acd7f6}) (async)
pread64(r9, &(0x7f0000019240)=""/102356, 0x18fd4, 0x200)

1.530980177s ago: executing program 4 (id=380):
bind$netlink(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x0, 0x25dfdbfb, 0x2}, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e24, 0x3, @local, 0x40009}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(0xffffffffffffffff, 0x204)
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000097000000000000000000000018110000", @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000058000000bf0900000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000", @ANYRES32], &(0x7f0000000040)='syzkaller\x00', 0xf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="5c00000013006bcd9e3fe3dc6e48aa310b6b8703110000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84d0f5d1938037e786a6d0bdd7fc", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4014)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtfilter={0x50, 0x2c, 0xd27, 0x170bd3b, 0x2, {0x0, 0x0, 0x0, r3, {0xa, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'hsr0\x00'}, @TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0x53f}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4008014}, 0x2)

1.475890957s ago: executing program 2 (id=381):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xca, r1, 0x18}, 0x38)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r2 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x161d21)
r3 = dup(r2)
write$6lowpan_enable(r3, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
unshare(0x4000400)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x271a, 0xffffffffffffffff, &(0x7f0000000000)=0x7ffff000)

1.388027436s ago: executing program 3 (id=382):
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fremovexattr(r2, &(0x7f0000000040)=@known='system.posix_acl_default\x00') (async)
socket(0x15, 0x5, 0x0) (async)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8) (async)
r4 = accept(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e1", 0x12}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) (async)
recvmsg(r4, &(0x7f000000b680)={0x0, 0xffffffffffffffc3, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0) (async)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x64}], 0x1, 0x14, 0x0, 0x0) (async)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r9 = accept$alg(r8, 0x0, 0x0)
sendmsg$alg(r9, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000780)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) (async)
write$binfmt_script(r9, &(0x7f0000000600), 0xfec8) (async)
recvmmsg(r9, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}, {&(0x7f0000000140)=""/9, 0x9}, {&(0x7f0000000300)=""/225, 0xe1}, {&(0x7f0000000400)=""/41, 0x29}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000009c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0x18}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902"], 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1.331781786s ago: executing program 2 (id=383):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)="aefdda9d240103005a90f57f02703aef26072a000000000000000200"/42, 0x2a}, {&(0x7f0000000200)="f3aa6735f976d34713e24675d62a0a6c6fc1afa0c0a14703bcccca201229ab5cbb7cf4d8", 0x24}], 0x2)

1.303066588s ago: executing program 4 (id=384):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_emit_ethernet(0x4f, &(0x7f0000000a80)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "370c89", 0x19, 0x84, 0xff, @rand_addr=' \x01\x00', @local, {[], "a5ba94e385673ccfd3fe184ab0643975bcc85fbf438632261b"}}}}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmmsg(0xffffffffffffffff, &(0x7f000000c7c0)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000200)}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000500)}], 0x5}}], 0x1, 0x20000001)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1c, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="dbaa7bc318"], 0x0, 0x1b, 0x0, 0x0, 0x0, 0x6f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000005c0)=""/151, 0x97}], 0x1, 0x0, 0xfffffffffffffeb4}, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x4c, &(0x7f0000000100)=ANY=[@ANYBLOB="a70b49c5294fbbbbbbbbbbbb86dd60010100001611ff00000000000000000000000000000000fe80000000000000e7ec3941000000aa00000e2200139078020300000000000000000000ffff"], 0x0)
recvmmsg(r1, &(0x7f0000006380)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x45833af92e4b39ff, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000001a00010040000080fbdbdf250a808000000000000000000008000100ac1414aa05001f"], 0x2c}}, 0x20000050)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd)
mount$fuse(0x0, 0x0, 0x0, 0x1800000, &(0x7f0000000280)=ANY=[@ANYRES16=r6])
fsopen(&(0x7f0000000000)='overlay\x00', 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000002140)=ANY=[])
r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
inotify_add_watch(r7, &(0x7f0000000040)='./file0\x00', 0x4000000)
ioctl$DVB_DVR_DMX_EXPBUF(r7, 0xc00c6f3e, &(0x7f0000000240)={0x3, 0x80000, r8})
write$nbd(r3, &(0x7f0000000100)={0x67446698, 0x1, 0xfffe, 0x1, 0x4, "7dc801dd1264facb2b885c0f69db5c14382201a536f7d8948a9e2c0a695642145d5d622d5dc12a8d160ef8685146bbbf37f0feb036027596047267323b520c49e5d1ec6a24a492503e91364b04f28df7d2c30c75a7a11a9b0404b7188897a7a0c55341164828e5095d5b517727d62d3670bf53e6ad27623ce24b9b342f37cc5f9cb8e25a8ca4f955ca381285d0d0770ed788183463a42ebdfcfcef55d9e1a9e45bca04ce7cfbf19733810955327fcf5fcc1f37b94c2a3526eed6ce23635ee95cc453b8fb31f7da8d19a82a47d07b866a63d829ff476033b30917db2183fc6b3c29b336f93712466ec6a38c05b38b9ff9c152411e19"}, 0xffffffffffffff73)

1.159387323s ago: executing program 2 (id=385):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
r2 = dup(r0)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000540)={0x0, 0xabb, 0x30}, 0xc)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000200)={0x0, 0xfd1c, 0x4, 0x400, 0xed, 0x1}, 0x14)
sendmmsg$inet6(r0, &(0x7f0000000000)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000140)="f6", 0x1}], 0x1}}], 0x3ffffffffffffd1, 0x7000000)

737.540737ms ago: executing program 3 (id=386):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$packet(0x11, 0x2, 0x300)
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r3 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000280)={0x8})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000400)=""/258, &(0x7f0000000100)=0x102)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000000), &(0x7f0000000040)={'L+', 0x59a27c59}, 0x16, 0x1)

281.850212ms ago: executing program 4 (id=387):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
writev(r0, &(0x7f0000000580)=[{&(0x7f00000000c0)="41f3d6f790694f00a3e8ccc5", 0xc}, {&(0x7f0000000480)="044796807eb4aa921f6fa93092d7fe4d32b133003fea37b44c9e1c5c768f542c14cd621100973580de8b0cd97c1c1bc83bbc7a17e59ec035b90d75729759d86f750cc0b93f39fc776e3b7902c326810ab7", 0x51}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x0, 0x4, 0x3, 0x9}, {0x42a3, 0xff, 0x9, 0x8001}, {0x5, 0xfa, 0x4, 0x5f57}]})
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0xfff, 0x2)
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000300), 0x4)
r2 = syz_open_dev$vbi(&(0x7f0000000380), 0x0, 0x2)
ptrace(0x10, 0x0)
ptrace$setregset(0x4205, 0x0, 0x1, 0x0)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfe00000}, 0x0, 0x0, &(0x7f0000000000))
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x2)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x1})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
pwritev(r4, &(0x7f0000000480)=[{0x0}, {0x0}, {&(0x7f00000003c0)="77cccb0deedbb94f1afd3ccb469a6721cc637e9cbc7f0685c4ab02897a615638b1ba209474e485e5c676dab2f779fc45e14a15eb8cab8dce71eaea08ea87db5609774523b75431043e4a32f82c5b61bea2b9b0eff207d81c7b175cfcb3e448d7fcac8844402e9401582eeb4a08d247096e183b9b7de727a818150a153b9397c4cc61a6bd461f30fb84b679bca11d47c56904a9d359442a5c3693048b8aa179cf9385", 0xa2}, {0x0}, {&(0x7f0000000300)}], 0x5, 0x8, 0x20000006)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0, 0x4b}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0xe9b, 0x2, 0xd, 0x7f, 0x44233, 0x9, 0x80, 0x941, 0x8001, 0x1005, 0x4, 0x4, 0x0, 0xfffffdfffffffffd], 0xb000, 0x84340})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@newlink={0x50, 0x10, 0x1, 0x70bda9, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x4236, 0x11a20}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc, 0x9, {0x6, 0x7}}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0xc1}, 0x800)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x52, 0x6, 0x40, '\x00', 0x10000})

159.222994ms ago: executing program 2 (id=388):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = dup3(r1, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1, 0xf, &(0x7f0000000380)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x57}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x102}}}, &(0x7f0000000000)='syzkaller\x00', 0x4}, 0x94)

0s ago: executing program 2 (id=389):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'hsr0\x00', <r1=>0x0})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha1\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000017010000030000000100000000000000180000000018000000000000000009fb414aeb1c2e5f3c385b5af8cf981a060000000040000000002b"], 0x30, 0x4040081}], 0x1, 0x40800)
socket$nl_route(0x10, 0x3, 0x0)
r4 = openat$rdma_cm(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CONNECT(r4, &(0x7f0000000180)={0x6, 0x118, 0xfa00, {{0x1875, 0x2, "555e4127810627c3e69211d6a03e4e1d92a707db1545d8cbb1f445232dc51caedcaea98ec0d91063e97d2455b8b7510b49808cd8bb605513009e2aed8952c324677e856e40245046f3661e45f759575e85c0ba529015e2e162f779aaa45ba07aa29d4175ee6375288679ee0eca05e457eaf8bd2fb090ce1f7fd6557e97b4f283ccdeef39749657b30c119617bff5cb6d2a7f41cc20574e33df981a02631ef5cfa088031b379a186aebcd1d6862a1ed0794106bc22a8b870641816c13ad8f2197c3fd82fcb70ea69d432fcd614c59195872dc81e7412b09dc969dcba6a054a7a3064a09e2a6f987160ddb55a6dc7ab37721c720ac83a64570c1b8d18965f883fb", 0x5, 0x10, 0x9, 0x8, 0x8, 0xff, 0x5}}}, 0x120)
ioctl(r4, 0x8b1b, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r7, 0xc008ae88, &(0x7f0000000040)={0xfdfd, 0x0, [{0xc001001b, 0x0, 0x2}]})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r10, 0x0, 0x0)
sendmmsg$alg(r10, &(0x7f0000002300)=[{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f00000003c0)="aa7742d1fd451005faed417201883804b19abd7cc919ab4713e3458f4f82db64ec27104aede175f5d48b06721925533b9ebf0c37c1274277718343222856b8498763163dacbde25510", 0x49}, {0x0}], 0x2, &(0x7f0000001d40)=[@assoc={0x18, 0x117, 0x4, 0x9}], 0x18, 0x40014}, {0x0, 0x0, &(0x7f0000001f40)=[{&(0x7f0000001e40)}], 0x1, &(0x7f0000001f80)=[@op={0x18}], 0x18, 0x24004850}, {0x0, 0x0, &(0x7f0000002140)=[{0x0}, {&(0x7f00000020c0)="1d12171a27b07a46e14cd9a5a028bd", 0xf}, {&(0x7f0000002100)}], 0x3, 0x0, 0x0, 0x80}], 0x3, 0x10)
getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r11, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
syz_genetlink_get_family_id$team(0x0, r9)
r12 = socket$nl_route(0x10, 0x3, 0x0)
r13 = socket(0x1, 0x803, 0x0)
getsockname$packet(r13, &(0x7f0000000100)={0x11, 0x0, <r14=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r12, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x50, 0x10, 0x403, 0x58bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x20}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r14}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x37}}]}, 0x50}, 0x1, 0x0, 0x0, 0x600}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r11}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_ifreq(r8, 0x8992, &(0x7f0000000200)={'vlan1\x00', @ifru_mtu=0x160000})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000180)={r1, 0x1, 0x6}, 0x10)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.19' (ED25519) to the list of known hosts.
