last executing test programs:

20m54.572204073s ago: executing program 32 (id=671):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x44008000}, 0x4000000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r3, @ANYBLOB="0000000a010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x38, 0x10, 0x1, 0x70bd2a, 0xffffffea, {0x0, 0x0, 0xe403, r4, 0x3, 0x217f5}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0xfffffffe}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4008040)

20m1.658582032s ago: executing program 33 (id=1161):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000660000000000"], 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x40005}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = timerfd_create(0x8, 0x0)
read(r3, &(0x7f00000000c0)=""/252, 0xfc)
timerfd_settime(r3, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

19m47.4985335s ago: executing program 3 (id=1255):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x54d})
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000000)={&(0x7f0000b7f000/0x4000)=nil, 0x4000})

19m43.949990185s ago: executing program 3 (id=1257):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000900)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2, 0x0, 0x1}, 0x18)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
open(0x0, 0x14927e, 0x0)

19m39.186711132s ago: executing program 3 (id=1279):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000040)={0x0, 0x0, 0x6, 0x1, 0x200, &(0x7f0000000080)="1ae19337aa151f36ae49bb3f8cb95c5bf840d4f1e55efaaf098d47a70eb36a730900000000fdfd000f4743f490c585108c1331c7749299a25a705f5096cb268cbc6070d680e1be250700000005000000472471ff550c0010000007f3c7b61abe4162256004ea8ca5e5b5f379c6eb3257eda08f7e6959090000004d13184d382747e035b4722525e00ade86b4c6d1e157c75d15c1f961ebc0a64d7f2a73f8979fcecacaa64f9b9069ebcc1d5b471edbc4f6c7f1b98ae74e909aa6f25b7fa77bf9cd4ed36d5c53dc519d11c3cc1c22a3b86cf3c645413f4afbcea0c99ded703699d2bb6a4a663b99b6069da5aaf64785a5887c31261d4b9e57ee07000000def6f255ca26108f11f02047d47f2d0fec30f7e92482f71496e184214a4e0c5fdc48b0af0c0478940016d8f0990a0e1090fd515380aae83c5eaeed338701574b64200a16ef2811fadcf1e0f49a514df529061e09ce45e3da03a03fe9b4a6bcfa7d04594e4f6d0714a2e14ea127ab37d64a5e0db630cd4f4a2e6c985a542ff20a9b2193f265f93a258a88dd6c9d6a926dd23d32425849c5d9210007660a617f22133b6cb5087f4c6057942aa18193172bd995fa70a1f949b196f2e2a3c175858575713be5ee3f7f4dcecc98123f9ded3afdebe13d79a7f7fcb2469ae0ac503111401612df7ee995f74fb97a63bf62d61f78c062f959119ab50c1f706a930121ebcd53ccb93d158186ed360750ca8e728150d988844b9a5cff46591ccaff416e5a8c25f9555da5ca6fdf75b86ea6171b046b856168f403b5253a5cc393430a09a4489a0895571e597ac8846f945ffb372a88d3a25978b463dc961416c80c55773f917020751ed51cfd73c1e06fbadd156d56bedc117af95d242d6dccbe2ce34dccd6005e944afa92b22ec9a698469c6edc06caa2cfcd61912607d459b4c28ebea9745bcd4697d75c9601fd333d3cd797963a3c71b7cc5fdc756da8d97207936e5f53b53b732533c2722e03002293517966611602f297de6ff5408777b7a93c45cee3ee5c5601a4e94266b295ea7a86812a7ab8896ec5ea1b12643e1844b185734528399e62bceb8700cc6cd491e4a4430d0a3ba329a5a2fa170fd0b1cc4ba8294de988cd35df2cd7344aa8a9f3432b96fb889c02f484f635a0cc3466a3c2733d45f176931b2db18dba54991a9553cedb7f585786388d4042dbae1c95b769e3d4e036e8afea0a04c04f542b152ca1fd1f8efee60425c5a122fd1b90e98635284abd9f217d9e19cb2a64b354c9d79509cc47d7305114990148a7291cb0fe2d1c773a6664b66ae04aa62c534d072ae54c2ca0d5962cc58945d8924abfc4d5af922462507430d8f2c17479a6678b0b3700000000000000000000000000000000000000000000f800"})
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x0, 0x29, 0x40, '\x00', 0x10000000080})
connect$unix(r3, &(0x7f0000000100)=@abs={0x27}, 0x6e)

