last executing test programs:

11m48.562572032s ago: executing program 32 (id=6365):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)

10m47.967452395s ago: executing program 33 (id=7217):
r0 = semget$private(0x0, 0x7, 0x180)
semtimedop(r0, &(0x7f0000000280)=[{0x4, 0xf948, 0x1000}], 0x1, 0x0)
semtimedop(r0, &(0x7f0000000380)=[{0x0, 0x9, 0x800}, {}], 0x2, 0x0)
semctl$GETZCNT(r0, 0x0, 0xf, 0x0)

8m30.597095622s ago: executing program 3 (id=9372):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e24, @multicast2}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000)
setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000080)=@gcm_256={{0x304}, "611aa09f6de4ef2a", "4867f60c9366f8caca55097828d9173185df9cd607089de85deb98049bc3b01e", "7185a435", 'N_3\t\x00\x00\x008'}, 0x38)

8m30.361074082s ago: executing program 3 (id=9376):
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0xddda0000, 0xdddd0000, 0x8, 0xf1, 0x4a, 0xfd, 0xd6, 0xd4, 0x0, 0x4, 0x7, 0x6}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x8, 0x6, 0x5}, {0x8000000, 0xffffffff, 0x8, 0xfc, 0x3, 0x46, 0x2, 0xd, 0xff, 0x5, 0x0, 0x1}, {0x40000, 0x41000, 0x8, 0x1, 0x3, 0x9, 0x9, 0x8, 0x5, 0x4, 0x2e, 0xb}, {0x2, 0xdddd0000, 0x0, 0x6, 0x3, 0x6e, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0xc000, 0x9, 0x8d, 0x3, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x3, 0xa, 0x9, 0x54, 0x6, 0x2, 0x7}, {0x60000, 0x5}, {0xb000, 0x4009}, 0x40010000, 0x0, 0xf000, 0x40036c, 0x5, 0x100, 0xe6e70c00, [0xffffffffffffff47, 0x401, 0xff, 0xc5]})
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x100})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})

8m30.197068312s ago: executing program 3 (id=9378):
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0xa8282, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd86)

8m28.0729671s ago: executing program 3 (id=9398):
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mount$9p_unix(&(0x7f00000000c0)='./file0/file0/..\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)='cgroup2\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000780)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)

8m27.865241557s ago: executing program 3 (id=9401):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4004, r0, 0x2})
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/4\x00')
read$FUSE(r2, &(0x7f0000000480)={0x2020}, 0x2020)

8m26.655443301s ago: executing program 3 (id=9421):
syz_emit_ethernet(0x2a1, &(0x7f0000000200)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb884700000000694f5eb402672f00fc020000000000000000000000000002000000000000000000000000000000013300f878660000000420880b002d00010003d427de2efac6ef7b4ab9b07b162d89c93f3281cf0cd1e6e057b3b7d5d205e5677506a76ddc575a4868996c7a6301263e76fcd3e8537b4ed9624046c964a3dd8ecc8c3f01103a702cb6bf9050e6e55fad2788005cc48f92f39d233fcdeaaf0de7e0208d0d37885185d60807dc21d92037e9f47e92c88799f36ed2afab5c5bbd74d91e7dda460c0086dd0005c8f96151ec1bab2ed76be2a69e4ceb849812fc75f9024e10c2d7bac9d9adbe902c99eb40339346c7a43190b9dbf0fdbdd01510ef5ad4a330882a2796787e9b58cf0a"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x5, 0x2}]}}}}}}}, 0x0)

8m26.210034592s ago: executing program 34 (id=9421):
syz_emit_ethernet(0x2a1, &(0x7f0000000200)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb884700000000694f5eb402672f00fc020000000000000000000000000002000000000000000000000000000000013300f878660000000420880b002d00010003d427de2efac6ef7b4ab9b07b162d89c93f3281cf0cd1e6e057b3b7d5d205e5677506a76ddc575a4868996c7a6301263e76fcd3e8537b4ed9624046c964a3dd8ecc8c3f01103a702cb6bf9050e6e55fad2788005cc48f92f39d233fcdeaaf0de7e0208d0d37885185d60807dc21d92037e9f47e92c88799f36ed2afab5c5bbd74d91e7dda460c0086dd0005c8f96151ec1bab2ed76be2a69e4ceb849812fc75f9024e10c2d7bac9d9adbe902c99eb40339346c7a43190b9dbf0fdbdd01510ef5ad4a330882a2796787e9b58cf0a"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x2c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x5, 0x2}]}}}}}}}, 0x0)

7m33.358834336s ago: executing program 7 (id=10171):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[], 0x88}}, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
fcntl$lock(r0, 0x24, &(0x7f00000002c0)={0x1, 0x0, 0x3ff, 0x8000000000000001})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

7m33.177126121s ago: executing program 7 (id=10176):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000640)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x0, 0x3, 0x6369, 0x7, 0x0, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffff, 0xb}, {0x4, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x5, 0x9}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240040e0}, 0x0)

7m32.327962399s ago: executing program 7 (id=10186):
recvmmsg(0xffffffffffffffff, &(0x7f0000000580)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/55, 0x37}}], 0x1, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000440)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x452c, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, {0x0, 0x6558, 0x18, 0x0, @wg=@data={0x4, 0x0, 0xffffdd86}}}}}}}, 0xfdef)

7m31.496083125s ago: executing program 7 (id=10199):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')

7m31.401981891s ago: executing program 7 (id=10201):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0xf1b}, 0x8)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})

7m30.432471829s ago: executing program 7 (id=10217):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0xb}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240000e0}, 0x4890)

7m30.226025364s ago: executing program 35 (id=10217):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0x6, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_ADMIT_BYTES={0x8, 0x5, 0xb}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240000e0}, 0x4890)

6m10.624505319s ago: executing program 6 (id=11297):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

6m10.249207671s ago: executing program 6 (id=11305):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x104}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x400}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60000081}, 0x800)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x1c, 0x1, 0x4, 0x5, 0x0, 0x0, {0x3, 0x0, 0x10}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x26088888)
close(0x3)

6m10.156271628s ago: executing program 6 (id=11308):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x20000253)

6m9.225455371s ago: executing program 6 (id=11328):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x80000, 0x0)

6m9.120372685s ago: executing program 6 (id=11331):
unshare(0x28000600)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000006c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="2801"], 0x128}, 0x4004000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

6m8.03702008s ago: executing program 6 (id=11349):
r0 = fsopen(&(0x7f00000006c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x60000e46)

6m7.407689885s ago: executing program 36 (id=11349):
r0 = fsopen(&(0x7f00000006c0)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21)
r2 = inotify_init1(0x0)
inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x60000e46)

4m4.067402616s ago: executing program 9 (id=12654):
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r2, 0x0)
cachestat(r2, 0x0, &(0x7f000009de80), 0x0)

4m2.015608803s ago: executing program 9 (id=12670):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x400017e)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r2, 0x0, r4, 0x0, 0x1, 0x0)
vmsplice(r3, &(0x7f0000001280)=[{&(0x7f0000001180)="83", 0x1}], 0x1, 0x0)
vmsplice(r4, &(0x7f00000005c0)=[{&(0x7f0000000000)="04", 0x1}], 0x1, 0x6)

4m1.020618303s ago: executing program 9 (id=12688):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
io_setup(0x7f, &(0x7f0000000940)=<r1=>0x0)
io_submit(r1, 0xfdef, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000080)="c3", 0x1}])
connect$unix(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mq_open(0x0, 0x40, 0x24, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
io_destroy(r1)
close_range(r2, 0xffffffffffffffff, 0x0)

4m0.189620012s ago: executing program 9 (id=12703):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
mount$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x80, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000440)='./file0\x00', 0x0, 0x2895004, 0x0)
open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)

3m59.903802376s ago: executing program 9 (id=12707):
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read(r0, &(0x7f0000000080)=""/1, 0x1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r1, 0x11, 0x65, 0x0, &(0x7f00000000c0))
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
r4 = openat$cgroup_subtree(r3, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r4, &(0x7f0000000300)=ANY=[@ANYBLOB='-cpu'], 0x5)

3m57.215908041s ago: executing program 9 (id=12724):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}, {0xe, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000884)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001340)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x8004, {0x0, 0x0, 0x0, r6, {}, {}, {0xa, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x24040812)

3m56.847392372s ago: executing program 37 (id=12724):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x4}, {0xffff, 0xffff}, {0xe, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000884)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001340)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x8004, {0x0, 0x0, 0x0, r6, {}, {}, {0xa, 0xb}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x80}, 0x24040812)

2m11.461904894s ago: executing program 2 (id=13331):
getpid()
syz_open_procfs(0x0, &(0x7f0000000180)='net/if_inet6\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)

2m8.845558093s ago: executing program 2 (id=13335):
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
socket(0x2, 0x3, 0xff)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x40001, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8840, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x8, 0xa, "ff00f70000e5020052c4f21c7f000000002000"})
syz_open_pts(r0, 0x141601)
socket(0x2, 0x5, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x2, 0x80805, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000080)={r1, 0x8000, 0xffffffffffffffff, 0x2})
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1)

2m7.134882594s ago: executing program 2 (id=13336):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x1)
read$FUSE(r2, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0xfff, 0x84ce7)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
ioctl$SNDRV_PCM_IOCTL_LINK(r3, 0x40044160, &(0x7f0000000100)=0x80000000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, 0x0, 0x0)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000740)=@data_frame={@msdu=@type10={{0x0, 0x2, 0x7, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1}, {0x5}, @random="f84573653ff8", @device_a, @broadcast, {0xd, 0xc}}, @a_msdu}, 0x18)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8804)
nanosleep(0x0, 0x0)
ioctl$TCSETSW2(r1, 0x402c542c, 0x0)
syz_80211_inject_frame(0x0, 0x0, 0x0)

2m3.144824465s ago: executing program 2 (id=13345):
r0 = socket$pptp(0x18, 0x1, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r4, 0xffffffffffffffff, 0x0)

2m0.642761255s ago: executing program 2 (id=13348):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
capget(&(0x7f0000001080)={0x5a7ccc6daee55235, r0}, &(0x7f0000001100)={0x9, 0x5, 0xb61, 0x7, 0x3, 0xdf})
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r4, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)

1m59.308513037s ago: executing program 2 (id=13350):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_procfs(0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x10, 0x8000, 0x100000d6}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x623, 0x4c1, 0x4, 0x0, 0x0)

1m41.575981626s ago: executing program 38 (id=13350):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_procfs(0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x10, 0x8000, 0x100000d6}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x623, 0x4c1, 0x4, 0x0, 0x0)

1m19.035965111s ago: executing program 4 (id=13440):
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0xa, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x3c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040), 0x4)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

1m11.210964047s ago: executing program 4 (id=13459):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b5, 0x1, 0x77fe, 0x40024e}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc699c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r4 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x2}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x2, 0x1, 0x7}}, 0xe8)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0)

1m9.246077437s ago: executing program 4 (id=13462):
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0)
r0 = io_uring_setup(0x667, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000005900)={0x3, 0x7, &(0x7f0000000300)=ANY=[@ANYRES32], &(0x7f0000000040)='GPL\x00', 0x2}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000180)=0x5)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m8.002298077s ago: executing program 4 (id=13464):
socket$inet6(0x10, 0x2, 0x0)
timerfd_create(0x0, 0x0)
io_submit(0x0, 0x3, &(0x7f0000000580)=[0x0, 0x0, 0x0])
request_key(&(0x7f0000000340)='user\x00', 0x0, &(0x7f00000003c0)='q\xa9', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_getscheduler(0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
ioctl$EVIOCRMFF(r1, 0x40095505, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0100000003000000ec0b000007"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000000c0), 0x108, r2}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000240)={r2, &(0x7f0000000540), &(0x7f0000000040)=""/84}, 0x20)
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='coredump_filter\x00')
socket$l2tp(0x2, 0x2, 0x73)
write(r3, &(0x7f0000000040)="1c000000210025123510dbda164216270bdc3e51b667ff0003", 0x19)

1m7.071978397s ago: executing program 4 (id=13467):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x20008080)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x8}}, 0x240440c0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x0, 0xe, 0x0, 0x0, 0xfffffffd, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xc, 0x60000002}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0x0, @loopback}}]}, 0x70}, 0x1, 0x7}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000640)=@newlink={0x20, 0x10, 0x403, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x9000}}, 0x20}, 0x1, 0x0, 0x0, 0x20000010}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xa8}, [@ldst={0x6, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x8001, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r5, 0x40103d0b, &(0x7f0000000180)={0xc, 0x1})

1m5.34737924s ago: executing program 4 (id=13471):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
io_setup(0x8, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x10, 0x8000, 0x100000d6}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000804}], 0x1, 0x2ede8ec33678cf20)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x623, 0x4c1, 0x4, 0x0, 0x0)

52.424132934s ago: executing program 8 (id=13497):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, 0x0, &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000480)='devices.deny\x00', 0x2, 0x0)
fdatasync(r0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newsa={0x138, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4001, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@multicast1=0x4d4, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0x81}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0x3fc, 0xff}, 0x80, 0x3500, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}}, 0x844)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x10f, 0x8a, &(0x7f00000001c0), 0x4)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, 0x0, 0x0)
r5 = semget$private(0x0, 0x207, 0x0)
semtimedop(r5, &(0x7f00000002c0), 0x0, 0x0)
semctl$GETALL(r5, 0x0, 0xd, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000180), r4)

50.522057482s ago: executing program 8 (id=13504):
socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0)
mprotect(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x2c, r1, 0x1, 0x72bd29, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x5, 0xc}]}]}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040)
gettid()
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x3)
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
readv(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/157, 0x9d}], 0x1)

47.351098509s ago: executing program 39 (id=13471):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(0xffffffffffffffff, 0xc0585609, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
io_setup(0x8, 0x0)
syz_open_procfs(0x0, 0x0)
r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x10, 0x8000, 0x100000d6}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000804}], 0x1, 0x2ede8ec33678cf20)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x623, 0x4c1, 0x4, 0x0, 0x0)

46.290927179s ago: executing program 8 (id=13515):
fdatasync(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(0x0, 0x0)
r4 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
tkill(r4, 0xb)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000300), 0x8)
pause()
syz_emit_vhci(&(0x7f0000000780)=ANY=[@ANYBLOB="02c93010000c000500170508"], 0x15)

44.830796993s ago: executing program 8 (id=13518):
fsopen(0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
r2 = add_key$user(&(0x7f0000000140), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="af", 0x1, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000001c0)="da", 0x1, r3)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000002c0)='asymmetric\x00', &(0x7f0000000300)=@chain={'key_or_keyring:', r2})
keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0)
dup(0xffffffffffffffff)
io_setup(0x8, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), 0x0, 0xa00}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x1, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xa28, 0x2000}}, 0x20}, 0x1, 0x0, 0x0, 0x40008c4}, 0x20004804)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r5, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
io_submit(0x0, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])

43.086161146s ago: executing program 8 (id=13521):
r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x4088080, 0x0, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
socketpair(0x1d, 0x800, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
getpriority(0x2, r1)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r4, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000200)={<r5=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f00000002c0)={r5, 0x4}, &(0x7f0000000300)=0x8)
sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, 0x0, 0x200048c4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, 0x0)

41.147992154s ago: executing program 8 (id=13523):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8401)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xd, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
request_key(0x0, 0x0, &(0x7f0000001240)='\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
getdents(r3, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r4 = socket$inet6(0xa, 0x3, 0x3)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffe0)

24.095767748s ago: executing program 40 (id=13523):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8401)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xd, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
request_key(0x0, 0x0, &(0x7f0000001240)='\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
getdents(r3, 0x0, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r4 = socket$inet6(0xa, 0x3, 0x3)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffe0)

12.891815962s ago: executing program 1 (id=13580):
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e20, 0xeb, @remote, 0x4}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000580), 0x3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, 0x0, 0x0)
sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000b80)='n', 0x1}], 0x1}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000040)={0x0, 0x9, 0x7a8, 0x6}, 0x14)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x304}, "080200", "8a36c47a9c625dfaf08ace81c500", '\x00', "362d3017f069109d"}, 0x28)
syz_genetlink_get_family_id$fou(&(0x7f00000011c0), r3)
sched_setscheduler(0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000400)={0xf0f071, 0x2})
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004041, 0x0, 0x0)

11.687919581s ago: executing program 1 (id=13583):
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0xa4242, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom0\x00', 0x803, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
sendfile(0xffffffffffffffff, r1, &(0x7f0000000080)=0x2, 0xd)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
openat$udambuf(0xffffff9c, &(0x7f00000000c0), 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0x4018aee3, 0x0)
writev(r1, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f00000006c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x14, 0x1, 0x4, 0x3, 0x0, 0x0, {0x7, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x40800)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x20000004)
r7 = dup(r0)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000100)={0x2, 0x4, 0x6})
r8 = syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x2)
ioctl$CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, &(0x7f0000000080)={"5381d6dc", 0x2, 0x9, 0x1, 0x3fe, 0x7, "9ad7f18bee5970ebb85649ef55e24c", '\x00', "00000003", "a88bb21f", ["5c294bd54bdbcc454ec4fe2a", "1e823e1929dad85f7c58b964", "0cefddcd3a6e078d00c07b4e", "faf2b69f1b22666ad990e013"]})
ioctl$CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, 0x0)
write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd86)

11.421204862s ago: executing program 1 (id=13585):
syz_socket_connect_nvme_tcp()
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x1e0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r4, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000200), 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x9c, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x9c}}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)={0x14, 0x6, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x20000000)
sendmsg$rds(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

10.283227284s ago: executing program 1 (id=13587):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7fff}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)=<r4=>0x0)
syz_open_procfs(r4, &(0x7f00000004c0)='net/hci\x00')
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x86)
r7 = socket$qrtr(0x2a, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYRES64=r7], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
r8 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r8, &(0x7f0000000200)=ANY=[@ANYBLOB="03040000b50000000100fefffeefffff"], 0xc8)
sendmsg$sock(r7, &(0x7f0000001540)={&(0x7f0000000240)=@pppoe={0x2a, 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, 'lo\x00'}}, 0x80, 0x0}, 0x0)
fchdir(r6)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r9, 0x3, 0x1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0xc9fa75ff70186347}, 0x28)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_PROMISC(r10, 0x6b, 0x2, &(0x7f0000000740), &(0x7f0000000780)=0x4)