[   65.906213][ T5611] cgroup: Unknown subsys name 'net'
[   66.041778][ T5611] cgroup: Unknown subsys name 'cpuset'
[   66.050014][ T5611] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   67.417132][ T5611] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   69.704106][ T5627] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   69.705609][ T5625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   69.713202][ T5627] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   69.727026][ T5625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   69.727611][ T5627] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   69.742842][ T5625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   69.746426][ T5627] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   69.760430][ T5627] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   69.767918][ T5629] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   69.770791][ T5627] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   69.790873][ T5627] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   69.798770][ T5627] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   69.801253][ T5629] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   69.823758][ T4945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   69.834299][ T5627] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   69.844234][ T5627] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   69.857228][ T5625] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   69.857951][ T4945] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   69.865765][ T5625] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   69.874272][ T4945] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   69.887832][ T4945] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   69.888042][ T5625] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   69.895729][ T4945] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   69.903063][ T5625] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   69.909943][ T4945] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   70.866307][ T5641] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.873650][ T5641] bridge0: port 1(bridge_slave_0) entered disabled state
[   70.882145][ T5641] bridge_slave_0: entered allmulticast mode
[   70.890665][ T5641] bridge_slave_0: entered promiscuous mode
[   70.922488][ T5641] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.929714][ T5641] bridge0: port 2(bridge_slave_1) entered disabled state
[   70.936923][ T5641] bridge_slave_1: entered allmulticast mode
[   70.943885][ T5641] bridge_slave_1: entered promiscuous mode
[   71.046419][ T5636] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.053678][ T5636] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.061031][ T5636] bridge_slave_0: entered allmulticast mode
[   71.068235][ T5636] bridge_slave_0: entered promiscuous mode
[   71.086669][ T5641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.095980][ T5639] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.103632][ T5639] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.111868][ T5639] bridge_slave_0: entered allmulticast mode
[   71.119511][ T5639] bridge_slave_0: entered promiscuous mode
[   71.135996][ T5636] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.143200][ T5636] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.150624][ T5636] bridge_slave_1: entered allmulticast mode
[   71.157691][ T5636] bridge_slave_1: entered promiscuous mode
[   71.164523][ T5640] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.171840][ T5640] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.180067][ T5640] bridge_slave_0: entered allmulticast mode
[   71.187127][ T5640] bridge_slave_0: entered promiscuous mode
[   71.196503][ T5641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.218489][ T5639] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.225826][ T5639] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.234257][ T5639] bridge_slave_1: entered allmulticast mode
[   71.241183][ T5639] bridge_slave_1: entered promiscuous mode
[   71.273376][ T5640] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.280547][ T5640] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.287815][ T5640] bridge_slave_1: entered allmulticast mode
[   71.294712][ T5640] bridge_slave_1: entered promiscuous mode
[   71.346712][ T5641] team0: Port device team_slave_0 added
[   71.355096][ T5639] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.375208][ T5636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.395457][ T5641] team0: Port device team_slave_1 added
[   71.403405][ T5639] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.424804][ T5637] bridge0: port 1(bridge_slave_0) entered blocking state
[   71.430243][ T1316] ieee802154 phy0 wpan0: encryption failed: -22
[   71.432981][ T5637] bridge0: port 1(bridge_slave_0) entered disabled state
[   71.438881][ T1316] ieee802154 phy1 wpan1: encryption failed: -22
[   71.446584][ T5637] bridge_slave_0: entered allmulticast mode
[   71.459528][ T5637] bridge_slave_0: entered promiscuous mode
[   71.469830][ T5636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.481194][ T5640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.513889][ T5637] bridge0: port 2(bridge_slave_1) entered blocking state
[   71.521267][ T5637] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.528575][ T5637] bridge_slave_1: entered allmulticast mode
[   71.535525][ T5637] bridge_slave_1: entered promiscuous mode
[   71.554012][ T5640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.574814][ T5639] team0: Port device team_slave_0 added
[   71.609586][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.616656][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.642710][ T5641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.656074][ T5639] team0: Port device team_slave_1 added
[   71.672636][ T5636] team0: Port device team_slave_0 added
[   71.689690][ T5641] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.696754][ T5641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.722919][ T5641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   71.745287][ T5637] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   71.756335][ T5636] team0: Port device team_slave_1 added
[   71.771518][ T5640] team0: Port device team_slave_0 added
[   71.801124][ T5637] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   71.821628][ T5640] team0: Port device team_slave_1 added
[   71.827911][ T5627] Bluetooth: hci1: command tx timeout
[   71.837403][ T5627] Bluetooth: hci0: command tx timeout
[   71.844106][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.851127][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.877361][ T5639] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.898993][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_0
[   71.905944][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.932012][ T5636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   71.938568][ T5627] Bluetooth: hci2: command tx timeout
[   71.964460][ T5639] batman_adv: batadv0: Adding interface: batadv_slave_1
[   71.971587][ T5639] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   71.998184][ T5627] Bluetooth: hci3: command tx timeout
[   71.998210][ T4945] Bluetooth: hci4: command tx timeout
[   71.998497][ T5639] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.030485][ T5636] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.037553][ T5636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.063571][ T5636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.090143][ T5641] hsr_slave_0: entered promiscuous mode
[   72.096752][ T5641] hsr_slave_1: entered promiscuous mode
[   72.111915][ T5637] team0: Port device team_slave_0 added
[   72.123407][ T5640] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.130917][ T5640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.157006][ T5640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.169361][ T5640] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.176332][ T5640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.203314][ T5640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.224331][ T5637] team0: Port device team_slave_1 added
[   72.281866][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_0
[   72.289009][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.315043][ T5637] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   72.360128][ T5637] batman_adv: batadv0: Adding interface: batadv_slave_1
[   72.367397][ T5637] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   72.393380][ T5637] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   72.409216][ T5639] hsr_slave_0: entered promiscuous mode
[   72.415513][ T5639] hsr_slave_1: entered promiscuous mode
[   72.422094][ T5639] debugfs: 'hsr0' already exists in 'hsr'
[   72.428145][ T5639] Cannot create hsr debugfs directory
[   72.449176][ T5636] hsr_slave_0: entered promiscuous mode
[   72.455426][ T5636] hsr_slave_1: entered promiscuous mode
[   72.461686][ T5636] debugfs: 'hsr0' already exists in 'hsr'
[   72.467544][ T5636] Cannot create hsr debugfs directory
[   72.494830][ T5640] hsr_slave_0: entered promiscuous mode
[   72.501213][ T5640] hsr_slave_1: entered promiscuous mode
[   72.507562][ T5640] debugfs: 'hsr0' already exists in 'hsr'
[   72.513307][ T5640] Cannot create hsr debugfs directory
[   72.641892][ T5637] hsr_slave_0: entered promiscuous mode
[   72.648174][ T5637] hsr_slave_1: entered promiscuous mode
[   72.654209][ T5637] debugfs: 'hsr0' already exists in 'hsr'
[   72.660152][ T5637] Cannot create hsr debugfs directory
[   73.080129][ T5641] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   73.093305][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   73.101760][ T5641] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   73.111677][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   73.121656][ T5641] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   73.130816][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   73.147437][ T5641] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   73.157945][ T5641] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   73.220925][ T5639] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   73.231240][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   73.242200][ T5639] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   73.253255][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   73.261470][ T5639] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   73.271960][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   73.280942][ T5639] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   73.290749][ T5639] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   73.391741][ T5636] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   73.401748][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   73.410348][ T5636] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   73.421278][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   73.435693][ T5636] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   73.445875][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   73.454307][ T5636] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   73.463604][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   73.562113][ T5640] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   73.574767][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   73.583131][ T5640] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   73.594187][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   73.602997][ T5640] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   73.613126][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   73.622763][ T5641] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.640278][ T5640] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   73.650020][ T5640] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   73.755284][ T5639] 8021q: adding VLAN 0 to HW filter on device bond0
[   73.762740][ T5637] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   73.772822][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[   73.781591][ T5637] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   73.791238][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[   73.801246][ T5641] 8021q: adding VLAN 0 to HW filter on device team0
[   73.815432][ T5637] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   73.825428][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[   73.834346][ T5637] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   73.843651][ T5637] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[   73.868901][  T170] bridge0: port 1(bridge_slave_0) entered blocking state
[   73.876090][  T170] bridge0: port 1(bridge_slave_0) entered forwarding state
[   73.909305][ T5627] Bluetooth: hci0: command tx timeout
[   73.909795][ T4945] Bluetooth: hci1: command tx timeout
[   73.930653][ T5639] 8021q: adding VLAN 0 to HW filter on device team0
[   73.941244][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   73.948458][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   73.987159][ T4945] Bluetooth: hci2: command tx timeout
[   73.999658][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.006991][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.037407][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.044535][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.068768][ T4945] Bluetooth: hci4: command tx timeout
[   74.068779][ T5627] Bluetooth: hci3: command tx timeout
[   74.090678][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.171827][ T5636] 8021q: adding VLAN 0 to HW filter on device team0
[   74.192744][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.200009][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.226569][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.233761][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.264597][ T5641] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.300752][ T5640] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.335959][ T5637] 8021q: adding VLAN 0 to HW filter on device bond0
[   74.375855][ T5639] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.396555][ T5640] 8021q: adding VLAN 0 to HW filter on device team0
[   74.421691][ T5637] 8021q: adding VLAN 0 to HW filter on device team0
[   74.437428][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.444564][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.466185][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.473343][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.494379][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   74.501561][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   74.528062][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   74.535209][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   74.549883][ T5641] veth0_vlan: entered promiscuous mode
[   74.582173][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.602914][ T5641] veth1_vlan: entered promiscuous mode
[   74.668990][ T5639] veth0_vlan: entered promiscuous mode
[   74.694152][ T5637] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   74.728155][ T5639] veth1_vlan: entered promiscuous mode
[   74.744731][ T5641] veth0_macvtap: entered promiscuous mode
[   74.754870][ T5641] veth1_macvtap: entered promiscuous mode
[   74.804602][ T5636] veth0_vlan: entered promiscuous mode
[   74.822104][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_0
[   74.841945][ T5641] batman_adv: batadv0: Interface activated: batadv_slave_1
[   74.855117][ T5636] veth1_vlan: entered promiscuous mode
[   74.871590][ T5640] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.893257][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   74.912211][ T5637] 8021q: adding VLAN 0 to HW filter on device batadv0
[   74.921255][ T5639] veth0_macvtap: entered promiscuous mode
[   74.931453][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   74.940868][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   74.972335][ T5639] veth1_macvtap: entered promiscuous mode
[   74.980995][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.059647][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.091642][ T5639] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.102957][ T5636] veth0_macvtap: entered promiscuous mode
[   75.125561][  T170] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.138634][ T5636] veth1_macvtap: entered promiscuous mode
[   75.143776][  T170] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.158667][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.167742][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.191776][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.218496][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.246475][ T5637] veth0_vlan: entered promiscuous mode
[   75.254762][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.264674][ T5640] veth0_vlan: entered promiscuous mode
[   75.284827][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.298589][ T3288] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.309609][ T3288] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.326545][   T57] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.336431][   T57] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.370685][ T5640] veth1_vlan: entered promiscuous mode
[   75.392603][ T5637] veth1_vlan: entered promiscuous mode
[   75.401126][   T57] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.431438][   T57] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.436092][ T5641] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   75.534935][ T1015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.562518][ T1015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.630938][   T31] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.639877][   T31] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.698728][ T5637] veth0_macvtap: entered promiscuous mode
[   75.735478][   T31] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.740274][ T5637] veth1_macvtap: entered promiscuous mode
[   75.759266][   T31] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.770516][ T5640] veth0_macvtap: entered promiscuous mode
[   75.836546][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.854019][ T5640] veth1_macvtap: entered promiscuous mode
[   75.875059][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.939699][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.981156][ T5637] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.988568][ T4945] Bluetooth: hci0: command tx timeout
[   76.000224][ T4945] Bluetooth: hci1: command tx timeout
[   76.014077][ T5640] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.064998][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.077163][ T4945] Bluetooth: hci2: command tx timeout
[   76.091086][ T5640] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.119691][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.139388][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.148365][ T4945] Bluetooth: hci3: command tx timeout
[   76.149105][ T5627] Bluetooth: hci4: command tx timeout
[   76.181810][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.193402][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.225013][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.253444][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.272464][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.378094][ T5712] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   76.440366][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.448281][ T5730] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET)
[   76.462490][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.542696][ T5737] x_tables: duplicate underflow at hook 2
[   76.572259][ T5712] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   76.572310][ T5712] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   76.572329][ T5712] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[   76.572374][ T5712] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   76.572398][ T5712] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   76.574625][ T5712] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   76.574655][ T5712] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   76.574946][ T5712] usb 3-1: Product: syz
[   76.574964][ T5712] usb 3-1: Manufacturer: syz
[   76.579706][ T1015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.642207][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.655894][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.686356][ T5712] cdc_wdm 3-1:1.0: skipping garbage
[   76.700751][ T5712] cdc_wdm 3-1:1.0: skipping garbage
[   76.705425][ T1015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.726496][ T5712] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[   76.735160][ T5712] cdc_wdm 3-1:1.0: Unknown control protocol
[   76.850219][  T170] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.876066][  T170] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   77.044305][ T5742] syzkaller0: entered promiscuous mode
[   77.062812][ T5742] syzkaller0: entered allmulticast mode
[   77.167961][ T5742] tipc: Started in network mode
[   77.190086][ T5742] tipc: Node identity 86db011ddc85, cluster identity 4711
[   77.211691][ T5742] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   77.242961][ T5754] netlink: 'syz.4.14': attribute type 1 has an invalid length.
[   77.254580][ T5741] tipc: Resetting bearer <eth:syzkaller0>
[   77.256409][ T5756] capability: warning: `syz.3.4' uses 32-bit capabilities (legacy support in use)
[   77.281738][ T5741] tipc: Disabling bearer <eth:syzkaller0>
[   77.333343][ T5749] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   77.499306][ T5762] netlink: 48 bytes leftover after parsing attributes in process `syz.1.15'.
[   77.526968][ T5684] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   77.652124][ T5711] usb 3-1: USB disconnect, device number 2
[   77.678374][ T5767] netlink: 20 bytes leftover after parsing attributes in process `syz.3.17'.
[   77.697398][ T5684] usb 1-1: Using ep0 maxpacket: 16
[   77.702823][ T5767] netlink: 12 bytes leftover after parsing attributes in process `syz.3.17'.
[   77.729620][ T5684] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   77.739720][ T5767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17'.
[   77.740768][ T5769] netlink: 'syz.1.18': attribute type 4 has an invalid length.
[   77.768621][ T5684] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   77.793313][   T29] audit: type=1326 audit(1777599287.409:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   77.793726][ T5684] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   77.854081][ T5765] netlink: 16 bytes leftover after parsing attributes in process `syz.4.16'.
[   77.879556][   T29] audit: type=1326 audit(1777599287.419:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   77.927658][ T5684] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   77.927956][ T5765] netlink: 16 bytes leftover after parsing attributes in process `syz.4.16'.
