last executing test programs:

7m27.281821545s ago: executing program 0 (id=1154):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x14, 0x4, 0x8, 0xb}, 0x50)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%pS    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r2}, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000740)={&(0x7f0000000040)="99edede2d560106ce5b5c3a8bfdbf8c258673d81fb9df9", &(0x7f0000000480)=""/86, &(0x7f0000000600)="1807b198f06505475b67d1544026487a7db713d2a2ab30f5d2c96fb234e7df2de0721f9a0eeac5d467e204d8ac82e68ab485972000d6fbf3f93bb03e59a67626e29f36576a531f1e979573e8e804080dc68e2312d7e9468f40a8b5a4cd5d1a992d2e257d27ded871f928ff0ebca2bbf95b63a2f71b2d2ac25192985c74f909ee2f94867f9dbb7e5efe280b9efeb1ff2622e234a07fea167d8a6906c763750cb0b7ae2e2e8ad1b7feaf79f2f044ff23a59d040abb03", &(0x7f0000000700), 0x7, r2, 0x4}, 0x38)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x54)
socket$nl_netfilter(0x10, 0x3, 0xc)

7m19.120348083s ago: executing program 0 (id=1169):
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x7}, 0x1c)
connect$inet6(r0, &(0x7f0000000480)={0xa, 0x4e22, 0x84c, @rand_addr=' \x01\x00', 0x104}, 0x1c)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)=ANY=[@ANYBLOB='%\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fcdbdf25030000000800010000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8004}, 0xc0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffff9824}, 0x3d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xc2354000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x33)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r7, 0xfffffffd, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x40000007, @loopback={0x700}}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
close(r6)
setregid(0xffffffffffffffff, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r8, 0x0, 0x33, &(0x7f0000000000)=0x80000000, 0x4)

7m17.683813754s ago: executing program 0 (id=1172):
chdir(&(0x7f0000000000)='./cgroup\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r0 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="1e0000000001000005000000bf0700004544003c", @ANYRES32, @ANYBLOB="0600"/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="02000000000000000500000003000000000001000000000000000000"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = eventfd2(0x4, 0x80801)
io_setup(0x6, &(0x7f0000000140)=<r7=>0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r8=>r5, {0xee00, 0xee00}}, './cgroup\x00'})
r9 = syz_open_dev$hiddev(0x0, 0x228, 0x121081)
r10 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
io_submit(r7, 0x7, &(0x7f0000000d00)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x3, 0xb7, r4, 0x0, 0x0, 0xd2, 0x0, 0x3}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x2, 0xf801, r8, &(0x7f0000000e00)="fc60254d607ba43ff1f0d03897517f352b69f1ba6ad1a8e36a61f0cf6e215ca43531b75f1176a74f3e418c71bad49a8550be55950dee3caeba091e1c6d0bca14d16861d63dd91f117d", 0x49, 0x5, 0x0, 0x0, r6}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x8, r9, &(0x7f0000000580)="23752e35bd0d769681291afc26bc717ea89b40919dfaafe5080fa3630d2c68137fc654cc5dd589898b17a8c9d7a933474b85624d5cde96d73df80917a7700e8b18827db63f3583b4c39db7703eee93e9843418177056d5f6df5d2bcda44d04822f0f0357a8e8184eb9b1e5ee244b5d399701f69ce9fae10011e0b7e555fad66d35c6d79d4c62ed89af316ad5dee2cd9da6f4e2e46b0b8ea4721f43a489ed61fbc76e56603fb7ccfed14947c24937d59ae0735a575cb62ba20310f3", 0xbb, 0x3, 0x0, 0x3, r5}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x8, 0x5, r6, 0x0, 0x0, 0x6, 0x0, 0x0, r8}, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x2, 0xe, r10, &(0x7f0000000940)="7f83f8290f2fdba92d9ba33b1aebd0768ed75f2e266f46be064bfad5de28295b3a9149a95172f5dde58516329f1ea2aea1b956a94e6a39768e26caadfb18698ecd51ac83ca5834513d526022c1d1f49f4da73e705c3e7d32d3fef1ae20f2643eb63341b94efcf9a3f422da5264219e11e0df88fd883c4982308fb9e2a75d7ae892fa4189323808885bdcb2033df3994f70b22c29d009353cc60881e5bb06e513028e9aed39630baa529798f61d8bba6d715bd473ba62c3f1a6552c9dbd87a478b81015847de7e1715a322c86c28e3f0b4703f1d680c46ef67c5584e7f8b41679056c2eccbc119db024", 0xe9, 0x7, 0x0, 0x0, r0}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x3, 0xb0, r2, &(0x7f0000000a80)="1f76372085fedebe28389c3ae39c99d0f276dc7c69dcb0231e761450618dd5e140449edf1222ad8e97aaaa1c33b3f141c3e2049acd9cd6635f7332d36fe511a58fa92572fa047dc20da0d7592451ff30deec5cfb8a8018bb26e65f7c9009dedfcb8cdd4ac6c9743cb311b2a804a38483e9e4d7b56c67960ee16a1bd97a0692e594afdcf5caac8c096fd04ce920cc7f7ba26f34801b18dac919fa3df7260cd41e832fd68c6b89e4ee6d3f83", 0xab, 0x7, 0x0, 0x0, r8}, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x2, 0x0, r6, &(0x7f0000000b80)="b276c5b1560e1b97313f31c0c08f75a6e446ab4d80111e35ee31f7fa10aea65486bb35456f622fb992a017bd9a3361cd88dc47aaa43d4fdcc01e31f6cc0347892e75b0e34eba4a232ca73418ddba5f2b0f4214239e5700171f800ccac0c7970822528938c4454e574d9ec2b851ba63c8f30c1d2165be2da94d0d3a01ca3a6f1c4b77739ff325ed8bc46fa1df80a6b2a5d8eb5232b50c29298c22486d98de89ce9021a88ef16312cac5747922368c1626c8a51441b5690c889af8f7244ae21daf19a886ad63f2273c84ee1d8c834fbd7ea355234b498af6d9cd694e06152a18169e", 0xe1, 0x7, 0x0, 0x3, r6}])
mkdirat(r0, &(0x7f0000000100)='./control\x00', 0x0)
unlinkat(r0, &(0x7f0000000140)='./control\x00', 0x200)
rmdir(&(0x7f0000000040)='./control\x00')
socket$inet_icmp_raw(0x2, 0x3, 0x1)

7m16.377090016s ago: executing program 0 (id=1174):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x70bd2d, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
creat(&(0x7f0000000340)='./file0\x00', 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r3, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x80)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB, @ANYRESHEX])
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000300)='attr/current\x00')
writev(r4, &(0x7f0000000280)=[{&(0x7f0000000500)="6f5dfc88f7087e6059b7cd05ae308fa23d79ad0c56cc540d3da19b6c287213763ddd393c5242b3e6c41088da070ec60ab04bedb4db21c91559e2ba3a2f08d235bf9adf84a971fd8eef03f6c7ee55f0e148eac87e6120eb50c15ca1c843046857326bdce3da96f3a49468fa3cb9ecd7713f073df6d99fd19ad38aa96d95905d0baa1fc2d3bb8973", 0x87}, {&(0x7f0000000380)="a07b1a4e27d2fae5835ce49927786130718795025309e978dd9ead11d34763dfc8b6ebeac4464f128ff60c8c944553c3305b65a120138541770ac2236bb71f3923253a181b775441b3dd41d4991d161cad3865f1543b65493ff6c1473abfe890b5fc1cdfa1380ae8f6987e422d4a124e51776f159550ec1557142288", 0x7c}, {&(0x7f00000005c0)="107878ddc7c5d99b3dfed6e95335edddab8b1933d7e17e5a984dda202079bc3849b6a6e3d094e6718f6a84d4086f01765747b0504cde44d865b8118fb145371b5cbdc60930382cef52a52dea67ae8779e652dabc82437bdd9b6c81cddbcf11b72de1b5b124ef918c327a3fe8edb44cafb49c532633f5abd767c68162c398238a5979118b9f7d515167f1574316", 0x8d}], 0x3)
capset(&(0x7f0000000080)={0x20071026}, 0x0)
lremovexattr(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=@known='system.posix_acl_access\x00')
vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0)
ptrace(0x10, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r5, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x4e24, 0x7f, @dev={0xfe, 0x80, '\x00', 0x41}, 0xca}, 0x1c)
sendto$inet(r5, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x0, @loopback}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0x8c}}, 0x0)

7m14.564929021s ago: executing program 0 (id=1175):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
symlinkat(&(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
setxattr$trusted_overlay_upper(&(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040), 0x0, 0x0, 0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000003c0001800c00028005000100000000002c0001801400030000000000000000000000ffffac1414bb1400040000000000000000000000ffff000000003c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400fe8000000000000000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014000400fe8000000000000000000000000000aab5fb91a4fc73b36849c8a9be678e5df8b0291c0d"], 0xc8}}, 0x0)
dup(0xffffffffffffffff)
socket$inet_smc(0x2b, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_INIT(r3, &(0x7f0000000340)={0x50}, 0x50)
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)

7m13.092614681s ago: executing program 0 (id=1179):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x14, 0x4, 0x8, 0xb}, 0x50)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%pS    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r2}, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000740)={&(0x7f0000000040)="99edede2d560106ce5b5c3a8bfdbf8c258673d81fb9df9", &(0x7f0000000480)=""/86, &(0x7f0000000600)="1807b198f06505475b67d1544026487a7db713d2a2ab30f5d2c96fb234e7df2de0721f9a0eeac5d467e204d8ac82e68ab485972000d6fbf3f93bb03e59a67626e29f36576a531f1e979573e8e804080dc68e2312d7e9468f40a8b5a4cd5d1a992d2e257d27ded871f928ff0ebca2bbf95b63a2f71b2d2ac25192985c74f909ee2f94867f9dbb7e5efe280b9efeb1ff2622e234a07fea167d8a6906c763750cb0b7ae2e2e8ad1b7feaf79f2f044ff23a59d040abb03", &(0x7f0000000700), 0x7, r2, 0x4}, 0x38)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x54)
socket$nl_netfilter(0x10, 0x3, 0xc)

6m57.45873014s ago: executing program 32 (id=1179):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x14, 0x4, 0x8, 0xb}, 0x50)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000003c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000500), &(0x7f00000000c0)='%pS    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={r2}, 0x4)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000740)={&(0x7f0000000040)="99edede2d560106ce5b5c3a8bfdbf8c258673d81fb9df9", &(0x7f0000000480)=""/86, &(0x7f0000000600)="1807b198f06505475b67d1544026487a7db713d2a2ab30f5d2c96fb234e7df2de0721f9a0eeac5d467e204d8ac82e68ab485972000d6fbf3f93bb03e59a67626e29f36576a531f1e979573e8e804080dc68e2312d7e9468f40a8b5a4cd5d1a992d2e257d27ded871f928ff0ebca2bbf95b63a2f71b2d2ac25192985c74f909ee2f94867f9dbb7e5efe280b9efeb1ff2622e234a07fea167d8a6906c763750cb0b7ae2e2e8ad1b7feaf79f2f044ff23a59d040abb03", &(0x7f0000000700), 0x7, r2, 0x4}, 0x38)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x11, &(0x7f0000000540)=ANY=[@ANYBLOB="180200000000000000000000030000008500000017000000b7080000000000007b8af8ff00000000b7080000000000807b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc09b6f2609", 0x0, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket(0x2, 0x80805, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x54)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m45.962765394s ago: executing program 3 (id=1741):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'erspan0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x0)

1m44.097245892s ago: executing program 3 (id=1744):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020100008500000043"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)

1m40.722541763s ago: executing program 3 (id=1749):
syz_open_dev$cec(0x0, 0x0, 0x81)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)

1m40.603071342s ago: executing program 3 (id=1750):
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r4}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x4}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000400)={0xa})
epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
r6 = userfaultfd(0x801)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})

1m37.436222438s ago: executing program 3 (id=1755):
mkdir(&(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29}, './file0\x00'})

1m37.035466881s ago: executing program 3 (id=1758):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x30)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000"/15], 0xf8}}, 0x0)
keyctl$clear(0x7, 0xfffffffffffffffb)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
lseek(r5, 0xfffffffc, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000000800074000000003"], 0x104}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
recvmsg(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0}, 0x100)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)

1m20.834524272s ago: executing program 33 (id=1758):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x30)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000"/15], 0xf8}}, 0x0)
keyctl$clear(0x7, 0xfffffffffffffffb)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
lseek(r5, 0xfffffffc, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000000800074000000003"], 0x104}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
recvmsg(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0}, 0x100)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)

18.875325678s ago: executing program 4 (id=1897):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
openat$ttyprintk(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xb68d9000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000400)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4024814}}], 0x1, 0x48044)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r5, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'lo\x00', 0x5}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r1, 0x0, 0x48c, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x100000000000000)
sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x39}}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)}], 0x1}}], 0x1, 0x24040890)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)

18.585364932s ago: executing program 2 (id=1898):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x33, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)

18.381690583s ago: executing program 2 (id=1900):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x94)
socket$rds(0x15, 0x5, 0x0)
r1 = io_uring_setup(0x93d, &(0x7f0000000080)={0x0, 0x70e6, 0x2, 0x2, 0x119})
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r1, 0x12, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$xdp(0x2c, 0x3, 0x0)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
setrlimit(0xb, &(0x7f0000000180)={0x2ef, 0x6})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r6 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r6, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r5, &(0x7f0000000400)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}}, @NFT_MSG_NEWSETELEM={0xd8, 0xc, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xa0, 0x3, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x74, 0x1, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x24, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}, @NFTA_DATA_VERDICT={0x4c, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0x800000000000000e}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xffffffffffffffff}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0xfffffff8}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffb}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x2}]}]}, @NFTA_SET_ELEM_TIMEOUT={0xc}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0xcc}]}]}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x114}, 0x1, 0x0, 0x0, 0x40000}, 0x20004089)
write$qrtrtun(r5, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r7, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40)

17.505298597s ago: executing program 1 (id=1901):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffff9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha256\x00'}, 0x58)
r4 = syz_open_procfs(r1, &(0x7f0000000040)='smaps\x00')
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r5)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r6)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab?P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb8\x10\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\x03\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7vC\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', 0x0]})
recvmsg(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

15.201454951s ago: executing program 5 (id=1904):
syz_open_dev$cec(0x0, 0x0, 0x81)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, 0x0, 0x4080)

14.544812322s ago: executing program 5 (id=1906):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0], 0xf8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
lseek(0xffffffffffffffff, 0xfffffffc, 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000000800074000000003"], 0x104}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
recvmsg(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0}, 0x100)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)

13.47315295s ago: executing program 5 (id=1907):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
unshare(0x42000000)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$lock(r6, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x2000000})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, 0x0, &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000000), &(0x7f0000000100)=@tcp6, 0x1}, 0x20)
sendto$inet6(r1, 0x0, 0x0, 0x4000814, &(0x7f0000001000)={0xa, 0x4e24, 0x46, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x3e0000}], 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0)

12.762805039s ago: executing program 1 (id=1909):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x20, 0x3, 0x8, 0x301, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @sctp}]}, 0x20}}, 0x0)
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan1\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x9, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x30, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x9, 0x2, 0x0, 0x1, [@generic="cd0170a004"]}]}, 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2)

11.806934866s ago: executing program 4 (id=1910):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x33, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)

10.556711463s ago: executing program 2 (id=1911):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
init_module(&(0x7f0000000500)=ANY=[@ANYBLOB="7f454c46022c0704090000000000000001003e000900000083000000000000004000000000000000ba0300000000000007000000030038000100010403000700000000600300000041f8000000000000fbffffffbfffffff7f0000000000000008000000000000000300000000000000c50400000000000024eb4eac75746856bf6ec924a5ac0ba7e99da40b2a32fad8121ba43831a44f5be7e6b2222dfb566ebd2fda9b221a03868ba8dbb302ea5ff26a5d4ff259a39680692571e15348f81ad7b3ecdf600053663bceee65fecfdcbc9a40351e6e5b18d7"], 0x78, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x900, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_open_dev$media(&(0x7f0000000640), 0x0, 0x0)
ustat(0xfffffffffffffffd, &(0x7f0000000240))
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r5=>0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), 0xffffffffffffffff)
preadv(r4, &(0x7f0000001d80)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1, 0x9, 0x2)
sendmsg$NFC_CMD_DEV_UP(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)

10.460733081s ago: executing program 6 (id=1912):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, 0x0)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x171000, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r5, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x20000000)
r6 = dup(r1)
write$FUSE_BMAP(r6, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r6, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_fscache}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

10.012966008s ago: executing program 4 (id=1913):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, 0x0)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x171000, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x1c, r5, 0x305, 0x0, 0x0, {0x7}, [@BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x1c}}, 0x20000000)
r6 = dup(r1)
write$FUSE_BMAP(r6, &(0x7f0000000140)={0x18, 0x0, 0x0, {0x4}}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r6, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x53b, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@cache_fscache}]}})
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