7.489825391s ago: executing program 5 (id=13596):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
mount$tmpfs(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000280), 0x2000001, &(0x7f0000000080)=ANY=[@ANYBLOB='fscontext=unconfined_u,fscontext', @ANYRES16])
write(r3, &(0x7f00000008c0)="bae2bf808214ff98d8d00b4e4aa5b63a86342a471feaedd023fe0d23081a02d33e4a469ab9d700b98dbc637a1ab17ee404dfa6c5d5a144ee59221d4b94680ba508343a208a525cff39a2733191ec729e1ed6ee89970d901cdde9274de2a14d16d4b60efff4a823051100a4766a36baa70307cd088fcc9e7146a60c52282f525d113a20c411358bfa0b288791cc9dba6ba75a160cb7beda4a2a7f1a2fa5c565ff344c6b7550c85aeec24195055e0cb2b5ed37875be4e627ef1027ef44c76edb024b67d2dd316c9025880d70300e9ac5abae459e1de4d6868facadaf5c07042ba04768b47d542ef67510bc6a31e1c671cd366d1060843996078b8bceab4299a1fd7ff0318b010dfc8a95b9163505bdde7f92bccfb94a227d620c7fbf355564d75dadaeb40bfa148575d175ba6b276dd1f08de275305c679ed2ca319a0d0ea310eee868429deb863319197812d62a2961765536e8b81edabf419b3ee6c60e17b9c61353366cb3e11572e94b996053feb7854704a86cd638976f8373557ca455e43463252bff8f4835f05ac57cc3e29031d648a942c4f83823378367ff5ff6157e59ccb6b7236eeca6a5f962d3f79b677fa1d2b8baa374f5aab9ecabd7f024941d73db13ba01090a7544d51c2e1ffc35d383b355c359568623715caadca70f1125419af0a5ec9832a5885c29ac40b3fe2f9f173934bb57eef3c9ab71d1b747554fb403d22cd39f98d2ac6df121c75ea827d1790db6fc7c21f601f75bc9b7d5facd83cf77e4b666e3257fb81ac213d2afccd3cc5e2bab7db075d051cd5c9f860f421e672e6d3c2ffce5f51b45e24a1dcf27de17e47ad0d34fa1ead3fc3892593f29f94f26413603c490f9c7d0682de6f9048ae911615975cee4e8b1349133192bfe71130368238688b67b74631a1a524699d28d86427694f753daf88e009c4d34ed310fea1c7356e5abc256595589f704a69b36b6dd05060f3abd79af70d2eb438b85b3d35d300eabaf51bdf479e07ff1338eba821f0c2a395cd355103df33032c1cd8edcdc5425f4418f18b7c1e85fceeb6f41fbaed2573052cf087659520618fe64ec82ae8484b2ddb50a41762fc3f90b3ceb8b2d10bac688e2d35d35e93639ab72384bebe7690c467f0f678bd75c9aa67bc96d94c98ced73d22c6776c918fe50143b80dc80d97326858cbbff3d66f7dc788b788ef275c5037081e9f025e3becca7cf496f7cddd0da37a4ea323d5037bfbcb61edf8b5980269c788605be92bd56b2399e1d5c6dfb43b65d6c9fb9a1ea1c8c548833c48a255b81ac0f7029be6234823bcf232efdc8116d530b652bc6aeab4367f7a33b4d152646003c2064a0b1cabaef6c2391e71c822409130fc4d0a3c9d2895b3f3468a51b33c512711e36632597b3e582af545f29b698d2d41f8362080977d0a0d48d492cc4f61816b7fedd27b826f81e1cbffed54c31dc6ef4b986bad01da626237a2e6bca61e2329bc4e06de64fa68d371a2f0b5dfe017d321e09bd5fc8fba5416e8d7ea329ec0f9be877dc406b6f592dfb3176cffcd9a82ac7479e674d6f3c346fcd3cd2f65e724693b5ace04bb74c2e8a47717162a3b14fcd0b9045b48545ec9dd4d2d1926da207371dbb8e339bd5456f7e00dfb73a9ad86e5e902311644a9a0ce2cb9483b90c25c8e30984bac1c462c06f1b76c68f5a8ef8e6414c67b6a0f77e9eb2e56a8b9ebe6af0a8fa69a92ea6ffde0eee16696a065da53bb4cb51c5985fcb0434589b4628efcf14ddd5f17ec6bd1f219096e02dc364d036b21df65c16a7a83a2145996f2154719317f49444f6ba380b821e4ca10ebba5795d6f04fe252cfabc4ffba1ae5938450b6da37ad734cf298029bfdac3b28cf86f27696fb2b7707702606e3bf5ae65e0d74b3ba450cb36af1c975aead56e69d4e61d3b1941b15d4e017f46552caf43c5ac8beafcf4c0e64c8247136d8e36409ef2986b79c806f4122a44cf988ce789797ec8919f6daff8e353e2391e45f4a2dd9984fbc8646132e2502d462d04b2d7be73cca3ede4240e3368585083f7721da55c95fc49b43a28c3e09c5fb7b43e4dc48d1095d7327ec859d657cf9cc8eef62aac5f1948358727267b87741c27fcc4b3577552e8ad3393a28261a1f754e8130c5b696509b608eb18a0cea00709ec2698527182412559deb8158e2caac436d000b4fb0f98cf920be07f0cbf3eb042bf865f68ca9295e541ae1ec6620b657ffd021794c9e2af3fdaeb5d453c30f8f915b28f230deb1f0717992d9b33425b79106de94e1cdb79dd14627413af70a2d34c908d0c165a3601b0339a335bb44ae635fe96c932111f6eef5216e32a46085216ad85423ef9b0e335ff7028464ccaaaf146d846c436e1db3c77877dce48b92d6b7e1d04f455f66093a9b24c07ef58cbfa7626c03cdf2153f14b055eb6c3c98a28ca85a74c48773f829a35433f11078249dd0a4295dbc3cf539a2b68c472a3000bb1b8e0faee8ea405270532c20ef4955b54d768d99d83ba165f37061bad1d1dcb1d90162b2a6c7678068e665dfa9501d367e4ba272238a3f8919d7f19cb692f2679fb1ea43d3fcf7119ce967529450de7fb3a2bb9902bf5b146e37661a934554f12dfec8647a96c5efc7bf3256af35cc94b64ad1a6902c6b052bb7334a364b0eaa485dee260d1331620e59260517f5d79c5eefc11148062fc6d8296d40a0e832b406c39440945ef986f7bd5beeef8954a86d4efb2f0b1215a3860df643bfa2f8bc99113ea1401188b580ee168a3b62201529b581e360754ae9528f9a2339e9b91a60111bd31a0079f739219cc44f909291b62f120154f6b52acde04dbccf990fcc7a69ce2038abcb3a67c6486096646dda436b4a95e50c18756554c60c6c1cc54ce217b56bdc191ed7eb7878913203bc227b28d5fdf65953a59a2ee1e1238e2c661777a9159a101fccee86d1ce2b95f5ad3d91466d9c466f5eca143b29c2609c13f708d1467c3be9834a7846eb6914861aa7b44f63c509484ffca1cfb2e561af51cbde7ee3fc2e07fc5e0e81df9d935b09f9f9476b1f3dd14952ca4d110933ee4d92eb98ea6fac1111a33e4a23a8a0c8542d5351cf34820daf5b4b805b7e70e47daa9e2dad1f8c8bb88d49322c0b40b9d7517aeee63f2167aff6cbd520a7703b38f5fb1b35437b78749c884aeec19d39a27703422", 0x8d1)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x78, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xb}, {0x0, 0xfff3}, {0xd, 0x300}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0xc1f5}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x34, 0x9, 0x0, 0x1, [@m_csum={0x30, 0x6, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
r6 = getegid()
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x0, 0x0, {{0x6, 0xfffffffffffffffd, 0xe, 0xac, 0x3, 0x4, {0x0, 0xff00000000000000, 0x5, 0x40000000005, 0x85, 0x7fffffff, 0x8000, 0x7fffffff, 0xfffffffe, 0x4000, 0x0, 0xee00, r6, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20040040)
pselect6(0x95, &(0x7f00000001c0), 0x0, &(0x7f0000000240)={0x9}, &(0x7f0000000280)={0x0, 0x989680}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

5.795904279s ago: executing program 5 (id=13598):
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.state\x00', 0x26e1, 0x0)
close(r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000140)={'wlan1\x00', @random="ff01ff8d00"})
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x100, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r4, &(0x7f0000000300)={0xa, 0x4e23, 0x8000000, @mcast1, 0x3}, 0x1c)
ioctl(r1, 0x9, &(0x7f0000000440)="3d03da25c3ca7b555cafd9d7b755eb2136709b776130ddd5574eb8a883af5a00d3a45bb83356c4bf90461cf3fd5682651b308a91221c82f2b6bb787b28150e777993bf0a3b136499a7856c42edd88302a64a5d6bc9975c0296b27a93764366f22eaf1013782f5741274b23d352e311e7f071dce24119e76d82c1625c0ace80455ea1d5807e901c811a23")
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e24, 0x2, @remote, 0xfffffffd}}, 0x0, 0x0, 0x500, 0x0, 0x54, 0xa}, 0x9c)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000200)={0x1, [0x0]}, &(0x7f0000000080)=0x48)

4.270539027s ago: executing program 5 (id=13601):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x30004001)
socket$alg(0x26, 0x5, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000100), 0xd, 0x412002)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$FE_GET_PROPERTY(0xffffffffffffffff, 0x80106f53, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x2)
getsockopt$inet6_mreq(r1, 0x29, 0x15, 0x0, &(0x7f0000000080))
ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, 0x22012, 0xffffffffffffffff, 0x6bcf8000)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x24, &(0x7f0000000000), 0x4)

3.848926547s ago: executing program 0 (id=13602):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)={0x2, 0xa, 0xfc, 0x0, 0x7, 0x0, 0x70bd28, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in=@empty, @in=@rand_addr=0x64010100, 0x2c, 0x30}]}, 0x38}}, 0x40408c0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c020000190001000500000001000000fe88000000000000001200000000010100000000000000000000000000000000000000000000000002000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000001000000000000000000000000000000900000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000002000000000000010001000000000084010500ac1414aa00000000000000000000000000000000330000000000000064010100000000000000000000000000ff340000000000000000000000000000402000007f000001000000000000000000000000000020003c00000002000000fe80000000000000000000000000000000000000000000000000000000000000000000007f000001000000000000000000000000000000006c00000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000ac14144300000000000000000000000000000000330000000200000000000000000000000000ffffac1414aa000000000000000000000000000000000000000020010000000000000000000000000000000004d26c000000000000000000000000000000000000000000000100000000000000000c0000000000000000000000ac1e0101000000000000000000000000000004d26c00000002000000e00000020000000000000000000000000000000002000100"/497], 0x23c}, 0x1, 0x0, 0x0, 0x1}, 0x4000)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000980)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x12}, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x20}, 0x4000004)
setsockopt$inet_int(r4, 0x0, 0x22, 0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, 0x0)
setsockopt$inet_int(r4, 0x0, 0x17, &(0x7f0000000040)=0x95, 0x4)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000001c0)={0x0, 0x9, 0x10}, 0xc)
socket$nl_route(0x10, 0x3, 0x0)

2.70633064s ago: executing program 5 (id=13603):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = getpid()
sched_setscheduler(r2, 0x3, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r0, 0xd87cc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4)
r5 = fsmount(0xffffffffffffffff, 0x0, 0x1)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r6, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1, 0x800, 0x0, {}, {}, {}, 0x1, @canfd={{0x0, 0x1, 0x0, 0x1}, 0x23, 0x3, 0x0, 0x0, "b58ea0744fb6449e19dca1ed2d3a19aca6d16a98fdc3f9d45e20422838e9aaaf19a73c33338483072d7e23cba7c6efdc78c7bea0a06e4762edb0d074701c05a2"}}, 0x80}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1, 0xac6, 0x2f, {0x77359400}, {0x77359400}, {0x0, 0x0, 0x0, 0x1}, 0x1, @canfd={{0x0, 0x1}, 0x36, 0x3, 0x0, 0x0, "4b4415ac4334dbf859d5644739d79ee3b292d9ee47e89fd3347d5b107f16e60e61ac1ff8452e6dc460078e733769e4e8d6b9d0c7c07faf610060ede43a2ab818"}}, 0x80}, 0x1, 0x0, 0x0, 0x40c4}, 0x0)
fchdir(r5)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="050000000400000004000000"], 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xd, 0x0, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r7}, 0xc)

2.26395649s ago: executing program 1 (id=13604):
fsopen(0x0, 0x0)
fchdir(0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
r2 = add_key$user(&(0x7f0000000140), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="af", 0x1, 0xffffffffffffffff)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
add_key$user(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000001c0)="da", 0x1, r3)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f00000002c0)='asymmetric\x00', &(0x7f0000000300)=@chain={'key_or_keyring:', r2})
keyctl$KEYCTL_MOVE(0x1e, r2, 0xffffffffffffffff, r3, 0x0)
dup(0xffffffffffffffff)
io_setup(0x8, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), 0x0, 0xa00}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@newlink={0x20, 0x10, 0x1, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0xa28, 0x2000}}, 0x20}, 0x1, 0x0, 0x0, 0x40008c4}, 0x20004804)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x14, 0x4, 0x4, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={r4, &(0x7f0000000140), &(0x7f0000000200)=""/221}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

1.270693546s ago: executing program 0 (id=13605):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x17, 0x11, 0x839, 0x70bd2c, 0x100003, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {0x2, 0xa}, {0xf, 0xfff1}}}, 0x24}}, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f00000005c0)=0x18)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000d40)={{0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={@_ha_fsid={[0x8, 0x7fffffff]}, {0x2, 0x8, 0xd, 0x6}}, 0x3, &(0x7f0000000540)={@_ha_fsid}, 0x0}, 0x5, &(0x7f0000000e00)=[{0x1, 0x4caa, &(0x7f0000000700)='connmark\x00', &(0x7f0000000740)="01978c1c2cc4b9004d8c4deb4fcffe21aead3de21ade811d2298738aebec76650ec01a668da31d90352fe6a28d60887f03f6cc990debd7581deb98e1ee8d1ebd9fb1664d704ccb614f3a729491d05ec6e2d470e01b64bea7660359aa3b7bcea3be8eb0ba2ee737", 0x67, 0x10}, {0x1, 0x4, &(0x7f0000000900)='connmark\x00', &(0x7f0000000940), 0x0, 0x2}, {0x1, 0x3, &(0x7f0000000980)='\x00', &(0x7f00000009c0)="9515dde9a164bbe50de6f6d046c5f49efba9c621e80713bc2651c3ff043bdce51ea5f97c8a0488a59b00383f454e54a5c034a99082d54b10ae81624eb2f3bd23892ae9533b61cc6d5be0fad39f7d2ca574d26418ea4d537e1ac251177144ebfe2beb51f9510b95ee8837704bb908b7d9a526d1d2cacb7455e11cd6a694e0fd7d70aa7c9972293343fb", 0x89, 0x20}, {0x2, 0x0, &(0x7f0000000b40)=',^^\xd9&&\x00', &(0x7f0000000b80)="04259e439e7a36b5d608631e376f97100b26723336d45c44fd927ae6e950a716363751b014753aad831b9e71ff402ce54d6eab607518bc7e57283d6fa33ed0acc262d06ce5e71a6a5b643aeaf409cee14b", 0x51, 0x32}, {0x1, 0x80000001, &(0x7f0000000c00)=']\x00', &(0x7f0000000c40)="63602c4d881e675a0ad3e49e5044e8dc7dba90124e2ec2dc19478c8788a3d8fc8cfbc6676ab7f1c1728d038c75822918bf5e875b92187f1db89522bc1cbfd69866fbbad56ff82be5ca52bca254949b8d5a3813a667bddff8ed771d00fac02a47ea360b4fb9c4f11766880413321bcf2a2e2418a5b5557fd49a10122132756a56f1ce0c5a3f18606e4020d7a32998da87d1d07a07a54054e1f6506fb948b48128d9b35820573bc4492c1e666856d01a112ee09b7d2c04a5370d3b13a71a711337ceb96fb73788a3430d", 0xc9, 0xa}]})
syz_genetlink_get_family_id$mptcp(&(0x7f0000000f40), 0xffffffffffffffff)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x25, 0x0, @void}, 0x10)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x481d5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000840)=@newsa={0x158, 0x10, 0x713, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local}, {@in=@dev={0xac, 0x14, 0x14, 0x17}, 0x4d5, 0x33}, @in=@multicast1, {0x3}, {}, {0x0, 0x22}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5c, 0x14, {{'cmac(aes)\x00'}, 0x80, 0x0, "3509fe8fd57fd44aa5074c50bc700e53"}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x158}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

1.120696255s ago: executing program 5 (id=13606):
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(r1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', 0x0, 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]})
ioctl$VIDIOC_SUBDEV_G_FMT(0xffffffffffffffff, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}})
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
fsopen(&(0x7f0000000380)='udf\x00', 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3004c8d4}, 0x80)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
sendfile(r3, r3, &(0x7f0000000240)=0x3, 0x8f)
setsockopt$inet6_int(r0, 0x29, 0xcb, &(0x7f0000000040)=0x1, 0x4)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20, 0x80000005, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xe}, 0x1c)
r4 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r4, 0x0, 0x27, &(0x7f0000000200)={@multicast1, @local}, 0xc)
setsockopt$inet_mreqn(r4, 0x0, 0x28, &(0x7f0000000080)={@multicast1, @local}, 0xc)
socket$pppl2tp(0x18, 0x1, 0x1)

1.011407978s ago: executing program 1 (id=13607):
r0 = socket$netlink(0x10, 0x3, 0x9)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
read$dsp(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
clock_settime(0x0, &(0x7f0000000140))
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x1d, &(0x7f0000000000)=0x3, 0x4)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x6, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x6, 0x9, 0x8000000000000000, 0xf4a, 0x100000000, 0xbdb], 0xffff1001, 0x4000})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008ff4b0000340000000000019078ac1e0001ac1414aa8617000000030611848a83989c24887c92520e2763"], 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000040)={0xe0000012})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="6400000002060103000000000000000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30000000000500040000000000050005000a00000014000780050015000200000008001240"], 0x64}}, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
syz_clone3(&(0x7f0000000900)={0x23800000, &(0x7f0000000040), 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)