[   77.948668][ T5684] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.974048][   T29] audit: type=1326 audit(1777599287.419:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   77.978595][ T5684] usb 1-1: Product: syz
[   78.028824][   T29] audit: type=1326 audit(1777599287.419:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.069452][   T29] audit: type=1326 audit(1777599287.469:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.080576][ T5627] Bluetooth: hci1: command tx timeout
[   78.098117][ T4945] Bluetooth: hci0: command tx timeout
[   78.115846][   T29] audit: type=1326 audit(1777599287.469:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.120113][ T5684] usb 1-1: Manufacturer: syz
[   78.149332][ T4945] Bluetooth: hci2: command tx timeout
[   78.171780][   T29] audit: type=1326 audit(1777599287.469:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.199829][   T29] audit: type=1326 audit(1777599287.469:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.207477][ T5684] usb 1-1: SerialNumber: syz
[   78.224959][   T29] audit: type=1326 audit(1777599287.469:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.266091][ T4945] Bluetooth: hci4: command tx timeout
[   78.266190][ T5627] Bluetooth: hci3: command tx timeout
[   78.271931][   T29] audit: type=1326 audit(1777599287.469:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5763 comm="syz.4.16" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   78.355956][ T5684] usb 1-1: 0:2 : does not exist
[   78.385774][ T5776] hsr0: entered promiscuous mode
[   78.409800][ T5776] Zero length message leads to an empty skb
[   78.587773][ T5781] syzkaller0: entered promiscuous mode
[   78.618038][ T5781] syzkaller0: entered allmulticast mode
[   78.741090][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.748749][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.755574][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.762441][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.769276][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.776098][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.782947][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.789782][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.796623][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.803467][ T5781] tc action pedit offset must be on 32 bit boundaries
[   78.810509][ T5781] 0: reclassify loop, rule prio 0, protocol 800
[   78.984435][ T5791] loop2: detected capacity change from 0 to 7
[   79.022401][ T5791] Dev loop2: unable to read RDB block 7
[   79.033081][ T5753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.051690][ T5791]  loop2: unable to read partition table
[   79.060455][ T5753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.069442][ T5791] loop2: partition table beyond EOD, truncated
[   79.076324][ T5791] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[   79.572956][ T5757] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   79.573323][ T5757] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   79.599487][ T5799] netlink: 44 bytes leftover after parsing attributes in process `syz.3.26'.
[   79.612265][ T5799] netlink: 'syz.3.26': attribute type 39 has an invalid length.
[   79.842942][ T5684] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[   80.052449][ T5684] usb 1-1: USB disconnect, device number 2
[   80.440413][ T5816] netlink: 20 bytes leftover after parsing attributes in process `syz.4.32'.
[   80.665881][ T5820] hsr0: entered promiscuous mode
[   81.429047][ T5832] hsr0: entered promiscuous mode
[   81.483497][ T5832] netlink: 4 bytes leftover after parsing attributes in process `syz.3.36'.
[   81.757037][   T54] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   81.956924][   T54] usb 1-1: Using ep0 maxpacket: 32
[   81.957012][  T992] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   81.968571][   T54] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[   82.001903][   T54] usb 1-1: config 0 has no interface number 0
[   82.023446][   T54] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[   82.045811][   T54] usb 1-1: config 0 interface 89 has no altsetting 0
[   82.072221][   T54] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[   82.087530][   T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.106484][   T54] usb 1-1: Product: syz
[   82.118464][   T54] usb 1-1: Manufacturer: syz
[   82.129250][   T54] usb 1-1: SerialNumber: syz
[   82.153335][   T54] usb 1-1: config 0 descriptor??
[   82.175470][   T54] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[   82.197905][   T54] em28xx 1-1:0.89: Video interface 89 found:
[   82.246043][  T992] usb 2-1: unable to get BOS descriptor or descriptor too short
[   82.267922][ T5684] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   82.286308][  T992] usb 2-1: unable to read config index 0 descriptor/start: -71
[   82.304552][  T992] usb 2-1: can't read configurations, error -71
[   82.447092][ T5684] usb 5-1: Using ep0 maxpacket: 32
[   82.454872][ T5684] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   82.472762][ T5684] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   82.489370][ T5684] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   82.499907][ T5684] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   82.514361][ T5684] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   82.524665][ T5684] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   82.542598][ T5684] usb 5-1: New USB device found, idVendor=04e7, idProduct=6651, bcdDevice=ba.8a
[   82.554368][ T5684] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.562696][ T5684] usb 5-1: Product: syz
[   82.567045][ T5684] usb 5-1: Manufacturer: syz
[   82.571758][ T5684] usb 5-1: SerialNumber: syz
[   82.589731][ T5684] usb 5-1: config 0 descriptor??
[   82.609538][ T5684] rndis_host 5-1:0.0: rndis: master #0/ffff8880585d3000 slave #1/0000000000000000
[   82.623374][ T5684] cdc_acm 5-1:0.0: Zero length descriptor references
[   82.631219][ T5684] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22
[   82.672404][ T5851] hsr0: entered promiscuous mode
[   82.780842][   T54] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[   82.837157][   T29] kauditd_printk_skb: 31 callbacks suppressed
[   82.837176][   T29] audit: type=1326 audit(1777599292.459:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   82.868145][ T5844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'.
[   82.898247][ T5844] netlink: 16 bytes leftover after parsing attributes in process `syz.4.43'.
[   82.990683][   T29] audit: type=1326 audit(1777599292.459:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.029144][   T29] audit: type=1326 audit(1777599292.469:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.030303][ T5859] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   83.112630][   T29] audit: type=1326 audit(1777599292.469:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.171944][   T29] audit: type=1326 audit(1777599292.469:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.211610][   T29] audit: type=1326 audit(1777599292.469:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.241581][ T5859] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   83.297589][   T29] audit: type=1326 audit(1777599292.469:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.335202][ T5844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.43'.
[   83.362855][   T29] audit: type=1326 audit(1777599292.469:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.394542][   T29] audit: type=1326 audit(1777599292.469:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.420905][   T29] audit: type=1326 audit(1777599292.469:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5843 comm="syz.4.43" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11fdd9cdd9 code=0x7ffc0000
[   83.447138][   T54] em28xx 1-1:0.89: read from i2c device at 0xa0 failed with unknown error (status=64)
[   83.450170][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   83.459216][ T5844] erspan0: entered promiscuous mode
[   83.473853][   T54] em28xx 1-1:0.89: board has no eeprom
[   83.505369][ T5844] erspan0: left promiscuous mode
[   83.567321][  T992] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[   83.670834][   T10] usb 4-1: config 1 has an invalid interface number: 7 but max is 0
[   83.682496][   T10] usb 4-1: config 1 has no interface number 0
[   83.690766][ T5843] ALSA: mixer_oss: invalid OSS volume 'u'
[   83.696733][   T10] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[   83.707790][   T54] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[   83.707851][   T54] em28xx 1-1:0.89: analog set to bulk mode.
[   83.709886][   T24] em28xx 1-1:0.89: Registering V4L2 extension
[   83.735746][ T5698] usb 5-1: USB disconnect, device number 2
[   83.736351][   T10] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0x24, changing to 0x4
[   83.746283][   T54] usb 1-1: USB disconnect, device number 3
[   83.764422][  T992] usb 2-1: not running at top speed; connect to a high speed hub
[   83.784578][  T992] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[   83.796547][  T992] usb 2-1: config 127 has 1 interface, different from the descriptor's value: 2
[   83.809847][   T10] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 608
[   83.824788][   T54] em28xx 1-1:0.89: Disconnecting em28xx
[   83.836510][  T992] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=e5.46
[   83.856186][   T10] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   83.874018][  T992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.890917][  T992] usb 2-1: Product: syz
[   83.904021][   T10] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[   83.919660][  T992] usb 2-1: Manufacturer: syz
[   83.925065][  T992] usb 2-1: SerialNumber: syz
[   83.926472][   T24] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[   83.930205][ T5691] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   83.947781][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.963605][   T10] usb 4-1: Product: syz
[   83.972521][   T10] usb 4-1: Manufacturer: syz
[   83.977413][   T24] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[   83.977851][   T10] usb 4-1: SerialNumber: syz
[   83.993873][   T24] em28xx 1-1:0.89: No AC97 audio processor
[   84.027667][   T24] usb 1-1: Decoder not found
[   84.028321][ T5855] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[   84.041533][ T5855] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[   84.049401][   T24] em28xx 1-1:0.89: failed to create media graph
[   84.063835][   T10] usb 4-1: Error in usbnet_get_endpoints (-22)
[   84.075432][   T24] em28xx 1-1:0.89: V4L2 device video103 deregistered
[   84.111476][ T5691] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   84.125458][ T5691] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   84.138074][ T5691] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   84.147662][ T5691] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.147981][   T24] em28xx 1-1:0.89: Registering snapshot button...
[   84.183380][ T5869] raw-gadget.5 gadget.2: fail, usb_ep_enable returned -22
[   84.202665][ T5691] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[   84.314661][   T24] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input5
[   84.440387][   T24] em28xx 1-1:0.89: Remote control support is not available for this card.
[   84.467723][ T5873] netlink: 20 bytes leftover after parsing attributes in process `syz.0.52'.
[   84.485718][   T54] em28xx 1-1:0.89: Closing input extension
[   84.522607][   T54] em28xx 1-1:0.89: Deregistering snapshot button
[   84.529637][ T5873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.52'.
[   84.529713][ T5873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.52'.
[   84.775938][   T54] em28xx 1-1:0.89: Freeing device
[   84.871494][   T24] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   85.029937][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[   85.050527][   T24] usb 5-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[   85.077872][   T24] usb 5-1: config 127 has 1 interface, different from the descriptor's value: 2
[   85.110417][   T24] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=e5.46
[   85.131175][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.150346][   T24] usb 5-1: Product: syz
[   85.159374][   T24] usb 5-1: Manufacturer: syz
[   85.169540][   T24] usb 5-1: SerialNumber: syz
[   85.584250][   T24] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[   85.633015][   T24] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   85.693895][   T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[   85.724467][   T24] usb 5-1: USB disconnect, device number 3
[   86.290613][ T5691] usb 4-1: USB disconnect, device number 2
[   86.345858][  T992] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[   86.413184][  T992] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[   86.450425][  T992] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[   86.510763][  T992] usb 2-1: USB disconnect, device number 4
[   86.790091][ T5907] xt_TCPMSS: Only works on TCP SYN packets
[   86.829820][    T9] cfg80211: failed to load regulatory.db
[   86.959713][  T992] usb 3-1: USB disconnect, device number 3
[   87.580713][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.589468][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.641201][ T5924] netlink: 104 bytes leftover after parsing attributes in process `syz.2.64'.
[   87.713891][ T5919] bridge_slave_0: left allmulticast mode
[   87.730572][ T5919] bridge_slave_0: left promiscuous mode
[   87.744480][ T5919] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.755239][ T5926] netlink: 36 bytes leftover after parsing attributes in process `syz.2.67'.
[   87.799891][ T5919] bridge_slave_1: left allmulticast mode
[   87.808483][ T5919] bridge_slave_1: left promiscuous mode
[   87.818219][ T5919] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.943444][ T5919] bond0: (slave bond_slave_0): Releasing backup interface
[   87.989303][ T5919] bond0: (slave bond_slave_1): Releasing backup interface
[   88.031202][ T5919] team0: Port device team_slave_0 removed
[   88.091639][ T5919] team0: Port device team_slave_1 removed
[   88.133806][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.155482][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_0
[   88.179578][ T5919] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   88.197341][ T5919] batman_adv: batadv0: Removing interface: batadv_slave_1
[   88.223837][ T5919] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   88.597042][ T5936] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   88.713318][ T5936] Cannot find add_set index 0 as target
[   88.954741][ T5948] netlink: 'syz.0.72': attribute type 9 has an invalid length.
[   88.993613][ T5948] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'.
[   90.072868][ T5970] netlink: 20 bytes leftover after parsing attributes in process `syz.1.82'.
[   90.646962][ T5987] netlink: 'syz.1.89': attribute type 5 has an invalid length.
[   90.675512][ T5987] netlink: 16 bytes leftover after parsing attributes in process `syz.1.89'.
[   90.721565][ T5989] syzkaller0: entered promiscuous mode
[   90.734434][ T5989] syzkaller0: entered allmulticast mode
[   90.756715][ T5993] netlink: 28 bytes leftover after parsing attributes in process `syz.1.92'.
[   90.756788][ T5989] tcf_pedit_act: 7 callbacks suppressed
[   90.756799][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.779077][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.785860][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.792737][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.799605][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.806394][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.813263][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.820082][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.826930][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.833700][ T5989] tc action pedit offset must be on 32 bit boundaries
[   90.840487][ T5989] 0: reclassify loop, rule prio 0, protocol 800
[   90.927001][ T5691] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   90.963310][ T5998] netlink: 12 bytes leftover after parsing attributes in process `syz.1.94'.