9.043137556s ago: executing program 2 (id=1914):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x24, &(0x7f0000000280)=0x1, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = syz_open_dev$swradio(0x0, 0x1, 0x2)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000002c0)={0xf0f044, 0x800})
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r8, 0x2000)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, 0x0)

7.354050791s ago: executing program 1 (id=1915):
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000300)={0xb0000000, 0x6, 0x6, 0x8}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1e, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0x0, 0x1000, &(0x7f0000ff2000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})
chdir(&(0x7f00000001c0)='./bus\x00')
socket$inet(0x2, 0x3, 0x4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)

7.266828258s ago: executing program 6 (id=1916):
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0)

7.261893505s ago: executing program 4 (id=1917):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SREG_KEY={0x8, 0x4, 0x1, 0x0, 0x11}, @NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_DYNSET_OP={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x88}}, 0x0)

5.216455096s ago: executing program 6 (id=1918):
socket$pppoe(0x18, 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000001900)=[{0x0}, {&(0x7f0000001840)=""/135, 0x87}], 0x2}, 0xdfb}], 0x1, 0x2001, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="340000003c0007010000000000000000010000000400fc800c00018008000600ffff0000080002800400728008000900"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
r5 = fsopen(&(0x7f0000000100)='binder\x00', 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r7, r6, 0x7}, 0x10)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r5, 0x7, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a3200000000140000001100"], 0x7c}}, 0x0)

5.156905886s ago: executing program 5 (id=1919):
mkdir(0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r2}, './file0\x00'})

5.035157918s ago: executing program 4 (id=1920):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001fc0)={0xd8, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x51, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x12}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0xd8}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

4.940830213s ago: executing program 1 (id=1921):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
openat$misdntimer(0xffffffffffffff9c, 0x0, 0xc00, 0x0)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
mkdir(&(0x7f0000000140)='./file0\x00', 0xd2)
ioctl$sock_SIOCGPGRP(r4, 0x8904, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x370, 0x1bc, 0x2b8, 0x0, 0x1bc, 0xff000000, 0x2a8, 0x3a8, 0x3a8, 0x2a8, 0x3a8, 0x3, 0x0, {[{{@ipv6={@dev, @private2, [], [], 'veth1_to_hsr\x00', 'wg2\x00'}, 0x0, 0x154, 0x1bc, 0x0, {0x0, 0xff3f0000}, [@common=@srh1={{0x8c}, {0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, @empty, [], [], [], 0x0, 0x6359d960a6776be9}}, @common=@inet=@ecn={{0x24}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xa4, 0xec}, @unspec=@CT0={0x48}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x3cc)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000480)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x80, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='itimer_expire\x00', r6}, 0x18)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001200), 0x8a42)

4.734954071s ago: executing program 5 (id=1922):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x80}}]}, {0x2}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x141)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030"])
chdir(&(0x7f0000000300)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x4)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x30)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f800000016008502000000000000000020010000000000000000000000000002a600000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000"/15], 0xf8}}, 0x0)
keyctl$clear(0x7, 0xfffffffffffffffb)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[], 0x134}}, 0x0)
lseek(r5, 0xfffffffc, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a32000000002c0003800800014000000000180003801400010076657468315f00005f626f6e64000000080002400000000064000000160a0101000b000000000000010000000900020073797a32000000000900010073797a3000000000300003802c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e640000000800074000000003"], 0x104}}, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10)
recvmsg(r0, &(0x7f00000027c0)={0x0, 0x0, 0x0}, 0x100)
sendmmsg$inet6(r0, &(0x7f0000003f00)=[{{0x0, 0xf, &(0x7f0000000300)=[{&(0x7f0000000140)="a2", 0x1a058}], 0x1}}], 0x1, 0x0)

4.003349648s ago: executing program 6 (id=1923):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="180200009b1aecb60000000000000000850000007500000095"], 0x0}, 0x94)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x33, 0x0, &(0x7f0000000480)='syzkaller\x00'}, 0x94)

3.835265555s ago: executing program 6 (id=1924):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc8680, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x4, <r1=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r1, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x1})

3.064630799s ago: executing program 4 (id=1925):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
unshare(0x42000000)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$lock(r6, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x2000000})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, 0x0, &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000000), &(0x7f0000000100)=@tcp6, 0x1}, 0x20)
sendto$inet6(r1, 0x0, 0x0, 0x4000814, &(0x7f0000001000)={0xa, 0x4e24, 0x46, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x3e0000}], 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)

2.944089216s ago: executing program 1 (id=1926):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

1.434686538s ago: executing program 6 (id=1927):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
unshare(0x42000000)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
fcntl$lock(r6, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x2000000})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, 0x0, &(0x7f00000004c0)=@tcp6}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000000), &(0x7f0000000100)=@tcp6, 0x1}, 0x20)
sendto$inet6(r1, 0x0, 0x0, 0x4000814, &(0x7f0000001000)={0xa, 0x4e24, 0x46, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c)
kexec_load(0x0, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x3e0000}], 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=ANY=[@ANYBLOB="140100002e0001b7b70000000000000001"], 0x114}], 0x1}, 0x0)

121.410826ms ago: executing program 1 (id=1928):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc8680, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$CEC_DQEVENT(0xffffffffffffffff, 0xc0506107, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000100)={0x4, <r3=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x1})

120.11789ms ago: executing program 2 (id=1929):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000300)={0x0, 0x1, 0x2c, 0xa0, 0x1, 0x1})

39.465774ms ago: executing program 5 (id=1930):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'amplc_pc236\x00', [0x4f2a, 0x5, 0x10000, 0x2f, 0x9, 0xccb, 0xeba, 0x80007, 0xa, 0x100, 0x9, 0x1, 0x1db, 0x5, 0x0, 0x80000101, 0x5, 0x1a449, 0x3, 0x40020003, 0x7735af0b, 0x2, 0xd24, 0xae, 0x7fff, 0x6, 0x3c, 0x1, 0x6, 0x100000, 0x7]})

0s ago: executing program 2 (id=1931):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
io_uring_setup(0x734a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfff7fffc})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='f', @ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
link(&(0x7f0000000b40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
unshare(0x2a020480)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x48)
quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000700, 0x0, &(0x7f00000001c0))
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x3}]}, {0x0, [0x2e, 0x0, 0x0]}}, 0x0, 0x2d}, 0x28)

kernel console output (not intermixed with test programs):