888.43216ms ago: executing program 0 (id=13608):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80800)
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7c1c, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0xac800000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)

620.167326ms ago: executing program 0 (id=13609):
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0xa, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_CROPCAP(r2, 0xc02c563a, &(0x7f00000002c0)={0x3, {0x7, 0x5, 0x8001, 0x10000}, {0x4, 0x9, 0x7, 0x200}, {0x0, 0xeb}})
r3 = socket$inet6(0xa, 0x3, 0x3c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040), 0x4)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a70000000060a01e200000000000000000200000530000480797532fb81bf52c3d1ac2c0001800a0001006d6163680000001c00028008eac1a5203adfca439d4b00010074746c00060003a87acc0000080002400000000000020073797a32000000001400058008000140f104cbbc080002400000f70c1400000011000100"], 0x98}, 0x1, 0x0, 0x0, 0x24004001}, 0x0)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x6, @remote, 0x5}, 0x1c)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="862d3bf6e9100400000000", @ANYRES16=r5, @ANYBLOB="0500681935000000000000000000", @ANYRESOCT, @ANYBLOB="080005000b000000"], 0x24}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
r6 = socket(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), r6)

475.629134ms ago: executing program 0 (id=13610):
r0 = syz_open_dev$vbi(0x0, 0x1, 0x2)
r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000005c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300), 0x111}}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x24004000}, 0xc800)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$loop(0xffffffffffffff9c, 0x0, 0x1, 0x0)
socket(0x1e, 0x4, 0x0)
socketpair(0x80000000000025, 0x5, 0x0, &(0x7f0000000140))
writev(0xffffffffffffffff, &(0x7f0000000080), 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0x8, &(0x7f0000000040)={0x3, 0xfffffdffffdffff9}, 0x0)
r3 = syz_open_procfs(0x0, 0x0)
write$binfmt_script(r3, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000340)={0xa, @sliced={0x0, [0x91, 0xff, 0x9, 0x1, 0x1, 0x691, 0x7, 0x8, 0x200, 0xb, 0x8, 0xf2ce, 0xdfc, 0x6, 0x131e, 0x3, 0x8, 0x0, 0x4, 0x7ff, 0x1ff, 0x5, 0xb, 0x5, 0x8, 0x2, 0x10, 0xb9b, 0xa792, 0x3, 0xb3d, 0xff7f, 0x7a, 0x8, 0xd6d, 0x4, 0x8, 0xfff, 0x2, 0x4, 0x4, 0x1, 0x8, 0x1, 0x9, 0x11b, 0x3a, 0xd], 0x1}})
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, 0x0, 0x0)

435.485831ms ago: executing program 5 (id=13611):
mbind(&(0x7f0000ff8000/0x8000)=nil, 0x8000, 0x8002, 0x0, 0x8, 0x4000000)
r0 = io_uring_setup(0x937, &(0x7f00000002c0)={0x0, 0x32b6, 0x80, 0x0, 0x35d})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000100)={@local})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r5}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xcda\x9b\x11X\x0e\xa1\xcf\x1a\x98S7\xc9\x00'/47, 0x2)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000000)={r7, 0x0, 0x0, 0x8000})
ioctl$DMA_BUF_IOCTL_SYNC(r8, 0x40086200, &(0x7f00000001c0)=0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=13612):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3d}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x38130d1, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10ffff)
bind$rds(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e23, @multicast2}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0002}]})
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000))
syz_emit_ethernet(0x22, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaefbbbbbbbbbb810074857b9e65ac4a001f0c0000e4ceb56c"], 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
io_setup(0x6, &(0x7f0000001000))
sched_getaffinity(r0, 0x8, &(0x7f0000000280))
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b)
connect$can_bcm(r4, &(0x7f0000001ff0), 0x10)

kernel console output (not intermixed with test programs):