[   91.032081][ T5998] 8021q: adding VLAN 0 to HW filter on device bond2
[   91.032925][ T6002] xt_nfacct: accounting object `syz1' does not exist
[   91.056511][ T6000] bond2: (slave gretap1): Enslaving as an active interface with an up link
[   91.086944][ T5691] usb 3-1: Using ep0 maxpacket: 16
[   91.100925][ T5691] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   91.135812][ T5691] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   91.173676][ T5691] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   91.220410][ T5691] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   91.242285][ T5691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.261396][ T5691] usb 3-1: Product: syz
[   91.275923][ T5691] usb 3-1: Manufacturer: syz
[   91.291365][ T5691] usb 3-1: SerialNumber: syz
[   91.304962][ T6011] IPVS: sync thread started: state = BACKUP, mcast_ifn = batadv0, syncid = 2, id = 0
[   91.356504][ T5691] usb 3-1: 0:2 : does not exist
[   91.490435][ T6017] loop2: detected capacity change from 0 to 7
[   91.503122][ T6017] Dev loop2: unable to read RDB block 7
[   91.514253][ T6017]  loop2: AHDI p1 p2
[   91.514654][ T6019] No such timeout policy "syz0"
[   91.524298][ T6017] loop2: partition table partially beyond EOD, truncated
[   91.532766][ T6017] loop2: p1 start 1818582900 is beyond EOD, truncated
[   91.751196][   T29] kauditd_printk_skb: 21 callbacks suppressed
[   91.751213][   T29] audit: type=1800 audit(1777599301.379:74): pid=5991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.91" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[   91.892216][ T6029] netlink: 20 bytes leftover after parsing attributes in process `syz.1.106'.
[   91.977017][   T54] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   92.068987][  T992] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   92.124692][ T5691] usb 3-1: USB disconnect, device number 4
[   92.157194][   T54] usb 1-1: Using ep0 maxpacket: 32
[   92.179731][   T54] usb 1-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[   92.190890][ T5632] udevd[5632]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   92.206313][   T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.231972][   T54] usb 1-1: Product: syz
[   92.236974][  T992] usb 5-1: Using ep0 maxpacket: 8
[   92.243791][  T992] usb 5-1: config 0 has no interfaces?
[   92.244723][   T54] usb 1-1: Manufacturer: syz
[   92.250667][  T992] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   92.275660][   T54] usb 1-1: SerialNumber: syz
[   92.276648][  T992] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.298384][   T54] usb 1-1: config 0 descriptor??
[   92.315162][  T992] usb 5-1: config 0 descriptor??
[   92.540194][ T6027] netlink: 28 bytes leftover after parsing attributes in process `syz.4.105'.
[   92.566468][ T6027] netlink: 'syz.4.105': attribute type 7 has an invalid length.
[   92.593813][ T6027] netlink: 'syz.4.105': attribute type 8 has an invalid length.
[   92.630857][ T6027] netlink: 4 bytes leftover after parsing attributes in process `syz.4.105'.
[   92.757504][   T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   92.827196][ T6044] batadv0: entered promiscuous mode
[   92.834839][ T5691] usb 5-1: USB disconnect, device number 4
[   92.845728][ T6041] x_tables: duplicate underflow at hook 3
[   92.917122][   T24] usb 4-1: device descriptor read/64, error -71
[   92.933680][   T54] peak_usb 1-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[   92.972097][   T54] peak_usb 1-1:0.0 can0: sending command failure: -22
[   92.986921][   T54] peak_usb 1-1:0.0 can0: sending command failure: -22
[   93.059908][   T54] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22
[   93.151372][ T5691] usb 1-1: USB disconnect, device number 4
[   93.177288][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   93.195740][ T6051] loop2: detected capacity change from 0 to 7
[   93.205253][ T6051] Dev loop2: unable to read RDB block 7
[   93.211111][ T6051]  loop2: AHDI p1 p2
[   93.215906][ T6051] loop2: partition table partially beyond EOD, truncated
[   93.223489][ T6051] loop2: p1 start 1818582900 is beyond EOD, truncated
[   93.327276][   T24] usb 4-1: device descriptor read/64, error -71
[   93.389050][ T6057] IPv6: NLM_F_CREATE should be specified when creating new route
[   93.449760][   T24] usb usb4-port1: attempt power cycle
[   93.816963][   T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   93.840116][ T5691] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   93.850344][   T24] usb 4-1: device descriptor read/8, error -71
[   93.920299][ T6067] process 'syz.0.120' launched './file2' with NULL argv: empty string added
[   93.954371][ T6065] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   93.962734][ T6065] IPv6: NLM_F_CREATE should be set when creating new route
[   93.970096][ T6065] IPv6: NLM_F_CREATE should be set when creating new route
[   93.981420][ T6067] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[   94.002379][ T6067] netlink: 32 bytes leftover after parsing attributes in process `syz.0.120'.
[   94.013605][ T5691] usb 5-1: unable to get BOS descriptor or descriptor too short
[   94.034662][ T5691] usb 5-1: config 63 has an invalid interface number: 66 but max is 0
[   94.049008][ T5691] usb 5-1: config 63 contains an unexpected descriptor of type 0x2, skipping
[   94.063758][ T5691] usb 5-1: config 63 has an invalid descriptor of length 9, skipping remainder of the config
[   94.084076][ T5691] usb 5-1: config 63 has no interface number 0
[   94.090509][ T5691] usb 5-1: config 63 interface 66 has no altsetting 0
[   94.098504][   T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[   94.101258][ T5691] usb 5-1: New USB device found, idVendor=174f, idProduct=8acf, bcdDevice=39.f4
[   94.118136][ T5691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.126331][ T5691] usb 5-1: Product: syz
[   94.131207][ T5691] usb 5-1: Manufacturer: syz
[   94.136327][ T5691] usb 5-1: SerialNumber: syz
[   94.168085][   T24] usb 4-1: device descriptor read/8, error -71
[   94.287269][   T24] usb usb4-port1: unable to enumerate USB device
[   94.400389][ T5691] uvcvideo 5-1:63.66: Found UVC 0.07 device syz (174f:8acf)
[   94.420707][ T5691] uvcvideo 5-1:63.66: No valid video chain found.
[   94.441330][ T5691] usb 5-1: USB disconnect, device number 5
[   94.777318][ T6062] ALSA: mixer_oss: invalid OSS volume '`ÛÉŽš('
[   94.896949][ T5691] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   95.062079][ T5691] usb 5-1: config 63 has an invalid interface number: 66 but max is 0
[   95.089955][ T5691] usb 5-1: config 63 contains an unexpected descriptor of type 0x2, skipping
[   95.120341][ T5691] usb 5-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config
[   95.141989][ T5691] usb 5-1: config 63 has 2 interfaces, different from the descriptor's value: 1
[   95.161178][ T5691] usb 5-1: config 63 has no interface number 1
[   95.168935][ T5691] usb 5-1: config 63 interface 66 has no altsetting 0
[   95.188604][ T5691] usb 5-1: New USB device found, idVendor=0471, idProduct=0307, bcdDevice=e4.df
[   95.201709][ T5691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.421447][ T6087] input: syz0 as /devices/virtual/input/input6
[   95.621514][ T6091] netlink: 'syz.2.130': attribute type 4 has an invalid length.
[   95.651237][ T5778] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   95.666111][ T5691] uvcvideo 5-1:63.66: Found UVC 0.07 device <unnamed> (0471:0307)
[   95.687434][ T5691] uvcvideo 5-1:63.66: No valid video chain found.
[   95.705552][ T5691] pwc: Philips PCVC675K (Vesta) USB webcam detected.
[   95.723677][ T5691] pwc: send_video_command error -71
[   95.743505][ T5691] pwc: Failed to set video mode VGA@30 fps; return code = -71
[   95.752049][ T6095] netlink: 36 bytes leftover after parsing attributes in process `syz.3.132'.
[   95.768886][ T5691] Philips webcam 5-1:63.0: probe with driver Philips webcam failed with error -71
[   95.791675][ T5691] usb 5-1: USB disconnect, device number 6
[   95.856916][ T5778] usb 2-1: Using ep0 maxpacket: 8
[   95.870225][ T5778] usb 2-1: config 0 has no interfaces?
[   95.883460][ T5778] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   95.896504][ T5778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.922885][ T5778] usb 2-1: config 0 descriptor??
[   95.936800][ T6103] loop2: detected capacity change from 0 to 7
[   95.950189][ T6103] Dev loop2: unable to read RDB block 7
[   95.955933][ T6103]  loop2: AHDI p1 p2 p3
[   95.961028][ T6103] loop2: partition table partially beyond EOD, truncated
[   95.970325][ T6103] loop2: p1 start 1818582900 is beyond EOD, truncated
[   95.995085][ T6103] loop2: p3 start 335544320 is beyond EOD, truncated
[   96.160994][ T6086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.127'.
[   96.185073][ T6086] netlink: 'syz.1.127': attribute type 7 has an invalid length.
[   96.202407][ T6086] netlink: 'syz.1.127': attribute type 8 has an invalid length.
[   96.227522][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.1.127'.
[   96.329913][ T6111] loop5: detected capacity change from 0 to 2640
[   96.358518][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.372098][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.373131][  T992] usb 2-1: USB disconnect, device number 5
[   96.416293][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.426982][ T6115] syzkaller0: entered promiscuous mode
[   96.440113][ T6115] syzkaller0: entered allmulticast mode
[   96.488043][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.525364][ T6115] tipc: Started in network mode
[   96.536773][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.554013][ T6115] tipc: Node identity 020af3ea64ea, cluster identity 4711
[   96.572536][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.584247][ T6115] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   96.603955][ T6114] tipc: Resetting bearer <eth:syzkaller0>
[   96.611389][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.645487][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.682337][ T6111] ldm_validate_partition_table(): Disk read failed.
[   96.693490][ T6114] tipc: Disabling bearer <eth:syzkaller0>
[   96.700908][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.724895][ T6111] Buffer I/O error on dev loop5, logical block 0, async page read
[   96.742048][ T6111] Dev loop5: unable to read RDB block 0
[   96.761863][ T6111]  loop5: unable to read partition table
[   96.786228][ T6111] loop_reread_partitions: partition scan of loop5 (3„¾‚³˜) failed (rc=-5)
[   96.846673][ T6123] netlink: 4 bytes leftover after parsing attributes in process `syz.2.141'.
[   97.431161][ T6162] IPv6: NLM_F_CREATE should be specified when creating new route
[   97.580152][ T6168] netlink: 20 bytes leftover after parsing attributes in process `syz.4.146'.
[   97.809390][ T6175] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[   97.816071][ T6175] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   97.881499][ T6175] vhci_hcd vhci_hcd.0: Device attached
[   98.104414][ T6182] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(13)
[   98.111089][ T6182] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   98.126219][  T992] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[   98.165003][ T6182] vhci_hcd vhci_hcd.0: Device attached
[   98.240425][ T6184] vhci_hcd: connection closed
[   98.242986][ T6152] vhci_hcd vhci_hcd.2: stop threads
[   98.276947][ T6176] vhci_hcd: connection reset by peer
[   98.291238][ T6152] vhci_hcd vhci_hcd.2: release socket
[   98.322118][ T6152] vhci_hcd vhci_hcd.2: disconnect device
[   98.348757][ T6152] vhci_hcd vhci_hcd.2: stop threads
[   98.371263][ T6152] vhci_hcd vhci_hcd.2: release socket
[   98.396229][ T6152] vhci_hcd vhci_hcd.2: disconnect device
[   98.504584][ T6189] syzkaller0: entered promiscuous mode
[   98.524082][ T6189] syzkaller0: entered allmulticast mode
[   98.559077][ T6189] tcf_pedit_act: 7 callbacks suppressed
[   98.559089][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.572631][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.579433][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.586239][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.593037][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.599825][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.606606][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.613415][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.620197][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.626992][ T6189] tc action pedit offset must be on 32 bit boundaries
[   98.633755][ T6189] 0: reclassify loop, rule prio 0, protocol 800
[   98.959634][ T6201] netlink: 20 bytes leftover after parsing attributes in process `syz.4.157'.
[   99.347568][ T6210] netlink: 4 bytes leftover after parsing attributes in process `syz.1.160'.
[   99.445930][ T6210] hsr_slave_0: left promiscuous mode
[   99.461204][ T6210] FAULT_INJECTION: forcing a failure.
[   99.461204][ T6210] name failslab, interval 1, probability 0, space 0, times 1
[   99.478284][ T6222] loop2: detected capacity change from 0 to 7
[   99.486768][ T6222] Dev loop2: unable to read RDB block 7
[   99.493432][ T6222]  loop2: AHDI p1 p2 p3
[   99.495519][ T6170] netlink: 16 bytes leftover after parsing attributes in process `syz.0.147'.