19m37.926734794s ago: executing program 3 (id=1282):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/dev_mcast\x00')
pread64(r3, &(0x7f000001a240)=""/102400, 0x19000, 0x41e)

19m36.726544135s ago: executing program 3 (id=1285):
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x28000600)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000240), 0x2)
r3 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x18\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x2)
ftruncate(r3, 0x10000)
fcntl$addseals(r3, 0x409, 0x7)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={r3, 0x0, 0x0, 0x8000})
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
dup3(r1, r0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x7ff, 0x51, 0x6, 0x1, 0x7, 0x6, 0x1, 0x11791ce8}, &(0x7f0000000100)={0x316b4f72, 0x1, 0x6322, 0xffffffffffffffdf, 0x81, 0x800, 0x7, 0x8}, 0x0, 0x0, 0x0)

19m36.417938283s ago: executing program 3 (id=1288):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880))
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = dup(r1)
r4 = fcntl$dupfd(r0, 0x406, r2)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

19m18.636066241s ago: executing program 34 (id=1288):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000880))
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = dup(r1)
r4 = fcntl$dupfd(r0, 0x406, r2)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0})
ioctl$VHOST_NET_SET_BACKEND(r4, 0x4008af30, &(0x7f0000000080)={0x0, r3})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})

18m13.305759578s ago: executing program 1 (id=1609):
syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
socket$nl_generic(0x10, 0x3, 0x10)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x88400)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xf, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xe}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r2}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
r3 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/protocols\x00')
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r4, @ANYRES16=r0], 0x0)

18m11.350520676s ago: executing program 1 (id=1619):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000200)='./file0\x00', 0x28e08a7aa33ba155)
gettid()
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000640)=0x10)
close(r3)

18m9.921391811s ago: executing program 1 (id=1621):
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x9)
syz_io_uring_setup(0x10c, &(0x7f0000000580)={0x0, 0xa006d89, 0x400, 0xfffffffd, 0x69}, &(0x7f0000000000), &(0x7f0000000040))
capset(&(0x7f00000020c0)={0x20080522}, &(0x7f0000000500)={0x0, 0x3, 0x647, 0x0, 0x40000, 0x1000})
setrlimit(0x40000000000008, &(0x7f0000000000))
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe6c, 0x30, 0x25, 0x0, 0x0, {}, [{0xe58, 0x1, [@m_pedit={0xe54, 0x1, 0x0, 0x0, {{0xa}, {0xe28, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x4}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {0x0, 0x0, 0x0, 0x10}, {}, {}, {0x0, 0x0, 0x4}, {}, {}, {0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x200}, {}, {}, {}, {0x10001}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {}, {}, {0xfffffffe, 0x0, 0x0, 0x0, 0x20000000}, {}, {}, {0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x5}, {}, {}, {}, {0x0, 0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0xa}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x5}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x10001}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe6c}}, 0x0)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="000000120001002bbd7000fedbdf250700000000", @ANYRES32=0x0, @ANYBLOB="00010000001000001400030076657468315f746f5f6272696467650008001d0008000000"], 0x3c}, 0x1, 0x0, 0x0, 0x845}, 0x1004)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f00000001c0)={0x200000000000001}, 0x8)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000003c0), 0x88800)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket(0xa, 0x2, 0x0)
r4 = dup(r3)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{}, 0x0, &(0x7f0000000080)=r4}, 0x20)
sendto$inet6(r2, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c)

18m9.538899275s ago: executing program 1 (id=1623):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x45, 0x1488, 0xffffffffffffffff, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x3, 0x0, r6}, 0x50)
write$UHID_INPUT(r4, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a3f00005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)