nk: 8 bytes leftover after parsing attributes in process `syz.7.9962'.
[  719.684000][T27750] netlink: 12 bytes leftover after parsing attributes in process `syz.4.9976'.
[  719.775634][T27750] macvtap1: entered promiscuous mode
[  719.775862][T27750] macvtap1: entered allmulticast mode
[  719.775878][T27750] veth1_vlan: entered allmulticast mode
[  720.052175][T27754] veth1_vlan (unregistering): left allmulticast mode
[  721.501747][T27818] netlink: 'syz.7.10008': attribute type 6 has an invalid length.
[  722.508354][T27857] netlink: 'syz.4.10025': attribute type 4 has an invalid length.
[  722.509896][T27857] netlink: 'syz.4.10025': attribute type 4 has an invalid length.
[  722.514593][ T5993] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  722.667245][ T5993] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.667303][ T5993] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  722.667330][ T5993] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.696998][ T5993] usb 8-1: config 0 descriptor??
[  723.173898][T27882] netlink: 52 bytes leftover after parsing attributes in process `syz.6.10037'.
[  723.220151][ T5993] keytouch 0003:0926:3333.0037: fixing up Keytouch IEC report descriptor
[  723.253581][ T5993] input: HID 0926:3333 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0926:3333.0037/input/input49
[  723.635865][T27895] netlink: 27 bytes leftover after parsing attributes in process `syz.6.10041'.
[  723.814929][T27900] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10047'.
[  724.006661][ T5993] keytouch 0003:0926:3333.0037: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.7-1/input0
[  724.069090][ T5993] usb 8-1: USB disconnect, device number 2
[  724.169956][T27909] fido_id[27909]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory
[  724.434828][T27918] netlink: 'syz.4.10053': attribute type 22 has an invalid length.
[  724.434853][T27918] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10053'.
[  724.441090][T27918] netlink: 'syz.4.10053': attribute type 22 has an invalid length.
[  724.441115][T27918] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10053'.
[  724.589777][T27923] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  724.779771][T27928] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  725.100893][T27940] netlink: 256 bytes leftover after parsing attributes in process `syz.1.10064'.
[  725.101042][T27940] netlink: 256 bytes leftover after parsing attributes in process `syz.1.10064'.
[  725.337651][T27947] fuse: Bad value for 'fd'
[  725.605205][ T5882] kernel write not supported for file bpf-prog (pid: 5882 comm: kworker/1:6)
[  725.691291][T27961] kvm_intel: kvm [27959]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1
[  726.572909][ T5993] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  726.722979][ T5993] usb 8-1: Using ep0 maxpacket: 32
[  726.730753][ T5993] usb 8-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  726.730786][ T5993] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.789227][ T5993] usb 8-1: config 0 descriptor??
[  727.032910][ T5993] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  727.037202][ T5993] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  727.060026][ T5993] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  727.060092][ T5993] usb 8-1: media controller created
[  727.099248][ T5993] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  727.654992][ T5993] az6027: usb out operation failed. (-71)
[  727.655016][ T5993] stb0899_attach: Driver disabled by Kconfig
[  727.655028][ T5993] az6027: no front-end attached
[  727.655028][ T5993] 
[  727.655442][ T5993] az6027: usb out operation failed. (-71)
[  727.655457][ T5993] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  727.659174][ T5993] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.7/usb8/8-1/input/input50
[  727.722528][ T5993] dvb-usb: schedule remote query interval to 400 msecs.
[  727.722554][ T5993] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  727.753139][ T5993] usb 8-1: USB disconnect, device number 3
[  727.965630][ T5993] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  728.877572][T28080] netlink: 'syz.6.10129': attribute type 3 has an invalid length.
[  730.318553][T28127] netlink: 260 bytes leftover after parsing attributes in process `syz.6.10152'.
[  732.276962][T28198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10187'.
[  732.276991][T28198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10187'.
[  732.278258][T28198] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10187'.
[  732.278280][T28198] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10187'.
[  733.542949][   T37] audit: type=1326 audit(1774541800.151:1438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28238 comm="syz.6.10206" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f04b2b6c799 code=0x0
[  734.576614][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  734.607356][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  734.623432][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  734.650092][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  734.657524][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  734.822962][T28284] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10227'.
[  734.940547][T22133] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.459742][T22133] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  735.553050][ T5882] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  735.703049][ T5882] usb 5-1: Using ep0 maxpacket: 8
[  735.707083][ T5882] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  735.707147][ T5882] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  735.707169][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  735.707191][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  735.707213][ T5882] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  735.707250][ T5882] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  735.707271][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.011487][ T5882] usb 5-1: usb_control_msg returned -32
[  736.011539][ T5882] usbtmc 5-1:16.0: can't read capabilities
[  736.029432][T22133] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  736.068438][   T60] Bluetooth: hci4: Unable to find connection for big 0x00
[  736.233111][ T6015] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  736.383911][ T6015] usb 7-1: Using ep0 maxpacket: 8
[  736.407203][ T6015] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023
[  736.407239][ T6015] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  736.416268][ T6015] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  736.416303][ T6015] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.416326][ T6015] usb 7-1: Product: syz
[  736.416342][ T6015] usb 7-1: Manufacturer: syz
[  736.416357][ T6015] usb 7-1: SerialNumber: syz
[  736.614872][T22133] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  736.688956][ T6015] cdc_ncm 7-1:1.0: bind() failure
[  736.728696][ T6015] cdc_ncm 7-1:1.1: CDC Union missing and no IAD found
[  736.728748][ T6015] cdc_ncm 7-1:1.1: bind() failure
[  736.763381][ T6015] usb 7-1: USB disconnect, device number 9
[  736.782967][   T60] Bluetooth: hci3: command tx timeout
[  737.022228][   T37] audit: type=1326 audit(1774541803.631:1439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28342 comm="syz.1.10253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7fc00000
[  737.053122][ T6015] usb 5-1: USB disconnect, device number 62
[  737.520357][T28272] chnl_net:caif_netlink_parms(): no params data found
[  737.595850][   T37] audit: type=1326 audit(1774541804.211:1440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28342 comm="syz.1.10253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fed1cf1cfce code=0x7fc00000
[  738.106911][T22133] bridge_slave_1: left allmulticast mode
[  738.106942][T22133] bridge_slave_1: left promiscuous mode
[  738.107217][T22133] bridge0: port 2(bridge_slave_1) entered disabled state
[  738.190371][T22133] bridge_slave_0: left allmulticast mode
[  738.190403][T22133] bridge_slave_0: left promiscuous mode
[  738.190691][T22133] bridge0: port 1(bridge_slave_0) entered disabled state
[  738.868344][   T60] Bluetooth: hci3: command tx timeout
[  739.033244][T15065] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  739.192939][T15065] usb 5-1: Using ep0 maxpacket: 8
[  739.208504][T15065] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  739.208537][T15065] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  739.208564][T15065] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  739.208588][T15065] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  739.208631][T15065] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  739.208654][T15065] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  739.540699][T15065] usb 5-1: GET_CAPABILITIES returned 0
[  739.540751][T15065] usbtmc 5-1:16.0: can't read capabilities
[  739.759658][T15065] usb 5-1: USB disconnect, device number 63
[  740.174776][T22133] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  740.254025][T22133] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  740.306603][T22133] bond0 (unregistering): Released all slaves
[  740.404384][T28272] bridge0: port 1(bridge_slave_0) entered blocking state
[  740.404623][T28272] bridge0: port 1(bridge_slave_0) entered disabled state
[  740.404848][T28272] bridge_slave_0: entered allmulticast mode
[  740.408100][T28272] bridge_slave_0: entered promiscuous mode
[  740.465638][T28272] bridge0: port 2(bridge_slave_1) entered blocking state
[  740.465770][T28272] bridge0: port 2(bridge_slave_1) entered disabled state
[  740.466027][T28272] bridge_slave_1: entered allmulticast mode
[  740.496402][T28272] bridge_slave_1: entered promiscuous mode
[  740.650342][T28272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  740.658504][T28272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  740.953053][   T60] Bluetooth: hci3: command tx timeout
[  741.537077][T28272] team0: Port device team_slave_0 added
[  741.819770][T28272] team0: Port device team_slave_1 added
[  742.883843][T28272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  742.883861][T28272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  742.883892][T28272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  742.886411][T28272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  742.886427][T28272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  742.886456][T28272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  743.033007][   T60] Bluetooth: hci3: command tx timeout
[  743.326659][T28272] hsr_slave_0: entered promiscuous mode
[  743.328275][T28272] hsr_slave_1: entered promiscuous mode
[  743.334303][T28272] debugfs: 'hsr0' already exists in 'hsr'
[  743.334371][T28272] Cannot create hsr debugfs directory
[  743.534156][T22133] hsr_slave_0: left promiscuous mode
[  743.603066][T22133] hsr_slave_1: left promiscuous mode
[  743.605990][T22133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  743.606019][T22133] batman_adv: batadv0: Removing interface: batadv_slave_0
[  743.674584][T22133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  743.674616][T22133] batman_adv: batadv0: Removing interface: batadv_slave_1
[  743.906123][T22133] veth1_macvtap: left promiscuous mode
[  743.906237][T22133] veth0_macvtap: left promiscuous mode
[  743.906491][T22133] veth1_vlan: left promiscuous mode
[  743.906719][T22133] veth0_vlan: left promiscuous mode
[  744.762919][ T5882] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  744.916262][ T5882] usb 7-1: unable to get BOS descriptor or descriptor too short
[  744.917576][ T5882] usb 7-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  744.917611][ T5882] usb 7-1: config 1 interface 0 has no altsetting 0
[  744.950547][ T5882] usb 7-1: string descriptor 0 read error: -22
[  744.950715][ T5882] usb 7-1: New USB device found, idVendor=05ac, idProduct=0222, bcdDevice= 0.40
[  744.950741][ T5882] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.410937][ T5882] apple 0003:05AC:0222.0038: invalid report_size 11124
[  745.410966][ T5882] apple 0003:05AC:0222.0038: item 0 2 1 7 parsing failed
[  745.411801][ T5882] apple 0003:05AC:0222.0038: parse failed
[  745.411957][ T5882] apple 0003:05AC:0222.0038: probe with driver apple failed with error -22
[  745.618487][ T6015] usb 7-1: USB disconnect, device number 10
[  745.675948][T22133] team0 (unregistering): Port device team_slave_1 removed
[  745.735210][T22133] team0 (unregistering): Port device team_slave_0 removed
[  747.062631][T28272] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  747.206698][T28272] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  747.272955][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  747.351315][T28272] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  747.433533][T28272] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  747.726918][T28664] netlink: 'syz.6.10373': attribute type 10 has an invalid length.
[  747.734862][T28664] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.750933][T28664] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.800036][T28664] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.800355][T28664] bridge0: port 2(bridge_slave_1) entered forwarding state
[  747.800742][T28664] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.800901][T28664] bridge0: port 1(bridge_slave_0) entered forwarding state
[  747.835815][T28664] bridge0: entered promiscuous mode
[  747.835996][T28664] bridge0: entered allmulticast mode
[  747.837942][T28664] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  748.019870][   T60] Bluetooth: hci4: unexpected event for opcode 0x0000
[  748.304969][T28272] 8021q: adding VLAN 0 to HW filter on device bond0
[  748.447100][T28272] 8021q: adding VLAN 0 to HW filter on device team0
[  748.476025][  T720] bridge0: port 1(bridge_slave_0) entered blocking state
[  748.476251][  T720] bridge0: port 1(bridge_slave_0) entered forwarding state
[  748.555004][  T720] bridge0: port 2(bridge_slave_1) entered blocking state
[  748.555848][  T720] bridge0: port 2(bridge_slave_1) entered forwarding state
[  749.749919][T28272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  750.765242][T28272] veth0_vlan: entered promiscuous mode
[  750.807648][T28272] veth1_vlan: entered promiscuous mode
[  750.977444][T28272] veth0_macvtap: entered promiscuous mode
[  751.002442][T28272] veth1_macvtap: entered promiscuous mode
[  751.100065][T28272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  751.144540][T28272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  751.232923][T22130] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  751.234336][T22130] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  751.234381][T22130] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  751.234420][T22130] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  751.486669][T28771] fuse: Bad value for 'fd'
[  751.812953][  T116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.812977][  T116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  751.895978][  T116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  751.896001][  T116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.076963][   T60] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  752.077194][   T60] Bluetooth: hci4: Injecting HCI hardware error event
[  752.080523][   T60] Bluetooth: hci4: hardware error 0x00
[  752.213186][T28790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10414'.
[  752.824351][  T810] hid_parser_main: 29 callbacks suppressed
[  752.824377][  T810] hid-generic 0000:0000:0000.0039: unknown main item tag 0x0
[  752.883618][  T810] hid-generic 0000:0000:0000.0039: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  753.885582][T28846] netlink: 'syz.1.10438': attribute type 1 has an invalid length.
[  753.885658][T28846] netlink: 188 bytes leftover after parsing attributes in process `syz.1.10438'.
[  754.163656][   T60] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  754.290262][T28865] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  755.702824][ T6015] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  755.873998][ T6015] usb 9-1: Using ep0 maxpacket: 8
[  755.878105][ T6015] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  755.878144][ T6015] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  755.878171][ T6015] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  755.878196][ T6015] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  755.878240][ T6015] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  755.878264][ T6015] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  756.192914][ T6015] usb 9-1: GET_CAPABILITIES returned 0
[  756.192966][ T6015] usbtmc 9-1:16.0: can't read capabilities
[  756.398820][    C1] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  756.399048][    C1] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  756.402244][    C1] usbtmc 9-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  756.486967][ T6015] usb 9-1: USB disconnect, device number 2
[  757.397700][   T37] audit: type=1326 audit(1774541824.011:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28969 comm="syz.8.10495" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d9f5cc799 code=0x0
[  757.837270][T28990] netlink: 'syz.1.10502': attribute type 12 has an invalid length.
[  757.837294][T28990] netlink: 'syz.1.10502': attribute type 29 has an invalid length.
[  757.837319][T28990] netlink: 148 bytes leftover after parsing attributes in process `syz.1.10502'.
[  757.977049][T28993] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  758.211560][T29005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10509'.
[  758.211605][T29005] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10509'.
[  758.287075][T29010] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10509'.
[  758.287113][T29010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10509'.
[  759.531288][T29042] loop2: detected capacity change from 0 to 7
[  759.543424][T29042] Dev loop2: unable to read RDB block 7
[  759.543472][T29042]  loop2: unable to read partition table
[  759.543713][T29042] loop2: partition table beyond EOD, truncated
[  759.543735][T29042] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  759.843431][T29049] netlink: 4 bytes leftover after parsing attributes in process `syz.8.10529'.
[  759.870672][   T60] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  760.142883][T15065] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  760.305134][T15065] usb 5-1: Using ep0 maxpacket: 8
[  760.307444][T15065] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  760.307561][T15065] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  760.307647][T15065] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.337028][T15065] usb 5-1: config 0 descriptor??
[  760.566918][T15065] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  761.052294][T15065] usb 5-1: USB disconnect, device number 64
[  762.755768][ T6015] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  762.925349][ T6015] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  762.925411][ T6015] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  762.925438][ T6015] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  762.925464][ T6015] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  762.925508][ T6015] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  762.925533][ T6015] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  763.028635][ T6015] usb 7-1: config 0 descriptor??
[  763.125247][T29156] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10575'.
[  763.125290][T29156] netlink: 'syz.4.10575': attribute type 7 has an invalid length.
[  763.125307][T29156] netlink: 'syz.4.10575': attribute type 8 has an invalid length.
[  763.125754][T29156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10575'.
[  763.500083][T29165] fuse: Bad value for 'fd'
[  763.516542][ T6015] plantronics 0003:047F:FFFF.003A: reserved main item tag 0xd
[  763.585146][ T6015] plantronics 0003:047F:FFFF.003A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  763.787787][  T810] usb 7-1: USB disconnect, device number 11
[  764.008610][T29172] fido_id[29172]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/7-1/report_descriptor': No such file or directory
[  764.698131][T29196] loop4: detected capacity change from 0 to 7
[  764.762114][T29196]  loop4: [CUMANA/ADFS] p1 [ADFS] p1
[  764.762156][T29196] loop4: partition table partially beyond EOD, truncated
[  764.762438][T29196] loop4: p1 size 2989602745 extends beyond EOD, truncated
[  765.079060][ T5167]  loop4: [CUMANA/ADFS] p1 [ADFS] p1
[  765.079106][ T5167] loop4: partition table partially beyond EOD, truncated
[  765.079389][ T5167] loop4: p1 size 2989602745 extends beyond EOD, truncated
[  766.938649][T29263] bond3: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  766.968801][T29263] bond3: (slave lo): Enslaving as an active interface with an up link
[  766.996437][ T2125] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  766.998350][T29263] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  767.142868][ T2125] usb 7-1: Using ep0 maxpacket: 8
[  767.145705][ T2125] usb 7-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config
[  767.145763][ T2125] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  767.145809][ T2125] usb 7-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  767.145836][ T2125] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.202554][ T2125] usb 7-1: config 0 descriptor??
[  767.499769][T29280] sctp: [Deprecated]: syz.4.10618 (pid 29280) Use of struct sctp_assoc_value in delayed_ack socket option.
[  767.499769][T29280] Use struct sctp_sack_info instead
[  767.964243][ T5807] usb 7-1: USB disconnect, device number 12
[  768.691604][T29324] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  768.943153][ T5807] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  769.117835][ T5807] usb 9-1: config 2 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  769.117878][ T5807] usb 9-1: config 2 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  769.117903][ T5807] usb 9-1: config 2 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  769.117946][ T5807] usb 9-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  769.117971][ T5807] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.189637][T29332] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  769.431339][T29332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  769.454101][T29332] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  769.460541][ T5807] usbhid 9-1:2.0: can't add hid device: -71
[  769.460679][ T5807] usbhid 9-1:2.0: probe with driver usbhid failed with error -71
[  769.499843][ T5807] usb 9-1: USB disconnect, device number 3
[  770.033159][T15065] usb 7-1: new full-speed USB device number 13 using dummy_hcd
[  770.033381][ T5807] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  770.203019][ T5807] usb 9-1: Using ep0 maxpacket: 32
[  770.211544][T15065] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  770.211578][T15065] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  770.211623][T15065] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  770.211648][T15065] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.266092][ T5807] usb 9-1: config 2 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  770.266126][ T5807] usb 9-1: config 2 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  770.266173][ T5807] usb 9-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  770.266198][ T5807] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.337330][ T5807] hub 9-1:2.0: bad descriptor, ignoring hub
[  770.337373][ T5807] hub 9-1:2.0: probe with driver hub failed with error -5
[  770.605430][T15065] usb 7-1: usb_control_msg returned -32
[  770.605689][T15065] usbtmc 7-1:16.0: can't read capabilities
[  770.806397][ T5807] hid-multitouch 0003:0EEF:72C4.003B: unknown main item tag 0x0
[  770.806438][ T5807] hid-multitouch 0003:0EEF:72C4.003B: unknown main item tag 0x0
[  770.806467][ T5807] hid-multitouch 0003:0EEF:72C4.003B: unknown main item tag 0x0
[  770.806496][ T5807] hid-multitouch 0003:0EEF:72C4.003B: unknown main item tag 0x0
[  770.806523][ T5807] hid-multitouch 0003:0EEF:72C4.003B: unknown main item tag 0x0