lticast mode
[   82.788376][ T5841] bridge_slave_0: entered promiscuous mode
[   82.834950][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.844020][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.851665][ T5843] bridge_slave_1: entered allmulticast mode
[   82.859229][ T5843] bridge_slave_1: entered promiscuous mode
[   82.866364][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.874632][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.882450][ T5841] bridge_slave_1: entered allmulticast mode
[   82.890504][ T5841] bridge_slave_1: entered promiscuous mode
[   82.900033][ T5835] team0: Port device team_slave_0 added
[   82.920119][ T5834] team0: Port device team_slave_0 added
[   82.974846][ T5835] team0: Port device team_slave_1 added
[   82.981797][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.989624][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.996797][ T5836] bridge_slave_0: entered allmulticast mode
[   83.004836][ T5836] bridge_slave_0: entered promiscuous mode
[   83.013719][ T5834] team0: Port device team_slave_1 added
[   83.033665][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.047919][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.068428][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.075598][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.083154][ T5836] bridge_slave_1: entered allmulticast mode
[   83.090487][ T5836] bridge_slave_1: entered promiscuous mode
[   83.111423][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.124492][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.162008][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.169188][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.195164][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.257010][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.264203][ T5846] Bluetooth: hci4: command tx timeout
[   83.269827][ T5847] Bluetooth: hci0: command tx timeout
[   83.271385][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.275315][ T5840] Bluetooth: hci1: command tx timeout
[   83.301778][ T5847] Bluetooth: hci2: command tx timeout
[   83.307543][ T5840] Bluetooth: hci3: command tx timeout
[   83.317061][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.358801][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.365792][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.392343][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.423505][ T5841] team0: Port device team_slave_0 added
[   83.433674][ T5841] team0: Port device team_slave_1 added
[   83.443038][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   83.453463][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.462799][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.488878][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.502395][ T5843] team0: Port device team_slave_0 added
[   83.536349][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   83.554911][ T5843] team0: Port device team_slave_1 added
[   83.592091][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.599966][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.626304][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.641491][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.648592][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.674999][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.719813][ T5836] team0: Port device team_slave_0 added
[   83.742286][ T5835] hsr_slave_0: entered promiscuous mode
[   83.748662][ T5835] hsr_slave_1: entered promiscuous mode
[   83.766110][ T5836] team0: Port device team_slave_1 added
[   83.786168][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   83.793267][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.819784][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   83.896382][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   83.903614][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   83.930040][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   83.959568][ T5834] hsr_slave_0: entered promiscuous mode
[   83.965800][ T5834] hsr_slave_1: entered promiscuous mode
[   83.972103][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   83.980062][ T5834] Cannot create hsr debugfs directory
[   83.995736][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   84.003037][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.029477][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   84.069946][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   84.076927][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   84.103394][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   84.121631][ T5841] hsr_slave_0: entered promiscuous mode
[   84.128021][ T5841] hsr_slave_1: entered promiscuous mode
[   84.134016][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   84.141701][ T5841] Cannot create hsr debugfs directory
[   84.302299][ T5843] hsr_slave_0: entered promiscuous mode
[   84.309201][ T5843] hsr_slave_1: entered promiscuous mode
[   84.315196][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   84.323424][ T5843] Cannot create hsr debugfs directory
[   84.340871][ T5836] hsr_slave_0: entered promiscuous mode
[   84.347237][ T5836] hsr_slave_1: entered promiscuous mode
[   84.353550][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   84.361460][ T5836] Cannot create hsr debugfs directory
[   84.876488][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   84.896380][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   84.906386][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   84.926059][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   84.997824][ T5834] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   85.025425][ T5834] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   85.050599][ T5834] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   85.063595][ T5834] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   85.108058][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   85.118205][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   85.136895][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   85.156224][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   85.293830][ T5843] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   85.323082][ T5843] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   85.335765][ T5843] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   85.343012][ T5840] Bluetooth: hci2: command tx timeout
[   85.347919][ T5855] Bluetooth: hci4: command tx timeout
[   85.349268][ T5840] Bluetooth: hci1: command tx timeout
[   85.353765][ T5855] Bluetooth: hci0: command tx timeout
[   85.359516][ T5840] Bluetooth: hci3: command tx timeout
[   85.401460][ T5843] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   85.430402][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.464722][ T5836] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   85.476608][ T5836] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   85.486874][ T5836] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   85.498462][ T5836] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   85.562725][ T5835] 8021q: adding VLAN 0 to HW filter on device team0
[   85.615398][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.626504][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.633763][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.656169][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.684970][ T1005] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.692093][ T1005] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.724335][ T5834] 8021q: adding VLAN 0 to HW filter on device team0
[   85.772706][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.779848][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.822728][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.829882][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   85.847363][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   85.869983][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   85.912496][ T1005] bridge0: port 1(bridge_slave_0) entered blocking state
[   85.919701][ T1005] bridge0: port 1(bridge_slave_0) entered forwarding state
[   85.936035][ T1005] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.943265][ T1005] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.003647][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   86.029896][ T1165] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.037068][ T1165] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.047062][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.054241][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.102847][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   86.198710][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   86.254812][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.295334][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.302552][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   86.333674][ T1165] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.340897][ T1165] bridge0: port 2(bridge_slave_1) entered forwarding state
[   86.380321][ T5843] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   86.564216][ T5835] veth0_vlan: entered promiscuous mode
[   86.635242][ T5835] veth1_vlan: entered promiscuous mode
[   86.646682][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0
[   86.753472][ T5835] veth0_macvtap: entered promiscuous mode
[   86.783697][ T5835] veth1_macvtap: entered promiscuous mode
[   86.803564][    T9] cfg80211: failed to load regulatory.db
[   86.905715][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0
[   86.943295][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1
[   87.005239][ T5835] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   87.015848][ T5835] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   87.037374][ T5835] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.047037][ T5835] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.124793][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.142207][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.292271][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.309291][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.313102][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   87.405719][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   87.418400][ T5840] Bluetooth: hci3: command tx timeout
[   87.418794][ T5855] Bluetooth: hci0: command tx timeout
[   87.423811][ T5840] Bluetooth: hci2: command tx timeout
[   87.429305][ T5847] Bluetooth: hci1: command tx timeout
[   87.429338][ T5847] Bluetooth: hci4: command tx timeout
[   87.435594][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   87.471071][ T5841] veth0_vlan: entered promiscuous mode
[   87.481931][ T5836] veth0_vlan: entered promiscuous mode
[   87.507276][ T5834] veth0_vlan: entered promiscuous mode
[   87.529881][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   87.542479][ T5836] veth1_vlan: entered promiscuous mode
[   87.557703][ T5841] veth1_vlan: entered promiscuous mode
[   87.604520][ T5843] veth0_vlan: entered promiscuous mode
[   87.646210][ T5960] binder: 5959:5960 ioctl 40046205 0 returned -22
[   87.654353][ T5843] veth1_vlan: entered promiscuous mode
[   87.675363][ T5834] veth1_vlan: entered promiscuous mode
[   87.718248][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   87.727993][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   87.732619][ T5843] veth0_macvtap: entered promiscuous mode
[   87.782895][ T5841] veth0_macvtap: entered promiscuous mode
[   87.988031][ T5843] veth1_macvtap: entered promiscuous mode
[   88.217124][ T5841] veth1_macvtap: entered promiscuous mode
[   88.229616][ T5836] veth0_macvtap: entered promiscuous mode
[   88.261425][ T5836] veth1_macvtap: entered promiscuous mode
[   88.326960][ T5834] veth0_macvtap: entered promiscuous mode
[   88.332041][ T5965] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   88.344669][ T5834] veth1_macvtap: entered promiscuous mode
[   88.376073][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.406987][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.419259][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.432950][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.471780][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.486147][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.498105][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0
[   88.513509][ T5841] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.530741][ T5841] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.559566][ T5841] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.572129][ T5841] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.591082][ T5843] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.600951][ T5843] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.614219][ T5843] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.647892][ T5843] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.653743][ T5971] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   88.684893][ T5836] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.695180][ T5836] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.705935][ T5836] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.718838][ T5836] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   88.735445][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1
[   88.797425][ T5834] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   88.808664][ T5834] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   88.817389][ T5834] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   88.829934][ T5834] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   89.047496][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.068488][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.139577][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.168095][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.209451][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.217331][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.274390][ T1005] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.283324][ T1005] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.430652][ T5975] binder: 5974:5975 ioctl c0306201 200000000540 returned -22
[   89.444828][ T1165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.456165][ T1165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.497926][ T5855] Bluetooth: hci2: command tx timeout
[   89.503431][ T5847] Bluetooth: hci1: command tx timeout
[   89.503501][ T5846] Bluetooth: hci0: command tx timeout
[   89.510590][ T5847] Bluetooth: hci4: command tx timeout
[   89.516304][ T5840] Bluetooth: hci3: command tx timeout
[   89.644389][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.689933][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.708330][ T5981] misc userio: The device must be registered before sending interrupts
[   89.806245][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.862439][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.982236][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.011625][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.128160][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   90.128411][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.197977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   90.368688][ T5944] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[   90.563391][ T5944] usb 4-1: config 0 has an invalid descriptor of length 227, skipping remainder of the config
[   90.590352][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.602415][ T5944] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 138, using maximum allowed: 30
[   90.610946][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   90.636485][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.669049][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 138
[   90.707465][ T5944] usb 4-1: New USB device found, idVendor=057e, idProduct=2009, bcdDevice= 0.00
[   90.732982][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.748284][ T5903] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   90.782196][ T5944] usb 4-1: config 0 descriptor??
[   90.792344][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   90.858957][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   90.877769][    T0] NOHZ tick-stop error: local softirq work is pending, handler #302!!!
[   90.942523][ T5903] usb 5-1: Using ep0 maxpacket: 8
[   90.991198][ T5903] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   91.036924][ T5903] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[   91.047327][ T5903] usb 5-1: config 1 has no interface number 0
[   91.061474][ T5903] usb 5-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   91.182318][ T6010] vivid-007: =================  START STATUS  =================
[   91.192035][ T6010] vivid-007: Generate PTS: true
[   91.197933][ T6010] vivid-007: Generate SCR: true
[   91.203896][ T6010] tpg source WxH: 320x240 (Y'CbCr)
[   91.210120][ T6010] tpg field: 1
[   91.213619][ T6010] tpg crop: (0,0)/320x240
[   91.218124][ T6010] tpg compose: (0,0)/320x240
[   91.222834][ T6010] tpg colorspace: 8
[   91.226679][ T6010] tpg transfer function: 0/0
[   91.231458][ T6010] tpg Y'CbCr encoding: 0/0
[   91.235996][ T6010] tpg quantization: 0/0
[   91.240324][ T6010] tpg RGB range: 0/2
[   91.271841][ T6010] vivid-007: ==================  END STATUS  ==================
[   91.330036][ T6010] syz.2.17 uses obsolete (PF_INET,SOCK_PACKET)
[   92.497444][ T5903] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 1.40
[   92.521529][ T5903] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   92.538683][ T5903] usb 5-1: Product: syz
[   92.542895][ T5903] usb 5-1: Manufacturer: syz
[   92.547500][ T5903] usb 5-1: SerialNumber: syz
[   92.603035][ T5944] nintendo 0003:057E:2009.0001: unknown main item tag 0x0
[   92.603907][ T5903] cdc_ncm 5-1:1.1: NCM or ECM functional descriptors missing
[   92.620837][ T5944] nintendo 0003:057E:2009.0001: unknown main item tag 0x0
[   92.638554][ T5903] cdc_ncm 5-1:1.1: bind() failure
[   92.639945][ T5944] nintendo 0003:057E:2009.0001: unknown main item tag 0x0
[   92.655670][ T5944] nintendo 0003:057E:2009.0001: unknown main item tag 0x0
[   92.663331][ T5944] nintendo 0003:057E:2009.0001: unknown main item tag 0x0
[   92.691128][ T5944] nintendo 0003:057E:2009.0001: hidraw0: USB HID v80.03 Device [HID 057e:2009] on usb-dummy_hcd.3-1/input0
[   92.789426][ T5944] nintendo 0003:057E:2009.0001: Failed to get joycon info; ret=-38
[   92.804332][ T5944] nintendo 0003:057E:2009.0001: Failed to retrieve controller info; ret=-38
[   92.837393][ T5930] usb 5-1: USB disconnect, device number 2
[   92.860237][ T5944] nintendo 0003:057E:2009.0001: Failed to initialize controller; ret=-38
[   92.893030][ T5944] nintendo 0003:057E:2009.0001: probe - fail = -38
[   92.921806][ T5944] nintendo 0003:057E:2009.0001: probe with driver nintendo failed with error -38
[   93.012901][ T5944] usb 4-1: USB disconnect, device number 2
[   93.677958][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   93.838438][   T10] usb 5-1: Using ep0 maxpacket: 32
[   93.858813][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   93.871076][   T10] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.899889][   T10] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.910290][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   93.931368][   T10] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   93.961214][   T10] usb 5-1: config 0 interface 0 has no altsetting 0
[   93.979382][   T10] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   93.992984][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.017869][   T10] usb 5-1: config 0 descriptor??
[   94.089659][    T9] usb 4-1: Using ep0 maxpacket: 16
[   94.095787][    T9] usb 4-1: too many configurations: 189, using maximum allowed: 8
[   94.112914][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.136962][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.162466][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.175755][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.201951][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.220672][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.251980][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.269620][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.291830][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.302373][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.331366][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.341771][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.369314][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.386747][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.401406][    T9] usb 4-1: config 0 has an invalid descriptor of length 33, skipping remainder of the config
[   94.412282][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   94.425840][    T9] usb 4-1: New USB device found, idVendor=046d, idProduct=c216, bcdDevice= 0.00
[   94.435171][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.450380][   T10] hid-thrustmaster 0003:044F:B65D.0002: item fetching failed at offset 3/5
[   94.490010][    T9] usb 4-1: config 0 descriptor??