18m8.341738088s ago: executing program 1 (id=1626):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240), 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
futex(&(0x7f00000000c0)=0x1, 0x6, 0x0, &(0x7f00000001c0), 0x0, 0x2)
fsopen(0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000440), 0x9)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f00000002c0)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x4, 0x9, 0x0, 0x2, 0x300}, {0x6e}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfff0}, {0x5, 0x0, 0xc, 0x9}, {0x3, 0x0, 0x6, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

18m6.890463116s ago: executing program 1 (id=1630):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x28, 0x1e, 0x21, 0x0, 0x20000000, {0x7}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0xa, 0x2, 0x0, 0x0, @str='w\xa9\xe2\x00\x00\x00'}]}, 0x28}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x2, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001dc0)=ANY=[], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={&(0x7f0000000040)="bfd26285e335", &(0x7f0000000200)=""/197, &(0x7f0000000300), &(0x7f0000000340), 0x5, r6}, 0x38)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x4d, 0x800000, 0x8, 0x5, 0x80, 0x81})
write$bt_hci(r5, &(0x7f0000000080)=ANY=[], 0x6)
write$tun(r3, &(0x7f00000034c0)=ANY=[@ANYBLOB="00000800020003000000000000000000080045f00fbc00000011032190780a010101ffffffff0420880b000000000000080050726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c980832248d1fc96c6b2fb2a4dffa91026dd0228974f70bea2a8e3fe0c9aae345d6e19f2000086ddac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb5373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb1b307f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c2a26f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153f2150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0d0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb078a8c414b949c0c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08074e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b16877ec0b3a27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d537cd5ebf89f50b575b37b9a337f653919a569229009080088be00000000100000000100000000000000080022eb0000000020000000020000000000000000000000080065580000100020e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084bc69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bc"], 0xfce)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000000c0)=0x1, 0x4)