[  770.860462][T29410] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  770.877529][ T5807] hid-multitouch 0003:0EEF:72C4.003B: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.8-1/input0
[  770.908945][T29410] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  771.121110][  T810] usb 9-1: USB disconnect, device number 4
[  771.467995][T29410] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  771.468302][T29410] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  771.591950][T29410] overlayfs: d_ino too big (1857, ino=9223372036854785246, xinobits=3)
[  771.606596][T29410] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  771.620545][T29410] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  771.951310][T29434] netlink: 27 bytes leftover after parsing attributes in process `syz.8.10666'.
[  772.829052][ T5807] usb 7-1: USB disconnect, device number 13
[  775.211289][T29568] netlink: 'syz.6.10714': attribute type 3 has an invalid length.
[  775.624678][T15065] Process accounting resumed
[  775.712173][T29572] Process accounting resumed
[  776.279862][T29604] loop2: detected capacity change from 0 to 7
[  776.308447][T29604] Dev loop2: unable to read RDB block 7
[  776.308481][T29604]  loop2: unable to read partition table
[  776.308642][T29604] loop2: partition table beyond EOD, truncated
[  776.308688][T29604] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  776.674336][T29611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10733'.
[  776.674367][T29611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10733'.
[  778.182973][T15065] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  778.343387][T15065] usb 7-1: Using ep0 maxpacket: 32
[  778.345864][T15065] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  778.345892][T15065] usb 7-1: config 0 has no interface number 0
[  778.345943][T15065] usb 7-1: config 0 interface 12 has no altsetting 0
[  778.356432][T15065] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  778.356466][T15065] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.356489][T15065] usb 7-1: Product: syz
[  778.356506][T15065] usb 7-1: Manufacturer: syz
[  778.356522][T15065] usb 7-1: SerialNumber: syz
[  778.418770][T15065] usb 7-1: config 0 descriptor??
[  779.754741][T15065] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  779.754801][T15065] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[  779.754822][T15065] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  779.754921][T15065] f81534 7-1:0.12: probe with driver f81534 failed with error -71
[  779.815528][T15065] usb 7-1: USB disconnect, device number 14
[  780.732817][T15065] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  780.859397][T29734] tipc: Started in network mode
[  780.859414][T29734] tipc: Node identity 4, cluster identity 4711
[  780.859424][T29734] tipc: Node number set to 4
[  780.882850][T15065] usb 7-1: Using ep0 maxpacket: 32
[  780.889947][T15065] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  780.889976][T15065] usb 7-1: config 0 has no interface number 0
[  780.908459][T15065] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  780.908490][T15065] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.908505][T15065] usb 7-1: Product: syz
[  780.908516][T15065] usb 7-1: Manufacturer: syz
[  780.908527][T15065] usb 7-1: SerialNumber: syz
[  780.952599][T15065] usb 7-1: config 0 descriptor??
[  780.964182][T15065] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  781.217642][T15065] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  781.305586][T15065] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  781.431811][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6
[  781.636733][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  781.674984][  T810] usb 7-1: USB disconnect, device number 15
[  781.708084][  T810] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  781.732430][  T810] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  781.746744][  T810] quatech2 7-1:0.51: device disconnected
[  782.406073][T29782] netlink: 4 bytes leftover after parsing attributes in process `syz.4.10806'.
[  783.773742][   T37] audit: type=1326 audit(1774541850.391:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29827 comm="syz.6.10830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7fc00000
[  783.773799][   T37] audit: type=1326 audit(1774541850.391:1443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29827 comm="syz.6.10830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f04b2b6c799 code=0x7fc00000
[  783.773850][   T37] audit: type=1326 audit(1774541850.391:1444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29827 comm="syz.6.10830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7fc00000
[  783.773898][   T37] audit: type=1326 audit(1774541850.391:1445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29827 comm="syz.6.10830" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7fc00000
[  785.365401][T29901] syzkaller1: entered promiscuous mode
[  785.365431][T29901] syzkaller1: entered allmulticast mode
[  785.944986][T29924] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  786.532906][T19485] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  786.696051][T19485] usb 7-1: Using ep0 maxpacket: 32
[  786.698106][T19485] usb 7-1: config 0 has an invalid interface number: 67 but max is 0
[  786.698134][T19485] usb 7-1: config 0 has no interface number 0
[  786.701106][T19485] usb 7-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  786.701136][T19485] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  786.701158][T19485] usb 7-1: Product: syz
[  786.701175][T19485] usb 7-1: Manufacturer: syz
[  786.701190][T19485] usb 7-1: SerialNumber: syz
[  786.761415][T19485] usb 7-1: config 0 descriptor??
[  786.980748][   T37] audit: type=1326 audit(1774541853.591:1446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29958 comm="syz.1.10885" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fed1cf5c799 code=0x0
[  787.702953][T26873] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  787.818738][T19485] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61
[  787.818797][T19485] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  787.874061][T26873] usb 9-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  787.874819][T26873] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.874846][T26873] usb 9-1: Product: syz
[  787.874862][T26873] usb 9-1: Manufacturer: syz
[  787.874886][T26873] usb 9-1: SerialNumber: syz
[  787.945249][T26873] usb 9-1: config 0 descriptor??
[  787.982557][T26873] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  788.015884][T19485] smsc95xx 7-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  788.016386][T19485] smsc95xx 7-1:0.67: probe with driver smsc95xx failed with error -71
[  788.053235][T19485] usb 7-1: USB disconnect, device number 16
[  788.502101][T30000] netlink: 'syz.1.10905': attribute type 39 has an invalid length.
[  789.083150][  T810] usb 5-1: new full-speed USB device number 65 using dummy_hcd
[  789.210751][T26873] gspca_sunplus: reg_w_riv err -71
[  789.210864][T26873] sunplus 9-1:0.0: probe with driver sunplus failed with error -71
[  789.240686][T26873] usb 9-1: USB disconnect, device number 5
[  789.263112][  T810] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  789.263146][  T810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.263169][  T810] usb 5-1: Product: syz
[  789.263184][  T810] usb 5-1: Manufacturer: syz
[  789.263201][  T810] usb 5-1: SerialNumber: syz
[  789.317600][  T810] usb 5-1: config 0 descriptor??
[  789.375029][  T810] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  790.555504][  T810] gspca_stk1135: reg_w 0xd err -71
[  790.556695][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556711][  T810] gspca_stk1135: Sensor write failed
[  790.556749][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556760][  T810] gspca_stk1135: Sensor write failed
[  790.556796][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556807][  T810] gspca_stk1135: Sensor read failed
[  790.556842][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556852][  T810] gspca_stk1135: Sensor read failed
[  790.556859][  T810] gspca_stk1135: Detected sensor type unknown (0x0)
[  790.556899][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556910][  T810] gspca_stk1135: Sensor read failed
[  790.556943][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556953][  T810] gspca_stk1135: Sensor read failed
[  790.556986][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.556997][  T810] gspca_stk1135: Sensor write failed
[  790.557030][  T810] gspca_stk1135: serial bus timeout: status=0x00
[  790.557047][  T810] gspca_stk1135: Sensor write failed
[  790.557141][  T810] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  790.683379][  T810] usb 5-1: USB disconnect, device number 65
[  791.646607][   T37] audit: type=1326 audit(1774542114.268:1447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.647243][   T37] audit: type=1326 audit(1774542114.268:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.650057][   T37] audit: type=1326 audit(1774542114.268:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.650688][   T37] audit: type=1326 audit(1774542114.268:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.651911][   T37] audit: type=1326 audit(1774542114.268:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.652224][   T37] audit: type=1326 audit(1774542114.268:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.652532][   T37] audit: type=1326 audit(1774542114.268:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.714828][   T37] audit: type=1326 audit(1774542114.338:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.714964][   T37] audit: type=1326 audit(1774542114.338:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  791.715013][   T37] audit: type=1326 audit(1774542114.338:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30091 comm="syz.6.10948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04b2b6c799 code=0x7ffc0000
[  792.273723][T30108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10955'.
[  792.297781][T30108] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10955'.
[  792.323748][T30112] fuse: Bad value for 'fd'
[  792.816045][ T2125] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  792.969311][ T2125] usb 5-1: Using ep0 maxpacket: 32
[  792.971646][ T2125] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  792.971682][ T2125] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  792.971721][ T2125] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  792.971746][ T2125] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.036989][ T2125] usb 5-1: config 0 descriptor??
[  793.502266][ T2125] savu 0003:1E7D:2D5A.003C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  793.718106][T26873] usb 5-1: USB disconnect, device number 66
[  794.334579][T30183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  795.341583][T30232] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11014'.
[  796.273032][ T2125] usb 9-1: new full-speed USB device number 6 using dummy_hcd
[  796.446774][ T2125] usb 9-1: unable to get BOS descriptor or descriptor too short
[  796.447410][ T2125] usb 9-1: not running at top speed; connect to a high speed hub
[  796.448748][ T2125] usb 9-1: config 1 has an invalid interface number: 181 but max is 0
[  796.448776][ T2125] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  796.448797][ T2125] usb 9-1: config 1 has no interface number 0
[  796.448858][ T2125] usb 9-1: config 1 interface 181 altsetting 5 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  796.448888][ T2125] usb 9-1: config 1 interface 181 altsetting 5 has a duplicate endpoint with address 0xB, skipping
[  796.448911][ T2125] usb 9-1: config 1 interface 181 altsetting 5 endpoint 0xD has invalid wMaxPacketSize 0
[  796.448935][ T2125] usb 9-1: config 1 interface 181 altsetting 5 has 6 endpoint descriptors, different from the interface descriptor's value: 14
[  796.448959][ T2125] usb 9-1: config 1 interface 181 has no altsetting 0
[  796.577516][ T2125] usb 9-1: New USB device found, idVendor=0bfd, idProduct=0018, bcdDevice=58.e1
[  796.577550][ T2125] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.577572][ T2125] usb 9-1: Product: 퉨혨໼㯃씔茬愾尼λ䑈릢׳㨗尩ꪀ�셞祻런㼽忿꽭馓⒫牖眥㜓�苢�鄿왶堮��伞棌�㱆幚䖣탘ɹ�쫸謓�㮀䬄둉췊啶颒冔形☃᥽�㮛퇄䞛田쒩좙⤲汲梧�๚ᤵ仆鄘�᜻๡�튨Lj㽼�괭郓턯猩敒�莈攺僬뇪�⌠�룳�ᷳ
[  796.577606][ T2125] usb 9-1: Manufacturer: �䤎ꄳ�⡽寥냊�䶪�㿀瓈�隚榒凩젺邞퓧ธွ껌蔵㦑�Ḣ䅃ᥴ䠖쥄�礻�䄣ꉟ릉㉳퓶俟㳆嶺ᠶ唖�攋ᨯ踪Ṣ臨
[  796.577630][ T2125] usb 9-1: SerialNumber: 銶ఎ뾡�귀伄��媆㰠
[  796.888878][ T2125] kvaser_usb 9-1:1.181: error -ENODEV: Cannot get usb endpoint(s)
[  796.929144][ T2125] usb 9-1: USB disconnect, device number 6
[  797.162166][T30305] input: syz0 as /devices/virtual/input/input53
[  798.077416][T30334] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (768 ns). Using initial count to start timer.
[  798.892888][T26873] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  798.907310][ T2125] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  799.042930][T26873] usb 7-1: Using ep0 maxpacket: 8
[  799.046269][T26873] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  799.046354][T26873] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  799.046382][T26873] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  799.046410][T26873] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  799.046444][T26873] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  799.046493][T26873] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  799.046518][T26873] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.063119][ T2125] usb 9-1: Using ep0 maxpacket: 8
[  799.141652][ T2125] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  799.141686][ T2125] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  799.141707][ T2125] usb 9-1: Product: syz
[  799.141723][ T2125] usb 9-1: Manufacturer: syz
[  799.141738][ T2125] usb 9-1: SerialNumber: syz
[  799.220260][ T2125] usb 9-1: config 0 descriptor??
[  799.409749][T26873] usb 7-1: usb_control_msg returned -32
[  799.409803][T26873] usbtmc 7-1:16.0: can't read capabilities
[  799.455545][ T2125] usb 9-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  800.203622][T30377] usbtmc 7-1:16.0: usb_control_msg returned -32
[  800.356569][ T5807] usb 7-1: USB disconnect, device number 17
[  800.693333][ T2125] usb write operation failed. (-71)
[  800.699611][ T2125] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  800.700332][ T2125] dvbdev: DVB: registering new adapter (Terratec H7)
[  800.700393][ T2125] usb 9-1: media controller created
[  800.701872][ T2125] usb read operation failed. (-71)
[  800.702389][ T2125] usb write operation failed. (-71)
[  800.762040][ T2125] dvb_usb_az6007 9-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  800.778499][ T2125] usb 9-1: USB disconnect, device number 7
[  801.395637][T30416] netlink: 204 bytes leftover after parsing attributes in process `syz.8.11097'.
[  801.397407][T30416] netlink: 84 bytes leftover after parsing attributes in process `syz.8.11097'.
[  801.919173][T26873] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  802.065816][T26873] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  802.065857][T26873] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  802.065925][T26873] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  802.065951][T26873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  802.347532][T26873] usb 5-1: usb_control_msg returned -32
[  802.347587][T26873] usbtmc 5-1:16.0: can't read capabilities
[  802.712217][T30453] usbtmc 5-1:16.0: usbtmc_ioctl_request failed -32
[  802.734040][ T5807] usb 5-1: USB disconnect, device number 67
[  802.952226][T30463] fuse: Bad value for 'fd'
[  802.984343][T30462] pimreg1: tun_chr_ioctl cmd 1074025677
[  802.984811][T30462] pimreg1: linktype set to 1
[  807.643411][  T996] usb 7-1: new full-speed USB device number 18 using dummy_hcd
[  807.797910][  T996] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  807.797944][  T996] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  807.827570][  T996] usb 7-1: config 0 descriptor??
[  807.851400][  T996] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  807.953812][T30638] loop2: detected capacity change from 0 to 7
[  807.980159][T30638] Dev loop2: unable to read RDB block 7
[  807.980211][T30638]  loop2: AHDI p2 p3
[  807.980303][T30638] loop2: partition table partially beyond EOD, truncated
[  808.059024][  T996] gp8psk: usb in 128 operation failed.
[  808.262396][T30644] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  808.283947][  T996] gp8psk: usb in 146 operation failed.
[  808.283971][  T996] gp8psk: failed to get FW version
[  808.284642][  T996] gp8psk: usb in 149 operation failed.
[  808.284658][  T996] gp8psk: failed to get FPGA version
[  808.485945][  T996] gp8psk: usb out operation failed.
[  808.485965][  T996] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  808.486004][  T996] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  808.523907][  T996] usb 7-1: USB disconnect, device number 18
[  808.579446][T30651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11207'.
[  808.709287][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  809.447587][   T37] kauditd_printk_skb: 11 callbacks suppressed
[  809.447607][   T37] audit: type=1326 audit(1774542132.068:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30688 comm="syz.4.11226" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdfe135c799 code=0x0
[  809.485049][   T37] audit: type=1326 audit(1774542132.108:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=30689 comm="syz.6.11225" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f04b2b6c799 code=0x0
[  810.359685][T30731] netlink: 104 bytes leftover after parsing attributes in process `syz.6.11245'.
[  812.340873][T30807] overlayfs: failed lookup in lower (newroot/569, name='file1', err=-40): overlapping layers
[  813.399200][T30733] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  815.300080][T30904] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11327'.
[  817.214058][T30958] netlink: 212344 bytes leftover after parsing attributes in process `syz.8.11354'.
[  817.357657][ T1510] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  817.531458][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  817.554857][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  817.556472][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  817.558194][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  817.558872][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  818.016230][ T1510] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.270502][  T116] nci: nci_rsp_packet: unknown rsp opcode 0xd06
[  818.297230][T31001] trusted_key: syz.1.11370 sent an empty control message without MSG_MORE.
[  818.364030][T31003] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11372'.
[  818.364070][T31003] netlink: 'syz.8.11372': attribute type 5 has an invalid length.
[  818.537223][ T1510] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  818.655005][T31003] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11372'.
[  818.655032][T31003] netlink: 'syz.8.11372': attribute type 5 has an invalid length.
[  818.659852][ T1115] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  818.709208][ T1115] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  818.824638][T30986] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  819.017762][ T1510] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  819.100006][ T1115] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  819.204228][ T1115] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  819.672916][ T5798] Bluetooth: hci0: command tx timeout
[  820.370839][T30964] chnl_net:caif_netlink_parms(): no params data found
[  820.631848][ T1510] bridge_slave_1: left allmulticast mode
[  820.631887][ T1510] bridge_slave_1: left promiscuous mode
[  820.632099][ T1510] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.729106][ T1510] bridge_slave_0: left allmulticast mode
[  820.729144][ T1510] bridge_slave_0: left promiscuous mode
[  820.750517][ T1510] bridge0: port 1(bridge_slave_0) entered disabled state
[  821.744463][ T5798] Bluetooth: hci0: command tx timeout
[  821.923731][ T1510] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  821.987334][ T1510] bridge0 (unregistering): left promiscuous mode
[  821.987369][ T1510] bridge0 (unregistering): left allmulticast mode
[  822.196459][ T1510] bond0 (unregistering): left promiscuous mode
[  822.196486][ T1510] bond_slave_0: left promiscuous mode
[  822.196769][ T1510] bond_slave_1: left promiscuous mode
[  822.253842][ T1510] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  822.293467][ T1510] bond_slave_0: left allmulticast mode
[  822.335572][ T1510] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  822.374135][ T1510] bond_slave_1: left allmulticast mode
[  822.404263][ T1510] bond0 (unregistering): Released all slaves
[  822.788511][ T1510] tipc: Left network mode
[  822.960024][T30964] bridge0: port 1(bridge_slave_0) entered blocking state
[  822.973509][T30964] bridge0: port 1(bridge_slave_0) entered disabled state
[  822.973749][T30964] bridge_slave_0: entered allmulticast mode
[  822.975896][T30964] bridge_slave_0: entered promiscuous mode
[  823.036982][T31155] can0: slcan on ttyS3.
[  823.037185][T30964] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.037310][T30964] bridge0: port 2(bridge_slave_1) entered disabled state
[  823.037655][T30964] bridge_slave_1: entered allmulticast mode
[  823.040760][T30964] bridge_slave_1: entered promiscuous mode
[  823.224097][T31165] sctp: [Deprecated]: syz.1.11442 (pid 31165) Use of struct sctp_assoc_value in delayed_ack socket option.
[  823.224097][T31165] Use struct sctp_sack_info instead
[  823.817698][T30964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  823.822942][ T5798] Bluetooth: hci0: command tx timeout
[  823.896614][T31154] can0 (unregistered): slcan off ttyS3.
[  823.994709][T30964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  824.681605][T30964] team0: Port device team_slave_0 added
[  824.698489][T31206] input: syz0 as /devices/virtual/input/input54
[  824.742910][ T1510] batadv0: left promiscuous mode
[  824.964230][ T1510] hsr_slave_0: left promiscuous mode
[  825.003866][ T1510] hsr_slave_1: left promiscuous mode
[  825.004988][ T1510] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  825.005015][ T1510] batman_adv: batadv0: Removing interface: batadv_slave_0
[  825.065393][ T1510] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  825.065424][ T1510] batman_adv: batadv0: Removing interface: batadv_slave_1
[  825.256964][ T1510] veth1_macvtap: left promiscuous mode
[  825.257076][ T1510] veth0_macvtap: left promiscuous mode
[  825.257339][ T1510] veth1_vlan: left promiscuous mode
[  825.257513][ T1510] veth0_vlan: left promiscuous mode
[  825.903206][ T5798] Bluetooth: hci0: command tx timeout
[  826.718676][T31258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11479'.
[  827.146509][ T1510] team0 (unregistering): Port device team_slave_1 removed
[  827.209974][ T1510] team0 (unregistering): Port device team_slave_0 removed
[  827.806983][T30964] team0: Port device team_slave_1 added
[  828.248909][T30964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  828.248928][T30964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  828.248957][T30964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  828.311281][T30964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  828.311300][T30964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  828.311331][T30964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  828.801992][T31310] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  828.802030][T31310] overlayfs: failed to set xattr on upper
[  828.802040][T31310] overlayfs: ...falling back to redirect_dir=nofollow.
[  828.802049][T31310] overlayfs: ...falling back to index=off.
[  828.802058][T31310] overlayfs: ...falling back to uuid=null.
[  828.802079][T31310] overlayfs: maximum fs stacking depth exceeded
[  828.860168][T30964] hsr_slave_0: entered promiscuous mode
[  828.862124][T30964] hsr_slave_1: entered promiscuous mode
[  829.287915][T31326] fuse: Bad value for 'fd'
[  830.172931][T19485] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  830.332865][T19485] usb 9-1: Using ep0 maxpacket: 32