[   94.498698][   T10] hid-thrustmaster 0003:044F:B65D.0002: parse failed with error -22
[   94.520574][    T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[   94.529679][   T10] hid-thrustmaster 0003:044F:B65D.0002: probe with driver hid-thrustmaster failed with error -22
[   94.652671][ T5903] usb 5-1: USB disconnect, device number 3
[   94.737921][   T10] usb 4-1: USB disconnect, device number 3
[   94.849042][ T6032] misc userio: The device must be registered before sending interrupts
[   95.575879][ T6040] Zero length message leads to an empty skb
[   97.195193][ T5944] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   97.400347][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   97.512789][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[   97.593552][ T5944] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[   97.644390][ T5944] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   97.664487][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   97.672215][ T5944] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   97.681599][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.788012][ T5944] usb 4-1: config 0 descriptor??
[   98.065097][ T6079] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   98.084192][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 253, changing to 11
[   98.105600][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.136766][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[   98.152473][ T6083] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[   98.276896][ T5944] plantronics 0003:047F:FFFF.0003: invalid report_size -237737246
[   98.322595][   T10] usb 1-1: New USB device found, idVendor=0738, idProduct=1709, bcdDevice= 0.00
[   98.331744][ T5944] plantronics 0003:047F:FFFF.0003: item 0 4 1 7 parsing failed
[   98.332474][ T5944] plantronics 0003:047F:FFFF.0003: parse failed
[   98.353875][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.372931][   T10] usb 1-1: config 0 descriptor??
[   98.376777][ T5944] plantronics 0003:047F:FFFF.0003: probe with driver plantronics failed with error -22
[   98.954255][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[   98.985819][ T5944] usb 4-1: USB disconnect, device number 4
[   99.263052][   T10] saitek 0003:0738:1709.0004: unknown main item tag 0x0
[   99.270749][   T10] saitek 0003:0738:1709.0004: unknown main item tag 0x0
[   99.277815][   T10] saitek 0003:0738:1709.0004: unknown main item tag 0x0
[   99.286934][   T10] saitek 0003:0738:1709.0004: unknown main item tag 0x0
[   99.295949][   T10] saitek 0003:0738:1709.0004: unknown main item tag 0x0
[  100.256182][   T10] saitek 0003:0738:1709.0004: hidraw0: USB HID v0.00 Device [HID 0738:1709] on usb-dummy_hcd.0-1/input0
[  100.609238][   T10] usb 1-1: USB disconnect, device number 2
[  100.689663][ T6102] input: syz1 as /devices/virtual/input/input5
[  101.023037][ T6100] fido_id[6100]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  101.755467][ T6123] bpq0: entered promiscuous mode
[  101.818678][ T6123] bpq0: entered allmulticast mode
[  102.318937][ T6136] misc userio: The device must be registered before sending interrupts
[  102.486485][ T6138] netlink: 44 bytes leftover after parsing attributes in process `syz.4.52'.
[  105.695020][ T6197] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  105.858739][ T6189] ksmbd: Unknown IPC event: 3, ignore.
[  106.489337][ T6205] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  106.491759][ T6189] usb usb8: usbfs: process 6189 (syz.4.66) did not claim interface 0 before use
[  106.577789][ T6201] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  106.665996][ T6201] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  106.790031][ T6201] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  106.890393][ T6201] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  106.932981][ T6201] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  107.505507][ T6201] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  107.603326][ T6201] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  107.613845][ T6201] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  107.701528][ T6201] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  107.764302][ T6201] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  107.777896][ T6201] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  107.805276][ T6201] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  107.901733][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout
[  107.970803][ T6201] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  108.329046][ T6201] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  108.376399][ T6201] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  108.938514][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout
[  109.658720][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  109.818169][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout
[  109.978375][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  110.402518][ T6266] misc userio: The device must be registered before sending interrupts
[  110.756015][ T5847] Bluetooth: hci0: command 0x0c1a tx timeout
[  111.017768][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout
[  111.748697][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  111.901156][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout
[  112.058446][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  113.099696][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout
[  113.988773][ T5855] Bluetooth: hci3: command 0x0c1a tx timeout
[  114.138578][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  114.326417][ T6311] misc userio: The device must be registered before sending interrupts
[  116.351475][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  117.380786][ T6350] netlink: 44 bytes leftover after parsing attributes in process `syz.0.102'.
[  118.403534][ T6372] netlink: 56 bytes leftover after parsing attributes in process `syz.2.114'.
[  122.719420][ T6424] binder: 6423:6424 ioctl 40046205 0 returned -22
[  123.333679][ T5910] libceph: connect (1)[c::]:6789 error -101
[  123.351799][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  123.378766][ T6433] random: crng reseeded on system resumption
[  123.420807][ T5910] libceph: connect (1)[c::]:6789 error -101
[  123.427239][ T6429] ceph: No mds server is up or the cluster is laggy
[  123.427828][ T6433] Unrecognized hibernate image header format!
[  123.437253][ T5910] libceph: mon0 (1)[c::]:6789 connect error
[  123.446496][ T6433] PM: hibernation: Image mismatch: architecture specific data
[  124.086520][ T6442] vivid-007: =================  START STATUS  =================
[  124.094386][ T6442] vivid-007: Generate PTS: true
[  124.099788][ T6442] vivid-007: Generate SCR: true
[  124.105040][ T6442] tpg source WxH: 320x240 (Y'CbCr)
[  124.110342][ T6442] tpg field: 1
[  124.113890][ T6442] tpg crop: (0,0)/320x240
[  124.118453][ T6442] tpg compose: (0,0)/320x240
[  124.123234][ T6442] tpg colorspace: 8
[  124.127138][ T6442] tpg transfer function: 0/0
[  124.132174][ T6442] tpg Y'CbCr encoding: 0/0
[  124.162939][ T6442] tpg quantization: 0/0
[  124.167295][ T6442] tpg RGB range: 0/2
[  124.171794][ T6442] vivid-007: ==================  END STATUS  ==================
[  124.467522][ T6445] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(13)
[  124.474497][ T6445] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  124.489432][ T6445] vhci_hcd vhci_hcd.0: Device attached
[  124.759672][ T5972] usb 41-1: new high-speed USB device number 2 using vhci_hcd
[  124.879935][ T6446] vhci_hcd: connection reset by peer
[  124.899261][ T3539] vhci_hcd: stop threads
[  124.904141][ T3539] vhci_hcd: release socket
[  124.909955][ T3539] vhci_hcd: disconnect device
[  126.633959][ T6467] xt_TCPMSS: Only works on TCP SYN packets
[  127.200452][ T6469] input: syz1 as /devices/virtual/input/input6
[  127.252540][ T6469] input: failed to attach handler leds to device input6, error: -6
[  127.638379][  T978] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  128.017805][  T978] usb 4-1: Using ep0 maxpacket: 8
[  128.024620][  T978] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.021261][  T978] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.033080][  T978] usb 4-1: config 0 interface 0 has no altsetting 0
[  129.041982][  T978] usb 4-1: New USB device found, idVendor=1b96, idProduct=0004, bcdDevice= 0.00
[  129.053196][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.194832][  T978] usb 4-1: config 0 descriptor??
[  129.524891][  T978] usbhid 4-1:0.0: can't add hid device: -71
[  129.547997][  T978] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  129.621003][  T978] usb 4-1: USB disconnect, device number 5
[  129.947024][ T5972] vhci_hcd: vhci_device speed not set
[  132.970898][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  132.977528][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  138.972036][ T6614] netlink: 40 bytes leftover after parsing attributes in process `syz.0.175'.
[  140.058262][ T6638] vivid-007: =================  START STATUS  =================
[  140.066062][ T6638] vivid-007: Generate PTS: true
[  140.071248][ T6638] vivid-007: Generate SCR: true
[  140.076300][ T6638] tpg source WxH: 320x240 (Y'CbCr)
[  140.081564][ T6638] tpg field: 1
[  140.085035][ T6638] tpg crop: (0,0)/320x240
[  140.089777][ T6638] tpg compose: (0,0)/320x240
[  140.095445][ T6638] tpg colorspace: 8
[  140.099371][ T6638] tpg transfer function: 0/0
[  140.104060][ T6638] tpg Y'CbCr encoding: 0/0
[  140.188702][ T6638] tpg quantization: 0/0
[  140.192933][ T6638] tpg RGB range: 0/2
[  140.196949][ T6638] vivid-007: ==================  END STATUS  ==================
[  140.956904][ T6639] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13)
[  140.963572][ T6639] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  140.972475][ T6639] vhci_hcd vhci_hcd.0: Device attached
[  140.980460][ T6640] vhci_hcd: connection closed
[  141.127692][   T12] vhci_hcd: stop threads
[  141.243087][   T12] vhci_hcd: release socket
[  141.318785][   T12] vhci_hcd: disconnect device
[  142.779956][   T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  143.529192][   T24] usb 5-1: Using ep0 maxpacket: 16
[  143.536271][   T24] usb 5-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  143.549287][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  143.581978][ T6653] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  143.608817][   T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=1301, bcdDevice= 1.40
[  143.648215][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.657180][   T24] usb 5-1: Product: syz
[  143.671690][   T24] usb 5-1: Manufacturer: syz
[  143.676345][   T24] usb 5-1: SerialNumber: syz
[  144.086165][   T24] usb 5-1: 0:2 : does not exist
[  144.871917][   T24] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  145.409029][   T24] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  145.472704][   T24] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  145.563494][   T24] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  145.694441][   T24] usb 5-1: USB disconnect, device number 4
[  145.830308][ T5996] udevd[5996]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  148.277919][ T5903] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  148.559848][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.605025][ T5903] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  148.694699][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.734354][ T5903] usb 5-1: config 0 descriptor??
[  148.987819][ T5903] usbhid 5-1:0.0: can't add hid device: -71
[  149.018067][ T5903] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  149.078817][ T5903] usb 5-1: USB disconnect, device number 5
[  149.887744][ T5903] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  150.705640][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.1.214'.
[  151.492083][ T6744] netlink: 20 bytes leftover after parsing attributes in process `syz.1.216'.
[  153.025696][ T6768] genirq: Flags mismatch irq 5. 00200000 (comedi_parport) vs. 00200000 (pcl818)
[  156.245211][ T6799] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  159.864778][ T6839] binder: 6837:6839 ioctl 40046205 0 returned -22
[  162.654287][ T6867] binder: 6866:6867 ioctl c018620b 200000000080 returned -14
[  168.720147][ T6929] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(13)
[  168.726810][ T6929] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  168.734738][ T6929] vhci_hcd vhci_hcd.0: Device attached
[  169.686586][ T6930] vhci_hcd: connection closed
[  169.740639][ T6381] vhci_hcd: stop threads
[  169.761841][ T6381] vhci_hcd: release socket
[  169.766500][ T6381] vhci_hcd: disconnect device
[  169.808196][ T5903] usb 41-1: new high-speed USB device number 3 using vhci_hcd
[  169.819619][ T5903] usb 41-1: enqueue for inactive port 0
[  169.887787][ T5903] vhci_hcd: vhci_device speed not set
[  173.449654][ T6983] vivid-007: =================  START STATUS  =================
[  173.457427][ T6983] vivid-007: Generate PTS: true
[  173.462698][ T6983] vivid-007: Generate SCR: true
[  173.468123][ T6983] tpg source WxH: 320x240 (Y'CbCr)
[  173.473372][ T6983] tpg field: 1
[  173.476905][ T6983] tpg crop: (0,0)/320x240
[  173.481556][ T6983] tpg compose: (0,0)/320x240
[  173.622081][ T6983] tpg colorspace: 8
[  173.641440][ T6983] tpg transfer function: 0/0
[  173.966045][ T6983] tpg Y'CbCr encoding: 0/0
[  173.970890][ T6983] tpg quantization: 0/0
[  173.975096][ T6983] tpg RGB range: 0/2
[  173.979127][ T6983] vivid-007: ==================  END STATUS  ==================
[  176.006081][ T6984] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  176.012714][ T6984] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  176.128891][ T6987] vhci_hcd: connection closed
[  176.146492][ T6984] vhci_hcd vhci_hcd.0: Device attached
[  176.176547][ T1165] vhci_hcd: stop threads
[  176.181619][ T1165] vhci_hcd: release socket
[  176.186062][ T1165] vhci_hcd: disconnect device
[  177.306653][ T7016] misc userio: The device must be registered before sending interrupts
[  177.690390][ T7028] process 'syz.0.296' launched './file0' with NULL argv: empty string added
[  178.639795][ T7043] capability: warning: `syz.3.300' uses deprecated v2 capabilities in a way that may be insecure
[  180.580487][ T5972] libceph: connect (1)[c::]:6789 error -101
[  180.603512][ T5972] libceph: mon0 (1)[c::]:6789 connect error
[  180.616469][ T7058] ceph: No mds server is up or the cluster is laggy
[  182.266807][ T7074] netlink: 44 bytes leftover after parsing attributes in process `syz.0.305'.
[  183.974537][ T7087] binder: 7086:7087 ioctl 40046205 0 returned -22
[  185.521318][ T7102] netlink: 24 bytes leftover after parsing attributes in process `syz.3.314'.
[  186.480429][ T6675] libceph: connect (1)[c::]:6789 error -101
[  186.488763][ T6675] libceph: mon0 (1)[c::]:6789 connect error
[  186.499210][ T7113] ceph: No mds server is up or the cluster is laggy
[  187.243993][ T7127] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  188.158974][ T7139] 9pnet_virtio: no channels available for device syz
[  189.735096][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  193.035736][ T7166] netlink: 24 bytes leftover after parsing attributes in process `syz.1.328'.
[  194.006193][ T7171] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  194.339711][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  194.355737][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  194.439248][ T7179] ceph: No mds server is up or the cluster is laggy
[  194.451618][   T10] libceph: connect (1)[c::]:6789 error -101
[  194.474863][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  195.502568][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  196.692565][ T7203] fuse: Bad value for 'fd'
[  199.178526][ T7216] netlink: 24 bytes leftover after parsing attributes in process `syz.3.342'.
[  200.107583][ T7221] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  200.918019][ T7235] ceph: No mds server is up or the cluster is laggy
[  200.925604][    T9] libceph: connect (1)[c::]:6789 error -101
[  200.989620][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  201.577817][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  203.258961][ T7262] fuse: Bad value for 'fd'
[  204.778918][ T7272] netlink: 24 bytes leftover after parsing attributes in process `syz.4.354'.
[  206.051912][ T7284] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  206.924313][ T7290] netlink: 44 bytes leftover after parsing attributes in process `syz.4.359'.
[  207.958379][ T5910] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  208.070922][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  208.159450][ T5910] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  209.282986][ T5910] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  209.326517][ T5910] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  209.348319][ T5910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.362818][ T5910] usb 5-1: Product: syz
[  209.367178][ T5910] usb 5-1: Manufacturer: syz
[  209.373572][ T5910] usb 5-1: SerialNumber: syz
[  209.388431][ T5910] usb 5-1: config 0 descriptor??
[  209.399485][ T5910] ims_pcu 5-1:0.0: Missing CDC union descriptor
[  209.479754][ T7304] vivid-007: =================  START STATUS  =================
[  209.487418][ T7304] vivid-007: Generate PTS: true
[  209.492354][ T7304] vivid-007: Generate SCR: true
[  209.497215][ T7304] tpg source WxH: 320x240 (Y'CbCr)
[  209.502437][ T7304] tpg field: 1
[  209.505790][ T7304] tpg crop: (0,0)/320x240
[  209.510267][ T7304] tpg compose: (0,0)/320x240
[  209.514839][ T7304] tpg colorspace: 8
[  209.518671][ T7304] tpg transfer function: 0/0
[  209.523241][ T7304] tpg Y'CbCr encoding: 0/0
[  209.527631][ T7304] tpg quantization: 0/0
[  209.531833][ T7304] tpg RGB range: 0/2
[  209.535728][ T7304] vivid-007: ==================  END STATUS  ==================
[  209.564189][ T5910] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[  209.617963][ T7298] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  209.628524][ T7304] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[  209.635133][ T7304] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  209.643031][ T7304] vhci_hcd vhci_hcd.0: Device attached
[  209.652270][ T7306] vhci_hcd: connection closed
[  209.653511][ T1005] vhci_hcd: stop threads
[  209.689082][ T1005] vhci_hcd: release socket
[  209.693567][ T1005] vhci_hcd: disconnect device
[  209.715505][ T7298] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  209.732088][ T7309] netlink: 24 bytes leftover after parsing attributes in process `syz.1.366'.
[  209.788597][ T5903] libceph: connect (1)[c::]:6789 error -101
[  209.795838][ T5903] libceph: mon0 (1)[c::]:6789 connect error
[  209.813740][ T5972] usb 5-1: USB disconnect, device number 7
[  209.823685][ T7292] ceph: No mds server is up or the cluster is laggy
[  212.071006][ T7334] binder: 7333:7334 ioctl 40046205 0 returned -22
[  213.649572][ T7358] misc userio: The device must be registered before sending interrupts
[  216.422435][ T7377] vivid-007: =================  START STATUS  =================
[  216.431467][ T7377] vivid-007: Generate PTS: true
[  216.437595][ T7377] vivid-007: Generate SCR: true
[  216.442558][ T7377] tpg source WxH: 320x240 (Y'CbCr)
[  216.447683][ T7377] tpg field: 1
[  216.451046][ T7377] tpg crop: (0,0)/320x240
[  216.455352][ T7377] tpg compose: (0,0)/320x240
[  216.460341][ T7377] tpg colorspace: 8
[  216.464135][ T7377] tpg transfer function: 0/0
[  216.468720][ T7377] tpg Y'CbCr encoding: 0/0
[  216.473118][ T7377] tpg quantization: 0/0
[  216.477246][ T7377] tpg RGB range: 0/2
[  216.481188][ T7377] vivid-007: ==================  END STATUS  ==================
[  216.544134][ T7377] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(13)
[  216.550755][ T7377] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  216.558526][ T7377] vhci_hcd vhci_hcd.0: Device attached
[  216.565326][ T7379] vhci_hcd: connection closed
[  216.566078][   T60] vhci_hcd: stop threads
[  216.581584][   T60] vhci_hcd: release socket
[  216.586017][   T60] vhci_hcd: disconnect device
[  216.951329][ T7384] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  217.894147][ T7388] : entered promiscuous mode
[  225.614604][ T7457] binder: 7455:7457 ioctl 40046205 0 returned -22
[  227.930270][ T7492] netlink: 4 bytes leftover after parsing attributes in process `syz.1.406'.
[  228.143693][ T7496] 9pnet_virtio: no channels available for device syz
[  229.663462][ T7510] netlink: 44 bytes leftover after parsing attributes in process `syz.4.408'.
[  235.560190][ T7556] netlink: 44 bytes leftover after parsing attributes in process `syz.2.420'.
[  237.524911][ T7566] 9pnet_fd: Insufficient options for proto=fd
[  237.569669][ T7568] misc userio: The device must be registered before sending interrupts
[  240.623540][ T7588] vivid-007: =================  START STATUS  =================
[  240.631367][ T7588] vivid-007: Generate PTS: true
[  240.636263][ T7588] vivid-007: Generate SCR: true
[  240.641349][ T7588] tpg source WxH: 320x240 (Y'CbCr)
[  240.646467][ T7588] tpg field: 1
[  240.649990][ T7588] tpg crop: (0,0)/320x240