[   99.498405][ T6210] CPU: 0 UID: 0 PID: 6210 Comm: syz.1.160 Not tainted syzkaller #0 PREEMPT(full) 
[   99.498428][ T6210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[   99.498445][ T6210] Call Trace:
[   99.498454][ T6210]  <TASK>
[   99.498461][ T6210]  dump_stack_lvl+0xe8/0x150
[   99.498494][ T6210]  should_fail_ex+0x412/0x560
[   99.498521][ T6210]  should_failslab+0xa8/0x100
[   99.498548][ T6210]  kmem_cache_alloc_node_noprof+0x8f/0x690
[   99.498572][ T6210]  ? __alloc_skb+0x1d0/0x7d0
[   99.498590][ T6210]  ? __local_bh_enable_ip+0xd0/0x130
[   99.498612][ T6210]  __alloc_skb+0x1d0/0x7d0
[   99.498635][ T6210]  rtmsg_ifinfo_build_skb+0x84/0x260
[   99.498667][ T6210]  rtmsg_ifinfo+0x8c/0x1a0
[   99.498697][ T6210]  __dev_notify_flags+0xf2/0x310
[   99.498720][ T6210]  ? __pfx___dev_notify_flags+0x10/0x10
[   99.498741][ T6210]  ? __pfx_netdev_info+0x10/0x10
[   99.498763][ T6210]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[   99.498783][ T6210]  ? netif_set_mtu+0x112/0x1b0
[   99.498805][ T6210]  ? __pfx_netif_set_mtu+0x10/0x10
[   99.498824][ T6210]  ? do_raw_spin_lock+0x12b/0x2f0
[   99.498854][ T6210]  __dev_set_promiscuity+0x260/0x6e0
[   99.498882][ T6210]  netif_set_promiscuity+0x50/0xe0
[   99.498911][ T6210]  dev_set_promiscuity+0x126/0x260
[   99.498936][ T6210]  hsr_del_port+0x221/0x3d0
[   99.498956][ T6210]  ? __pfx_hsr_dellink+0x10/0x10
[   99.498972][ T6210]  hsr_del_ports+0x31/0xc0
[   99.498996][ T6210]  hsr_dellink+0x5b/0x90
[   99.499011][ T6210]  rtnl_dellink+0x5c3/0x820
[   99.499036][ T6210]  ? __pfx_rtnl_dellink+0x10/0x10
[   99.499065][ T6210]  ? unwind_next_frame+0xa6/0x2550
[   99.499138][ T6210]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   99.499174][ T6210]  ? __pfx_rtnl_dellink+0x10/0x10
[   99.499192][ T6210]  rtnetlink_rcv_msg+0x7d5/0xbe0
[   99.499210][ T6210]  ? kmem_cache_alloc_node_noprof+0x384/0x690
[   99.499235][ T6210]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[   99.499253][ T6210]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   99.499273][ T6210]  ? __lock_acquire+0x6b5/0x2cf0
[   99.499301][ T6210]  netlink_rcv_skb+0x232/0x4b0
[   99.499324][ T6210]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   99.499345][ T6210]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   99.499376][ T6210]  ? netlink_deliver_tap+0x2e/0x1b0
[   99.499395][ T6210]  ? netlink_deliver_tap+0x2e/0x1b0
[   99.499419][ T6210]  netlink_unicast+0x75c/0x8e0
[   99.499448][ T6210]  netlink_sendmsg+0x813/0xb40
[   99.499477][ T6210]  ? __pfx_netlink_sendmsg+0x10/0x10
[   99.499501][ T6210]  ? aa_sock_msg_perm+0xf1/0x1b0
[   99.499522][ T6210]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   99.499547][ T6210]  ____sys_sendmsg+0x972/0x9f0
[   99.499568][ T6210]  ? __might_fault+0xaf/0x130
[   99.499594][ T6210]  ? __pfx_____sys_sendmsg+0x10/0x10
[   99.499623][ T6210]  ? import_iovec+0x73/0xa0
[   99.499649][ T6210]  ___sys_sendmsg+0x2a5/0x360
[   99.499669][ T6210]  ? __lock_acquire+0x6b5/0x2cf0
[   99.499690][ T6210]  ? __pfx____sys_sendmsg+0x10/0x10
[   99.499742][ T6210]  ? __fget_files+0x2a/0x420
[   99.499761][ T6210]  ? __fget_files+0x3a0/0x420
[   99.499789][ T6210]  __x64_sys_sendmsg+0x1bd/0x2a0
[   99.499813][ T6210]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   99.499842][ T6210]  ? __pfx_ksys_write+0x10/0x10
[   99.499873][ T6210]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.499920][ T6210]  do_syscall_64+0x15f/0xf80
[   99.499940][ T6210]  ? trace_irq_disable+0x3b/0x140
[   99.499964][ T6210]  ? clear_bhb_loop+0x40/0x90
[   99.499985][ T6210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.500001][ T6210] RIP: 0033:0x7fefbc59cdd9
[   99.500022][ T6210] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   99.500036][ T6210] RSP: 002b:00007fefbd3e4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   99.500053][ T6210] RAX: ffffffffffffffda RBX: 00007fefbc815fa0 RCX: 00007fefbc59cdd9
[   99.500065][ T6210] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 000000000000000e
[   99.500076][ T6210] RBP: 00007fefbd3e4090 R08: 0000000000000000 R09: 0000000000000000
[   99.500086][ T6210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.500095][ T6210] R13: 00007fefbc816038 R14: 00007fefbc815fa0 R15: 00007fefbc93fa48
[   99.500123][ T6210]  </TASK>
[   99.501308][ T6223] netlink: 52 bytes leftover after parsing attributes in process `syz.4.162'.
[   99.651984][ T6222] loop2: partition table partially beyond EOD, truncated
[   99.968073][ T6222] loop2: p1 start 1818582900 is beyond EOD, truncated
[   99.983177][ T6222] loop2: p3 start 335544320 is beyond EOD, truncated
[  100.181567][ T6229] loop2: detected capacity change from 0 to 7
[  100.207196][ T6229] Dev loop2: unable to read RDB block 7
[  100.224362][ T6229]  loop2: AHDI p1 p2
[  100.246236][ T6229] loop2: partition table partially beyond EOD, truncated
[  100.272065][ T6229] loop2: p1 start 1818582900 is beyond EOD, truncated
[  100.704024][   T29] audit: type=1326 audit(1777599310.329:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6246 comm="syz.2.173" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3eb9f9cdd9 code=0x0
[  100.760806][ T6251] netlink: 8 bytes leftover after parsing attributes in process `syz.1.174'.
[  100.799520][ T6251] erspan0: entered promiscuous mode
[  100.808773][ T6251] erspan0: left promiscuous mode
[  100.822227][ T6253] netlink: 36 bytes leftover after parsing attributes in process `syz.3.175'.
[  100.823277][ T6255] netlink: 'syz.4.176': attribute type 4 has an invalid length.
[  100.974948][ T6259] netlink: 36 bytes leftover after parsing attributes in process `syz.4.178'.
[  101.033025][ T6261] Cannot find add_set index 0 as target
[  101.424005][ T6278] netlink: 4 bytes leftover after parsing attributes in process `syz.1.187'.
[  101.479340][ T5778] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  101.640110][ T5778] usb 5-1: Using ep0 maxpacket: 16
[  101.642079][ T6286] netlink: 44 bytes leftover after parsing attributes in process `syz.2.191'.
[  101.668353][ T5778] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  101.698297][ T5778] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.724841][ T5778] usb 5-1: Product: syz
[  101.735312][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.193'.
[  101.751161][ T5778] usb 5-1: Manufacturer: syz
[  101.766087][ T5778] usb 5-1: SerialNumber: syz
[  101.792628][ T5778] usb 5-1: config 0 descriptor??
[  102.026922][ T5691] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  102.076973][    T9] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  102.119026][ T5778] ums-onetouch 5-1:0.0: USB Mass Storage device detected
[  102.197071][ T5691] usb 2-1: Using ep0 maxpacket: 16
[  102.213531][ T5691] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  102.228234][    T9] usb 3-1: device descriptor read/64, error -71
[  102.250776][ T5684] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  102.256259][ T5778] usb 5-1: USB disconnect, device number 7
[  102.260275][ T5691] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  102.275975][ T5691] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  102.293274][ T5691] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  102.304991][ T5691] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.313288][ T5691] usb 2-1: Product: syz
[  102.318765][ T6307] hsr0: entered promiscuous mode
[  102.319109][ T5691] usb 2-1: Manufacturer: syz
[  102.329537][ T5691] usb 2-1: SerialNumber: syz
[  102.347737][ T5691] usb 2-1: 0:2 : does not exist
[  102.436993][ T5684] usb 4-1: Using ep0 maxpacket: 8
[  102.448011][ T5684] usb 4-1: config 0 has an invalid interface number: 176 but max is 2
[  102.456285][ T5684] usb 4-1: config 0 has no interface number 1
[  102.462818][ T5684] usb 4-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  102.472576][ T5684] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.484937][ T5684] usb 4-1: config 0 descriptor??
[  102.497519][    T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  102.507716][ T6310] netlink: 28 bytes leftover after parsing attributes in process `syz.0.200'.
[  102.637185][    T9] usb 3-1: device descriptor read/64, error -71
[  102.696989][ T5684] qcserial 4-1:0.2: Qualcomm USB modem converter detected
[  102.748607][    T9] usb usb3-port1: attempt power cycle
[  102.873802][ T6146] bond0: (slave bond_slave_0): interface is now down
[  102.884137][ T6318] netlink: 'syz.0.204': attribute type 10 has an invalid length.
[  102.894819][ T6146] bond0: (slave bond_slave_1): interface is now down
[  102.916647][ T6318] syz_tun: entered promiscuous mode
[  102.931211][   T13] bond0: (slave bond_slave_0): interface is now down
[  102.953323][   T13] bond0: (slave bond_slave_1): interface is now down
[  102.959468][ T6292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  102.969340][   T13] bond0: (slave syz_tun): interface is now down
[  102.978290][ T6318] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  102.982887][ T6292] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  102.993489][ T6302] warning: `syz.3.198' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  103.010242][   T13] bond0: (slave bond_slave_0): interface is now down
[  103.018189][   T13] bond0: (slave bond_slave_1): interface is now down
[  103.034567][   T13] bond0: (slave syz_tun): interface is now down
[  103.070911][   T13] bond0: now running without any active interface!
[  103.107331][    T9] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  103.139410][    T9] usb 3-1: device descriptor read/8, error -71
[  103.189376][   T24] usb 4-1: USB disconnect, device number 7
[  103.212319][   T24] qcserial 4-1:0.2: device disconnected
[  103.257843][  T992] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  103.372938][ T6294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.375698][ T6294] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  103.399058][    T9] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  103.417768][    T9] usb 3-1: device descriptor read/8, error -71
[  103.503849][ T6340] FAULT_INJECTION: forcing a failure.
[  103.503849][ T6340] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  103.517694][ T6340] CPU: 0 UID: 0 PID: 6340 Comm: syz.0.214 Not tainted syzkaller #0 PREEMPT(full) 
[  103.517735][ T6340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  103.517745][ T6340] Call Trace:
[  103.517752][ T6340]  <TASK>
[  103.517759][ T6340]  dump_stack_lvl+0xe8/0x150
[  103.517785][ T6340]  should_fail_ex+0x412/0x560
[  103.517811][ T6340]  prepare_alloc_pages+0x22a/0x650
[  103.517843][ T6340]  __alloc_frozen_pages_noprof+0x12f/0x380
[  103.517874][ T6340]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  103.517907][ T6340]  ? __pfx_policy_nodemask+0x10/0x10
[  103.517943][ T6340]  alloc_pages_mpol+0x235/0x490
[  103.517973][ T6340]  alloc_pages_noprof+0xac/0x2a0
[  103.518002][ T6340]  folio_alloc_noprof+0x1e/0x30
[  103.518028][ T6340]  filemap_alloc_folio_noprof+0x111/0x470
[  103.518056][ T6340]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  103.518088][ T6340]  __filemap_get_folio_mpol+0x3fc/0xb00
[  103.518121][ T6340]  aio_setup_ring+0x3b1/0xe20
[  103.518146][ T6340]  ? pcpu_memcg_post_alloc_hook+0x8c/0x630
[  103.518169][ T6340]  ? pcpu_alloc_noprof+0x110a/0x19c0
[  103.518202][ T6340]  ? __pfx_aio_setup_ring+0x10/0x10
[  103.518239][ T6340]  ioctx_alloc+0x31f/0x840
[  103.518272][ T6340]  __se_sys_io_setup+0x7b/0x1d0
[  103.518295][ T6340]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.518314][ T6340]  do_syscall_64+0x15f/0xf80
[  103.518337][ T6340]  ? clear_bhb_loop+0x40/0x90
[  103.518359][ T6340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.518376][ T6340] RIP: 0033:0x7f315d39cdd9
[  103.518394][ T6340] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.518407][ T6340] RSP: 002b:00007f315e2af028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  103.518426][ T6340] RAX: ffffffffffffffda RBX: 00007f315d615fa0 RCX: 00007f315d39cdd9
[  103.518438][ T6340] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 00000000000007ff
[  103.518449][ T6340] RBP: 00007f315e2af090 R08: 0000000000000000 R09: 0000000000000000
[  103.518460][ T6340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  103.518469][ T6340] R13: 00007f315d616038 R14: 00007f315d615fa0 R15: 00007f315d73fa48
[  103.518499][ T6340]  </TASK>
[  103.798865][    T9] usb usb3-port1: unable to enumerate USB device
[  103.813691][ T5691] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[  103.846966][ T5691] usb 2-1: USB disconnect, device number 6
[  103.927221][ T5632] udevd[5632]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  104.239077][ T6354] loop2: detected capacity change from 0 to 7
[  104.286273][ T6354] Dev loop2: unable to read RDB block 7
[  104.313506][ T6343] netlink: 'syz.4.213': attribute type 10 has an invalid length.
[  104.335102][ T6354]  loop2: AHDI p1 p2 p3
[  104.364222][ T6354] loop2: partition table partially beyond EOD, truncated
[  104.386538][ T6354] loop2: p1 start 1818582900 is beyond EOD, truncated
[  104.418154][ T6354] loop2: p3 start 335544320 is beyond EOD, truncated
[  104.637431][ T5691] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  104.765477][ T6365] kvm: pic: non byte write
[  104.783671][ T6365] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  104.822345][ T5691] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  104.835071][ T6365] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  104.875002][ T5691] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  104.918595][ T5691] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  104.942506][ T5691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.984494][ T6352] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  105.012322][ T5691] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  105.233528][ T6343] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  105.269339][ T6343] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  105.508030][ T6343] sctp: [Deprecated]: syz.4.213 (pid 6343) Use of int in max_burst socket option.