17m50.712378891s ago: executing program 35 (id=1630):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa006}, 0x4)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)={0x28, 0x1e, 0x21, 0x0, 0x20000000, {0x7}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @typed={0xa, 0x2, 0x0, 0x0, @str='w\xa9\xe2\x00\x00\x00'}]}, 0x28}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x2, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001dc0)=ANY=[], 0x50)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={&(0x7f0000000040)="bfd26285e335", &(0x7f0000000200)=""/197, &(0x7f0000000300), &(0x7f0000000340), 0x5, r6}, 0x38)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, &(0x7f0000000080)={0x4d, 0x800000, 0x8, 0x5, 0x80, 0x81})
write$bt_hci(r5, &(0x7f0000000080)=ANY=[], 0x6)
write$tun(r3, &(0x7f00000034c0)=ANY=[@ANYBLOB="00000800020003000000000000000000080045f00fbc00000011032190780a010101ffffffff0420880b000000000000080050726483718ba3e6d08f7571cc59e627d3ed353e879da15784c220746fc2eba11f56fe932b544f53b43a34b265bd5d44fd38791b56b3b8767c382bc52ee2b8fcbbd661f151afd5315d5f502920c297a3916d7ea039eb558ebb06336662367e15363058de9b806035d5c980832248d1fc96c6b2fb2a4dffa91026dd0228974f70bea2a8e3fe0c9aae345d6e19f2000086ddac10ef31176d1af88e863d588661a0756365388ef6f2d7b69fb82dc9e7de475e5aad52fa5b61fb1730a4f8ba342b81d86460c5cc35df8bdc3e55e1e92140c9ed10cfd396d4fb331e1901da8dfd47cd7431fd6cb967f7d84f0ba6de4a73b26c286edc3684534e70f60b30b7aefec9309c13a29b35e134d47c3579870d43bcc2babd71412ade39c68b036b5e7a6e90c25efe7a5b3ff3fae0fe7459e71cb431cb8f6a45a9a21d938cbd1de67fde856f05154095c3d86b9f4bac02987d8a06aae5f8d3da56748f1f6b1e9de4d1afaea08c70a943b080bf77494e5dcc17fe38bb0a0b36a008f7805cfdbe5a89e2e12e013b6ff42e3f9e825f3d604768f87273edad56c12c8a5eacd9b63ea6fa1ecf16139cb19c579c4f0a125a755439e6dc9c1637c0d23c1c281af2982cca306b2d3dbaede299bfe4f2ebd822abfabafef3f159049cc24f01a412fafe3d43841a6a4dbed78566e34544a074d4c01cedbb22527e955e8f93ef5a927fdec293a3c78693cae45de7481fdf0f65a43b50d26904594676b7af375752c99e2ba3e00286ab9d438af7b8834c0e71d245c0428ecc5a59f29ab0bca9b1913b9bb5373a94e1daae374d0ed7e7ffd0a1188c83e61e8ee28625483a96a246b9e1cdc8da085de61834a15afd5e7726d711c5ecc008914b9b9f35603330113e548e4509516bac6bc1150b2ace667a540ec84d22c0d0200056918fa3ac596cddd501f7b34f3b97c12c3c10e4b0c67ef01059c2feed93f9169498278daabd27d8537882a87b2edd4b2e6789b90d065ba7a064b2b4ecc1622c8662b3145844c12491ee85dd2acbe057479db9d24e500d9f1af37745f39e7fc7d4e513fa839556155db1ba6d62465a464184f2f4f9c4c822e64c6a357d7bc06caf64db283f0a3a427b400b7dd4df488c9e30db1fdb1774038d32557b69f9c1eba7ec66309bc68c19200aa5f05ec21c1cc9a12667cbae2863198913eac1de18df558c1b5fbceb0e6b521e120e98b39ecc8cabb6c25cdc31d827eeb549fe548f6b29d4f65b176ea0a20411d750f02c660cba2c62935fad8c51324f6f437daa53c81ff2e19b94140f1d72a2540b3fa74ffe85c696a4e4411d4449744ca4b5e8b921c7d62208b88a1df38030c4e09cd264a9c534259737ed6ea798cbc2d0054845dc84e97295efad0f5228fc61710e75a4445a889e230887845fa7f02be62593c352cb344a0f947bdb6c4cf3aab5ecedbd4fdde781c496db32a51f700b2fc19