[  240.654312][ T7588] tpg compose: (0,0)/320x240
[  240.658907][ T7588] tpg colorspace: 8
[  240.662704][ T7588] tpg transfer function: 0/0
[  240.667278][ T7588] tpg Y'CbCr encoding: 0/0
[  240.671742][ T7588] tpg quantization: 0/0
[  240.675901][ T7588] tpg RGB range: 0/2
[  240.680102][ T7588] vivid-007: ==================  END STATUS  ==================
[  240.812813][ T7590] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[  240.819460][ T7590] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  240.830443][ T7590] vhci_hcd vhci_hcd.0: Device attached
[  240.989191][ T7592] vhci_hcd: connection closed
[  240.999264][   T13] vhci_hcd: stop threads
[  241.024094][   T13] vhci_hcd: release socket
[  241.038497][ T7595] 9pnet_virtio: no channels available for device syz
[  241.074932][   T13] vhci_hcd: disconnect device
[  243.456242][ T7606] netlink: 44 bytes leftover after parsing attributes in process `syz.2.433'.
[  243.805458][ T7620] misc userio: The device must be registered before sending interrupts
[  243.817482][ T7619] 9pnet_fd: Insufficient options for proto=fd
[  251.461769][ T7663] vivid-007: =================  START STATUS  =================
[  251.528166][ T7663] vivid-007: Generate PTS: true
[  251.533105][ T7663] vivid-007: Generate SCR: true
[  251.538182][ T7663] tpg source WxH: 320x240 (Y'CbCr)
[  251.543308][ T7663] tpg field: 1
[  251.546657][ T7663] tpg crop: (0,0)/320x240
[  251.551117][ T7663] tpg compose: (0,0)/320x240
[  251.555687][ T7663] tpg colorspace: 8
[  251.560748][ T7663] tpg transfer function: 0/0
[  251.565329][ T7663] tpg Y'CbCr encoding: 0/0
[  251.569902][ T7663] tpg quantization: 0/0
[  251.574036][ T7663] tpg RGB range: 0/2
[  251.577952][ T7663] vivid-007: ==================  END STATUS  ==================
[  251.643425][ T7663] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13)
[  251.650061][ T7663] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  251.658125][ T7663] vhci_hcd vhci_hcd.0: Device attached
[  251.665445][ T7666] misc userio: The device must be registered before sending interrupts
[  251.684901][ T7667] vhci_hcd: connection closed
[  251.685578][ T1005] vhci_hcd: stop threads
[  251.697204][ T1005] vhci_hcd: release socket
[  251.719059][ T1005] vhci_hcd: disconnect device
[  251.795007][ T7672] 9pnet_fd: Insufficient options for proto=fd
[  253.217438][ T7679] binder: 7677:7679 ioctl 40046205 0 returned -22
[  253.855083][ T7684] usb usb8: usbfs: process 7684 (syz.0.451) did not claim interface 0 before use
[  255.856860][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.870346][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  257.928236][ T7716] openvswitch: : Dropping previously announced user features
[  259.858622][ T7730] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  260.792682][ T7737] netlink: 44 bytes leftover after parsing attributes in process `syz.2.465'.
[  261.463897][ T7739] vivid-007: =================  START STATUS  =================
[  261.471669][ T7739] vivid-007: Generate PTS: true
[  261.476554][ T7739] vivid-007: Generate SCR: true
[  261.481615][ T7739] tpg source WxH: 320x240 (Y'CbCr)
[  261.486707][ T7739] tpg field: 1
[  261.490095][ T7739] tpg crop: (0,0)/320x240
[  261.495196][ T7739] tpg compose: (0,0)/320x240
[  261.499812][ T7739] tpg colorspace: 8
[  261.503593][ T7739] tpg transfer function: 0/0
[  261.508312][ T7739] tpg Y'CbCr encoding: 0/0
[  261.512703][ T7739] tpg quantization: 0/0
[  261.516831][ T7739] tpg RGB range: 0/2
[  261.520773][ T7739] vivid-007: ==================  END STATUS  ==================
[  261.627641][ T7739] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[  261.634277][ T7739] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  261.642280][ T7739] vhci_hcd vhci_hcd.0: Device attached
[  261.655597][ T7740] vhci_hcd: connection closed
[  261.667361][   T49] vhci_hcd: stop threads
[  261.680970][   T49] vhci_hcd: release socket
[  261.688673][   T49] vhci_hcd: disconnect device
[  264.610024][ T7764] netlink: 64 bytes leftover after parsing attributes in process `syz.3.471'.
[  264.630086][ T7764] netlink: 64 bytes leftover after parsing attributes in process `syz.3.471'.
[  267.195554][ T7790] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  267.981212][ T7796] netlink: 44 bytes leftover after parsing attributes in process `syz.0.479'.
[  269.475363][ T7804] misc userio: The device must be registered before sending interrupts
[  273.913975][ T7827] binder: 7826:7827 ioctl 400c620e 200000000000 returned -22
[  282.116481][ T7889] binder: 7888:7889 ioctl 400c620e 200000000000 returned -22
[  282.469888][ T7893] : entered promiscuous mode
[  285.283228][ T7914] netlink: 44 bytes leftover after parsing attributes in process `syz.1.510'.
[  289.969324][ T7939] netlink: 24 bytes leftover after parsing attributes in process `syz.4.517'.
[  294.790366][ T7971] netlink: 44 bytes leftover after parsing attributes in process `syz.4.524'.
[  299.182140][ T7994] netlink: 64 bytes leftover after parsing attributes in process `syz.2.530'.
[  300.598195][ T8001] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  301.664559][ T8013] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  302.096522][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  308.921886][ T8054] input: syz0 as /devices/virtual/input/input7
[  309.648083][ T8058] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  311.086959][ T8062] binder: 8061:8062 ioctl 40046205 0 returned -22
[  311.518170][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  314.012412][ T8093] misc userio: The device must be registered before sending interrupts
[  315.898771][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  317.148828][ T8110] binder: 8108:8110 ioctl 400c620e 200000000000 returned -22
[  317.184431][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.197790][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.553461][ T8119] overlayfs: failed to resolve './file0': -2
[  321.383951][ T5847] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  323.417327][ T8170] binder: 8166:8170 ioctl 400c620e 200000000000 returned -22
[  324.351208][ T8179] overlayfs: failed to resolve './file0': -2
[  326.627103][ T8193] misc userio: The device must be registered before sending interrupts
[  326.959095][ T8183] 9pnet_virtio: no channels available for device syz
[  330.595445][ T8230] input: syz1 as /devices/virtual/input/input8
[  332.716560][ T8254] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  333.052615][ T8253] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  333.210705][ T8253] batadv_slave_0: entered promiscuous mode
[  339.598786][ T8305] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  343.709166][ T8356] ksmbd: Unknown IPC event: 3, ignore.
[  343.742204][ T8356] usb usb8: usbfs: process 8356 (syz.4.610) did not claim interface 0 before use
[  343.825420][ T8357] vlan1: entered promiscuous mode
[  344.045903][ T8357] vlan1: entered allmulticast mode
[  344.759065][ T8357] veth0_vlan: entered allmulticast mode
[  345.829405][ T8370] netlink: 64 bytes leftover after parsing attributes in process `syz.2.614'.
[  345.848930][ T8370] netlink: 64 bytes leftover after parsing attributes in process `syz.2.614'.
[  352.478933][ T8414] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  354.015532][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  354.760667][ T8448] ksmbd: Unknown IPC event: 3, ignore.
[  354.771193][ T8448] usb usb8: usbfs: process 8448 (syz.1.627) did not claim interface 0 before use
[  356.233314][ T8456] misc userio: The device must be registered before sending interrupts
[  356.560302][ T8459] 9pnet_virtio: no channels available for device syz
[  358.426922][ T8470] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  359.901156][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  361.840503][ T8503] 9pnet_virtio: no channels available for device syz
[  365.202336][ T8531] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  367.207918][ T8543] netlink: 24 bytes leftover after parsing attributes in process `syz.4.656'.
[  367.297247][ T8544] NILFS (nullb0): couldn't find nilfs on the device
[  368.312475][ T8547] 9pnet_virtio: no channels available for device syz
[  373.849831][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  377.300661][ T8597] misc userio: The device must be registered before sending interrupts
[  378.840958][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.869009][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  379.619219][ T8627] ksmbd: Unknown IPC event: 3, ignore.
[  382.003374][ T8647] overlayfs: failed to resolve './file1': -2
[  382.036672][ T8646] vivid-007: =================  START STATUS  =================
[  382.044675][ T8646] vivid-007: Generate PTS: true
[  382.049633][ T8646] vivid-007: Generate SCR: true
[  382.054487][ T8646] tpg source WxH: 320x240 (Y'CbCr)
[  382.059925][ T8646] tpg field: 1
[  382.063275][ T8646] tpg crop: (0,0)/320x240
[  382.067587][ T8646] tpg compose: (0,0)/320x240
[  382.072442][ T8646] tpg colorspace: 8
[  382.076226][ T8646] tpg transfer function: 0/0
[  382.080841][ T8646] tpg Y'CbCr encoding: 0/0
[  382.085230][ T8646] tpg quantization: 0/0
[  382.089476][ T8646] tpg RGB range: 0/2
[  382.093350][ T8646] vivid-007: ==================  END STATUS  ==================
[  382.115555][ T8646] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13)
[  382.122148][ T8646] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  382.130787][ T8646] vhci_hcd vhci_hcd.0: Device attached
[  382.138769][ T8649] vhci_hcd: connection closed
[  382.142902][ T7406] vhci_hcd: stop threads
[  382.151896][ T7406] vhci_hcd: release socket
[  382.156311][ T7406] vhci_hcd: disconnect device
[  382.199748][ T8633] tipc: Started in network mode
[  382.204717][ T8633] tipc: Node identity 7f000001, cluster identity 4711
[  382.212291][ T8633] tipc: Enabled bearer <udp:syz2>, priority 10
[  382.221747][ T8633] tipc: Enabled bearer <eth:team0>, priority 0
[  383.330387][ T6675] tipc: Node number set to 2130706433
[  389.528935][ T8698] input: syz0 as /devices/virtual/input/input9
[  397.915699][ T8751] misc userio: Invalid payload size
[  399.741663][ T8772] vivid-007: =================  START STATUS  =================
[  399.749367][ T8772] vivid-007: Generate PTS: true
[  399.754227][ T8772] vivid-007: Generate SCR: true
[  399.759108][ T8772] tpg source WxH: 320x240 (Y'CbCr)
[  399.764196][ T8772] tpg field: 1
[  399.767543][ T8772] tpg crop: (0,0)/320x240
[  399.771989][ T8772] tpg compose: (0,0)/320x240
[  399.776557][ T8772] tpg colorspace: 8
[  399.780366][ T8772] tpg transfer function: 0/0
[  399.784935][ T8772] tpg Y'CbCr encoding: 0/0
[  399.789351][ T8772] tpg quantization: 0/0
[  399.793479][ T8772] tpg RGB range: 0/2
[  399.797367][ T8772] vivid-007: ==================  END STATUS  ==================
[  399.819355][ T8772] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13)
[  399.825944][ T8772] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  399.833772][ T8772] vhci_hcd vhci_hcd.0: Device attached
[  399.872716][ T8775] vhci_hcd: connection closed
[  399.873040][   T36] vhci_hcd: stop threads
[  399.985626][   T36] vhci_hcd: release socket
[  399.990736][   T36] vhci_hcd: disconnect device
[  400.048023][ T5902] vhci_hcd: vhci_device speed not set
[  401.459841][ T8791] input: syz0 as /devices/virtual/input/input10
[  401.725112][ T8793] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  401.774046][ T8793] batadv_slave_0: entered promiscuous mode
[  401.934309][ T8802] misc userio: Invalid payload size
[  403.843192][ T8814] netlink: 32 bytes leftover after parsing attributes in process `syz.3.722'.
[  403.852382][ T8814] netlink: 32 bytes leftover after parsing attributes in process `syz.3.722'.
[  407.382650][ T8845] misc userio: Invalid payload size
[  409.071221][ T8864] 9pnet_virtio: no channels available for device syz
[  410.889574][ T5847] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  422.973835][ T8948] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  424.699300][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  428.704020][ T8994] fuse: Bad value for 'fd'
[  429.647961][ T5902] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  430.610171][ T5902] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  430.722543][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  430.780098][ T5902] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  430.812850][ T5902] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.957861][ T5902] usb 3-1: Product: syz
[  430.963577][ T5902] usb 3-1: Manufacturer: syz
[  430.972244][ T5902] usb 3-1: SerialNumber: syz
[  430.979823][ T5902] usb 3-1: config 0 descriptor??
[  431.326435][ T5902] usb 3-1: can't set config #0, error -71
[  431.550076][ T9012] input: syz0 as /devices/virtual/input/input11
[  433.042353][ T5902] usb 3-1: USB disconnect, device number 2
[  435.089575][ T9023] input: syz0 as /devices/virtual/input/input12
[  435.161956][ T9023] input: failed to attach handler evdev to device input12, error: -4
[  435.169503][ T9031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.777'.
[  435.302070][ T9039] nbd: must specify at least one socket
[  438.304060][ T9064] openvswitch: : Dropping previously announced user features
[  440.349100][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  440.355462][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  443.264135][ T9097] : entered promiscuous mode
[  443.665723][ T9098] 9pnet_virtio: no channels available for device syz
[  444.564636][ T9114] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[  446.164640][ T9124] 9pnet_virtio: no channels available for device syz
[  450.212462][   T30] audit: type=1326 audit(1753823218.370:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.2.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caf78e9a9 code=0x7ffc0000
[  451.047756][   T30] audit: type=1326 audit(1753823218.370:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.2.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caf78e9a9 code=0x7ffc0000
[  451.132423][   T30] audit: type=1326 audit(1753823218.370:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.2.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f7caf78e9a9 code=0x7ffc0000
[  451.234824][   T30] audit: type=1326 audit(1753823219.270:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.2.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caf78e9a9 code=0x7ffc0000
[  451.467814][   T30] audit: type=1326 audit(1753823219.270:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.2.802" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7caf78e9a9 code=0x7ffc0000
[  451.602757][ T5206] udevd[5206]: worker [9011] terminated by signal 33 (Unknown signal 33)
[  451.617806][ T5206] udevd[5206]: worker [9011] failed while handling '/devices/virtual/block/loop2'
[  452.010414][ T9166] fuse: Bad value for 'group_id'
[  452.015441][ T9166] fuse: Bad value for 'group_id'
[  456.448130][ T9207] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  456.506808][ T9207] batadv_slave_0: entered promiscuous mode
[  457.212461][ T9209] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  458.879728][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  462.147870][ T9247] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  462.451535][ T9247] batadv_slave_0: entered promiscuous mode
[  465.334964][ T9265] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  466.028033][ T5910] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  466.384295][ T5910] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  466.393215][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  466.406030][ T5910] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  466.435833][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.475968][ T5910] usb 4-1: Product: syz
[  466.492375][ T5910] usb 4-1: Manufacturer: syz
[  466.516027][ T5910] usb 4-1: SerialNumber: syz
[  466.853089][ T5910] usb 4-1: config 0 descriptor??
[  467.071187][ T5910] ims_pcu 4-1:0.0: Missing CDC union descriptor
[  467.077483][ T5910] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22
[  467.266615][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  467.280285][ T9276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  467.345662][ T9276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  467.423344][ T9289] fuse: Unknown parameter 'grou00000000000000000000'
[  467.618336][ T5910] usb 4-1: USB disconnect, device number 6
[  469.195163][ T9301] openvswitch: : Dropping previously announced user features
[  470.153238][ T9307] netlink: 44 bytes leftover after parsing attributes in process `syz.1.839'.
[  471.375748][ T9316] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  473.095156][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  478.289914][ T9365] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  480.217725][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  482.195520][ T9386] openvswitch: : Dropping previously announced user features
[  483.224401][ T9388] netlink: 44 bytes leftover after parsing attributes in process `syz.1.859'.
[  486.300503][ T9408] fuse: Unknown parameter 'group_i00000000000000000000'
[  487.331241][ T9416] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  487.446216][ T9419] ksmbd: Unknown IPC event: 3, ignore.
[  487.464199][ T9419] usb usb8: usbfs: process 9419 (syz.2.866) did not claim interface 0 before use
[  489.417839][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  492.072327][ T9447] netlink: 44 bytes leftover after parsing attributes in process `syz.1.873'.
[  494.474016][ T9463] fuse: Unknown parameter 'group_i00000000000000000000'
[  496.646380][ T9468] 9pnet_virtio: no channels available for device syz
[  498.832393][ T9494] netlink: 32 bytes leftover after parsing attributes in process `syz.3.882'.
[  498.914983][ T9494] netlink: 32 bytes leftover after parsing attributes in process `syz.3.882'.
[  498.972048][ T9493] vlan1: entered promiscuous mode
[  498.977449][ T9493] vlan1: entered allmulticast mode
[  498.982863][ T9493] veth0_vlan: entered allmulticast mode
[  499.103762][ T9500] ksmbd: Unknown IPC event: 3, ignore.
[  499.126922][ T9500] usb usb8: usbfs: process 9500 (syz.1.884) did not claim interface 0 before use
[  501.503190][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  501.509998][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  509.064465][ T9570] NILFS (nullb0): couldn't find nilfs on the device
[  510.218583][ T9565] Bluetooth: hci4: command 0x0405 tx timeout
[  510.646189][ T9582] ksmbd: Unknown IPC event: 3, ignore.
[  510.708684][ T9582] usb usb8: usbfs: process 9582 (syz.3.902) did not claim interface 0 before use
[  515.049223][ T9617] vlan1: entered promiscuous mode
[  515.055665][ T9617] vlan1: entered allmulticast mode
[  515.060946][ T9617] veth0_vlan: entered allmulticast mode
[  515.519335][ T9616] syz.3.911 (9616) used greatest stack depth: 16872 bytes left
[  517.062115][ T9630] vivid-007: =================  START STATUS  =================
[  517.070468][ T9630] vivid-007: Generate PTS: true
[  517.075485][ T9630] vivid-007: Generate SCR: true
[  517.080522][ T9630] tpg source WxH: 320x240 (Y'CbCr)
[  517.086469][ T9630] tpg field: 1
[  517.090645][ T9630] tpg crop: (0,0)/320x240
[  517.095072][ T9630] tpg compose: (0,0)/320x240
[  517.100313][ T9630] tpg colorspace: 8
[  517.104137][ T9630] tpg transfer function: 0/0
[  517.108793][ T9630] tpg Y'CbCr encoding: 0/0
[  517.126665][ T9630] tpg quantization: 0/0
[  517.131526][ T9630] tpg RGB range: 0/2
[  517.135487][ T9630] vivid-007: ==================  END STATUS  ==================
[  517.692072][ T9630] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  517.698722][ T9630] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  517.708561][ T9630] vhci_hcd vhci_hcd.0: Device attached
[  517.838258][ T9632] vhci_hcd: connection closed
[  517.949702][   T49] vhci_hcd: stop threads
[  518.062634][   T49] vhci_hcd: release socket
[  518.104615][ T6675] usb 37-1: new high-speed USB device number 3 using vhci_hcd
[  518.134654][   T49] vhci_hcd: disconnect device
[  518.221720][ T6675] usb 37-1: enqueue for inactive port 0
[  519.178910][ T6675] vhci_hcd: vhci_device speed not set
[  521.802114][ T9667] 9pnet_virtio: no channels available for device syz
[  525.930633][ T9694] vivid-007: =================  START STATUS  =================
[  525.938542][ T9694] vivid-007: Generate PTS: true
[  525.943598][ T9694] vivid-007: Generate SCR: true
[  525.949208][ T9694] tpg source WxH: 320x240 (Y'CbCr)
[  525.954392][ T9694] tpg field: 1
[  525.957875][ T9694] tpg crop: (0,0)/320x240
[  525.962273][ T9694] tpg compose: (0,0)/320x240
[  525.966950][ T9694] tpg colorspace: 8
[  525.970860][ T9694] tpg transfer function: 0/0
[  525.975556][ T9694] tpg Y'CbCr encoding: 0/0
[  525.999551][ T9694] tpg quantization: 0/0
[  526.003818][ T9694] tpg RGB range: 0/2
[  526.008446][ T9694] vivid-007: ==================  END STATUS  ==================
[  526.384826][ T9694] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  526.391465][ T9694] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  526.399940][ T9694] vhci_hcd vhci_hcd.0: Device attached
[  526.450123][ T9698] vhci_hcd: connection closed
[  526.457554][ T7406] vhci_hcd: stop threads