[  105.508030][ T6343] Use struct sctp_assoc_value instead
[  105.588259][ T6384] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  106.317417][ T6391] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  106.587704][ T5778] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  106.819222][ T5778] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  106.844700][ T5778] usb 2-1: config 0 has no interfaces?
[  106.872967][ T5778] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  106.900015][ T5778] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.920351][ T5778] usb 2-1: Product: syz
[  106.933119][ T5778] usb 2-1: Manufacturer: syz
[  106.945248][ T5778] usb 2-1: SerialNumber: syz
[  106.965599][ T5698] usb 5-1: USB disconnect, device number 8
[  106.999491][ T5778] usb 2-1: config 0 descriptor??
[  107.099387][ T6403] vivid-004: disconnect
[  107.387983][ T6399] vivid-004: reconnect
[  107.886952][ T5778] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  107.987327][ T5691] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  108.060211][ T6424] capability: warning: `syz.2.241' uses deprecated v2 capabilities in a way that may be insecure
[  108.086225][ T5778] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  108.102531][ T5778] usb 5-1: config 1 interface 0 altsetting 0 has 5 endpoint descriptors, different from the interface descriptor's value: 6
[  108.131617][ T5778] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  108.158150][ T5778] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.172340][ T5691] usb 1-1: Using ep0 maxpacket: 8
[  108.195276][ T5691] usb 1-1: config 0 has no interfaces?
[  108.207000][ T5691] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  108.217077][ T5691] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.217378][ T5778] usb 5-1: Product: syz
[  108.246030][ T5778] usb 5-1: Manufacturer: syz
[  108.257706][ T5691] usb 1-1: config 0 descriptor??
[  108.270362][ T5778] usb 5-1: SerialNumber: syz
[  108.297901][ T5778] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  108.332419][ T5698] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  108.482029][ T6419] __nla_validate_parse: 2 callbacks suppressed
[  108.482043][ T6419] netlink: 28 bytes leftover after parsing attributes in process `syz.0.239'.
[  108.501009][ T6419] netlink: 20 bytes leftover after parsing attributes in process `syz.0.239'.
[  108.527276][ T5778] usb 1-1: USB disconnect, device number 5
[  108.577285][ T5691] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  108.624341][    T9] usb 5-1: USB disconnect, device number 9
[  108.756950][ T5691] usb 3-1: Using ep0 maxpacket: 8
[  108.768557][ T5691] usb 3-1: config 2 has an invalid interface number: 65 but max is 0
[  108.781140][ T5691] usb 3-1: config 2 has no interface number 0
[  108.794221][ T5691] usb 3-1: config 2 interface 65 has no altsetting 0
[  108.817476][ T5691] usb 3-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=73.6f
[  108.830278][ T5691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.847280][ T5691] usb 3-1: Product: syz
[  108.851536][ T5691] usb 3-1: Manufacturer: syz
[  108.856623][ T5691] usb 3-1: SerialNumber: syz
[  109.015973][ T5778] usb 2-1: USB disconnect, device number 7
[  109.088125][ T5691] ums-freecom 3-1:2.65: USB Mass Storage device detected
[  109.185254][ T6435] xt_CT: You must specify a L4 protocol and not use inversions on it
[  109.291557][ T5691] usb 3-1: USB disconnect, device number 9
[  109.425642][ T6448] netlink: 28 bytes leftover after parsing attributes in process `syz.3.247'.
[  109.437091][ T5698] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  109.455342][ T5698] ath9k_htc: Failed to initialize the device
[  109.465084][    T9] usb 5-1: ath9k_htc: USB layer deinitialized
[  109.525483][ T6450] loop4: detected capacity change from 0 to 7
[  109.613542][ T6450] Dev loop4: unable to read RDB block 7
[  109.631571][ T6450]  loop4: unable to read partition table
[  109.650536][ T6450] loop4: partition table beyond EOD, truncated
[  109.673898][ T6450] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  109.837092][    T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  109.924540][ T6462] netlink: 'syz.1.252': attribute type 10 has an invalid length.
[  109.945130][ T6462] syz_tun: entered promiscuous mode
[  109.974467][ T6462] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  110.008590][    T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  110.029270][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.053736][    T9] usb 4-1: config 0 descriptor??
[  110.083841][    T9] cp210x 4-1:0.0: cp210x converter detected
[  110.313613][ T6472] loop2: detected capacity change from 0 to 7
[  110.350318][ T6472] Dev loop2: unable to read RDB block 7
[  110.361594][ T6472]  loop2: AHDI p1 p2 p3
[  110.370541][ T6472] loop2: partition table partially beyond EOD, truncated
[  110.389748][ T6472] loop2: p1 start 1818582900 is beyond EOD, truncated
[  110.402094][ T6472] loop2: p3 start 335544320 is beyond EOD, truncated
[  110.596261][ T6477] netlink: 'syz.1.257': attribute type 10 has an invalid length.
[  110.653403][    T9] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  110.693888][    T9] cp210x 4-1:0.0: GPIO initialisation failed: -524
[  110.712376][ T6477] netdevsim netdevsim1 netdevsim1: entered promiscuous mode
[  110.781653][    T9] usb 4-1: cp210x converter now attached to ttyUSB0
[  111.328107][ T5698] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  111.380889][ T6491] syzkaller0: entered promiscuous mode
[  111.405810][ T6491] syzkaller0: entered allmulticast mode
[  111.451331][ T6491] tcf_pedit_act: 7 callbacks suppressed
[  111.451343][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.464762][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.471563][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.478360][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.485127][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.491916][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.498685][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.505447][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.512282][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.519063][ T6491] tc action pedit offset must be on 32 bit boundaries
[  111.525847][ T6491] 0: reclassify loop, rule prio 0, protocol 800
[  111.546419][   T29] audit: type=1326 audit(1777599321.169:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  111.587181][ T5698] usb 2-1: Using ep0 maxpacket: 16
[  111.602916][ T5698] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  111.617359][ T5698] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  111.632971][   T29] audit: type=1326 audit(1777599321.169:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  111.658740][ T5698] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  111.695450][ T5698] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  111.715576][ T5698] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.727859][   T29] audit: type=1326 audit(1777599321.169:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  111.752493][ T5698] usb 2-1: Product: syz
[  111.758686][ T5698] usb 2-1: Manufacturer: syz
[  111.766338][ T5698] usb 2-1: SerialNumber: syz
[  111.794196][   T29] audit: type=1326 audit(1777599321.169:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  111.828114][ T5698] usb 2-1: 0:2 : does not exist
[  111.890138][   T29] audit: type=1326 audit(1777599321.169:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  111.969244][   T29] audit: type=1326 audit(1777599321.169:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  112.041178][   T29] audit: type=1326 audit(1777599321.199:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  112.123903][   T29] audit: type=1326 audit(1777599321.199:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  112.195671][   T29] audit: type=1326 audit(1777599321.199:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  112.255418][   T29] audit: type=1326 audit(1777599321.199:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6493 comm="syz.0.265" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f315d39cdd9 code=0x7ffc0000
[  112.437582][ T6484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.447609][ T6484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  112.773250][ T6487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  112.777790][ T6487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  113.007338][ T5698] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[  113.189349][ T5698] usb 2-1: USB disconnect, device number 8
[  113.200212][ T6514] No such timeout policy "syz0"
[  113.361461][ T5684] usb 4-1: USB disconnect, device number 8
[  113.481605][ T5684] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  113.520257][ T5684] cp210x 4-1:0.0: device disconnected
[  113.550726][ T6520] netlink: 8 bytes leftover after parsing attributes in process `syz.3.272'.
[  113.598510][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.272'.
[  113.632410][ T6520] netlink: 12 bytes leftover after parsing attributes in process `syz.3.272'.
[  113.933214][ T6527] x_tables: duplicate underflow at hook 3
[  114.029741][ T6536] netlink: 52 bytes leftover after parsing attributes in process `syz.3.277'.
[  114.347017][ T5684] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  114.806954][ T5677] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  114.872968][ T6554] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  114.879527][ T6554] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  114.920319][ T6554] vhci_hcd vhci_hcd.0: Device attached
[  114.948543][ T6555] vhci_hcd: connection closed
[  114.949428][  T170] vhci_hcd vhci_hcd.3: stop threads
[  114.978011][  T170] vhci_hcd vhci_hcd.3: release socket
[  114.979366][ T5677] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.997757][ T5677] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  115.013445][  T170] vhci_hcd vhci_hcd.3: disconnect device
[  115.013486][ T5677] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.40
[  115.028813][ T5677] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.037012][ T5677] usb 2-1: Product: syz
[  115.042311][ T5677] usb 2-1: Manufacturer: syz
[  115.047762][ T5677] usb 2-1: SerialNumber: syz
[  115.092482][ T5677] usb 2-1: 0:1 : does not exist
[  115.721006][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.287'.
[  115.776973][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  115.952190][    T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  115.981481][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.002357][    T9] usb 3-1: Product: syz
[  116.014126][    T9] usb 3-1: Manufacturer: syz
[  116.043664][    T9] usb 3-1: SerialNumber: syz
[  116.496801][ T6560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  116.579636][ T6560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  117.052666][ T6585] netlink: 'syz.3.294': attribute type 4 has an invalid length.
[  117.263902][ T5677] usb 2-1: 3:0: failed to get current value for ch 0 (-71)
[  117.292484][ T5677] usb 2-1: unit 13 not found!
[  117.307546][ T6593] netlink: 28 bytes leftover after parsing attributes in process `syz.0.297'.
[  117.534499][   T29] kauditd_printk_skb: 17 callbacks suppressed
[  117.534523][   T29] audit: type=1326 audit(1777599327.159:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  117.569734][ T5677] usb 2-1: USB disconnect, device number 9
[  117.640178][ T6605] netlink: 20 bytes leftover after parsing attributes in process `syz.3.301'.
[  117.657341][   T29] audit: type=1326 audit(1777599327.159:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefbc53e159 code=0x7ffc0000
[  117.684937][ T6605] netlink: 12 bytes leftover after parsing attributes in process `syz.3.301'.
[  117.712174][ T6605] netlink: 8 bytes leftover after parsing attributes in process `syz.3.301'.
[  117.731604][ T5632] udevd[5632]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  117.775992][   T29] audit: type=1326 audit(1777599327.159:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  117.823851][   T29] audit: type=1326 audit(1777599327.159:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefbc53e159 code=0x7ffc0000
[  117.904028][   T29] audit: type=1326 audit(1777599327.159:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  118.010343][   T29] audit: type=1326 audit(1777599327.159:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefbc53e159 code=0x7ffc0000
[  118.041140][   T29] audit: type=1326 audit(1777599327.159:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  118.123554][   T29] audit: type=1326 audit(1777599327.209:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  118.157056][ T5677] usb 5-1: new low-speed USB device number 10 using dummy_hcd
[  118.179488][   T29] audit: type=1326 audit(1777599327.209:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fefbc53e159 code=0x7ffc0000
[  118.216933][ T5778] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  118.266626][   T29] audit: type=1326 audit(1777599327.209:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6595 comm="syz.1.298" exe="/root/ci-upstream-kasan-gce/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fefbc596b57 code=0x7ffc0000
[  118.319722][ T5677] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1056, setting to 8
[  118.331029][ T5677] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  118.385495][ T5677] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  118.387774][ T5778] usb 4-1: Using ep0 maxpacket: 32
[  118.425459][ T5778] usb 4-1: unable to get BOS descriptor or descriptor too short
[  118.438247][ T5677] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.438664][ T5778] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 1536, setting to 1024
[  118.488997][ T5677] usb 5-1: config 0 descriptor??
[  118.506444][ T6610] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  118.559024][ T5778] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024
[  118.608421][ T5778] usb 4-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  118.625915][ T5778] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.661171][ T5778] usb 4-1: Product: syz
[  118.674141][ T5778] usb 4-1: Manufacturer: syz
[  118.684947][ T5778] usb 4-1: SerialNumber: syz
[  118.718720][ T6614] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  118.732177][ T6610] netlink: 'syz.4.303': attribute type 34 has an invalid length.
[  118.761097][ T5677] usbhid 5-1:0.0: can't add hid device: -71
[  118.786497][ T5677] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  118.842215][ T5677] usb 5-1: USB disconnect, device number 10
[  119.489919][ T6620] pim6reg: entered allmulticast mode
[  119.512674][ T6620] pim6reg: left allmulticast mode
[  119.575906][ T6621] IPv6: NLM_F_CREATE should be specified when creating new route
[  119.980762][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  120.006621][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  120.033026][    T9] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  120.107542][    T9] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  120.191385][ T6626] netlink: 'syz.4.307': attribute type 5 has an invalid length.
[  120.203514][    T9] usb 3-1: USB disconnect, device number 10
[  120.243149][ T5631] udevd[5631]: setting owner of /dev/bus/usb/003/010 to uid=0, gid=0 failed: No such file or directory
[  120.561153][ T6635] FAULT_INJECTION: forcing a failure.