b2c36e257bbb2c735e0f03cd9e49700aee6edaa6952bdc2feef2d2e5463b6778fde3c7ef73477e22a181816883192beee132b3866c4ec977e0cd0b995de650c4c7d3e6e483685f75f9d82f69868d67e64a59e7320707847040bed7bb8c24d5e6a1da326d3226e71933484a2c619592a00db3b086d5fee139abaae14d65698937ef8c066acc7134f085e1e8ccd04a67e128c2d775740f0727c14dfbf8a2ed7f25d353285ab0fd03a8788d725163d27ac13ced25669301f672fb1f404451d85e92e1d0049fa9558c8492cc336ddd5133cb1b307f2901341fb6a021e1b751f22412e76fad6ea2b4a7d756559619fa47b22bc55ef8fdc19fbd6136becc60ff19748e60452e704752c82beb4861ea118875e9fe75a9e6c10c8b922dd8054ef8dd15963db6d505e7eab028322801bb4328d8257e726d937ca83c8efca320c8ecd24313eb5e8114c604781ed936a82740340ac6692bfc3613d2f49bf8284cf60cee6513fd154034e49af838146872e8735962da7f7bbd301f2fd85e597c1b6f8418352ebec83286f9dfab4a0b4dbb8b9c7b55aaf9ac1628d1493c1786c78a8a0b8c58596f1e1ba92b7fcdb80e867fdd299c78b902ac2de3c6d6bad6c5fb0c5db603b7c3c7ff8a64dc4488e07d2b506db960db1503ad72dab8ef405549a5f12a62052be8f7ad3fad32ba8560a8874c06f815ec9912dfcc16d8e0f8c9ab9afceae435a63dcdd1dc6b1e4d186f306ec1c8af08e69ad8fc9860c9bad1af0654c51e0711ecfa47c6b4411010076c975057db6609b47fda736f6ef81863387e3c971479a572145aab35a24475ffea35c1626b644ba12ef8d92cf9310f722b493b2da8ea4c5dcd99d75167e1404642aafbf5db3f8ce95382d7bbd550c0bae73af75dc913ead260ce475b30879d4279efeae49e88b0071661725e9ec5b3579c1716d70971fd301d8ee090a98120bf35ffa62101077362a2a3564022b0bff01e76e641fc01ff731a834509600aadeffe2f00276de348a3c57778865063bd8e348b6e68b5c74298ba911a184f5bfdefd6473272c174c9e644abdf22b3ac39e246ae947ffef4773bcfec3b2a8d03dc8971471dfc50cd5ef6d32ae3486f7d14b0137e80a313910d9bc87aed8c41c6563f646b39c2a26f4add083ab6efb5753fc6b78e7907b9cd8a2cabdf87e202239fffc99e0446915c3bc147635398f73201d7369902225184d8da01641759645bf92b5d73ab153f2150264c3333ce12747ce2642aa04aeeb85513170a67dd93b010e8fd0f3cb290e1fc0040d32bdad7d8b41c4f2d10a3c170dbc3e264e29714a34dd220c2bf3e273d7cb3a9397b16a47c85cca75e4cac2def7c976fb7f38b24bdb8f80486e9cec55574d9f2864085289fd2fc497a3a7fab762877629db9ff70201f07897246f9f5211ced9266b732e9988805669dc1bc8e4ddd235562c7785e2379f1f0dd1e71a98b6d204e6c1a1ee163ceb35f6c436bb2547522bed2a55814a3f5f53d3eceee6c847c12af75fdc8452116ab891a5c6424a79b33c4b56a5412700a907f3eca800fcfba133f8bab9ebae32c699b548aff3ac702699f293fceb7445a7107956adad16a6b73a2fe0c88232f2d9831b238b92c511e4a6e02f784ee328bd979c4728ba0f86cc4ed9a69c6d5bc23496729a6512c4664006afc08de2f4dd89e52108f7c081d11facccb91ebc82415691b6bf05818638b3a4d809ae307f4b2d867a34417dbaad8c01a3773d8ebe56890230bd4a2e2a027d59839e1710cb5d25cec245ed8f86b7d4ed8e4ec48c53387ab1ea059406bf2612a6c730750b41a47bdf51cbec2c3f1b07fd6aba2ea390e138868d71f0a73990e87b383757a199f53bcd25f93b15efaf84a9a3758f5cbc2223a809ba784a5af2d36a3b99e3d143310ecf2bb9d2dd8fe9defdfa3d82e005c52514f13beb97476fb7a0f7ab62892977c9da0b950dbbc89bdd58472619f3bdbf46def88488e7bdf0633ee908a4e4e795e92037b74db18672e168514e2ad0a2df94357f2dc2c593b251894657c6bea65abfcd76b7037bd5817ab73be94f00031150f375442e0f0d0e7236ed4150637c14f62ecb6713f897889d77d814ead5774d726f307fe32c020cdefda72151798fcde65af6fbe6594eeb078a8c414b949c0c2217a0cc82049c43f6fb3cb7c00fc0305b86dddde708dd8a61a63e799abdd49d6ff1c41b8ecb230891037ca36d7a7e1f6280f52a5d45ff872f11df408ae09fc9b9d371ccf4f2777626ad84426d925dac9bbacc785acb5c29cbf9d6aec77d5ac48778ab4682b7bb611f342a72c26417a5e432e5d956844e19739e61999a78c615acc09f415032031ac6cb839da764331d131acbe66b502e7f1a5b9dc68df7f5524e7bc6fdfa982b39af2cbff69052d04be78821282dbfc034e64943004375f16cf4741526aaafebfc1a6d4a38d4c345aa22c94922f145b6c449a216b6c382565598125156fad8097c2e7ea65063cdfe34e50fb75939f3b3cf5ab8a3448ead3cc36358f45b0eaabf8ff2b64a1923407226f24420978d03d6bcefc2b45a74425017c11146e25f6d41912f39afecaa19090123ea2605994978b00a347aba322cd10822933e3f5988477ce1b2aff651553ec4977b185e5c7aaa4c64b4fb49cfc0cad75e85c0617e19f26fd0932a4bba0821d5a4d9449773c2d3c25e8aee59155346502b72a4d6818f143695acd5b83a336d02e2d1b9da5740e287c4694012f9648656c51cd44431c54301ea55f48197d1280421793598db89820937aa6a41d69618f55fd9c40dc0742e77d4ddf4a68a6cecba47ff0a22e2734bc9556193642b92838c891b4ed109af35190332aabb9aab184076cfc99f08814bebe47fccd12005ad926a643c791ecda50458a1106a033408fb90da10f8d6e42b3a462e9f9a1a2752c21967884ea79a1148f3dd0304bef05747458c7859dbf7f6df08074e9ac221677b70546909329c5557adb255cc33c1f9b762188e2498a7744f066df3fb8bee6261db37489b63f9bda047a06cbc588ff1255e3b63a86a5ca353160e0dc4088ea691c768f5d36397cb64c6db2d5bd39473a9d1209d021b8017434874ed5f99d9fc27d5549eaecdcfb7093549acaea45610221192942e108def0efbc004bbfef195af7dcdc0b75097eba13d621c2ca5ee3bfd2845b21a910e8ea21536768e1e5081997ae7415a55e58e1294d8ff3bc95faf96a65501b922382f4f75a0f938b290fd66bb3ccdc33734bafa18a3765d23f151951b8c8c6939de018c4e9ca253dff4a1fc70a601bba8c2e146a79166745e5fd1748c638a7a945e5f5aea0a93c7861446ef5996e37231e573245dae58b16877ec0b3a27ada3fde66bb00f51f7e47970855d1057739ccf583666055187173bfd1454a5fbcfd59f39b6ad63fbfbe0fea9a6b336a41ec316acedd38cc6fab7de1190c97bed6e8f1cdb47d59941955f87a59d953c0f60f68a63fcf8f6f76b3eb5d79d94a2eeb3fb28781b1bbd31937c6f6e2d6fa7d2f4134702fdc0a2250bbec420c73a89c1643379235a492c2cbb3280ec3e676fcc1b33aaa645234eebefb1c28c52646a33c1989a386d537cd5ebf89f50b575b37b9a337f653919a569229009080088be00000000100000000100000000000000080022eb0000000020000000020000000000000000000000080065580000100020e62929c11cb0549208c925145acbdc02d1fec745f9b654f2d97c9269199fc2293765cfbba8e22fa0ba230c891eb5a9490864bc2e2993a2831d52a0f75fda3f213ec297d9acaa7a8aedc6826e3274b7f48681313b4b677b469a77dd667c84aaf2766d84d9f6dd1b6aa2ab1860b1394813e57c4c6d557a4d049d74cdc674b82da3e6c6f0b9a890edc47dd5a6801c24ba1da62ac03a3620d1f109122a34cd8f552730c4239a81f09bc9174d89403e8011a5436bc7abbd69d49f68a786837a51689f7a4b422061f4768c9052c000016fffffe700e53f083b13e53ef485d121779c5da2b6ce80f9cc4a030570a1cc071d9a6845b6018baaa77418d5fb030700f7b63620c369c466108465b7c7967c0c84a9b828118c9ba7808abfe69f783c3795ecbe1714d91d56b64b9e8e7f86d3fff9c8084bc69fcf586b23c29dc078db3fda0fe8cfaed8ab7a5a39bc2ec6a1410270ea7d41ecbd90e45fc60062bc"], 0xfce)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000000c0)=0x1, 0x4)