[  526.604282][ T7406] vhci_hcd: release socket
[  526.678389][   T24] usb 37-1: new high-speed USB device number 4 using vhci_hcd
[  526.718876][ T7406] vhci_hcd: disconnect device
[  526.792855][   T24] usb 37-1: enqueue for inactive port 0
[  527.212933][   T24] vhci_hcd: vhci_device speed not set
[  527.401775][ T9711] 9pnet_virtio: no channels available for device syz
[  529.325687][ T9728] overlayfs: missing 'lowerdir'
[  529.467840][ T5972] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  530.339577][ T5972] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  530.358191][ T5972] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  530.375605][ T5972] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  530.387265][ T5972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.418192][ T5972] usb 4-1: Product: syz
[  530.422382][ T5972] usb 4-1: Manufacturer: syz
[  530.426985][ T5972] usb 4-1: SerialNumber: syz
[  530.544365][ T5972] usb 4-1: config 0 descriptor??
[  530.609335][ T5972] ims_pcu 4-1:0.0: Missing CDC union descriptor
[  530.803226][ T9726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  530.835391][ T5972] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22
[  530.878014][ T9726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  531.142475][ T5972] usb 4-1: USB disconnect, device number 7
[  533.516756][ T9754] 9pnet_virtio: no channels available for device syz
[  536.463517][ T9772] vivid-007: =================  START STATUS  =================
[  536.472916][ T9772] vivid-007: Generate PTS: true
[  536.478593][ T9772] vivid-007: Generate SCR: true
[  536.483882][ T9772] tpg source WxH: 320x240 (Y'CbCr)
[  536.489137][ T9772] tpg field: 1
[  536.492600][ T9772] tpg crop: (0,0)/320x240
[  536.496992][ T9772] tpg compose: (0,0)/320x240
[  536.501720][ T9772] tpg colorspace: 8
[  536.505566][ T9772] tpg transfer function: 0/0
[  536.510748][ T9772] tpg Y'CbCr encoding: 0/0
[  537.168284][ T9772] tpg quantization: 0/0
[  537.219921][ T9772] tpg RGB range: 0/2
[  537.223852][ T9772] vivid-007: ==================  END STATUS  ==================
[  537.355961][ T9774] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  537.362592][ T9774] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  537.372161][ T9774] vhci_hcd vhci_hcd.0: Device attached
[  537.527609][ T9777] vhci_hcd: connection closed
[  537.529178][ T7407] vhci_hcd: stop threads
[  537.740375][ T7407] vhci_hcd: release socket
[  537.836813][ T7407] vhci_hcd: disconnect device
[  538.224767][ T9785] fuse: Bad value for 'fd'
[  552.284077][   T24] Process accounting resumed
[  556.394138][ T9914] 9pnet_virtio: no channels available for device syz
[  559.022739][ T9930] fuse: Bad value for 'fd'
[  560.399764][   T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  560.787922][   T10] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  560.796650][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.868257][   T10] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  560.877492][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.885567][   T10] usb 4-1: Product: syz
[  561.017885][   T10] usb 4-1: Manufacturer: syz
[  561.640191][   T10] usb 4-1: SerialNumber: syz
[  561.679559][   T10] usb 4-1: config 0 descriptor??
[  561.926788][   T10] ims_pcu 4-1:0.0: Missing CDC union descriptor
[  561.960842][   T10] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22
[  561.970162][ T9945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  562.028657][ T9945] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  562.225776][   T10] usb 4-1: USB disconnect, device number 8
[  562.978607][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  562.984950][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  565.197246][ T9983] netlink: 64 bytes leftover after parsing attributes in process `syz.3.991'.
[  565.729282][ T9988] netlink: 64 bytes leftover after parsing attributes in process `syz.3.991'.
[  571.979639][T10040] fuse: Bad value for 'fd'
[  579.484694][T10077] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  579.839227][T10087] 9pnet_virtio: no channels available for device syz
[  584.241915][ T5855] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  584.820747][T10114] fuse: Bad value for 'fd'
[  585.631772][ T5902] Process accounting resumed
[  589.807719][T10150] input: syz0 as /devices/virtual/input/input13
[  593.188196][ T5855] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  593.645590][T10165] fuse: Invalid rootmode
[  595.060600][T10178] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1038'.
[  596.918248][T10189] NILFS (nullb0): couldn't find nilfs on the device
[  599.228319][T10205] fuse: Bad value for 'fd'
[  599.905730][T10209] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1048'.
[  601.618284][ T5855] Bluetooth: hci4: unexpected event for opcode 0x0c1a
[  602.292147][T10217] fuse: Invalid rootmode
[  606.329537][T10242] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1056'.
[  607.298058][T10249] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  609.051582][T10261] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1060'.
[  609.299930][T10264] fuse: Bad value for 'fd'
[  610.740497][T10271] input: syz0 as /devices/virtual/input/input14
[  612.348090][T10281] vivid-007: =================  START STATUS  =================
[  612.356054][T10281] vivid-007: Generate PTS: true
[  612.363805][T10281] vivid-007: Generate SCR: true
[  612.371970][T10281] tpg source WxH: 320x240 (Y'CbCr)
[  612.380216][T10281] tpg field: 1
[  612.387457][T10281] tpg crop: (0,0)/320x240
[  612.438106][T10281] tpg compose: (0,0)/320x240
[  612.443714][T10281] tpg colorspace: 8
[  612.451646][T10281] tpg transfer function: 0/0
[  612.459711][T10281] tpg Y'CbCr encoding: 0/0
[  612.467259][T10281] tpg quantization: 0/0
[  612.474914][T10281] tpg RGB range: 0/2
[  612.482729][T10281] vivid-007: ==================  END STATUS  ==================
[  614.634915][T10302] 9pnet_virtio: no channels available for device syz
[  615.907920][T10313] fuse: Bad value for 'fd'
[  616.664198][T10315] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  619.798663][T10341] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1076'.
[  620.118586][T10344] vivid-007: =================  START STATUS  =================
[  620.126583][T10344] vivid-007: Generate PTS: true
[  620.131820][T10344] vivid-007: Generate SCR: true
[  620.136832][T10344] tpg source WxH: 320x240 (Y'CbCr)
[  620.142640][T10344] tpg field: 1
[  620.146236][T10344] tpg crop: (0,0)/320x240
[  620.150778][T10344] tpg compose: (0,0)/320x240
[  620.155479][T10344] tpg colorspace: 8
[  620.159387][T10344] tpg transfer function: 0/0
[  620.164040][T10344] tpg Y'CbCr encoding: 0/0
[  620.169162][T10344] tpg quantization: 0/0
[  620.173391][T10344] tpg RGB range: 0/2
[  620.177462][T10344] vivid-007: ==================  END STATUS  ==================
[  620.516523][T10345] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12)
[  620.523266][T10345] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  620.531686][T10345] vhci_hcd vhci_hcd.0: Device attached
[  620.635631][T10346] vhci_hcd: connection closed
[  620.717942][   T12] vhci_hcd: stop threads
[  620.872114][   T12] vhci_hcd: release socket
[  620.928442][   T48] usb 39-1: new high-speed USB device number 2 using vhci_hcd
[  620.954546][   T12] vhci_hcd: disconnect device
[  621.026632][   T48] usb 39-1: enqueue for inactive port 0
[  621.222995][   T48] vhci_hcd: vhci_device speed not set
[  622.857935][T10366] fuse: Bad value for 'fd'
[  624.441196][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  624.447572][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  625.209160][T10378] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  630.605909][T10419] vivid-007: =================  START STATUS  =================
[  630.613732][T10419] vivid-007: Generate PTS: true
[  630.619076][T10419] vivid-007: Generate SCR: true
[  630.624423][T10419] tpg source WxH: 320x240 (Y'CbCr)
[  630.629688][T10419] tpg field: 1
[  630.633347][T10419] tpg crop: (0,0)/320x240
[  630.637894][T10419] tpg compose: (0,0)/320x240
[  630.642587][T10419] tpg colorspace: 8
[  630.646970][T10419] tpg transfer function: 0/0
[  630.652363][T10419] tpg Y'CbCr encoding: 0/0
[  630.679617][T10419] tpg quantization: 0/0
[  630.683945][T10419] tpg RGB range: 0/2
[  630.688003][T10419] vivid-007: ==================  END STATUS  ==================
[  633.297282][T10442] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  636.375627][T10463] fuse: Unknown parameter 'user00000000000000000000'
[  648.340190][T10544] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1121'.
[  648.444001][T10545] NILFS (nullb0): couldn't find nilfs on the device
[  650.302095][T10554] vivid-007: =================  START STATUS  =================
[  650.311220][T10554] vivid-007: Generate PTS: true
[  650.316538][T10554] vivid-007: Generate SCR: true
[  650.322277][T10554] tpg source WxH: 320x240 (Y'CbCr)
[  650.327452][T10554] tpg field: 1
[  650.330906][T10554] tpg crop: (0,0)/320x240
[  650.335324][T10554] tpg compose: (0,0)/320x240
[  650.340554][T10554] tpg colorspace: 8
[  650.344388][T10554] tpg transfer function: 0/0
[  650.349032][T10554] tpg Y'CbCr encoding: 0/0
[  650.370610][T10554] tpg quantization: 0/0
[  650.374818][T10554] tpg RGB range: 0/2
[  650.379449][T10554] vivid-007: ==================  END STATUS  ==================
[  650.663409][T10554] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  650.670050][T10554] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  650.678442][T10554] vhci_hcd vhci_hcd.0: Device attached
[  651.629734][T10556] vhci_hcd: connection closed
[  651.783058][ T7406] vhci_hcd: stop threads
[  651.807722][ T5902] usb 41-1: new high-speed USB device number 4 using vhci_hcd
[  651.815342][ T7406] vhci_hcd: release socket
[  651.822623][ T7406] vhci_hcd: disconnect device
[  655.812198][T10590] 9pnet_virtio: no channels available for device syz
[  657.489498][ T5902] vhci_hcd: vhci_device speed not set
[  660.235653][T10612] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  660.256972][T10612] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  666.753743][T10657] 9pnet_virtio: no channels available for device syz
[  673.632576][T10706] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  675.097867][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  677.061915][T10740] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1164'.
[  677.071271][T10740] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1164'.
[  677.773028][T10739] fuse: Unknown parameter 'user_id00000000000000000000'
[  680.916881][T10772] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  683.187761][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  684.818975][T10798] fuse: Invalid rootmode
[  685.898802][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  685.905245][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  685.924707][T10799] openvswitch: : Dropping previously announced user features
[  692.756723][T10859] vivid-007: =================  START STATUS  =================
[  692.764662][T10859] vivid-007: Generate PTS: true
[  692.770329][T10859] vivid-007: Generate SCR: true
[  692.775371][T10859] tpg source WxH: 320x240 (Y'CbCr)
[  692.780656][T10859] tpg field: 1
[  692.784070][T10859] tpg crop: (0,0)/320x240
[  692.788568][T10859] tpg compose: (0,0)/320x240
[  692.793220][T10859] tpg colorspace: 8
[  692.797067][T10859] tpg transfer function: 0/0
[  692.803044][T10859] tpg Y'CbCr encoding: 0/0
[  692.807526][T10859] tpg quantization: 0/0
[  692.812461][T10859] tpg RGB range: 0/2
[  692.837269][T10859] vivid-007: ==================  END STATUS  ==================
[  693.174328][T10860] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  693.180957][T10860] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  693.189387][T10860] vhci_hcd vhci_hcd.0: Device attached
[  693.596263][T10861] vhci_hcd: connection closed
[  694.144076][ T1165] vhci_hcd: stop threads
[  694.153178][ T1165] vhci_hcd: release socket
[  694.158431][ T1165] vhci_hcd: disconnect device
[  694.255536][ T5972] vhci_hcd: vhci_device speed not set
[  694.383590][T10868] fuse: Invalid rootmode
[  695.225960][T10876] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1192'.
[  698.097781][T10884] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  699.977776][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  700.382126][T10900] input: syz0 as /devices/virtual/input/input15
[  702.305389][T10910] fuse: Invalid rootmode
[  703.040000][T10911] vivid-007: =================  START STATUS  =================
[  703.049166][T10911] vivid-007: Generate PTS: true
[  703.054976][T10911] vivid-007: Generate SCR: true
[  703.060254][T10911] tpg source WxH: 320x240 (Y'CbCr)
[  703.065428][T10911] tpg field: 1
[  703.068995][T10911] tpg crop: (0,0)/320x240
[  703.073382][T10911] tpg compose: (0,0)/320x240
[  703.078573][T10911] tpg colorspace: 8
[  703.082464][T10911] tpg transfer function: 0/0
[  703.087107][T10911] tpg Y'CbCr encoding: 0/0
[  703.110601][T10911] tpg quantization: 0/0
[  703.114865][T10911] tpg RGB range: 0/2
[  703.119006][T10911] vivid-007: ==================  END STATUS  ==================
[  705.074771][T10930] Bluetooth: hci4: Opcode 0x0401 failed: -4
[  705.339051][ T5847] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  705.407362][ T5847] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  705.427753][ T5847] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  705.436988][ T5847] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  705.445441][ T5847] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  707.257824][ T5855] Bluetooth: hci4: command 0x0405 tx timeout
[  707.546563][ T5855] Bluetooth: hci5: command tx timeout
[  707.974344][T10925] chnl_net:caif_netlink_parms(): no params data found
[  708.521258][T10925] bridge0: port 1(bridge_slave_0) entered blocking state
[  708.538389][T10925] bridge0: port 1(bridge_slave_0) entered disabled state
[  708.557891][T10925] bridge_slave_0: entered allmulticast mode
[  708.581136][T10925] bridge_slave_0: entered promiscuous mode
[  708.788743][T10925] bridge0: port 2(bridge_slave_1) entered blocking state
[  708.809727][T10925] bridge0: port 2(bridge_slave_1) entered disabled state
[  708.817001][T10925] bridge_slave_1: entered allmulticast mode
[  708.875300][T10925] bridge_slave_1: entered promiscuous mode
[  709.016191][T10925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  709.054403][T10925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  709.321271][T10925] team0: Port device team_slave_0 added
[  709.350004][T10925] team0: Port device team_slave_1 added
[  709.585383][T10925] batman_adv: batadv0: Adding interface: batadv_slave_0
[  709.592896][ T5855] Bluetooth: hci5: command tx timeout
[  710.182345][T10925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  710.208937][T10925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  710.223340][T10925] batman_adv: batadv0: Adding interface: batadv_slave_1
[  710.230357][T10925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  710.257061][T10925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  710.764869][T10925] hsr_slave_0: entered promiscuous mode
[  710.786004][T10925] hsr_slave_1: entered promiscuous mode
[  710.865276][T10972] fuse: Bad value for 'rootmode'
[  711.376855][T10925] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  711.449694][T10925] Cannot create hsr debugfs directory
[  711.663459][ T5855] Bluetooth: hci5: command tx timeout
[  711.852914][T10925] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  711.867196][T10925] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  711.885664][T10925] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  712.752968][T10925] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  713.067544][T10925] 8021q: adding VLAN 0 to HW filter on device bond0
[  713.099074][T10925] 8021q: adding VLAN 0 to HW filter on device team0
[  713.118605][ T3539] bridge0: port 1(bridge_slave_0) entered blocking state
[  713.125694][ T3539] bridge0: port 1(bridge_slave_0) entered forwarding state
[  713.156312][ T1005] bridge0: port 2(bridge_slave_1) entered blocking state
[  713.163450][ T1005] bridge0: port 2(bridge_slave_1) entered forwarding state
[  713.237541][T10925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  713.485140][T10925] 8021q: adding VLAN 0 to HW filter on device batadv0
[  713.738195][ T5855] Bluetooth: hci5: command tx timeout
[  714.273681][T10925] veth0_vlan: entered promiscuous mode
[  714.345125][T10925] veth1_vlan: entered promiscuous mode
[  714.411666][T11000] vivid-007: =================  START STATUS  =================
[  714.420927][T11000] vivid-007: Generate PTS: true
[  714.425959][T11000] vivid-007: Generate SCR: true
[  714.431325][T11000] tpg source WxH: 320x240 (Y'CbCr)
[  714.436500][T11000] tpg field: 1
[  714.439977][T11000] tpg crop: (0,0)/320x240
[  714.444773][T11000] tpg compose: (0,0)/320x240
[  714.449982][T11000] tpg colorspace: 8
[  714.453802][T11000] tpg transfer function: 0/0
[  714.458542][T11000] tpg Y'CbCr encoding: 0/0
[  714.462993][T11000] tpg quantization: 0/0
[  714.467201][T11000] tpg RGB range: 0/2
[  714.471247][T11000] vivid-007: ==================  END STATUS  ==================
[  715.164230][T10925] veth0_macvtap: entered promiscuous mode
[  715.262351][T10925] veth1_macvtap: entered promiscuous mode
[  715.285632][T10925] batman_adv: batadv0: Interface activated: batadv_slave_0
[  715.811147][T10925] batman_adv: batadv0: Interface activated: batadv_slave_1
[  715.823198][T10925] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  715.832572][T10925] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  715.858324][T10925] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  715.875437][T10925] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  716.333601][T11012] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1217'.
[  716.355634][T11012] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1217'.
[  717.077790][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  717.085669][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  717.236300][ T3539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  717.251676][ T3539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  717.534677][T11017] : entered promiscuous mode
[  720.321280][T11037] fuse: Bad value for 'rootmode'
[  722.475162][T11050] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1226'.
[  727.324713][T11078] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1231'.
[  727.334688][T11078] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1231'.
[  728.701144][T11087] vlan1: entered promiscuous mode
[  728.706473][T11087] vlan1: entered allmulticast mode
[  728.711765][T11087] veth0_vlan: entered allmulticast mode
[  730.618190][T11105] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1237'.
[  736.445032][T11128] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1242'.
[  738.764913][T11143] fuse: Unknown parameter '0x0000000000000004'
[  745.150323][T11201] 9pnet_virtio: no channels available for device syz
[  747.264531][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.271511][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  753.832873][T11248] 9pnet_virtio: no channels available for device syz
[  754.765152][T11254] fuse: Unknown parameter 'use00000000000000000000'
[  756.814343][T11269] openvswitch: : Dropping previously announced user features
[  760.506630][T11285] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1278'.
[  760.981380][T11300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1281'.
[  763.783415][T11322] 9pnet_virtio: no channels available for device syz
[  764.715059][T11329] fuse: Unknown parameter 'user_i00000000000000000000'
[  765.471044][ T5847] Bluetooth: hci5: command 0x0405 tx timeout
[  765.767221][T11337] openvswitch: : Dropping previously announced user features
[  766.704244][T11338] openvswitch: : Dropping previously announced user features
[  770.392862][T11374] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1299'.
[  770.519032][T11377] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1300'.
[  771.652412][T11388] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1296'.
[  771.662132][T11388] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1296'.
[  772.412035][T11399] 9pnet_virtio: no channels available for device syz
[  778.008257][T11444] 9pnet_virtio: no channels available for device syz
[  779.909526][T11455] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1313'.
[  782.383772][T11455] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1313'.
[  792.146913][T11548] NILFS (nullb0): couldn't find nilfs on the device
[  793.486086][T11557] openvswitch: : Dropping previously announced user features
[  798.759287][T11590] input: syz0 as /devices/virtual/input/input16
[  807.584775][T11654] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1367'.
[  807.595236][T11654] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1367'.
[  808.702313][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  808.724016][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  808.803630][T11663] input: syz0 as /devices/virtual/input/input17