[  120.561153][ T6635] name failslab, interval 1, probability 0, space 0, times 0
[  120.584240][ T6635] CPU: 1 UID: 0 PID: 6635 Comm: syz.4.310 Not tainted syzkaller #0 PREEMPT(full) 
[  120.584264][ T6635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  120.584275][ T6635] Call Trace:
[  120.584282][ T6635]  <TASK>
[  120.584290][ T6635]  dump_stack_lvl+0xe8/0x150
[  120.584330][ T6635]  should_fail_ex+0x412/0x560
[  120.584358][ T6635]  should_failslab+0xa8/0x100
[  120.584392][ T6635]  ? skb_clone+0x212/0x3a0
[  120.584416][ T6635]  kmem_cache_alloc_noprof+0x87/0x650
[  120.584439][ T6635]  ? __netlink_lookup+0xc6/0x8b0
[  120.584467][ T6635]  skb_clone+0x212/0x3a0
[  120.584493][ T6635]  __netlink_deliver_tap+0x404/0x850
[  120.584525][ T6635]  ? netlink_deliver_tap+0x2e/0x1b0
[  120.584547][ T6635]  netlink_deliver_tap+0x19c/0x1b0
[  120.584570][ T6635]  netlink_unicast+0x730/0x8e0
[  120.584599][ T6635]  netlink_sendmsg+0x813/0xb40
[  120.584629][ T6635]  ? __pfx_netlink_sendmsg+0x10/0x10
[  120.584653][ T6635]  ? aa_sock_msg_perm+0xf1/0x1b0
[  120.584677][ T6635]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  120.584703][ T6635]  ____sys_sendmsg+0x972/0x9f0
[  120.584725][ T6635]  ? __might_fault+0xaf/0x130
[  120.584753][ T6635]  ? __pfx_____sys_sendmsg+0x10/0x10
[  120.584780][ T6635]  ? import_iovec+0x73/0xa0
[  120.584808][ T6635]  ___sys_sendmsg+0x2a5/0x360
[  120.584829][ T6635]  ? __lock_acquire+0x6b5/0x2cf0
[  120.584850][ T6635]  ? __pfx____sys_sendmsg+0x10/0x10
[  120.584903][ T6635]  ? __fget_files+0x2a/0x420
[  120.584922][ T6635]  ? __fget_files+0x3a0/0x420
[  120.584952][ T6635]  __x64_sys_sendmsg+0x1bd/0x2a0
[  120.584977][ T6635]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  120.585009][ T6635]  ? __pfx_ksys_write+0x10/0x10
[  120.585041][ T6635]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.585060][ T6635]  do_syscall_64+0x15f/0xf80
[  120.585083][ T6635]  ? clear_bhb_loop+0x40/0x90
[  120.585105][ T6635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.585123][ T6635] RIP: 0033:0x7f11fdd9cdd9
[  120.585146][ T6635] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  120.585160][ T6635] RSP: 002b:00007f11febf0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.585187][ T6635] RAX: ffffffffffffffda RBX: 00007f11fe015fa0 RCX: 00007f11fdd9cdd9
[  120.585199][ T6635] RDX: 0000000020048054 RSI: 0000200000000200 RDI: 000000000000000c
[  120.585210][ T6635] RBP: 00007f11febf0090 R08: 0000000000000000 R09: 0000000000000000
[  120.585220][ T6635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.585229][ T6635] R13: 00007f11fe016038 R14: 00007f11fe015fa0 R15: 00007f11fe13fa48
[  120.585258][ T6635]  </TASK>
[  120.585406][ T6635] netlink: 4 bytes leftover after parsing attributes in process `syz.4.310'.
[  120.997094][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  121.051830][ T5778] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  121.068067][ T5778] usb 4-1: MIDIStreaming interface descriptor not found
[  121.157245][    T9] usb 1-1: Using ep0 maxpacket: 16
[  121.175488][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.179759][ T5778] usb 4-1: USB disconnect, device number 9
[  121.215963][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.240082][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  121.288843][    T9] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  121.315466][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.366102][    T9] usb 1-1: config 0 descriptor??
[  121.794092][ T6656] netlink: 12 bytes leftover after parsing attributes in process `syz.4.315'.
[  121.806557][ T6657] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size.
[  121.855441][    T9] shield 0003:0955:7214.0001: unknown main item tag 0x0
[  121.867388][    T9] shield 0003:0955:7214.0001: unknown main item tag 0x0
[  121.867805][ T6657] random: crng reseeded on system resumption
[  121.874583][    T9] shield 0003:0955:7214.0001: unknown main item tag 0x0
[  121.875560][    T9] shield 0003:0955:7214.0001: unknown main item tag 0x0
[  121.905037][    T9] shield 0003:0955:7214.0001: unknown main item tag 0x0
[  121.932559][ T5778] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  121.971018][    T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input8
[  121.978964][ T5684] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  122.126242][ T5778] usb 3-1: not running at top speed; connect to a high speed hub
[  122.149606][ T6638] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  122.149899][ T5778] usb 3-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  122.171927][ T5778] usb 3-1: config 127 has 1 interface, different from the descriptor's value: 2
[  122.185345][ T5778] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=e5.46
[  122.204380][ T5778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.215424][ T5778] usb 3-1: Product: syz
[  122.219915][ T5778] usb 3-1: Manufacturer: syz
[  122.224654][ T5778] usb 3-1: SerialNumber: syz
[  122.237133][ T5684] usb 2-1: Using ep0 maxpacket: 16
[  122.252230][ T5684] usb 2-1: config 1 has an invalid descriptor of length 159, skipping remainder of the config
[  122.273980][ T5684] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  122.306019][ T5684] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  122.321349][ T5684] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.345439][ T5684] usb 2-1: Product: syz
[  122.360854][ T5684] usb 2-1: Manufacturer: syz
[  122.372564][    T9] shield 0003:0955:7214.0001: Registered Thunderstrike controller
[  122.381164][ T5684] usb 2-1: SerialNumber: syz
[  122.414128][ T5684] usb 2-1: 0:2 : does not exist
[  122.419809][    T9] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  122.490708][ T5691] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  122.509832][    T9] usb 1-1: USB disconnect, device number 7
[  122.520521][ T5691] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  122.558652][ T5691] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  122.572823][  T992] thermal thermal_zone0: Temperature check failed (-19)
[  122.587200][ T5691] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  122.621107][ T5684] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  122.716783][ T5684] usb 2-1: USB disconnect, device number 10
[  123.106027][ T6675] loop2: detected capacity change from 0 to 7
[  123.106266][ T6673] mmap: syz.0.323 (6673) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  123.119090][ T6675] Dev loop2: unable to read RDB block 7
[  123.131655][ T6675]  loop2: AHDI p1 p2 p3
[  123.135915][ T6675] loop2: partition table partially beyond EOD, truncated
[  123.143871][ T6675] loop2: p1 start 1818582900 is beyond EOD, truncated
[  123.147084][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  123.175156][ T6675] loop2: p3 start 335544320 is beyond EOD, truncated
[  123.317634][    T9] usb 5-1: Using ep0 maxpacket: 32
[  123.331674][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.350215][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.360719][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  123.370294][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.382347][    T9] usb 5-1: config 0 descriptor??
[  123.387486][ T5684] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  123.549323][ T5684] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  123.562184][ T5684] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.574030][ T5684] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  123.583793][ T5684] usb 1-1: config 1 has no interface number 1
[  123.591920][ T5684] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  123.613697][ T5684] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.623121][ T5684] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.631230][ T5684] usb 1-1: Product: syz
[  123.635481][ T5684] usb 1-1: Manufacturer: syz
[  123.641827][ T5684] usb 1-1: SerialNumber: syz
[  123.667031][  T992] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  123.829347][  T992] usb 2-1: not running at top speed; connect to a high speed hub
[  123.854350][ T6673] netlink: 24 bytes leftover after parsing attributes in process `syz.0.323'.
[  123.860249][    T9] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  123.882668][  T992] usb 2-1: config 6 has an invalid descriptor of length 64, skipping remainder of the config
[  123.898599][ T5684] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  123.911289][  T992] usb 2-1: New USB device found, idVendor=1199, idProduct=9003, bcdDevice=d7.24
[  123.923491][ T5684] usb 1-1: MIDIStreaming interface descriptor not found
[  123.934938][  T992] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.949791][  T992] usb 2-1: Product: syz
[  123.962804][  T992] usb 2-1: Manufacturer: syz
[  123.972404][  T992] usb 2-1: SerialNumber: syz
[  124.074261][ T5684] usb 1-1: USB disconnect, device number 8
[  124.161611][ T6689] udevd[6689]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  124.173489][    T9] usb 5-1: USB disconnect, device number 11
[  124.336801][  T992] qmi_wwan 2-1:6.0: invalid descriptor buffer length
[  124.345078][  T992] qmi_wwan 2-1:6.0: probe with driver qmi_wwan failed with error -22
[  124.360699][  T992] usb 2-1: USB disconnect, device number 11
[  124.686430][ T6702] FAULT_INJECTION: forcing a failure.
[  124.686430][ T6702] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  124.709400][ T6702] CPU: 1 UID: 0 PID: 6702 Comm: syz.0.333 Not tainted syzkaller #0 PREEMPT(full) 
[  124.709426][ T6702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  124.709436][ T6702] Call Trace:
[  124.709444][ T6702]  <TASK>
[  124.709451][ T6702]  dump_stack_lvl+0xe8/0x150
[  124.709478][ T6702]  should_fail_ex+0x412/0x560
[  124.709508][ T6702]  prepare_alloc_pages+0x22a/0x650
[  124.709542][ T6702]  __alloc_frozen_pages_noprof+0x12f/0x380
[  124.709572][ T6702]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  124.709602][ T6702]  ? __pfx_policy_nodemask+0x10/0x10
[  124.709639][ T6702]  alloc_pages_mpol+0x235/0x490
[  124.709669][ T6702]  alloc_pages_noprof+0xac/0x2a0
[  124.709696][ T6702]  folio_alloc_noprof+0x1e/0x30
[  124.709722][ T6702]  filemap_alloc_folio_noprof+0x111/0x470
[  124.709751][ T6702]  ? __pfx_filemap_alloc_folio_noprof+0x10/0x10
[  124.709783][ T6702]  __filemap_get_folio_mpol+0x3fc/0xb00
[  124.709815][ T6702]  aio_setup_ring+0x3b1/0xe20
[  124.709840][ T6702]  ? pcpu_memcg_post_alloc_hook+0x8c/0x630
[  124.709867][ T6702]  ? pcpu_alloc_noprof+0x110a/0x19c0
[  124.709899][ T6702]  ? __pfx_aio_setup_ring+0x10/0x10
[  124.709939][ T6702]  ioctx_alloc+0x31f/0x840
[  124.709972][ T6702]  __se_sys_io_setup+0x7b/0x1d0
[  124.709995][ T6702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.710013][ T6702]  do_syscall_64+0x15f/0xf80
[  124.710034][ T6702]  ? trace_irq_disable+0x3b/0x140
[  124.710060][ T6702]  ? clear_bhb_loop+0x40/0x90
[  124.710082][ T6702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.710099][ T6702] RIP: 0033:0x7f315d39cdd9
[  124.710117][ T6702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  124.710131][ T6702] RSP: 002b:00007f315e2af028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce
[  124.710149][ T6702] RAX: ffffffffffffffda RBX: 00007f315d615fa0 RCX: 00007f315d39cdd9
[  124.710161][ T6702] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 00000000000007ff
[  124.710172][ T6702] RBP: 00007f315e2af090 R08: 0000000000000000 R09: 0000000000000000
[  124.710183][ T6702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  124.710193][ T6702] R13: 00007f315d616038 R14: 00007f315d615fa0 R15: 00007f315d73fa48
[  124.710222][ T6702]  </TASK>
[  124.974398][ T6709] syzkaller0: entered promiscuous mode
[  124.980112][ T6709] syzkaller0: entered allmulticast mode
[  124.989680][ T6709] tcf_pedit_act: 7 callbacks suppressed
[  124.989698][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.003514][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.010353][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.017151][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.023927][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.030699][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.037492][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.044282][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.051071][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.057836][ T6709] tc action pedit offset must be on 32 bit boundaries
[  125.064584][ T6709] 0: reclassify loop, rule prio 0, protocol 800
[  125.303216][ T6714] loop2: detected capacity change from 0 to 7
[  125.310986][ T6714] Dev loop2: unable to read RDB block 7
[  125.330163][ T5778] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  125.356936][ T6714]  loop2: AHDI p1 p2 p3
[  125.373146][ T5778] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  125.386886][ T6714] loop2: partition table partially beyond EOD, truncated
[  125.405249][ T6714] loop2: p1 start 1818582900 is beyond EOD, truncated
[  125.443197][ T6714] loop2: p3 start 335544320 is beyond EOD, truncated
[  125.447525][ T5778] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  125.501303][ T5778] usb 3-1: USB disconnect, device number 11
[  125.628261][  T992] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  125.690820][ T6728] netlink: 8 bytes leftover after parsing attributes in process `syz.4.342'.
[  125.725782][ T6728] erspan1: entered promiscuous mode
[  125.731127][ T6728] erspan1: entered allmulticast mode
[  125.813286][  T992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  125.841492][  T992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 35, changing to 7
[  125.881511][  T992] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 41963, setting to 1024
[  125.921701][  T992] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  125.937036][  T992] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.955448][  T992] usb 1-1: Product: syz
[  125.970986][  T992] usb 1-1: Manufacturer: syz
[  125.982239][  T992] usb 1-1: SerialNumber: syz
[  126.003274][  T992] usb 1-1: config 0 descriptor??
[  126.062804][  T992] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 01, bLength 9, bSynchAddress 7f
[  126.108483][ T6739] netlink: 12 bytes leftover after parsing attributes in process `syz.2.346'.