12m19.266324345s ago: executing program 8 (id=4589):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x66, 0x0, 0x0, 0x11, 0x0, @private=0xa010101, @multicast1}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0x63, 0x0, &(0x7f0000000000)="ff", 0x0, 0x149d, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)

12m18.246148841s ago: executing program 8 (id=4597):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000000)=0x7)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0x143000)

12m17.134441851s ago: executing program 8 (id=4612):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
listen(r1, 0x9)
readv(r0, &(0x7f0000000b40)=[{&(0x7f00000002c0)=""/143, 0x8f}], 0x1)
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c000000140011f225bd7000fddbcf250284", @ANYRES32], 0x4c}, 0x1, 0x0, 0x0, 0x48000}, 0x40)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000002000010000000000000000000220000000000000000000000500190002000000080009000000000008000b0005000000080017004e214e22080001"], 0x5c}}, 0x0)

12m16.881357234s ago: executing program 8 (id=4615):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0x1000, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x80000, 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', r0, &(0x7f0000000240)='./file0\x00', 0x240)

12m16.756054196s ago: executing program 8 (id=4618):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e22, 0x4, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x36}}, 0x6}, 0x1c)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12m16.120301509s ago: executing program 8 (id=4625):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000500)=0xd0)
recvmsg$can_raw(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1}, 0x40000003)

12m15.75989231s ago: executing program 36 (id=4625):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000500)=0xd0)
recvmsg$can_raw(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000780)=""/4096, 0x1000}], 0x1}, 0x40000003)

11m55.354403198s ago: executing program 6 (id=4819):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000808500000070000000850000005000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r2}, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r3}, 0x10)
close(r1)

11m54.915972825s ago: executing program 6 (id=4825):
mount$fuseblk(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=0x0])
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x44, 0x30, 0x1, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f0000000280)={0x3, 0x0, 0x0, 0x0, 0x7fffffff})
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
tkill(0x0, 0xb)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r2, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})

11m53.457854575s ago: executing program 6 (id=4832):
r0 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0xe6, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000020000c4000007008209", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r2, @ANYBLOB="00000002e000030000000000000000000ffe000008"], 0x38}}, 0x2000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

11m52.378441482s ago: executing program 6 (id=4837):
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)

11m52.172718755s ago: executing program 6 (id=4841):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x20003, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(r3)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
r5 = syz_open_dev$sndpcmc(0x0, 0xb, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r5, 0xc2604110, &(0x7f0000000040)={0x0, [[0x4009ef8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x7fffffff], [0x410000, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x4], [0x6, 0x0, 0x5, 0xffffffff, 0x0, 0x1, 0x0, 0xffffffff]], '\x00', [{}, {0xfffffffd}, {}, {0x0, 0x0, 0x0, 0x1, 0x1}, {0x80000001, 0x0, 0x0, 0x1, 0x1}, {0x7fff, 0x66294544}, {}, {0x8000000, 0x8f96}, {}, {}, {}, {0x0, 0x7}], '\x00', 0x1000})
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000500)={0x28, 0x4, r6, 0x0, &(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_SET(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x0, 0x6ff, 0x0, 0x25dfdbfc, {0x52}}, 0x14}, 0x1, 0x0, 0x0, 0x48004}, 0x0)

11m51.286954383s ago: executing program 6 (id=4852):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d03, 0x0, 0x1}]})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000600)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11m50.686836949s ago: executing program 37 (id=4852):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x61, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d03, 0x0, 0x1}]})
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000600)={0xbe, 0x0, 0x1})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9m43.912694284s ago: executing program 2 (id=5691):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
getpid()
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
iopl(0x3)
semget(0x2, 0x4, 0x200)

9m41.861680306s ago: executing program 2 (id=5693):
syz_open_dev$usbfs(0x0, 0x76, 0x1)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000000580)="b3185d7bb56f70f003360fa8bf71ac3086aedebf6fff904f92849a7a07395ee7f0e4cb1d78001c08a0ab73ffcf5ad07693727980eea946e6cba1723e81bfa5c3688803c8a124dcb27df7938e7ddfdd52"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x4c, 0x0, &(0x7f0000000440)=[@reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000002c0)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

9m32.312864621s ago: executing program 2 (id=5720):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r0, 0x7)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r1, 0x100)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x5, 0x0)
listen(r3, 0x1)
r4 = socket$inet(0xa, 0x801, 0x84)
listen(r4, 0x8)
r5 = socket$inet(0xa, 0x801, 0x84)
listen(r5, 0x8)
r6 = socket$netlink(0x10, 0x3, 0x4)
writev(r6, &(0x7f0000000040)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r6)