[  811.765109][T11677] openvswitch: : Dropping previously announced user features
[  812.262265][T11681] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  814.161033][T11701] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  814.170548][T11701] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  814.182393][T11701] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  816.945017][T11716] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1382'.
[  817.037557][T11717] NILFS (nullb0): couldn't find nilfs on the device
[  818.689641][T11730] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1385'.
[  819.104805][T11730] NILFS (nullb0): couldn't find nilfs on the device
[  820.201299][T11741] openvswitch: : Dropping previously announced user features
[  821.768851][T11752] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1389'.
[  822.931606][T11759] fuse: Unknown parameter 'gr00000000000000000000'
[  828.827397][T11796] tipc: Started in network mode
[  828.847856][T11796] tipc: Node identity 7f000001, cluster identity 4711
[  829.437577][T11796] tipc: Enabled bearer <udp:syz2>, priority 10
[  830.417212][T11808] tipc: Enabled bearer <eth:team0>, priority 0
[  831.273708][ T5847] Bluetooth: hci5: command 0x0405 tx timeout
[  831.409259][ T6675] tipc: Node number set to 2130706433
[  839.472934][T11865] openvswitch: : Dropping previously announced user features
[  839.947091][T11866] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1417'.
[  840.418736][T11872] fuse: Unknown parameter 'gro00000000000000000000'
[  841.465455][T11881] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1421'.
[  841.578736][T11884] 9pnet_virtio: no channels available for device syz
[  844.934597][T11907] overlayfs: missing 'workdir'
[  845.701707][T11908] tipc: Started in network mode
[  845.706776][T11908] tipc: Node identity 7f000001, cluster identity 4711
[  845.738767][T11908] tipc: Enabled bearer <udp:syz2>, priority 10
[  845.913908][T11910] tipc: Enabled bearer <eth:team0>, priority 0
[  847.061338][   T48] tipc: Node number set to 2130706433
[  847.611703][T11924] : entered promiscuous mode
[  848.789542][T11931] 9pnet_virtio: no channels available for device syz
[  848.878023][   T48] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  849.030561][   T48] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  849.117665][   T48] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  849.187057][   T48] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  849.290692][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  849.338445][   T48] usb 6-1: Product: syz
[  850.399249][   T48] usb 6-1: Manufacturer: syz
[  850.404061][   T48] usb 6-1: SerialNumber: syz
[  850.426335][   T48] usb 6-1: config 0 descriptor??
[  850.640329][   T48] ims_pcu 6-1:0.0: Missing CDC union descriptor
[  850.652653][T11928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  850.932859][   T48] ims_pcu 6-1:0.0: probe with driver ims_pcu failed with error -22
[  850.958507][T11928] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  850.995895][   T48] usb 6-1: USB disconnect, device number 2
[  851.979761][T11951] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1439'.
[  852.036020][T11951] NILFS (nullb0): couldn't find nilfs on the device
[  862.653645][T12009] vlan1: entered promiscuous mode
[  862.659645][T12009] vlan1: entered allmulticast mode
[  862.664881][T12009] veth0_vlan: entered allmulticast mode
[  867.505152][T12026] fuse: Bad value for 'user_id'
[  867.510670][T12026] fuse: Bad value for 'user_id'
[  868.424747][T12031] input: syz0 as /devices/virtual/input/input18
[  868.974577][T12041] fuse: Unknown parameter '0x0000000000000006'
[  870.238820][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  870.245563][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  870.752306][T12058] fuse: Bad value for 'fd'
[  871.257988][ T5847] Bluetooth: hci5: command 0x0405 tx timeout
[  873.463021][T12071] 9pnet_virtio: no channels available for device syz
[  874.130066][T12066] input: syz0 as /devices/virtual/input/input19
[  879.996189][T12078] openvswitch: : Dropping previously announced user features
[  880.645336][T12089] fuse: Unknown parameter '0x0000000000000006'
[  881.770484][T12106] vlan1: entered promiscuous mode
[  881.776742][T12106] vlan1: entered allmulticast mode
[  881.781954][T12106] veth0_vlan: entered allmulticast mode
[  884.549772][T12119] openvswitch: : Dropping previously announced user features
[  885.444267][T12128] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1484'.
[  885.468884][T12128] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1484'.
[  887.194017][T12159] openvswitch: : Dropping previously announced user features
[  892.842340][T12212] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1505'.
[  892.887811][T12212] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  892.897525][T12212] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  892.907408][T12212] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  892.916369][T12212] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  892.988851][T12216] 9pnet_virtio: no channels available for device syz
[  893.599439][T12212] vxlan0: entered promiscuous mode
[  896.039218][T12223] tty tty1: ldisc open failed (-12), clearing slot 0
[  907.862144][T12324] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1532'.
[  911.390835][T12358] 9pnet_virtio: no channels available for device syz
[  914.264594][T12373] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1542'.
[  914.555557][T12369] openvswitch: : Dropping previously announced user features
[  917.737957][ T9565] Bluetooth: hci5: command 0x0405 tx timeout
[  918.213870][T12413] geneve2: entered promiscuous mode
[  918.835587][T12415] fuse: Invalid rootmode
[  918.939190][T12418] fuse: Invalid rootmode
[  925.581797][T12470] fuse: Invalid rootmode
[  926.307096][T12474] 9pnet_fd: Insufficient options for proto=fd
[  930.359838][T12513] 9pnet_virtio: no channels available for device syz
[  931.381461][T12524] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1582'.
[  931.392591][T12524] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  931.488544][T12533] input: syz0 as /devices/virtual/input/input20
[  931.597440][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  931.608200][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  932.899678][T12539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1586'.
[  934.548056][T12539] team_slave_0: entered promiscuous mode
[  934.554102][T12539] team_slave_1: entered promiscuous mode
[  934.565663][T12539] macvtap1: entered promiscuous mode
[  934.688857][T12539] team0: entered promiscuous mode
[  934.696617][T12539] macvtap1: entered allmulticast mode
[  934.702587][T12539] team0: entered allmulticast mode
[  934.708664][T12539] team_slave_0: entered allmulticast mode
[  934.714733][T12539] team_slave_1: entered allmulticast mode
[  934.726207][T12539] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  934.767270][T12546] team0: left allmulticast mode
[  935.100261][T12546] team_slave_0: left allmulticast mode
[  935.362465][T12546] team_slave_1: left allmulticast mode
[  935.385064][T12546] team0: left promiscuous mode
[  935.393447][T12546] team_slave_0: left promiscuous mode
[  935.399189][T12546] team_slave_1: left promiscuous mode
[  935.435296][T12548] openvswitch: : Dropping previously announced user features
[  937.735912][T12581] openvswitch: : Dropping previously announced user features
[  939.670457][T12594] openvswitch: : Dropping previously announced user features
[  942.430312][T12615] openvswitch: : Dropping previously announced user features
[  943.760026][T12619] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  945.144503][T12620] tipc: Started in network mode
[  945.149753][T12620] tipc: Node identity 7f000001, cluster identity 4711
[  945.157012][T12620] tipc: Enabled bearer <udp:syz2>, priority 10
[  945.181430][T12620] tipc: Enabled bearer <eth:team0>, priority 0
[  946.236342][   T24] tipc: Node number set to 2130706433
[  950.240760][T12676] openvswitch: : Dropping previously announced user features
[  955.228484][T12707] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1627'.
[  955.268362][T12707] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  958.511076][T12744] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1636'.
[  958.612334][T12744] erspan0: entered promiscuous mode
[  958.667592][T12744] macvtap2: entered promiscuous mode
[  958.677717][T12744] macvtap2: entered allmulticast mode
[  958.686746][T12744] erspan0: entered allmulticast mode
[  959.507325][T12746] erspan0: left allmulticast mode
[  959.518153][T12746] erspan0: left promiscuous mode
[  959.739875][ T5910] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  960.144965][ T5910] usb 4-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  960.184194][ T5910] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  960.248470][ T5910] usb 4-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  960.257565][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.328532][ T5910] usb 4-1: Product: syz
[  960.337470][ T5910] usb 4-1: Manufacturer: syz
[  960.358082][ T5910] usb 4-1: SerialNumber: syz
[  960.388294][ T5910] usb 4-1: config 0 descriptor??
[  960.415865][ T5910] ims_pcu 4-1:0.0: Missing CDC union descriptor
[  960.447892][ T5910] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22
[  960.522392][T12762] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.538280][T12762] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.668863][T12753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  960.775821][T12753] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  960.997756][T12770] openvswitch: : Dropping previously announced user features
[  961.553893][ T5910] usb 4-1: USB disconnect, device number 9
[  961.577373][T12771] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1644'.
[  964.236584][T12797] 9pnet_virtio: no channels available for device syz
[  965.109603][T12809] input: syz0 as /devices/virtual/input/input21
[  965.961977][T12802] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  967.840611][T12822] openvswitch: : Dropping previously announced user features
[  970.288977][ T5910] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  970.461953][ T5910] usb 6-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  970.625915][T12835] tipc: Started in network mode
[  970.657947][ T5910] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  970.677866][T12835] tipc: Node identity 7f000001, cluster identity 4711
[  970.930921][ T5910] usb 6-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[  970.948652][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.956877][ T5910] usb 6-1: Product: syz
[  970.961288][ T5910] usb 6-1: Manufacturer: syz
[  970.966017][ T5910] usb 6-1: SerialNumber: syz
[  970.973065][ T5910] usb 6-1: config 0 descriptor??
[  971.138466][T12835] tipc: Enabled bearer <udp:syz2>, priority 10
[  971.156030][ T5910] ims_pcu 6-1:0.0: Missing CDC union descriptor
[  971.198684][ T5910] ims_pcu 6-1:0.0: probe with driver ims_pcu failed with error -22
[  971.353926][T12841] tipc: Enabled bearer <eth:team0>, priority 0
[  971.372903][T12833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  971.401401][T12833] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  971.924117][ T5902] usb 6-1: USB disconnect, device number 3
[  972.408580][   T24] tipc: Node number set to 2130706433
[  974.264140][T12865] 9pnet_virtio: no channels available for device syz
[  977.128731][T12901] input: syz0 as /devices/virtual/input/input22
[  979.112837][T12907] openvswitch: : Dropping previously announced user features
[  980.509172][T12922] 9pnet_virtio: no channels available for device syz
[  983.548494][T12946] input: syz0 as /devices/virtual/input/input23
[  984.673687][T12957] input: syz0 as /devices/virtual/input/input24
[  986.378295][T12962] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1689'.
[  988.900702][T12975] 9pnet_virtio: no channels available for device syz
[  990.504085][T12991] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1700'.
[  993.021607][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  993.333805][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1003.033044][T13083] Bluetooth: hci4: Opcode 0x0401 failed: -4
[ 1004.505126][T13088] fuse: Unknown parameter '0x0000000000000007'
[ 1005.258297][ T9565] Bluetooth: hci4: command 0x0405 tx timeout
[ 1008.799677][T13117] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1731'.
[ 1011.465272][T13130] tipc: Resetting bearer <eth:team0>
[ 1011.477294][T13130] tipc: Resetting bearer <eth:team0>
[ 1011.606158][T13130] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1011.610733][T13140] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1736'.
[ 1011.660147][T13130] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1012.787407][   T13] tipc: Resetting bearer <eth:team0>
[ 1015.087989][T13173] input: syz0 as /devices/virtual/input/input25
[ 1018.607740][ T5902] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1018.783010][ T5902] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1019.735635][ T5902] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1019.775130][ T5902] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[ 1019.913040][T13200] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1753'.
[ 1020.004494][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1020.163354][ T5902] usb 2-1: Product: syz
[ 1020.253819][ T5902] usb 2-1: Manufacturer: syz
[ 1020.302226][ T5902] usb 2-1: SerialNumber: syz
[ 1020.337827][ T5902] usb 2-1: config 0 descriptor??
[ 1020.348464][T13200] team_slave_0: entered promiscuous mode
[ 1020.354222][T13200] team_slave_1: entered promiscuous mode
[ 1020.369449][ T5902] ims_pcu 2-1:0.0: Missing CDC union descriptor
[ 1020.382161][ T5902] ims_pcu 2-1:0.0: probe with driver ims_pcu failed with error -22
[ 1020.462679][T13212] input: syz0 as /devices/virtual/input/input26
[ 1020.596487][T13184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1020.608296][T13200] macvtap1: entered promiscuous mode
[ 1020.613625][T13200] team0: entered promiscuous mode
[ 1020.614068][T13184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1020.676623][T13200] macvtap1: entered allmulticast mode
[ 1020.701477][ T5902] usb 2-1: USB disconnect, device number 2
[ 1020.712745][T13200] team0: entered allmulticast mode
[ 1020.784171][T13200] team_slave_0: entered allmulticast mode
[ 1020.883769][T13200] team_slave_1: entered allmulticast mode
[ 1021.111358][T13200] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1021.837331][T13207] team0: left allmulticast mode
[ 1021.883690][T13207] team_slave_0: left allmulticast mode
[ 1021.933119][T13207] team_slave_1: left allmulticast mode
[ 1021.969256][T13207] team0: left promiscuous mode
[ 1021.985003][T13207] team_slave_0: left promiscuous mode
[ 1021.990511][T13207] team_slave_1: left promiscuous mode
[ 1023.102885][T13235] openvswitch: : Dropping previously announced user features
[ 1023.583390][T13242] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1764'.
[ 1024.240572][T13248] overlayfs: failed to resolve './file1': -2
[ 1025.821031][T13256] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1766'.
[ 1026.619716][T13258] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1026.649885][T13258] batadv_slave_0: entered promiscuous mode
[ 1026.729576][ T5902] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[ 1026.890031][ T5902] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1026.907735][ T5902] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1027.496826][ T5902] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[ 1027.546265][ T5902] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1027.573258][ T5902] usb 5-1: Product: syz
[ 1027.587166][ T5902] usb 5-1: Manufacturer: syz
[ 1027.668898][ T5902] usb 5-1: SerialNumber: syz
[ 1027.696801][ T5902] usb 5-1: config 0 descriptor??
[ 1027.711478][ T5902] ims_pcu 5-1:0.0: Missing CDC union descriptor
[ 1027.723180][ T5902] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[ 1027.980995][T13261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1027.990481][T13261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1028.020961][ T6675] usb 5-1: USB disconnect, device number 8
[ 1028.102793][T13272] fuse: Bad value for 'fd'
[ 1029.813023][T13286] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1775'.
[ 1030.970944][T13295] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1778'.
[ 1033.003612][T13306] 9pnet_virtio: no channels available for device syz
[ 1034.617594][T13316] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1783'.
[ 1034.620463][T13315] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1784'.
[ 1034.734396][T13315] team_slave_0: entered promiscuous mode
[ 1034.740127][T13315] team_slave_1: entered promiscuous mode
[ 1034.746913][T13315] macvtap1: entered promiscuous mode
[ 1034.752896][T13315] team0: entered promiscuous mode
[ 1034.760939][T13315] macvtap1: entered allmulticast mode
[ 1034.784395][T13315] team0: entered allmulticast mode
[ 1034.790366][T13315] team_slave_0: entered allmulticast mode
[ 1034.796518][T13315] team_slave_1: entered allmulticast mode
[ 1034.805030][T13315] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1034.823636][T13318] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1035.256605][  T978] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[ 1035.555001][T13330] openvswitch: : Dropping previously announced user features
[ 1036.368008][  T978] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1036.473388][  T978] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1036.525830][  T978] usb 5-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[ 1036.535733][  T978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1036.566335][  T978] usb 5-1: Product: syz
[ 1036.671959][  T978] usb 5-1: Manufacturer: syz
[ 1036.676993][  T978] usb 5-1: SerialNumber: syz
[ 1036.685065][  T978] usb 5-1: config 0 descriptor??
[ 1036.693689][  T978] ims_pcu 5-1:0.0: Missing CDC union descriptor
[ 1036.700163][  T978] ims_pcu 5-1:0.0: probe with driver ims_pcu failed with error -22
[ 1036.835345][T13336] 9pnet_virtio: no channels available for device syz
[ 1038.059120][T13320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1038.182840][T13320] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1038.375490][ T5910] usb 5-1: USB disconnect, device number 9
[ 1038.760657][T13349] fuse: Bad value for 'fd'
[ 1039.441855][T13347] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1792'.
[ 1040.639862][T13358] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1795'.
[ 1040.710938][T13358] team_slave_0: entered promiscuous mode
[ 1040.716720][T13358] team_slave_1: entered promiscuous mode
[ 1040.738945][T13358] macvtap1: entered promiscuous mode
[ 1040.752193][T13358] team0: entered promiscuous mode
[ 1040.764915][T13358] macvtap1: entered allmulticast mode
[ 1040.906818][T13358] team0: entered allmulticast mode
[ 1040.992806][T13358] team_slave_0: entered allmulticast mode
[ 1041.056778][T13358] team_slave_1: entered allmulticast mode
[ 1041.185340][T13358] 8021q: adding VLAN 0 to HW filter on device macvtap1
[ 1041.587123][T13363] team0: left allmulticast mode
[ 1041.665023][T13363] team_slave_0: left allmulticast mode
[ 1041.671265][T13363] team_slave_1: left allmulticast mode
[ 1041.676771][T13363] team0: left promiscuous mode
[ 1041.683992][T13363] team_slave_0: left promiscuous mode
[ 1041.689506][T13363] team_slave_1: left promiscuous mode
[ 1041.844241][T13371] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1797'.
[ 1041.935794][T12061] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1041.945706][T12061] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1041.956534][T12061] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1041.966919][T12061] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1041.975169][T12061] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1042.005251][T13378] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1800'.
[ 1042.016850][T13375] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1797'.
[ 1042.519239][T13180] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.443076][T13180] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.789438][T13397] fuse: Bad value for 'fd'
[ 1044.058374][T12061] Bluetooth: hci1: command tx timeout
[ 1044.100988][T13180] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1044.524736][T13180] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1044.840574][T13406] openvswitch: : Dropping previously announced user features
[ 1046.745539][T12061] Bluetooth: hci1: command 0x041b tx timeout
[ 1047.205650][T13424] syzkaller0: entered promiscuous mode
[ 1047.248933][T13424] syzkaller0: entered allmulticast mode
[ 1047.283423][T13373] chnl_net:caif_netlink_parms(): no params data found
[ 1047.756210][T13441] fuse: Unknown parameter 'fd0x0000000000000006'
[ 1048.778870][T12061] Bluetooth: hci1: command 0x041b tx timeout
[ 1048.782437][T13448] tipc: Resetting bearer <eth:team0>
[ 1048.813483][T13448] tipc: Resetting bearer <eth:team0>
[ 1048.855429][T13448] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1048.870210][T13448] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1048.925657][T13450] bridge0: entered allmulticast mode