[  830.338239][T19485] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  830.338278][T19485] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  830.338321][T19485] usb 9-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  830.338356][T19485] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.360770][T19485] usb 9-1: config 0 descriptor??
[  830.509917][T30964] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  830.778819][T19485] ft260 0003:0403:6030.003D: unknown main item tag 0x0
[  830.778857][T19485] ft260 0003:0403:6030.003D: unknown main item tag 0x0
[  831.012639][T19485] ft260 0003:0403:6030.003D: chip code: 0000 0000
[  831.182266][T30964] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  831.218182][T19485] ft260 0003:0403:6030.003D: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.8-1/input0
[  831.388475][T30964] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  831.419716][T19485] ft260 0003:0403:6030.003D: failed to retrieve status: -32, no wakeup
[  831.420558][T19485] ft260 0003:0403:6030.003D: failed to retrieve status: -32
[  831.421198][T19485] ft260 0003:0403:6030.003D: failed to reset I2C controller: -71
[  831.618302][T30964] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  831.631013][T31374] Bluetooth: MGMT ver 1.23
[  831.637623][T19485] usb 9-1: USB disconnect, device number 8
[  832.302992][ T2125] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  832.359252][T30964] 8021q: adding VLAN 0 to HW filter on device bond0
[  832.445852][T30964] 8021q: adding VLAN 0 to HW filter on device team0
[  832.459590][ T2125] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  832.459624][ T2125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  832.459646][ T2125] usb 5-1: Product: syz
[  832.459662][ T2125] usb 5-1: Manufacturer: syz
[  832.459678][ T2125] usb 5-1: SerialNumber: syz
[  832.507983][ T2125] usb 5-1: config 0 descriptor??
[  832.519214][ T1510] bridge0: port 1(bridge_slave_0) entered blocking state
[  832.519515][ T1510] bridge0: port 1(bridge_slave_0) entered forwarding state
[  832.672152][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  832.672474][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  832.831630][T31398] netlink: 4 bytes leftover after parsing attributes in process `syz.8.11533'.
[  832.940541][ T2125] usb 5-1: Firmware: major: 226, minor: 19, hardware type: UNKNOWN (46)
[  833.146740][ T2125] usb 5-1: no permanent extended address found, random address set
[  833.146776][ T2125] usb 5-1: atusb_probe: initialization failed, error = -524
[  833.147527][ T2125] atusb 5-1:0.0: probe with driver atusb failed with error -524
[  833.238309][T31405] fuse: Bad value for 'fd'
[  833.357558][T26873] usb 5-1: USB disconnect, device number 68
[  833.864675][T30964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  835.978691][T30964] veth0_vlan: entered promiscuous mode
[  836.037292][T30964] veth1_vlan: entered promiscuous mode
[  836.258960][T30964] veth0_macvtap: entered promiscuous mode
[  836.298252][T30964] veth1_macvtap: entered promiscuous mode
[  836.388944][T30964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  836.443211][T30964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  836.532598][  T720] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  836.536355][  T720] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  836.537593][  T720] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  836.540382][  T720] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  837.179018][ T1510] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.179044][ T1510] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.354027][T22129] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.354053][T22129] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.584067][T31507] netlink: 52 bytes leftover after parsing attributes in process `syz.8.11563'.
[  839.329136][T31565] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  839.866164][T31586] netlink: 20 bytes leftover after parsing attributes in process `syz.8.11587'.
[  842.827711][T31681] netlink: 76 bytes leftover after parsing attributes in process `syz.4.11616'.
[  843.068186][T31690] netlink: 'syz.8.11619': attribute type 1 has an invalid length.
[  843.216787][T31690] 8021q: adding VLAN 0 to HW filter on device bond1
[  843.299453][T31694] bond1: (slave geneve2): making interface the new active one
[  843.332603][T31694] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  843.862926][ T5883] usb 9-1: new full-speed USB device number 9 using dummy_hcd
[  844.030950][ T5883] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  844.030985][ T5883] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.031007][ T5883] usb 9-1: Product: syz
[  844.031023][ T5883] usb 9-1: Manufacturer: syz
[  844.031040][ T5883] usb 9-1: SerialNumber: syz
[  844.075824][ T5883] usb 9-1: config 0 descriptor??
[  844.309112][ T5883] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  845.142342][ T5883] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  845.175010][ T5883] usb 9-1: USB disconnect, device number 9
[  848.286971][T31855] fuse: Bad value for 'fd'
[  848.474901][T31863] Bluetooth: hci0: unsupported parameter 255
[  848.474925][T31863] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  848.582804][  T810] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  848.732885][  T810] usb 5-1: Using ep0 maxpacket: 32
[  848.750835][  T810] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  848.750869][  T810] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.778094][  T810] usb 5-1: config 0 descriptor??
[  848.846329][  T810] gspca_main: sunplus-2.14.0 probing 041e:400b
[  849.252919][T31875] hsr_slave_0 (unregistering): left promiscuous mode
[  850.145029][T31904] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11711'.
[  850.255471][T31904] netlink: 64 bytes leftover after parsing attributes in process `syz.1.11711'.
[  850.447345][  T810] gspca_sunplus: reg_w_riv err -71
[  850.447452][  T810] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  850.456896][  T810] usb 5-1: USB disconnect, device number 69
[  850.849349][T31924] vlan0: entered allmulticast mode
[  850.849375][T31924] veth0_to_bond: entered allmulticast mode
[  851.872882][T26873] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  852.029043][T26873] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  852.029083][T26873] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  852.029125][T26873] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  852.029151][T26873] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  852.119107][T26873] usb 10-1: config 0 descriptor??
[  852.132477][T26873] hub 10-1:0.0: USB hub found
[  852.374352][T26873] hub 10-1:0.0: 1 port detected
[  853.230559][T26873] hub 10-1:0.0: activate --> -90
[  853.558712][T31978] fuse: Bad value for 'fd'
[  853.644624][ T6015] usb 10-1: USB disconnect, device number 2
[  853.686621][T19494] hub 10-1:0.0: hub_ext_port_status failed (err = -71)
[  853.686655][T19494] usb 10-1-port1: connect-debounce failed
[  855.378613][T32016] netlink: 104 bytes leftover after parsing attributes in process `syz.4.11756'.
[  856.863370][ T5798] Bluetooth: hci3: command 0x0406 tx timeout
[  858.374683][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  858.405253][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  858.416282][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  858.435463][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  858.441234][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  859.596349][T32100] chnl_net:caif_netlink_parms(): no params data found
[  859.897639][T32100] bridge0: port 1(bridge_slave_0) entered blocking state
[  859.952931][T32100] bridge0: port 1(bridge_slave_0) entered disabled state
[  859.953210][T32100] bridge_slave_0: entered allmulticast mode
[  859.977441][T32100] bridge_slave_0: entered promiscuous mode
[  860.019512][T32100] bridge0: port 2(bridge_slave_1) entered blocking state
[  860.019646][T32100] bridge0: port 2(bridge_slave_1) entered disabled state
[  860.019907][T32100] bridge_slave_1: entered allmulticast mode
[  860.053093][T32100] bridge_slave_1: entered promiscuous mode
[  860.327064][T32100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  860.350688][T32100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  860.526902][T32100] team0: Port device team_slave_0 added
[  860.530697][T32100] team0: Port device team_slave_1 added
[  860.553673][   T60] Bluetooth: hci2: command tx timeout
[  860.774197][T32100] batman_adv: batadv0: Adding interface: batadv_slave_0
[  860.774216][T32100] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  860.774245][T32100] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  860.888247][T32100] batman_adv: batadv0: Adding interface: batadv_slave_1
[  860.888266][T32100] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  860.888305][T32100] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  861.023380][T28819] IPVS: starting estimator thread 0...
[  861.132939][T32192] IPVS: using max 8 ests per chain, 19200 per kthread
[  861.512356][T32100] hsr_slave_0: entered promiscuous mode
[  861.528184][T32100] hsr_slave_1: entered promiscuous mode
[  861.539905][T32100] debugfs: 'hsr0' already exists in 'hsr'
[  861.539936][T32100] Cannot create hsr debugfs directory
[  862.185574][T32226] netlink: 4 bytes leftover after parsing attributes in process `syz.9.11824'.
[  862.445018][T32100] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.625533][   T60] Bluetooth: hci2: command tx timeout
[  862.804276][ T5883] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[  862.956209][ T5883] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  862.956249][ T5883] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  862.956291][ T5883] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  862.956316][ T5883] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.979192][ T5883] usb 9-1: config 0 descriptor??
[  863.049778][ T5883] hub 9-1:0.0: USB hub found
[  863.217631][ T5883] hub 9-1:0.0: 1 port detected
[  863.626294][T32100] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.032024][ T5883] hub 9-1:0.0: activate --> -90
[  864.242024][T32100] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.242965][ T5883] hub 9-1:0.0: hub_ext_port_status failed (err = -71)
[  864.285611][ T5993] usb 9-1: USB disconnect, device number 10
[  864.290177][ T1510] usb 9-1: Failed to suspend device, error -71
[  864.593885][T32100] bond0: (slave netdevsim0): Releasing backup interface
[  864.648353][T32100] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  864.702815][   T60] Bluetooth: hci2: command tx timeout
[  865.339820][T32100] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  865.405963][T32100] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  865.476691][T32100] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  865.541284][T32100] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  865.871719][T32100] 8021q: adding VLAN 0 to HW filter on device bond0
[  865.964609][T32100] 8021q: adding VLAN 0 to HW filter on device team0
[  865.997113][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  866.004636][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  866.071932][T32351] netlink: 'syz.8.11879': attribute type 10 has an invalid length.
[  866.112948][ T5883] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  866.178536][T32351] 8021q: adding VLAN 0 to HW filter on device team0
[  866.204028][T32351] bond0: (slave team0): Enslaving as an active interface with an up link
[  866.268154][T22144] bridge0: port 2(bridge_slave_1) entered blocking state
[  866.268249][T22144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  866.314479][ T5883] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.314542][ T5883] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  866.314568][ T5883] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.321287][ T5883] usb 10-1: config 0 descriptor??
[  866.378624][ T5883] pwc: Askey VC010 type 2 USB webcam detected.
[  866.782888][   T60] Bluetooth: hci2: command tx timeout
[  866.800697][ T5883] pwc: recv_control_msg error -32 req 02 val 2b00
[  866.807069][ T5883] pwc: recv_control_msg error -32 req 02 val 2700
[  866.823941][T32363] netlink: 7 bytes leftover after parsing attributes in process `syz.8.11883'.
[  866.825206][ T5883] pwc: recv_control_msg error -32 req 02 val 2c00
[  866.826273][ T5883] pwc: recv_control_msg error -32 req 04 val 1000
[  867.030762][ T5883] pwc: recv_control_msg error -71 req 04 val 1400
[  867.031259][ T5883] pwc: recv_control_msg error -71 req 02 val 2000
[  867.031825][ T5883] pwc: recv_control_msg error -71 req 02 val 2100
[  867.032328][ T5883] pwc: recv_control_msg error -71 req 04 val 1500
[  867.033427][ T5883] pwc: recv_control_msg error -71 req 02 val 2500
[  867.034454][ T5883] pwc: recv_control_msg error -71 req 02 val 2400
[  867.037358][ T5883] pwc: recv_control_msg error -71 req 02 val 2600
[  867.038380][ T5883] pwc: recv_control_msg error -71 req 02 val 2900
[  867.040220][ T5883] pwc: recv_control_msg error -71 req 02 val 2800
[  867.043051][ T5883] pwc: recv_control_msg error -71 req 04 val 1100
[  867.043809][ T5883] pwc: recv_control_msg error -71 req 04 val 1200
[  867.071263][ T5883] pwc: Registered as video103.
[  867.110166][ T5883] input: PWC snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/input/input55
[  867.230326][T32100] 8021q: adding VLAN 0 to HW filter on device batadv0
[  867.250518][ T5883] usb 10-1: USB disconnect, device number 3
[  867.613335][T32384] fuse: Bad value for 'fd'
[  867.992858][ T5993] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  868.177417][ T5993] usb 10-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  868.177451][ T5993] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.177472][ T5993] usb 10-1: Product: syz
[  868.177488][ T5993] usb 10-1: Manufacturer: syz
[  868.177504][ T5993] usb 10-1: SerialNumber: syz
[  868.232208][ T5993] usb 10-1: config 0 descriptor??
[  868.269895][T32100] veth0_vlan: entered promiscuous mode
[  868.323665][T32100] veth1_vlan: entered promiscuous mode
[  868.454262][T32100] veth0_macvtap: entered promiscuous mode
[  868.492827][T32100] veth1_macvtap: entered promiscuous mode
[  868.529151][ T5993] usb 10-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  868.583835][T32100] batman_adv: batadv0: Interface activated: batadv_slave_0
[  868.636093][T32100] batman_adv: batadv0: Interface activated: batadv_slave_1
[  868.679588][T22147] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  868.679859][T22147] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  868.680073][T22147] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  868.680261][T22147] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  869.267308][T22147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  869.267333][T22147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.474347][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  869.474370][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  869.568463][ T5993] dvb_usb_rtl28xxu 10-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  869.590649][ T5993] usb 10-1: USB disconnect, device number 4
[  870.173423][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  871.173972][T32447] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  871.736444][T32492] netlink: 2036 bytes leftover after parsing attributes in process `syz.1.11931'.
[  871.736470][T32492] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11931'.
[  877.163622][   T37] audit: type=1326 audit(1774542199.788:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=32622 comm="syz.9.11988" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efc130ac799 code=0x0
[  877.252694][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  879.297124][T32665] netlink: 168 bytes leftover after parsing attributes in process `syz.4.12003'.
[  880.440138][T32695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12011'.
[  881.217625][T32717] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12021'.
[  881.217671][T32717] netlink: 324 bytes leftover after parsing attributes in process `syz.1.12021'.
[  881.617113][T32735] netlink: 4 bytes leftover after parsing attributes in process `syz.8.12026'.
[  882.772719][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[  883.963016][   T37] audit: type=1326 audit(1774542206.578:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=324 comm="syz.4.12051" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9b9b98c799 code=0x0
[  884.816674][  T344] loop2: detected capacity change from 0 to 7
[  884.817870][  T344]  loop2:
[  884.817903][  T344] loop2: partition table partially beyond EOD, truncated
[  886.676193][ T5993] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  886.823371][ T5993] usb 9-1: Using ep0 maxpacket: 32
[  886.838346][ T5993] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[  886.838376][ T5993] usb 9-1: config 0 has no interface number 0
[  886.838424][ T5993] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  886.838454][ T5993] usb 9-1: config 0 interface 85 has no altsetting 0
[  886.890587][ T5993] usb 9-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  886.890621][ T5993] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  886.890643][ T5993] usb 9-1: Product: syz
[  886.890658][ T5993] usb 9-1: Manufacturer: syz
[  886.890674][ T5993] usb 9-1: SerialNumber: syz
[  886.938691][ T5993] usb 9-1: config 0 descriptor??
[  887.392274][  T398] netlink: 'syz.4.12079': attribute type 9 has an invalid length.
[  887.392526][  T398] netlink: 'syz.4.12079': attribute type 11 has an invalid length.
[  887.392545][  T398] netlink: 'syz.4.12079': attribute type 12 has an invalid length.
[  887.392565][  T398] netlink: 210020 bytes leftover after parsing attributes in process `syz.4.12079'.
[  887.420047][  T398] netlink: 4 bytes leftover after parsing attributes in process `syz.4.12079'.
[  887.579774][ T5993] appletouch 9-1:0.85: Geyser mode initialized.
[  887.603591][ T5993] input: appletouch as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.85/input/input56
[  887.837006][ T5993] usb 9-1: USB disconnect, device number 11
[  888.097966][ T5993] appletouch 9-1:0.85: input: appletouch disconnected
[  890.726938][  T480] netlink: 4 bytes leftover after parsing attributes in process `syz.9.12116'.
[  893.687917][  T558] kAFS: unable to lookup cell 'ÿ'
[  893.729690][  T558] kAFS: unable to lookup cell 'Þ({FúA'
[  894.217614][  T582] netlink: 4 bytes leftover after parsing attributes in process `syz.8.12158'.
[  897.962116][  T683] batman_adv: batadv0: Adding interface: dummy0
[  897.962137][  T683] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  897.962174][  T683] batman_adv: batadv0: Interface activated: dummy0
[  898.616194][  T690] batadv0: mtu less than device minimum
[  898.665679][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.708808][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.731084][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.759782][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.781703][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.801868][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.820618][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.843147][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  898.851042][  T690] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  899.114062][   T37] audit: type=1800 audit(1774542221.678:1472): pid=704 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.12201" name="file1" dev="overlay" ino=189 res=0 errno=0
[  899.231066][   T37] audit: type=1804 audit(1774542221.738:1473): pid=709 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.12201" name="/newroot/30/bus/file1" dev="overlay" ino=189 res=1 errno=0
[  899.670991][  T730] syzkaller0: entered promiscuous mode
[  899.671027][  T730] syzkaller0: entered allmulticast mode
[  899.685395][  T730] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487
[  904.602910][ T5882] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  904.752822][ T5882] usb 9-1: Using ep0 maxpacket: 16
[  904.761769][ T5882] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  904.761800][ T5882] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.761822][ T5882] usb 9-1: Product: syz
[  904.761838][ T5882] usb 9-1: Manufacturer: syz
[  904.761854][ T5882] usb 9-1: SerialNumber: syz
[  906.279032][ T5882] snd-usb-audio 9-1:1.0: probe with driver snd-usb-audio failed with error -71
[  906.283864][ T5882] usb 9-1: USB disconnect, device number 12
[  906.958729][  T891] net_ratelimit: 10 callbacks suppressed
[  906.958753][  T891] IPv4: Oversized IP packet from 127.202.26.0
[  909.222799][  T810] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  909.402827][  T810] usb 5-1: Using ep0 maxpacket: 32
[  909.404872][  T810] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  909.404901][  T810] usb 5-1: config 0 has no interface number 0
[  909.404950][  T810] usb 5-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  909.404976][  T810] usb 5-1: config 0 interface 89 has no altsetting 0
[  909.407763][  T810] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4a
[  909.407794][  T810] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.407817][  T810] usb 5-1: Product: syz
[  909.407833][  T810] usb 5-1: Manufacturer: syz
[  909.407849][  T810] usb 5-1: SerialNumber: syz
[  909.463188][  T810] usb 5-1: config 0 descriptor??
[  909.538286][  T810] em28xx 5-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  909.538316][  T810] em28xx 5-1:0.89: Video interface 89 found:
[  910.120268][  T810] em28xx 5-1:0.89: unknown em28xx chip ID (0)
[  910.978148][  T810] em28xx 5-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  910.978185][  T810] em28xx 5-1:0.89: board has no eeprom
[  911.032792][  T810] em28xx 5-1:0.89: Identified as Terratec Grabby (card=67)
[  911.032947][  T810] em28xx 5-1:0.89: analog set to bulk mode.
[  911.035787][ T5882] em28xx 5-1:0.89: Registering V4L2 extension
[  911.069673][  T810] usb 5-1: USB disconnect, device number 70
[  911.090438][  T810] em28xx 5-1:0.89: Disconnecting em28xx
[  911.138937][ T5882] em28xx 5-1:0.89: Config register raw data: 0xffffffed
[  911.138958][ T5882] em28xx 5-1:0.89: AC97 chip type couldn't be determined
[  911.138969][ T5882] em28xx 5-1:0.89: No AC97 audio processor
[  911.290506][ T5882] usb 5-1: Decoder not found
[  911.290523][ T5882] em28xx 5-1:0.89: failed to create media graph
[  911.290546][ T5882] em28xx 5-1:0.89: V4L2 device video103 deregistered
[  911.324160][ T5882] em28xx 5-1:0.89: Registering snapshot button...
[  911.546935][ T5882] input: em28xx snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.89/input/input57
[  911.787891][ T5882] em28xx 5-1:0.89: Remote control support is not available for this card.
[  911.787978][  T810] em28xx 5-1:0.89: Closing input extension
[  911.791497][  T810] em28xx 5-1:0.89: Deregistering snapshot button
[  912.714175][  T810] em28xx 5-1:0.89: Freeing device
[  912.878936][ T1084] fuse: Bad value for 'fd'
[  913.898892][ T1110] fuse: Bad value for 'fd'
[  915.718283][ T1165] netlink: 8 bytes leftover after parsing attributes in process `syz.8.12373'.
[  915.718318][ T1165] netlink: 8 bytes leftover after parsing attributes in process `syz.8.12373'.
[  916.225342][ T5798] Bluetooth: hci2: command 0x0405 tx timeout
[  916.506061][   T37] audit: type=1800 audit(1774542239.118:1474): pid=1176 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.8.12377" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  916.657162][ T1182] fuse: Bad value for 'fd'
[  917.570393][ T1202] 9pnet: p9_errstr2errno: server reported unknown error 0x0000
[  918.006752][ T1220] Bluetooth: hci0: invalid length 0, exp 2 for type 5
[  918.193902][ T1234] loop5: detected capacity change from 0 to 7
[  918.200297][T32390]  loop5:
[  918.200337][T32390] loop5: partition table partially beyond EOD, truncated
[  918.239500][ T1234]  loop5:
[  918.239537][ T1234] loop5: partition table partially beyond EOD, truncated
[  921.423029][T15065] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  921.582846][T15065] usb 9-1: Using ep0 maxpacket: 16
[  921.586802][T15065] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  921.586840][T15065] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  921.590851][T15065] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  921.590885][T15065] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  921.590907][T15065] usb 9-1: Product: syz