[  126.428762][  T992] usb 1-1: USB disconnect, device number 9
[  126.547921][ T5635] udevd[5635]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  126.811228][ T6756] netlink: 12 bytes leftover after parsing attributes in process `syz.0.352'.
[  127.138850][ T6765] Cannot find add_set index 0 as target
[  127.206255][ T6767] netlink: 'syz.2.357': attribute type 12 has an invalid length.
[  127.245552][ T6767] netlink: 'syz.2.357': attribute type 29 has an invalid length.
[  127.275249][ T6767] netlink: 148 bytes leftover after parsing attributes in process `syz.2.357'.
[  127.302460][ T6767] netlink: 59 bytes leftover after parsing attributes in process `syz.2.357'.
[  127.477088][ T5778] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  127.706296][ T6780] batadv0: entered promiscuous mode
[  127.717026][ T5778] usb 1-1: Using ep0 maxpacket: 32
[  127.741497][ T5778] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  127.763615][ T6780] x_tables: duplicate underflow at hook 3
[  127.775251][ T5778] usb 1-1: config 0 has no interface number 0
[  127.801232][ T5778] usb 1-1: config 0 interface 67 altsetting 0 has a duplicate endpoint with address 0x82, skipping
[  127.850318][ T5778] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  127.874236][ T5778] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.902464][ T5778] usb 1-1: Product: syz
[  127.912867][ T5778] usb 1-1: Manufacturer: syz
[  127.926281][ T5778] usb 1-1: SerialNumber: syz
[  127.957060][ T5778] usb 1-1: config 0 descriptor??
[  127.980596][ T5778] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  128.007201][ T5778] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22
[  128.073189][ T6790] netlink: 8 bytes leftover after parsing attributes in process `syz.3.366'.
[  128.701537][ T6804] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  128.721808][ T6804] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  128.746962][ T6814] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  128.787677][ T6814] dlm: plock device version mismatch: kernel (1.2.0), user (1.28.0)
[  128.826944][  T992] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  128.976941][  T992] usb 2-1: device descriptor read/64, error -71
[  129.127549][ T6826] loop2: detected capacity change from 0 to 7
[  129.130164][ T6828] netlink: 20 bytes leftover after parsing attributes in process `syz.2.376'.
[  129.155039][ T6826] Dev loop2: unable to read RDB block 7
[  129.172614][ T6826]  loop2: unable to read partition table
[  129.188133][ T6826] loop2: partition table beyond EOD, truncated
[  129.198131][ T6826] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  129.227883][  T992] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  129.376950][  T992] usb 2-1: device descriptor read/64, error -71
[  129.508455][  T992] usb usb2-port1: attempt power cycle
[  129.746072][ T6862] netlink: 'syz.4.384': attribute type 31 has an invalid length.
[  129.867031][  T992] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  129.898512][  T992] usb 2-1: device descriptor read/8, error -71
[  130.147329][  T992] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  130.178306][  T992] usb 2-1: device descriptor read/8, error -71
[  130.229460][ T6769] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  130.242958][ T6769] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  130.282108][ T6769] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  130.288405][ T6769] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  130.309991][  T992] usb usb2-port1: unable to enumerate USB device
[  130.333211][ T6769] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  130.342944][ T6769] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  130.365964][ T6769] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  130.372090][ T6769] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  130.381174][ T1231] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  130.411976][ T6769] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  130.423582][ T6769] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  130.538607][ T1231] usb 4-1: Using ep0 maxpacket: 32
[  130.549664][ T1231] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  130.572414][ T1231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.594349][ T1231] usb 4-1: config 0 descriptor??
[  130.647448][ T1231] as10x_usb: device has been detected
[  130.667940][ T1231] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  130.775248][ T1231] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  130.811539][ T6873] ------------[ cut here ]------------
[  130.817082][ T6873] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[  130.817111][ T6873] WARNING: kernel/locking/mutex.c:625 at __mutex_lock+0x1303/0x1550, CPU#1: syz.3.386/6873
[  130.833072][ T6873] Modules linked in:
[  130.837132][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz.3.386 Not tainted syzkaller #0 PREEMPT(full) 
[  130.847127][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  130.857563][ T6873] RIP: 0010:__mutex_lock+0x130a/0x1550
[  130.863125][ T6873] Code: 30 90 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 1b 02 00 00 83 3d da 38 87 04 00 75 13 48 8d 3d cd 50 8a 04 48 c7 c6 a0 da cc 8b <67> 48 0f b9 3a 90 e9 50 ee ff ff 90 0f 0b 90 e9 4e f2 ff ff 90 0f
[  130.882861][ T6873] RSP: 0018:ffffc90003427a20 EFLAGS: 00010246
[  130.889173][ T6873] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[  130.897205][ T6873] RDX: ffffc9000d421000 RSI: ffffffff8bccdaa0 RDI: ffffffff9033ecc0
[  130.905214][ T6873] RBP: ffffc90003427bd8 R08: ffffffff9030d4c3 R09: 1ffffffff2061a98
[  130.913653][ T6873] R10: dffffc0000000000 R11: fffffbfff2061a99 R12: ffff88805762cb30
[  130.921822][ T6873] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000684f5c
[  130.929856][ T6873] FS:  00007ff14a9096c0(0000) GS:ffff888125390000(0000) knlGS:0000000000000000
[  130.938994][ T6873] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  130.945704][ T6873] CR2: 000000110c2675e5 CR3: 0000000076b00000 CR4: 00000000003526f0
[  130.954014][ T6873] Call Trace:
[  130.957520][ T6873]  <TASK>
[  130.958356][ T6891] kvm: pic: non byte write
[  130.960463][ T6873]  ? trace_contention_end+0x3d/0x140
[  130.970242][ T6873]  ? __mutex_lock+0x319/0x1550
[  130.975040][ T6873]  ? as102_dvb_dmx_start_feed+0x70/0x290
[  130.980825][ T6873]  ? __pfx___mutex_lock+0x10/0x10
[  130.985883][ T6873]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  130.991578][ T6873]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  130.997634][ T6873]  ? do_raw_spin_lock+0x12b/0x2f0
[  131.002673][ T6873]  as102_dvb_dmx_start_feed+0x70/0x290
[  131.008167][ T6873]  dmx_section_feed_start_filtering+0x518/0x6c0
[  131.014530][ T6873]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[  131.020124][ T6873]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[  131.025615][ T6873]  dvb_demux_do_ioctl+0x470/0x540
[  131.030719][ T6873]  dvb_usercopy+0x199/0x2e0
[  131.035259][ T6873]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  131.036266][ T6899] netlink: 'syz.2.389': attribute type 1 has an invalid length.
[  131.040893][ T6873]  ? __pfx_dvb_usercopy+0x10/0x10
[  131.040928][ T6873]  ? __fget_files+0x3a0/0x420
[  131.058355][ T6873]  ? __fget_files+0x2a/0x420
[  131.062992][ T6873]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  131.068355][ T6873]  dvb_demux_ioctl+0x29/0x40
[  131.072984][ T6873]  __se_sys_ioctl+0xfc/0x170
[  131.077635][ T6873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.083723][ T6873]  do_syscall_64+0x15f/0xf80
[  131.088403][ T6873]  ? trace_irq_disable+0x3b/0x140
[  131.093472][ T6873]  ? clear_bhb_loop+0x40/0x90
[  131.098192][ T6873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.104104][ T6873] RIP: 0033:0x7ff14999cdd9
[  131.108575][ T6873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  131.128596][ T6873] RSP: 002b:00007ff14a909028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  131.137369][ T6873] RAX: ffffffffffffffda RBX: 00007ff149c15fa0 RCX: 00007ff14999cdd9
[  131.145387][ T6873] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000008
[  131.153451][ T6873] RBP: 00007ff149a32d69 R08: 0000000000000000 R09: 0000000000000000
[  131.161478][ T6873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  131.169499][ T6873] R13: 00007ff149c16038 R14: 00007ff149c15fa0 R15: 00007ff149d3fa48
[  131.177533][ T6873]  </TASK>
[  131.180570][ T6873] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  131.187912][ T6873] CPU: 1 UID: 0 PID: 6873 Comm: syz.3.386 Not tainted syzkaller #0 PREEMPT(full) 
[  131.197126][ T6873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  131.207195][ T6873] Call Trace:
[  131.210477][ T6873]  <TASK>
[  131.213400][ T6873]  vpanic+0x56c/0xa60
[  131.217379][ T6873]  ? __pfx__printk+0x10/0x10
[  131.221968][ T6873]  ? __pfx_vpanic+0x10/0x10
[  131.226470][ T6873]  ? is_bpf_text_address+0x292/0x2b0
[  131.231747][ T6873]  ? is_bpf_text_address+0x26/0x2b0
[  131.236945][ T6873]  panic+0xc5/0xd0
[  131.240668][ T6873]  ? __pfx_panic+0x10/0x10
[  131.245083][ T6873]  __warn+0x315/0x4c0
[  131.249059][ T6873]  ? __mutex_lock+0x1303/0x1550
[  131.253906][ T6873]  ? __mutex_lock+0x1303/0x1550
[  131.258760][ T6873]  __report_bug+0x29a/0x540
[  131.263264][ T6873]  ? __mutex_lock+0x1303/0x1550
[  131.268158][ T6873]  ? __pfx___report_bug+0x10/0x10
[  131.273185][ T6873]  ? __lock_acquire+0x6b5/0x2cf0
[  131.278120][ T6873]  report_bug_entry+0x19a/0x290
[  131.282974][ T6873]  ? __mutex_lock+0x130a/0x1550
[  131.287825][ T6873]  ? __mutex_lock+0x130f/0x1550
[  131.292673][ T6873]  handle_bug+0xce/0x200
[  131.296915][ T6873]  exc_invalid_op+0x1a/0x50
[  131.301417][ T6873]  asm_exc_invalid_op+0x1a/0x20
[  131.306260][ T6873] RIP: 0010:__mutex_lock+0x130a/0x1550
[  131.311722][ T6873] Code: 30 90 48 c1 e8 03 42 0f b6 04 30 84 c0 0f 85 1b 02 00 00 83 3d da 38 87 04 00 75 13 48 8d 3d cd 50 8a 04 48 c7 c6 a0 da cc 8b <67> 48 0f b9 3a 90 e9 50 ee ff ff 90 0f 0b 90 e9 4e f2 ff ff 90 0f
[  131.331332][ T6873] RSP: 0018:ffffc90003427a20 EFLAGS: 00010246
[  131.337409][ T6873] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000080000
[  131.345377][ T6873] RDX: ffffc9000d421000 RSI: ffffffff8bccdaa0 RDI: ffffffff9033ecc0
[  131.353354][ T6873] RBP: ffffc90003427bd8 R08: ffffffff9030d4c3 R09: 1ffffffff2061a98
[  131.361349][ T6873] R10: dffffc0000000000 R11: fffffbfff2061a99 R12: ffff88805762cb30
[  131.369320][ T6873] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000684f5c
[  131.377294][ T6873]  ? trace_contention_end+0x3d/0x140
[  131.382583][ T6873]  ? __mutex_lock+0x319/0x1550
[  131.387382][ T6873]  ? as102_dvb_dmx_start_feed+0x70/0x290
[  131.393015][ T6873]  ? __pfx___mutex_lock+0x10/0x10
[  131.398035][ T6873]  ? __mutex_unlock_slowpath+0x1be/0x6f0
[  131.403668][ T6873]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  131.409660][ T6873]  ? do_raw_spin_lock+0x12b/0x2f0
[  131.414697][ T6873]  as102_dvb_dmx_start_feed+0x70/0x290
[  131.420159][ T6873]  dmx_section_feed_start_filtering+0x518/0x6c0
[  131.426680][ T6873]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[  131.432257][ T6873]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[  131.437721][ T6873]  dvb_demux_do_ioctl+0x470/0x540
[  131.442748][ T6873]  dvb_usercopy+0x199/0x2e0
[  131.447248][ T6873]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  131.452787][ T6873]  ? __pfx_dvb_usercopy+0x10/0x10
[  131.457814][ T6873]  ? __fget_files+0x3a0/0x420
[  131.462498][ T6873]  ? __fget_files+0x2a/0x420
[  131.467085][ T6873]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  131.472367][ T6873]  dvb_demux_ioctl+0x29/0x40
[  131.476957][ T6873]  __se_sys_ioctl+0xfc/0x170
[  131.481549][ T6873]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.487611][ T6873]  do_syscall_64+0x15f/0xf80
[  131.492200][ T6873]  ? trace_irq_disable+0x3b/0x140
[  131.497301][ T6873]  ? clear_bhb_loop+0x40/0x90
[  131.502062][ T6873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.507955][ T6873] RIP: 0033:0x7ff14999cdd9
[  131.512383][ T6873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  131.531994][ T6873] RSP: 002b:00007ff14a909028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  131.540409][ T6873] RAX: ffffffffffffffda RBX: 00007ff149c15fa0 RCX: 00007ff14999cdd9
[  131.548372][ T6873] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000008
[  131.556338][ T6873] RBP: 00007ff149a32d69 R08: 0000000000000000 R09: 0000000000000000
[  131.564305][ T6873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  131.572273][ T6873] R13: 00007ff149c16038 R14: 00007ff149c15fa0 R15: 00007ff149d3fa48
[  131.580243][ T6873]  </TASK>
[  131.583606][ T6873] Kernel Offset: disabled
[  131.587917][ T6873] Rebooting in 86400 seconds..