[ 1048.957061][T12940] tipc: Resetting bearer <eth:team0>
[ 1048.976062][T13180] bridge_slave_1: left allmulticast mode
[ 1048.992921][T13180] bridge_slave_1: left promiscuous mode
[ 1049.008097][T13180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.069040][T13180] bridge_slave_0: left allmulticast mode
[ 1049.074737][T13180] bridge_slave_0: left promiscuous mode
[ 1049.115315][T13180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1049.565421][T13467] fuse: Bad value for 'fd'
[ 1050.865832][T12061] Bluetooth: hci1: command 0x041b tx timeout
[ 1051.138235][T13481] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1818'.
[ 1051.958786][T13180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1051.974202][T13180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1052.579958][T13180] bond0 (unregistering): Released all slaves
[ 1052.844309][T13373] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1052.894135][T13373] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1052.938776][T12061] Bluetooth: hci1: command 0x041b tx timeout
[ 1052.952823][T13373] bridge_slave_0: entered allmulticast mode
[ 1053.020911][T13373] bridge_slave_0: entered promiscuous mode
[ 1053.078900][T13180] : left promiscuous mode
[ 1053.574154][T13373] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1053.590965][T13373] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1053.690204][T13373] bridge_slave_1: entered allmulticast mode
[ 1053.704646][T13373] bridge_slave_1: entered promiscuous mode
[ 1054.459803][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.466167][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.677775][T13373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1054.761337][T13373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1054.796047][T13508] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[ 1055.104238][T13180] hsr_slave_0: left promiscuous mode
[ 1055.132651][T13180] hsr_slave_1: left promiscuous mode
[ 1055.143259][T13180] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1055.172784][T13180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1055.192991][T13180] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1055.250990][T13180] veth1_macvtap: left promiscuous mode
[ 1055.277330][T13180] veth0_macvtap: left promiscuous mode
[ 1055.301643][T13180] veth1_vlan: left promiscuous mode
[ 1056.399847][T13530] fuse: Bad value for 'fd'
[ 1057.594624][T13539] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1829'.
[ 1057.798250][T13180] team0 (unregistering): Port device team_slave_1 removed
[ 1057.861709][T13180] team0 (unregistering): Port device team_slave_0 removed
[ 1058.647139][T13542] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1830'.
[ 1058.690893][T13373] team0: Port device team_slave_0 added
[ 1058.944681][T13546] input: syz0 as /devices/virtual/input/input28
[ 1059.839018][T13373] team0: Port device team_slave_1 added
[ 1061.580514][T13558] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[ 1061.589968][T13558] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[ 1061.600256][T13558] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1061.777515][T13373] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1061.844592][T13571] fuse: Bad value for 'fd'
[ 1062.343184][T13373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1062.343549][T13373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1062.346785][T13373] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1062.711729][T13373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1062.738371][T13373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1063.119675][T13580] Invalid ELF section header size
[ 1064.139551][T13581] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1065.092692][T13373] hsr_slave_0: entered promiscuous mode
[ 1065.176859][T13373] hsr_slave_1: entered promiscuous mode
[ 1065.203828][T13373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1065.242478][T13373] Cannot create hsr debugfs directory
[ 1066.987470][T13373] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1067.302753][T13621] 9pnet_virtio: no channels available for device syz
[ 1068.085233][T13373] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1068.116908][T13373] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1068.278172][T13373] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1069.897955][T13642] fuse: Bad value for 'fd'
[ 1071.189067][T13373] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1072.108772][T13373] 8021q: adding VLAN 0 to HW filter on device team0
[ 1072.217144][T13180] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1072.224382][T13180] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1072.288706][T13180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1072.296026][T13180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1073.878556][T13665] openvswitch: : Dropping previously announced user features
[ 1075.190610][T13373] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1075.244527][T13688] openvswitch: : Dropping previously announced user features
[ 1076.479148][T13711] fuse: Bad value for 'fd'
[ 1077.514757][T13709] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1859'.
[ 1077.738750][T13714] input: syz0 as /devices/virtual/input/input29
[ 1077.954074][T13709] macvtap2: entered promiscuous mode
[ 1078.152301][T13709] macvtap2: entered allmulticast mode
[ 1078.600418][T13709] 8021q: adding VLAN 0 to HW filter on device macvtap2
[ 1078.897348][T13373] veth0_vlan: entered promiscuous mode
[ 1078.956555][T13373] veth1_vlan: entered promiscuous mode
[ 1079.061734][T13373] veth0_macvtap: entered promiscuous mode
[ 1079.076302][T13373] veth1_macvtap: entered promiscuous mode
[ 1079.385904][T13744] 9pnet_virtio: no channels available for device syz
[ 1080.228418][T13373] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1080.273769][T13373] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1080.305854][T13373] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1080.320266][T13373] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1080.332696][T13373] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1080.344275][T13373] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1082.142057][ T7407] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1082.204994][ T7407] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1082.352831][ T6525] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1082.383524][ T6525] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1083.140359][T13779] fuse: Bad value for 'fd'
[ 1084.756929][T13788] overlayfs: failed to resolve './file1': -2
[ 1094.478310][ T6675] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1095.549709][ T6675] usb 7-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[ 1095.756557][ T6675] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1095.839190][ T6675] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c
[ 1095.876854][ T6675] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1095.917368][ T6675] usb 7-1: Product: syz
[ 1095.927896][ T6675] usb 7-1: Manufacturer: syz
[ 1095.938262][ T6675] usb 7-1: SerialNumber: syz
[ 1095.953407][ T6675] usb 7-1: config 0 descriptor??
[ 1096.004036][ T6675] ims_pcu 7-1:0.0: Missing CDC union descriptor
[ 1096.010688][ T6675] ims_pcu 7-1:0.0: probe with driver ims_pcu failed with error -22
[ 1096.208936][T13849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1096.238695][T13849] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1097.048596][ T5910] usb 7-1: USB disconnect, device number 2
[ 1098.075163][T13899] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1894'.
[ 1098.409548][T13903] Invalid ELF section header size
[ 1099.902738][T13907] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[ 1103.003844][T13946] : entered promiscuous mode
[ 1107.018525][T13984] Invalid ELF section header size
[ 1107.883705][T13989] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[ 1107.988103][T13996] netlink: 'syz.1.1909': attribute type 2 has an invalid length.
[ 1108.638350][T14000] Invalid ELF section header size
[ 1110.079567][T14013] Cache volume key already in use (9p,(null),)
[ 1114.330593][T14044] openvswitch: : Dropping previously announced user features
[ 1115.928943][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.935609][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1120.684988][T14080] ==================================================================
[ 1120.693116][T14080] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0
[ 1120.701304][T14080] Read of size 1 at addr ffff88803448bcb0 by task syz.1.1928/14080
[ 1120.709202][T14080] 
[ 1120.711568][T14080] CPU: 0 UID: 0 PID: 14080 Comm: syz.1.1928 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1120.711595][T14080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1120.711614][T14080] Call Trace:
[ 1120.711627][T14080]  <TASK>
[ 1120.711636][T14080]  dump_stack_lvl+0x189/0x250
[ 1120.711663][T14080]  ? rcu_is_watching+0x15/0xb0
[ 1120.711683][T14080]  ? __kasan_check_byte+0x12/0x40
[ 1120.711704][T14080]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1120.711724][T14080]  ? rcu_is_watching+0x15/0xb0
[ 1120.711744][T14080]  ? lock_release+0x4b/0x3e0
[ 1120.711765][T14080]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1120.711789][T14080]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1120.711813][T14080]  print_report+0xca/0x240
[ 1120.711841][T14080]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1120.711870][T14080]  kasan_report+0x118/0x150
[ 1120.711891][T14080]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1120.711924][T14080]  ? remove_wait_queue+0x24/0x120
[ 1120.711950][T14080]  __kasan_check_byte+0x2a/0x40
[ 1120.711976][T14080]  lock_acquire+0x8d/0x360
[ 1120.711994][T14080]  ? task_work_add+0x281/0x420
[ 1120.712024][T14080]  _raw_spin_lock_irqsave+0xa7/0xf0
[ 1120.712053][T14080]  ? remove_wait_queue+0x24/0x120
[ 1120.712079][T14080]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1120.712109][T14080]  ? __fput_deferred+0x215/0x390
[ 1120.712134][T14080]  ? __pfx___fput_deferred+0x10/0x10
[ 1120.712161][T14080]  remove_wait_queue+0x24/0x120
[ 1120.712189][T14080]  poll_freewait+0xb1/0x240
[ 1120.712208][T14080]  do_select+0x172f/0x17e0
[ 1120.712231][T14080]  ? do_select+0xbb1/0x17e0
[ 1120.712258][T14080]  ? __pfx_do_select+0x10/0x10
[ 1120.712283][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712305][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712325][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712346][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712367][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712388][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712409][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712429][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712450][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1120.712480][T14080]  core_sys_select+0x6dd/0xa20
[ 1120.712505][T14080]  ? __pfx_core_sys_select+0x10/0x10
[ 1120.712536][T14080]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1120.712557][T14080]  ? kmem_cache_free+0x18f/0x400
[ 1120.712581][T14080]  __se_sys_pselect6+0x27a/0x300
[ 1120.712602][T14080]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1120.712622][T14080]  ? rcu_is_watching+0x15/0xb0
[ 1120.712644][T14080]  ? __x64_sys_pselect6+0x21/0xf0
[ 1120.712664][T14080]  do_syscall_64+0xfa/0x3b0
[ 1120.712686][T14080]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1120.712705][T14080]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.712726][T14080]  ? clear_bhb_loop+0x60/0xb0
[ 1120.712747][T14080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1120.712766][T14080] RIP: 0033:0x7fe96d18e9a9
[ 1120.712783][T14080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1120.712801][T14080] RSP: 002b:00007fe96df4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1120.712822][T14080] RAX: ffffffffffffffda RBX: 00007fe96d3b6080 RCX: 00007fe96d18e9a9
[ 1120.712838][T14080] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1120.712851][T14080] RBP: 00007fe96d210d69 R08: 0000000000000000 R09: 0000000000000000
[ 1120.712864][T14080] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[ 1120.712877][T14080] R13: 0000000000000000 R14: 00007fe96d3b6080 R15: 00007ffc396c52b8
[ 1120.712899][T14080]  </TASK>
[ 1120.712906][T14080] 
[ 1121.052152][T14080] Allocated by task 6631:
[ 1121.056484][T14080]  kasan_save_track+0x3e/0x80
[ 1121.061183][T14080]  __kasan_kmalloc+0x93/0xb0
[ 1121.065779][T14080]  __kmalloc_cache_noprof+0x230/0x3d0
[ 1121.071160][T14080]  comedi_device_postconfig+0x4a8/0xc90
[ 1121.076719][T14080]  comedi_device_attach+0x53a/0x670
[ 1121.081929][T14080]  comedi_unlocked_ioctl+0x686/0xfc0
[ 1121.087233][T14080]  __se_sys_ioctl+0xfc/0x170
[ 1121.091843][T14080]  do_syscall_64+0xfa/0x3b0
[ 1121.096359][T14080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.102267][T14080] 
[ 1121.104595][T14080] Freed by task 14085:
[ 1121.108668][T14080]  kasan_save_track+0x3e/0x80
[ 1121.113372][T14080]  kasan_save_free_info+0x46/0x50
[ 1121.118410][T14080]  __kasan_slab_free+0x62/0x70
[ 1121.123180][T14080]  kfree+0x18e/0x440
[ 1121.127100][T14080]  comedi_device_detach+0x372/0x720
[ 1121.132310][T14080]  comedi_unlocked_ioctl+0xbd2/0xfc0
[ 1121.137602][T14080]  __se_sys_ioctl+0xfc/0x170
[ 1121.142213][T14080]  do_syscall_64+0xfa/0x3b0
[ 1121.146727][T14080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.152629][T14080] 
[ 1121.154954][T14080] The buggy address belongs to the object at ffff88803448bc00
[ 1121.154954][T14080]  which belongs to the cache kmalloc-256 of size 256
[ 1121.169020][T14080] The buggy address is located 176 bytes inside of
[ 1121.169020][T14080]  freed 256-byte region [ffff88803448bc00, ffff88803448bd00)
[ 1121.182863][T14080] 
[ 1121.185194][T14080] The buggy address belongs to the physical page:
[ 1121.191618][T14080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803448b000 pfn:0x3448a
[ 1121.201691][T14080] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1121.210195][T14080] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1121.218714][T14080] page_type: f5(slab)
[ 1121.222705][T14080] raw: 00fff00000000240 ffff88801a441b40 ffffea0000944210 ffffea0000c9e910
[ 1121.231299][T14080] raw: ffff88803448b000 000000000010000d 00000000f5000000 0000000000000000
[ 1121.239894][T14080] head: 00fff00000000240 ffff88801a441b40 ffffea0000944210 ffffea0000c9e910
[ 1121.248581][T14080] head: ffff88803448b000 000000000010000d 00000000f5000000 0000000000000000
[ 1121.257263][T14080] head: 00fff00000000001 ffffea0000d12281 00000000ffffffff 00000000ffffffff
[ 1121.265948][T14080] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1121.274621][T14080] page dumped because: kasan: bad access detected
[ 1121.281038][T14080] page_owner tracks the page as allocated
[ 1121.286766][T14080] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5207, tgid 5207 (udevadm), ts 29277117606, free_ts 29222310269
[ 1121.306932][T14080]  post_alloc_hook+0x240/0x2a0
[ 1121.311713][T14080]  get_page_from_freelist+0x21d5/0x22b0
[ 1121.317275][T14080]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1121.323095][T14080]  alloc_pages_mpol+0x232/0x4a0
[ 1121.327955][T14080]  allocate_slab+0x8a/0x3b0
[ 1121.332468][T14080]  ___slab_alloc+0xbfc/0x1480
[ 1121.337154][T14080]  __kmalloc_cache_noprof+0x296/0x3d0
[ 1121.342541][T14080]  smk_fetch+0x95/0x140
[ 1121.346720][T14080]  smack_d_instantiate+0x6f5/0x940
[ 1121.351850][T14080]  security_d_instantiate+0x10a/0x200
[ 1121.357247][T14080]  d_splice_alias+0x6e/0x330
[ 1121.361861][T14080]  path_openat+0x1101/0x3830
[ 1121.366468][T14080]  do_filp_open+0x1fa/0x410
[ 1121.370988][T14080]  do_sys_openat2+0x121/0x1c0
[ 1121.375679][T14080]  __x64_sys_openat+0x138/0x170
[ 1121.380548][T14080]  do_syscall_64+0xfa/0x3b0
[ 1121.385063][T14080] page last free pid 5207 tgid 5207 stack trace:
[ 1121.391389][T14080]  __free_frozen_pages+0xc65/0xe60
[ 1121.396510][T14080]  __put_partials+0x161/0x1c0
[ 1121.401194][T14080]  put_cpu_partial+0x17c/0x250
[ 1121.405971][T14080]  __slab_free+0x2f7/0x400
[ 1121.410396][T14080]  qlist_free_all+0x97/0x140
[ 1121.415001][T14080]  kasan_quarantine_reduce+0x148/0x160
[ 1121.420476][T14080]  __kasan_slab_alloc+0x22/0x80
[ 1121.425330][T14080]  __kmalloc_noprof+0x224/0x4f0
[ 1121.430189][T14080]  kernfs_fop_write_iter+0x158/0x4f0
[ 1121.435492][T14080]  vfs_write+0x54b/0xa90
[ 1121.439737][T14080]  ksys_write+0x145/0x250
[ 1121.444073][T14080]  do_syscall_64+0xfa/0x3b0
[ 1121.448585][T14080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.454491][T14080] 
[ 1121.456817][T14080] Memory state around the buggy address:
[ 1121.462450][T14080]  ffff88803448bb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1121.470518][T14080]  ffff88803448bc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1121.478587][T14080] >ffff88803448bc80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1121.486651][T14080]                                      ^
[ 1121.492283][T14080]  ffff88803448bd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1121.500358][T14080]  ffff88803448bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1121.508430][T14080] ==================================================================
[ 1121.516513][T14080] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1121.523721][T14080] CPU: 0 UID: 0 PID: 14080 Comm: syz.1.1928 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[ 1121.533712][T14080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1121.543779][T14080] Call Trace:
[ 1121.547067][T14080]  <TASK>
[ 1121.550003][T14080]  dump_stack_lvl+0x99/0x250
[ 1121.554614][T14080]  ? __asan_memcpy+0x40/0x70
[ 1121.559230][T14080]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1121.564445][T14080]  ? __pfx__printk+0x10/0x10
[ 1121.569058][T14080]  panic+0x2db/0x790
[ 1121.572966][T14080]  ? __pfx_panic+0x10/0x10
[ 1121.577394][T14080]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1121.583305][T14080]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1121.589657][T14080]  ? print_memory_metadata+0x314/0x400
[ 1121.595135][T14080]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1121.600524][T14080]  check_panic_on_warn+0x89/0xb0
[ 1121.605477][T14080]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1121.610866][T14080]  end_report+0x78/0x160
[ 1121.615125][T14080]  kasan_report+0x129/0x150
[ 1121.619642][T14080]  ? _raw_spin_lock_irqsave+0xa7/0xf0
[ 1121.625038][T14080]  ? remove_wait_queue+0x24/0x120
[ 1121.630079][T14080]  __kasan_check_byte+0x2a/0x40
[ 1121.634941][T14080]  lock_acquire+0x8d/0x360
[ 1121.639368][T14080]  ? task_work_add+0x281/0x420
[ 1121.644152][T14080]  _raw_spin_lock_irqsave+0xa7/0xf0
[ 1121.649371][T14080]  ? remove_wait_queue+0x24/0x120
[ 1121.654416][T14080]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[ 1121.660335][T14080]  ? __fput_deferred+0x215/0x390
[ 1121.665287][T14080]  ? __pfx___fput_deferred+0x10/0x10
[ 1121.670587][T14080]  remove_wait_queue+0x24/0x120
[ 1121.675457][T14080]  poll_freewait+0xb1/0x240
[ 1121.679975][T14080]  do_select+0x172f/0x17e0
[ 1121.684407][T14080]  ? do_select+0xbb1/0x17e0
[ 1121.688934][T14080]  ? __pfx_do_select+0x10/0x10
[ 1121.693712][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.698402][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.703090][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.707777][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.712466][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.717154][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.721843][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.726527][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.731215][T14080]  ? __pfx_pollwake+0x10/0x10
[ 1121.735918][T14080]  core_sys_select+0x6dd/0xa20
[ 1121.740700][T14080]  ? __pfx_core_sys_select+0x10/0x10
[ 1121.746006][T14080]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1121.751387][T14080]  ? kmem_cache_free+0x18f/0x400
[ 1121.756340][T14080]  __se_sys_pselect6+0x27a/0x300
[ 1121.761292][T14080]  ? __pfx___se_sys_pselect6+0x10/0x10
[ 1121.766759][T14080]  ? rcu_is_watching+0x15/0xb0
[ 1121.771538][T14080]  ? __x64_sys_pselect6+0x21/0xf0
[ 1121.776576][T14080]  do_syscall_64+0xfa/0x3b0
[ 1121.781090][T14080]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1121.786301][T14080]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.792378][T14080]  ? clear_bhb_loop+0x60/0xb0
[ 1121.797068][T14080]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1121.802975][T14080] RIP: 0033:0x7fe96d18e9a9
[ 1121.807401][T14080] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1121.827024][T14080] RSP: 002b:00007fe96df4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1121.835457][T14080] RAX: ffffffffffffffda RBX: 00007fe96d3b6080 RCX: 00007fe96d18e9a9
[ 1121.843441][T14080] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[ 1121.851424][T14080] RBP: 00007fe96d210d69 R08: 0000000000000000 R09: 0000000000000000
[ 1121.859407][T14080] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000000
[ 1121.867387][T14080] R13: 0000000000000000 R14: 00007fe96d3b6080 R15: 00007ffc396c52b8
[ 1121.875373][T14080]  </TASK>
[ 1121.878653][T14080] Kernel Offset: disabled
[ 1121.882965][T14080] Rebooting in 86400 seconds..