[  921.590924][T15065] usb 9-1: Manufacturer: syz
[  921.590940][T15065] usb 9-1: SerialNumber: syz
[  921.677508][T15065] usb 9-1: config 0 descriptor??
[  921.699064][T15065] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  921.699102][T15065] em28xx 9-1:0.0: Audio interface 0 found (Vendor Class)
[  921.983205][  T810] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  922.149759][  T810] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  922.149793][  T810] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  922.149816][  T810] usb 10-1: Product: syz
[  922.149832][  T810] usb 10-1: Manufacturer: syz
[  922.149849][  T810] usb 10-1: SerialNumber: syz
[  922.204917][  T810] usb 10-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  922.258359][ T5882] usb 10-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  922.324552][T15065] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  922.325550][T15065] em28xx 9-1:0.0: Config register raw data: 0xfffffffb
[  922.748154][ T5993] usb 10-1: USB disconnect, device number 5
[  922.916847][ T1373] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12455'.
[  922.973310][ T1375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12455'.
[  923.008894][ T1375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12455'.
[  923.136428][T15065] em28xx 9-1:0.0: Unknown AC97 audio processor detected!
[  923.136864][T15065] em28xx 9-1:0.0: couldn't setup AC97 register 2
[  923.137294][T15065] em28xx 9-1:0.0: couldn't setup AC97 register 4
[  923.142542][T15065] em28xx 9-1:0.0: couldn't setup AC97 register 6
[  923.150063][T15065] em28xx 9-1:0.0: couldn't setup AC97 register 54
[  923.152885][T15065] em28xx 9-1:0.0: couldn't setup AC97 register 56
[  923.203535][T15065] usb 9-1: USB disconnect, device number 13
[  923.425163][ T5882] ath9k_htc 10-1:1.0: ath9k_htc: Target is unresponsive
[  923.425310][ T5882] ath9k_htc: Failed to initialize the device
[  923.426090][ T5993] usb 10-1: ath9k_htc: USB layer deinitialized
[  924.033658][ T1408] fuse: Bad value for 'fd'
[  924.878133][   T37] audit: type=1326 audit(1774542247.498:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.878286][   T37] audit: type=1326 audit(1774542247.498:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.878798][   T37] audit: type=1326 audit(1774542247.498:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.879209][   T37] audit: type=1326 audit(1774542247.498:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.923625][   T37] audit: type=1326 audit(1774542247.538:1479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.983251][   T37] audit: type=1326 audit(1774542247.548:1480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed1cf5c799 code=0x7ffc0000
[  924.987837][   T37] audit: type=1326 audit(1774542247.608:1481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed1cf5c502 code=0x7ffc0000
[  925.020661][   T37] audit: type=1326 audit(1774542247.608:1482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fed1cf5c597 code=0x7ffc0000
[  925.047916][   T37] audit: type=1326 audit(1774542247.658:1483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fed1cf19491 code=0x7ffc0000
[  925.055628][   T37] audit: type=1326 audit(1774542247.668:1484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1446 comm="syz.1.12489" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fed1cf5d589 code=0x7ffc0000
[  926.238945][ T1478] netlink: 12 bytes leftover after parsing attributes in process `syz.9.12501'.
[  926.289434][ T1478] bond1: entered promiscuous mode
[  926.352408][ T1478] 8021q: adding VLAN 0 to HW filter on device bond1
[  926.588971][ T1489] syz_tun: entered allmulticast mode
[  926.670482][ T1488] syz_tun: left allmulticast mode
[  927.240842][ T1512] netlink: 'syz.1.12513': attribute type 1 has an invalid length.
[  927.540378][ T1512] 8021q: adding VLAN 0 to HW filter on device bond4
[  928.332783][T15065] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  928.512943][T15065] usb 10-1: Using ep0 maxpacket: 8
[  928.519724][T15065] usb 10-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  928.519759][T15065] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  928.519781][T15065] usb 10-1: Product: syz
[  928.519797][T15065] usb 10-1: Manufacturer: syz
[  928.519812][T15065] usb 10-1: SerialNumber: syz
[  929.007966][T15065] mxuport 10-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  929.008082][T15065] mxuport 10-1:254.0: probe with driver mxuport failed with error -5
[  929.066737][T15065] usb 10-1: USB disconnect, device number 6
[  931.633084][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  932.022550][ T1633] netlink: 4 bytes leftover after parsing attributes in process `syz.8.12560'.
[  932.619707][ T1637] bond5: entered allmulticast mode
[  932.661250][ T1640] macvlan5: entered promiscuous mode
[  932.661277][ T1640] macvlan5: entered allmulticast mode
[  932.680957][ T1640] bond5: entered promiscuous mode
[  932.694350][ T1640] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  932.838985][ T1640] bond5: left promiscuous mode
[  933.571692][ T1667] fuse: Bad value for 'fd'
[  933.658323][ T1667] bond6: option ad_select: invalid value (253)
[  933.920527][ T1667] bond6 (unregistering): Released all slaves
[  934.079379][ T1681] netlink: 'syz.9.12581': attribute type 1 has an invalid length.
[  934.128125][ T1681] 8021q: adding VLAN 0 to HW filter on device bond2
[  934.157063][ T1681] vlan0: entered allmulticast mode
[  934.157083][ T1681] veth0_to_bond: entered allmulticast mode
[  934.162105][ T1681] bond2: (slave vlan0): making interface the new active one
[  934.194194][ T1681] bond2: (slave vlan0): Enslaving as an active interface with an up link
[  935.664126][ T1742] fuse: Bad value for 'fd'
[  937.386406][ T1776] netlink: 'syz.9.12621': attribute type 8 has an invalid length.
[  938.834540][ T1806] fuse: Bad value for 'fd'
[  939.335769][   T37] kauditd_printk_skb: 167 callbacks suppressed
[  939.335791][   T37] audit: type=1326 audit(1774542261.958:1652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1822 comm="syz.4.12644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b9b98c799 code=0x7fc00000
[  939.338529][   T37] audit: type=1326 audit(1774542261.958:1653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=1822 comm="syz.4.12644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9b9b98c799 code=0x7fc00000
[  940.143081][   T60] Bluetooth: hci3: command 0x0406 tx timeout
[  942.223242][ T1869] Bluetooth: hci3: command 0x0406 tx timeout
[  942.424030][ T1886] Bluetooth: hci0: invalid length 0, exp 2 for type 6
[  942.675344][ T1882] netlink: 'syz.8.12666': attribute type 29 has an invalid length.
[  943.903041][ T5798] Bluetooth: hci0: command 0x0406 tx timeout
[  947.414373][ T2014] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  947.481969][ T2019] netlink: 'syz.1.12726': attribute type 83 has an invalid length.
[  947.622877][  T810] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  948.649690][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  948.700120][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  948.702332][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  948.768977][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  948.792043][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  950.709693][  T810] usb 5-1: unable to get BOS descriptor or descriptor too short
[  950.710840][  T810] usb 5-1: unable to read config index 0 descriptor/start: -71
[  950.710878][  T810] usb 5-1: can't read configurations, error -71
[  950.942926][   T60] Bluetooth: hci0: command tx timeout
[  950.951805][ T2063] netlink: 68 bytes leftover after parsing attributes in process `syz.4.12746'.
[  951.193053][ T2070] netlink: 'syz.4.12749': attribute type 4 has an invalid length.
[  951.271171][ T2070] netlink: 'syz.4.12749': attribute type 4 has an invalid length.
[  951.570909][ T2081] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  951.720265][ T2034] chnl_net:caif_netlink_parms(): no params data found
[  952.088221][ T2092] fuse: Bad value for 'fd'
[  952.377660][ T2034] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.390315][ T2034] bridge0: port 1(bridge_slave_0) entered disabled state
[  952.390605][ T2034] bridge_slave_0: entered allmulticast mode
[  952.422034][ T2034] bridge_slave_0: entered promiscuous mode
[  952.434329][ T2034] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.434461][ T2034] bridge0: port 2(bridge_slave_1) entered disabled state
[  952.434690][ T2034] bridge_slave_1: entered allmulticast mode
[  952.491871][ T2034] bridge_slave_1: entered promiscuous mode
[  952.774151][ T2034] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  952.780278][ T2034] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  952.941605][ T2034] team0: Port device team_slave_0 added
[  952.955954][ T2034] team0: Port device team_slave_1 added
[  953.028227][   T60] Bluetooth: hci0: command tx timeout
[  953.062944][ T2034] batman_adv: batadv0: Adding interface: batadv_slave_0
[  953.062965][ T2034] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  953.062993][ T2034] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  953.065840][ T2034] batman_adv: batadv0: Adding interface: batadv_slave_1
[  953.065856][ T2034] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  953.065885][ T2034] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  953.236018][ T2034] hsr_slave_0: entered promiscuous mode
[  953.237644][ T2034] hsr_slave_1: entered promiscuous mode
[  953.238716][ T2034] debugfs: 'hsr0' already exists in 'hsr'
[  953.238742][ T2034] Cannot create hsr debugfs directory
[  954.958422][ T2162] binder: 2161:2162 ioctl c0306201 0 returned -14
[  955.028262][ T2165] binder: 2161:2165 ioctl c0306201 0 returned -14
[  955.103241][ T5798] Bluetooth: hci0: command tx timeout
[  957.186437][ T5798] Bluetooth: hci0: command tx timeout
[  957.192754][ T5993] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  957.356327][ T5993] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  957.356364][ T5993] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  957.356392][ T5993] usb 5-1: config 1 interface 0 has no altsetting 0
[  957.372164][ T5993] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  957.372258][ T5993] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.372342][ T5993] usb 5-1: Product: syz
[  957.372391][ T5993] usb 5-1: Manufacturer: syz
[  957.372435][ T5993] usb 5-1: SerialNumber: syz
[  957.449427][ T2238] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  957.449563][ T2238] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  957.741639][ T5993] rtl8150 5-1:1.0: couldn't reset the device
[  957.741909][ T5993] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  957.808865][ T5993] usb 5-1: USB disconnect, device number 73
[  965.131444][ T2241] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12808'.
[  965.254088][ T2646] netlink: 'syz.1.12990': attribute type 10 has an invalid length.
[  965.723423][ T2646] team0: Port device wlan1 added
[  966.971036][ T2705] netlink: 16 bytes leftover after parsing attributes in process `syz.1.13005'.
[  967.487116][ T2034] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  967.578645][ T2034] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  967.645842][ T2034] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  967.723979][ T2034] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  968.409345][ T2034] 8021q: adding VLAN 0 to HW filter on device bond0
[  968.535792][ T2034] 8021q: adding VLAN 0 to HW filter on device team0
[  968.552019][ T1510] bridge0: port 1(bridge_slave_0) entered blocking state
[  968.552272][ T1510] bridge0: port 1(bridge_slave_0) entered forwarding state
[  968.665077][T22130] bridge0: port 2(bridge_slave_1) entered blocking state
[  968.665230][T22130] bridge0: port 2(bridge_slave_1) entered forwarding state
[  969.827366][ T2034] 8021q: adding VLAN 0 to HW filter on device batadv0
[  969.973508][ T2783] fuse: Bad value for 'fd'
[  970.183798][ T2034] veth0_vlan: entered promiscuous mode
[  970.321443][ T2034] veth1_vlan: entered promiscuous mode
[  970.517138][ T2034] veth0_macvtap: entered promiscuous mode
[  971.612918][ T2034] veth1_macvtap: entered promiscuous mode
[  971.972330][ T2034] batman_adv: batadv0: Interface activated: batadv_slave_0
[  972.093661][ T2034] batman_adv: batadv0: Interface activated: batadv_slave_1
[  972.141796][ T4703] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  972.142574][T22141] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  972.172820][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  972.172933][   T68] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  972.294834][   T37] audit: type=1800 audit(1774542294.918:1654): pid=2814 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.8.13030" name="bus" dev="overlay" ino=1460 res=0 errno=0
[  973.597830][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  973.597854][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  974.170953][ T4703] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  974.170980][ T4703] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  979.918387][  T810] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  980.082967][  T810] usb 9-1: Using ep0 maxpacket: 8
[  980.324591][  T810] usb 9-1: config 0 has no interfaces?
[  980.324633][  T810] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  980.324659][  T810] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  980.342370][  T810] usb 9-1: config 0 descriptor??
[  983.271069][ T2125] usb 9-1: USB disconnect, device number 14
[  983.581394][ T2984] netlink: 'syz.8.13072': attribute type 4 has an invalid length.
[  983.643132][ T2987] netlink: 'syz.8.13072': attribute type 4 has an invalid length.
[  983.892844][ T5883] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  983.951982][T22144] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  984.082767][ T5883] usb 5-1: Using ep0 maxpacket: 32
[  984.085512][ T5883] usb 5-1: unable to get BOS descriptor or descriptor too short
[  984.087391][ T5883] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 2031, setting to 1024
[  984.122771][ T5883] usb 5-1: New USB device found, idVendor=0582, idProduct=0089, bcdDevice= 0.40
[  984.122800][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.122819][ T5883] usb 5-1: Product: syz
[  984.122832][ T5883] usb 5-1: Manufacturer: syz
[  984.122845][ T5883] usb 5-1: SerialNumber: syz
[  984.564911][ T5883] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  984.568006][ T5883] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  984.863047][   T60] Bluetooth: hci2: command 0x0405 tx timeout
[  984.867047][ T5883] usb 5-1: USB disconnect, device number 74
[  985.190730][ T2922] udevd[2922]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  985.254858][T22144] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  985.872234][T22144] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  985.912801][ T5807] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  986.099637][ T5807] usb 5-1: Using ep0 maxpacket: 16
[  986.109944][ T5807] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  986.110025][ T5807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  986.110056][ T5807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  986.110080][ T5807] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  986.110104][ T5807] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  986.182333][ T5807] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  986.182370][ T5807] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  986.182393][ T5807] usb 5-1: Manufacturer: syz
[  986.398097][ T3041] vivid-002: disconnect
[  986.865591][ T3035] vivid-002: reconnect
[  987.195592][ T5807] usb 5-1: config 0 descriptor??
[  988.979282][ T5807] usb 5-1: can't set config #0, error -71
[  988.981786][ T5807] usb 5-1: USB disconnect, device number 75
[  992.478623][T22144] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.033980][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[  995.215810][ T3130] tap0: tun_chr_ioctl cmd 1074025675
[  995.215837][ T3130] tap0: persist enabled
[  995.216078][ T3130] tap0: tun_chr_ioctl cmd 1074025675
[  995.216104][ T3130] tap0: persist disabled
[  995.338980][T22144] bridge_slave_1: left allmulticast mode
[  995.339011][T22144] bridge_slave_1: left promiscuous mode
[  995.339295][T22144] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.651211][T22144] bridge_slave_0: left allmulticast mode
[  995.651242][T22144] bridge_slave_0: left promiscuous mode
[  995.651502][T22144] bridge0: port 1(bridge_slave_0) entered disabled state
[  997.508957][ T3178] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13129'.
[  997.508988][ T3178] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13129'.
[ 1001.621187][T22144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1001.730884][T22144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1001.767147][T22144] bond0 (unregistering): Released all slaves
[ 1001.789927][T22144] bond1 (unregistering): Released all slaves
[ 1001.863840][T22144] bond2 (unregistering): (slave vlan0): Releasing active interface
[ 1001.910171][T22144] bond2 (unregistering): Released all slaves
[ 1002.006320][ T3138] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1002.030920][ T3138] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1005.662645][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1006.107438][ T3300] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[ 1007.922640][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1008.592627][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1009.923045][ T3325] uprobe: syz.2.13172:3325 failed to unregister, leaking uprobe
[ 1011.629941][ T3362] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[ 1011.668314][ T3365] sch_tbf: burst 6281 is lower than device lo mtu (65550) !
[ 1013.351454][ T3376] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13186'.
[ 1013.556942][T22144] hsr_slave_1: left promiscuous mode
[ 1013.558207][T22144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1013.558235][T22144] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1013.608591][T22144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1013.608622][T22144] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1013.798901][T22144] veth1_macvtap: left promiscuous mode
[ 1013.799016][T22144] veth0_macvtap: left promiscuous mode
[ 1013.962659][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1013.982666][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1013.992676][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1014.002684][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1014.012687][    T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!!
[ 1020.803039][T22144] team0 (unregistering): Port device team_slave_1 removed
[ 1020.920465][T22144] team0 (unregistering): Port device team_slave_0 removed
[ 1022.774607][ T3469] kvm: requested 136609 ns i8254 timer period limited to 200000 ns
[ 1022.775519][ T3469] kvm: requested 186057 ns i8254 timer period limited to 200000 ns
[ 1022.777615][ T3469] kvm: requested 19276 ns i8254 timer period limited to 200000 ns
[ 1022.780605][ T3469] kvm: requested 75428 ns i8254 timer period limited to 200000 ns
[ 1022.782057][ T3469] kvm: requested 66209 ns i8254 timer period limited to 200000 ns
[ 1022.838284][ T3469] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[ 1022.856173][ T3469] kvm: requested 166781 ns i8254 timer period limited to 200000 ns
[ 1022.861828][ T3469] kvm: requested 196114 ns i8254 timer period limited to 200000 ns
[ 1022.879451][ T3469] kvm: requested 119847 ns i8254 timer period limited to 200000 ns
[ 1022.893319][ T3469] kvm: requested 176000 ns i8254 timer period limited to 200000 ns
[ 1026.186345][ T3540] netlink: 52 bytes leftover after parsing attributes in process `syz.8.13237'.
[ 1026.186820][ T3540] netlink: 52 bytes leftover after parsing attributes in process `syz.8.13237'.
[ 1030.328207][ T3574] syzkaller0: entered promiscuous mode
[ 1030.328237][ T3574] syzkaller0: entered allmulticast mode
[ 1030.681570][ T3586] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1030.729980][ T3572] tipc: Resetting bearer <eth:syzkaller0>
[ 1031.145245][ T3572] tipc: Disabling bearer <eth:syzkaller0>
[ 1031.550762][ T3612] fuse: Bad value for 'fd'
[ 1031.903019][ T5882] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 1032.055186][ T5882] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1032.055219][ T5882] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1032.055242][ T5882] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1032.055295][ T5882] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1032.055324][ T5882] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1032.057936][ T5882] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1032.057967][ T5882] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1032.057990][ T5882] usb 9-1: Product: syz
[ 1032.058006][ T5882] usb 9-1: Manufacturer: syz
[ 1032.184043][ T5882] cdc_wdm 9-1:1.0: skipping garbage
[ 1032.184069][ T5882] cdc_wdm 9-1:1.0: skipping garbage
[ 1032.204434][ T5882] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1032.204522][ T5882] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1034.577847][ T3661] netlink: 116 bytes leftover after parsing attributes in process `syz.1.13270'.
[ 1034.882460][ T2125] usb 9-1: USB disconnect, device number 15
[ 1036.356607][ T3674] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[ 1036.356659][ T3674] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[ 1036.356683][ T3674] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[ 1038.362071][ T3704] /dev/nullb0: Can't lookup blockdev
[ 1044.393421][ T3765] /dev/nullb0: Can't lookup blockdev
[ 1046.157857][ T3785] netlink: 16 bytes leftover after parsing attributes in process `syz.2.13304'.
[ 1054.471746][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1057.813442][ T3894] genirq: Flags mismatch irq 5. 00202000 (comedi_parport) vs. 00202000 (das16m1)
[ 1059.042075][ T3900] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1059.084467][ T3893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1068.834258][ T3979] netlink: 32 bytes leftover after parsing attributes in process `syz.1.13359'.
[ 1068.834291][ T3979] netlink: 88 bytes leftover after parsing attributes in process `syz.1.13359'.
[ 1068.834308][ T3979] tipc: Started in network mode
[ 1068.834325][ T3979] tipc: Node identity ff, cluster identity 4711
[ 1068.834339][ T3979] tipc: Node number set to 255
[ 1073.850027][   T60] Bluetooth: hci0: command 0x0406 tx timeout
[ 1074.140203][ T4015] fuse: Bad value for 'fd'
[ 1083.561288][ T4069] netlink: 16 bytes leftover after parsing attributes in process `syz.8.13381'.
[ 1083.561317][ T4069] netlink: 4 bytes leftover after parsing attributes in process `syz.8.13381'.
[ 1083.963124][   T60] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1084.009075][   T60] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1084.028530][   T60] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1084.031724][   T60] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1084.066716][   T60] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1086.278155][   T60] Bluetooth: hci5: command tx timeout
[ 1086.700069][ T4079] chnl_net:caif_netlink_parms(): no params data found
[ 1087.252825][ T4079] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1087.253049][ T4079] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1087.253289][ T4079] bridge_slave_0: entered allmulticast mode
[ 1087.256351][ T4079] bridge_slave_0: entered promiscuous mode
[ 1087.337892][ T4079] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1087.338021][ T4079] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1087.338225][ T4079] bridge_slave_1: entered allmulticast mode
[ 1087.340503][ T4079] bridge_slave_1: entered promiscuous mode
[ 1087.454102][ T4079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1087.457762][ T4079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1087.530262][ T4079] team0: Port device team_slave_0 added
[ 1087.534045][ T4079] team0: Port device team_slave_1 added
[ 1087.607685][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1087.607702][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1087.607732][ T4079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1087.610166][ T4079] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1087.610183][ T4079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1087.610212][ T4079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1088.510672][   T60] Bluetooth: hci5: command tx timeout
[ 1088.808838][ T4079] hsr_slave_0: entered promiscuous mode
[ 1088.810295][ T4079] hsr_slave_1: entered promiscuous mode
[ 1090.723413][   T60] Bluetooth: hci5: command tx timeout
[ 1093.268068][   T60] Bluetooth: hci5: command tx timeout
[ 1098.451009][ T4217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13422'.
[ 1103.209329][ T4255] netlink: 'syz.1.13430': attribute type 1 has an invalid length.
[ 1103.280343][ T4264] netlink: 16 bytes leftover after parsing attributes in process `syz.8.13433'.
[ 1103.280391][ T4264] openvswitch: netlink: Missing key (keys=40, expected=200000)
[ 1103.686939][ T4255] 8021q: adding VLAN 0 to HW filter on device bond6
[ 1103.726740][ T4266] batman_adv: batadv0: Interface deactivated: dummy0
[ 1103.908257][ T4266] batman_adv: batadv0: Removing interface: dummy0
[ 1104.104062][ T4266] bond6: (slave dummy0): making interface the new active one
[ 1104.179371][ T4266] bond6: (slave dummy0): Enslaving as an active interface with an up link
[ 1111.474728][ T4079] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1111.580652][ T4079] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1111.783277][ T4079] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1111.931013][ T4079] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1112.849829][ T4079] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1112.983024][ T4079] 8021q: adding VLAN 0 to HW filter on device team0
[ 1113.036226][ T4703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1113.036448][ T4703] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1113.115947][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1113.116045][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1117.605859][ T4079] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1119.664090][ T4429] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1119.664136][ T4429] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1119.670173][ T4429] vhci_hcd vhci_hcd.0: Device attached
[ 1119.734203][ T4429] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[ 1119.734230][ T4429] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1119.734275][ T4429] vhci_hcd vhci_hcd.0: Device attached
[ 1119.783551][ T4429] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(11)
[ 1119.783575][ T4429] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1119.783621][ T4429] vhci_hcd vhci_hcd.0: Device attached
[ 1119.920601][ T4429] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(13)
[ 1119.920635][ T4429] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1119.967543][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1120.014055][T19494] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[ 1120.022296][ T4429] vhci_hcd vhci_hcd.0: Device attached
[ 1120.122981][ T4438] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(16)
[ 1120.123015][ T4438] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1120.171008][ T4444] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(19)
[ 1120.171043][ T4444] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1120.269096][ T4438] vhci_hcd vhci_hcd.0: Device attached
[ 1120.290750][ T4444] vhci_hcd vhci_hcd.0: Device attached
[ 1120.441194][ T4445] vhci_hcd: connection closed
[ 1120.462634][  T720] vhci_hcd vhci_hcd.1: stop threads
[ 1120.462665][  T720] vhci_hcd vhci_hcd.1: release socket
[ 1120.462747][  T720] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.495702][ T4439] vhci_hcd: connection closed
[ 1120.496485][ T4437] vhci_hcd: connection closed
[ 1120.504424][   T44] vhci_hcd vhci_hcd.1: stop threads
[ 1120.504455][   T44] vhci_hcd vhci_hcd.1: release socket
[ 1120.504565][   T44] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.505028][   T44] vhci_hcd vhci_hcd.1: stop threads
[ 1120.505044][   T44] vhci_hcd vhci_hcd.1: release socket
[ 1120.509653][ T4435] vhci_hcd: connection closed
[ 1120.510485][ T4433] vhci_hcd: connection closed
[ 1120.524471][   T44] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.525714][   T44] vhci_hcd vhci_hcd.1: stop threads
[ 1120.525774][   T44] vhci_hcd vhci_hcd.1: release socket
[ 1120.526014][   T44] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.540138][   T44] vhci_hcd vhci_hcd.1: stop threads
[ 1120.540205][   T44] vhci_hcd vhci_hcd.1: release socket
[ 1120.540443][   T44] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.606462][ T4431] vhci_hcd: connection reset by peer
[ 1120.628205][  T116] vhci_hcd vhci_hcd.1: stop threads
[ 1120.628235][  T116] vhci_hcd vhci_hcd.1: release socket
[ 1120.628301][  T116] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.937683][ T4079] veth0_vlan: entered promiscuous mode
[ 1120.988006][ T4079] veth1_vlan: entered promiscuous mode
[ 1121.277193][ T4079] veth0_macvtap: entered promiscuous mode
[ 1121.283058][ T4079] veth1_macvtap: entered promiscuous mode
[ 1121.416145][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1121.481896][ T4079] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1123.078761][  T720] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.079929][  T720] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.080928][  T720] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1123.088860][  T720] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1124.066364][  T116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1124.066388][  T116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1124.321105][ T1424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1124.321131][ T1424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1125.378807][ T4504] netlink: 8 bytes leftover after parsing attributes in process `syz.8.13487'.
[ 1126.089733][T19494] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1126.503860][ T4515] netlink: 4 bytes leftover after parsing attributes in process `syz.8.13489'.
[ 1134.589463][ T4577] netlink: 180 bytes leftover after parsing attributes in process `syz.1.13503'.
[ 1134.619491][ T4577] netlink: 'syz.1.13503': attribute type 9 has an invalid length.
[ 1134.619541][ T4577] netlink: 'syz.1.13503': attribute type 11 has an invalid length.
[ 1134.619584][ T4577] netlink: 'syz.1.13503': attribute type 12 has an invalid length.
[ 1134.619664][ T4577] netlink: 210020 bytes leftover after parsing attributes in process `syz.1.13503'.
[ 1134.620686][ T4577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13503'.
[ 1138.622281][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1138.679675][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1138.687476][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1138.698582][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1138.700130][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1141.582263][ T4632] fuse: Bad value for 'fd'
[ 1143.258920][ T5798] Bluetooth: hci0: command tx timeout
[ 1143.930356][ T4606] chnl_net:caif_netlink_parms(): no params data found
[ 1145.808359][ T5798] Bluetooth: hci0: command tx timeout
[ 1147.284764][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1147.284786][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1147.284853][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.294746][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(9)
[ 1147.294775][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1147.294845][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.415050][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(11)
[ 1147.415081][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1147.415142][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.459470][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(13)
[ 1147.459503][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1147.459563][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.605996][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(15)
[ 1147.606028][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1147.606122][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.609712][ T4678] vhci_hcd vhci_hcd.0: pdev(1) rhport(5) sockfd(18)
[ 1147.609743][ T4678] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1147.609842][ T4678] vhci_hcd vhci_hcd.0: Device attached
[ 1147.610204][ T4664] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1147.647977][ T4664] vhci_hcd vhci_hcd.0: pdev(1) rhport(7) sockfd(22)
[ 1147.648095][ T4664] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1147.648351][ T4664] vhci_hcd vhci_hcd.0: Device attached
[ 1147.669361][T26873] usb 35-1: new low-speed USB device number 3 using vhci_hcd
[ 1147.869530][ T4606] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1147.885579][ T4606] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1147.885912][ T4606] bridge_slave_0: entered allmulticast mode
[ 1147.889352][ T4606] bridge_slave_0: entered promiscuous mode
[ 1147.928927][ T4606] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1147.929124][ T4606] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1147.929416][ T4606] bridge_slave_1: entered allmulticast mode
[ 1147.932451][ T4606] bridge_slave_1: entered promiscuous mode
[ 1147.984802][ T4684] vhci_hcd: connection closed
[ 1148.002745][ T5798] Bluetooth: hci0: command tx timeout
[ 1148.007690][ T4679] vhci_hcd: connection closed
[ 1148.008094][ T4675] vhci_hcd: connection closed
[ 1148.008408][ T4670] vhci_hcd: connection closed
[ 1148.008575][ T4673] vhci_hcd: connection closed
[ 1148.073692][ T4665] vhci_hcd: connection reset by peer
[ 1148.086793][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.086823][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.086900][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.111829][ T4667] vhci_hcd: connection closed
[ 1148.123480][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.123507][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.123576][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.124558][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.124571][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.124620][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.144336][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.144419][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.144614][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.164998][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.165023][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.165126][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.184899][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.184968][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.185182][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1148.225014][ T1510] vhci_hcd vhci_hcd.1: stop threads
[ 1148.225045][ T1510] vhci_hcd vhci_hcd.1: release socket
[ 1148.225234][ T1510] vhci_hcd vhci_hcd.1: disconnect device
[ 1150.226869][   T60] Bluetooth: hci0: command tx timeout
[ 1151.494048][ T4606] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1152.527735][ T4606] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1153.140593][T26873] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1153.200677][ T4606] team0: Port device team_slave_0 added
[ 1153.212018][ T4606] team0: Port device team_slave_1 added
[ 1153.265252][ T4606] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1153.265272][ T4606] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1153.265302][ T4606] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1153.267890][ T4606] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1153.267907][ T4606] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1153.267938][ T4606] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1157.758665][ T4751] netlink: 2 bytes leftover after parsing attributes in process `syz.5.13544'.
[ 1158.144861][ T4606] hsr_slave_0: entered promiscuous mode
[ 1158.146412][ T4606] hsr_slave_1: entered promiscuous mode
[ 1158.147417][ T4606] debugfs: 'hsr0' already exists in 'hsr'
[ 1158.147445][ T4606] Cannot create hsr debugfs directory
[ 1161.815471][ T5798] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1161.854659][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1161.857670][ T5798] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1161.918583][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1161.919388][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1164.268683][   T60] Bluetooth: hci2: command tx timeout
[ 1164.592042][ T4829] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13566'.
[ 1166.472040][ T5798] Bluetooth: hci2: command tx timeout
[ 1168.689133][ T5798] Bluetooth: hci2: command 0x040f tx timeout
[ 1170.911465][   T60] Bluetooth: hci2: command 0x040f tx timeout
[ 1173.151048][   T60] Bluetooth: hci2: command 0x040f tx timeout
[ 1174.254732][T22140] netdevsim netdevsim8 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1174.254764][T22140] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1176.530294][T22140] netdevsim netdevsim8 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1176.530342][T22140] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1177.681504][ T4951] tmpfs: Unknown parameter 'fscontext'
[ 1180.035107][T22140] netdevsim netdevsim8 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1180.035138][T22140] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.485191][T22140] netdevsim netdevsim8 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1183.485232][T22140] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1183.815259][ T4791] chnl_net:caif_netlink_parms(): no params data found
[ 1184.554366][ T5008] ==================================================================
[ 1184.554386][ T5008] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60
[ 1184.554557][ T5008] Read of size 1 at addr ffff888052fa2068 by task syz.5.13611/5008
[ 1184.554579][ T5008] 
[ 1184.554598][ T5008] CPU: 1 UID: 0 PID: 5008 Comm: syz.5.13611 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1184.554632][ T5008] Tainted: [L]=SOFTLOCKUP
[ 1184.554641][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1184.554657][ T5008] Call Trace:
[ 1184.554667][ T5008]  <TASK>
[ 1184.554679][ T5008]  dump_stack_lvl+0xe8/0x150
[ 1184.554739][ T5008]  print_report+0xba/0x230
[ 1184.554782][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.554825][ T5008]  kasan_report+0x117/0x150
[ 1184.554874][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.554916][ T5008]  __kasan_check_byte+0x2a/0x40
[ 1184.554938][ T5008]  lock_acquire+0x79/0x2e0
[ 1184.554968][ T5008]  ? rcu_is_watching+0x15/0xb0
[ 1184.555002][ T5008]  _raw_spin_lock_irqsave+0x40/0x60
[ 1184.555037][ T5008]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1184.555067][ T5008]  rt_mutex_slowunlock+0xbf/0x8b0
[ 1184.555100][ T5008]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1184.555134][ T5008]  ? __rcu_read_unlock+0x83/0xe0
[ 1184.555168][ T5008]  ? rt_spin_unlock+0x160/0x200
[ 1184.555199][ T5008]  dma_buf_fd+0x189/0x370
[ 1184.555303][ T5008]  udmabuf_create+0xf26/0xfe0
[ 1184.555367][ T5008]  ? __pfx_udmabuf_create+0x10/0x10
[ 1184.555404][ T5008]  udmabuf_ioctl+0x1f6/0x310
[ 1184.555425][ T5008]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1184.555504][ T5008]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1184.555539][ T5008]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1184.555561][ T5008]  __se_sys_ioctl+0xff/0x170
[ 1184.555632][ T5008]  do_syscall_64+0x14d/0xf80
[ 1184.555654][ T5008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.555694][ T5008]  ? clear_bhb_loop+0x40/0x90
[ 1184.555722][ T5008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.555746][ T5008] RIP: 0033:0x7f42fa78c799
[ 1184.555774][ T5008] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1184.555796][ T5008] RSP: 002b:00007f42f89a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1184.555835][ T5008] RAX: ffffffffffffffda RBX: 00007f42faa06180 RCX: 00007f42fa78c799
[ 1184.555854][ T5008] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000008
[ 1184.555870][ T5008] RBP: 00007f42fa822c99 R08: 0000000000000000 R09: 0000000000000000
[ 1184.555886][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1184.555900][ T5008] R13: 00007f42faa06218 R14: 00007f42faa06180 R15: 00007ffc7d0a7d28
[ 1184.555931][ T5008]  </TASK>
[ 1184.555940][ T5008] 
[ 1184.555946][ T5008] Allocated by task 5008:
[ 1184.555958][ T5008]  kasan_save_track+0x3e/0x80
[ 1184.555990][ T5008]  __kasan_kmalloc+0x93/0xb0
[ 1184.556021][ T5008]  __kmalloc_noprof+0x3e7/0x7b0
[ 1184.556106][ T5008]  dma_buf_export+0x3ba/0xb10
[ 1184.556132][ T5008]  udmabuf_create+0xee5/0xfe0
[ 1184.556151][ T5008]  udmabuf_ioctl+0x1f6/0x310
[ 1184.556170][ T5008]  __se_sys_ioctl+0xff/0x170
[ 1184.556188][ T5008]  do_syscall_64+0x14d/0xf80
[ 1184.556207][ T5008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.556229][ T5008] 
[ 1184.556235][ T5008] Freed by task 5009:
[ 1184.556246][ T5008]  kasan_save_track+0x3e/0x80
[ 1184.556276][ T5008]  kasan_save_free_info+0x46/0x50
[ 1184.556313][ T5008]  __kasan_slab_free+0x5c/0x80
[ 1184.556344][ T5008]  kfree+0x1c1/0x6c0
[ 1184.556372][ T5008]  __dentry_kill+0x211/0x5e0
[ 1184.556415][ T5008]  finish_dput+0xc9/0x480
[ 1184.556442][ T5008]  __fput+0x6a3/0xa90
[ 1184.556510][ T5008]  task_work_run+0x1d9/0x270
[ 1184.556541][ T5008]  exit_to_user_mode_loop+0xed/0x480
[ 1184.556574][ T5008]  do_syscall_64+0x32d/0xf80
[ 1184.556592][ T5008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.556613][ T5008] 
[ 1184.556619][ T5008] The buggy address belongs to the object at ffff888052fa2000
[ 1184.556619][ T5008]  which belongs to the cache kmalloc-1k of size 1024
[ 1184.556639][ T5008] The buggy address is located 104 bytes inside of
[ 1184.556639][ T5008]  freed 1024-byte region [ffff888052fa2000, ffff888052fa2400)
[ 1184.556664][ T5008] 
[ 1184.556670][ T5008] The buggy address belongs to the physical page:
[ 1184.556717][ T5008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888052fa0000 pfn:0x52fa0
[ 1184.556741][ T5008] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1184.556760][ T5008] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[ 1184.556781][ T5008] page_type: f5(slab)
[ 1184.556803][ T5008] raw: 0080000000000240 ffff88813fe19dc0 ffffea0001885810 ffffea00014e7a10
[ 1184.556830][ T5008] raw: ffff888052fa0000 000000080010000e 00000000f5000000 0000000000000000
[ 1184.556853][ T5008] head: 0080000000000240 ffff88813fe19dc0 ffffea0001885810 ffffea00014e7a10
[ 1184.556874][ T5008] head: ffff888052fa0000 000000080010000e 00000000f5000000 0000000000000000
[ 1184.556894][ T5008] head: 0080000000000003 ffffea00014be801 00000000ffffffff 00000000ffffffff
[ 1184.556913][ T5008] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 1184.556926][ T5008] page dumped because: kasan: bad access detected
[ 1184.556943][ T5008] page_owner tracks the page as allocated
[ 1184.556953][ T5008] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 116, tgid 116 (kworker/u8:5), ts 1156338468723, free_ts 1147246473203
[ 1184.556993][ T5008]  post_alloc_hook+0x231/0x280
[ 1184.557035][ T5008]  get_page_from_freelist+0x28bb/0x2950
[ 1184.557059][ T5008]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1184.557082][ T5008]  allocate_slab+0x77/0x660
[ 1184.557107][ T5008]  refill_objects+0x334/0x3c0
[ 1184.557130][ T5008]  __pcs_replace_empty_main+0x35c/0x710
[ 1184.557158][ T5008]  __kmalloc_noprof+0x530/0x7b0
[ 1184.557191][ T5008]  ieee802_11_parse_elems_full+0x159/0x2ab0
[ 1184.557295][ T5008]  ieee80211_inform_bss+0x161/0x1160
[ 1184.557361][ T5008]  cfg80211_inform_single_bss_data+0xd2f/0x1bd0
[ 1184.557424][ T5008]  cfg80211_inform_bss_data+0x266/0x3c40
[ 1184.557445][ T5008]  cfg80211_inform_bss_frame_data+0x3c7/0x760
[ 1184.557467][ T5008]  ieee80211_bss_info_update+0x794/0xa40
[ 1184.557488][ T5008]  ieee80211_ibss_rx_queued_mgmt+0x1901/0x2cd0
[ 1184.557534][ T5008]  ieee80211_iface_work+0x84e/0x1340
[ 1184.557559][ T5008]  cfg80211_wiphy_work+0x2ab/0x4a0
[ 1184.557608][ T5008] page last free pid 4422 tgid 4415 stack trace:
[ 1184.557622][ T5008]  __free_frozen_pages+0xfe3/0x1170
[ 1184.557656][ T5008]  vfree+0x2ac/0x470
[ 1184.557691][ T5008]  kcov_close+0x2e/0x60
[ 1184.557716][ T5008]  __fput+0x461/0xa90
[ 1184.557741][ T5008]  task_work_run+0x1d9/0x270
[ 1184.557764][ T5008]  do_exit+0x70f/0x23c0
[ 1184.557792][ T5008]  do_group_exit+0x21b/0x2d0
[ 1184.557821][ T5008]  get_signal+0x125c/0x1310
[ 1184.557848][ T5008]  arch_do_signal_or_restart+0xbc/0x830
[ 1184.557886][ T5008]  exit_to_user_mode_loop+0x86/0x480
[ 1184.557920][ T5008]  do_syscall_64+0x32d/0xf80
[ 1184.557938][ T5008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.557961][ T5008] 
[ 1184.557967][ T5008] Memory state around the buggy address:
[ 1184.557980][ T5008]  ffff888052fa1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1184.557996][ T5008]  ffff888052fa1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1184.558012][ T5008] >ffff888052fa2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1184.558025][ T5008]                                                           ^
[ 1184.558039][ T5008]  ffff888052fa2080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1184.558055][ T5008]  ffff888052fa2100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1184.558068][ T5008] ==================================================================
[ 1184.558094][ T5008] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1184.558116][ T5008] CPU: 1 UID: 0 PID: 5008 Comm: syz.5.13611 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1184.558147][ T5008] Tainted: [L]=SOFTLOCKUP
[ 1184.558157][ T5008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1184.558171][ T5008] Call Trace:
[ 1184.558181][ T5008]  <TASK>
[ 1184.558191][ T5008]  vpanic+0x56c/0xa60
[ 1184.558229][ T5008]  ? __pfx_vpanic+0x10/0x10
[ 1184.558269][ T5008]  panic+0xc5/0xd0
[ 1184.558301][ T5008]  ? __pfx_panic+0x10/0x10
[ 1184.558338][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558373][ T5008]  ? rcu_is_watching+0x15/0xb0
[ 1184.558400][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558435][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558470][ T5008]  check_panic_on_warn+0x89/0xb0
[ 1184.558496][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558530][ T5008]  end_report+0x73/0x180
[ 1184.558552][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558586][ T5008]  kasan_report+0x128/0x150
[ 1184.558610][ T5008]  ? _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558651][ T5008]  __kasan_check_byte+0x2a/0x40
[ 1184.558673][ T5008]  lock_acquire+0x79/0x2e0
[ 1184.558696][ T5008]  ? rcu_is_watching+0x15/0xb0
[ 1184.558724][ T5008]  _raw_spin_lock_irqsave+0x40/0x60
[ 1184.558757][ T5008]  ? rt_mutex_slowunlock+0xbf/0x8b0
[ 1184.558786][ T5008]  rt_mutex_slowunlock+0xbf/0x8b0
[ 1184.558827][ T5008]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1184.558860][ T5008]  ? __rcu_read_unlock+0x83/0xe0
[ 1184.558894][ T5008]  ? rt_spin_unlock+0x160/0x200
[ 1184.558926][ T5008]  dma_buf_fd+0x189/0x370
[ 1184.558956][ T5008]  udmabuf_create+0xf26/0xfe0
[ 1184.558995][ T5008]  ? __pfx_udmabuf_create+0x10/0x10
[ 1184.559031][ T5008]  udmabuf_ioctl+0x1f6/0x310
[ 1184.559052][ T5008]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1184.559089][ T5008]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1184.559123][ T5008]  ? __pfx_udmabuf_ioctl+0x10/0x10
[ 1184.559146][ T5008]  __se_sys_ioctl+0xff/0x170
[ 1184.559169][ T5008]  do_syscall_64+0x14d/0xf80
[ 1184.559191][ T5008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.559215][ T5008]  ? clear_bhb_loop+0x40/0x90
[ 1184.559242][ T5008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1184.559265][ T5008] RIP: 0033:0x7f42fa78c799
[ 1184.559285][ T5008] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1184.559306][ T5008] RSP: 002b:00007f42f89a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1184.559332][ T5008] RAX: ffffffffffffffda RBX: 00007f42faa06180 RCX: 00007f42fa78c799
[ 1184.559350][ T5008] RDX: 0000200000000000 RSI: 0000000040187542 RDI: 0000000000000008
[ 1184.559366][ T5008] RBP: 00007f42fa822c99 R08: 0000000000000000 R09: 0000000000000000
[ 1184.559382][ T5008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1184.559397][ T5008] R13: 00007f42faa06218 R14: 00007f42faa06180 R15: 00007ffc7d0a7d28
[ 1184.559428][ T5008]  </TASK>
[ 1184.559596][ T5008] Kernel Offset: disabled