9m32.161526945s ago: executing program 2 (id=5723):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000009c00000018000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000308500000053000000bca900000000000035090100000000009500500000000006bf9800000000000036080000020000008500000007000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x1, 0x0, @initdev={0xfe, 0x88, '\x00', 0xfc, 0x0}, 0x2}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
write(r3, &(0x7f0000000300)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a4bce636ea8d2b882b2b49ef18e2a96e41f206d930eda2769c5ee6d5e3d541ce9a21c3ce5cb5fbdad9a45de0000000000000000000000000000f1d3b9821c18", 0x3f80)

9m30.535536467s ago: executing program 2 (id=5725):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad98a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557343c5ca683a4b6fc89398f2b0000f224ab1bf906536e11d3f38e5c27891060017cfa6fa26fa7a34700de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc715f9fa75b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000200)=0x8, 0x4)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x12, 0x4, 0x4, 0x12}, 0x50)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={@map=r4, r0, 0x4}, 0x10)

9m24.325514552s ago: executing program 2 (id=5744):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000003c0)={0x2, 0x1, 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0xd, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x3})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendfile(r3, r3, 0x0, 0x200000)

9m8.209260937s ago: executing program 38 (id=5744):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000003c0)={0x2, 0x1, 0x1})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)=@overlay={0x0, 0x1, 0x4, 0x0, 0xd, {}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, "12848098"}, 0x3})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x185802, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendfile(r3, r3, 0x0, 0x200000)

3m29.822621152s ago: executing program 9 (id=7142):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_RESET(r0, 0x5514)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
move_pages(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000380), 0x6)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="070000000400000008000000010000d631f5145cb7f2258de988e112785974260d430f8228328b507de8dce5cbb871768de787aa119623bb7cc901e55e9fa78e279f66231ae5a97200000000000074ede25497ad30fd21a1e3a266dcf7faf27c4afbc2ee16619f7af0d5be3240cf0866b3ee70b9090b07e53f14cf6257662ceb", @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r5 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r5, &(0x7f0000000040)={0x1f, @none, 0x7}, 0xa)
r6 = memfd_create(0x0, 0x3)
fallocate(r6, 0x0, 0x0, 0x8)
fcntl$addseals(r6, 0x409, 0xe)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x64000}, 0x4040)
r7 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0xe0}}, 0x0)
sendmsg$nl_crypto(r7, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000120003"], 0xf0}}, 0x0)

3m28.201532972s ago: executing program 7 (id=7151):
unshare(0x62000000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='rxrpc_call\x00', r0}, 0x10)

3m27.411576573s ago: executing program 9 (id=7157):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000780)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1d}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m26.738810261s ago: executing program 7 (id=7160):
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0xc0f85403, &(0x7f0000000040))

3m26.633377212s ago: executing program 7 (id=7161):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x1b, &(0x7f0000000a00)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_fd={0x18, 0x1, 0x1, 0x0, r0}, @call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40efe, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

3m26.589458782s ago: executing program 9 (id=7162):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$inet6_opts(r0, 0x29, 0x1, 0x0, &(0x7f0000000580))

3m26.281809688s ago: executing program 7 (id=7165):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20020008008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
ioprio_get$pid(0x3, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x2, 'dvmrp0\x00', 0x4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000ff9f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00feffc0000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x3b)

3m26.145349509s ago: executing program 9 (id=7166):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x44, &(0x7f0000000680)={0x40, 0xe, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

3m24.918315312s ago: executing program 7 (id=7169):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x40)
open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)

3m23.491966068s ago: executing program 7 (id=7175):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000140)={0xcc, 0x0, 0x2001})

3m22.231673856s ago: executing program 9 (id=7177):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001500)={0x78, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x50, 0x8, 0x0, 0x1, [{0x48, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}]}, {0x4}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

3m21.812149767s ago: executing program 9 (id=7182):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000200))

3m12.082085363s ago: executing program 5 (id=7224):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000300)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14)
syz_emit_ethernet(0x3e, &(0x7f0000000cc0)={@local, @link_local, @val={@void, {0x8100, 0x7, 0x1, 0x1}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0xfffd, 0x0, 0x11, 0x0, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0xe, 0x9}}}}}}, 0x0)

3m8.511044355s ago: executing program 5 (id=7229):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008000100", @ANYRES16], 0x1c}}, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xc)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_RATE_GET(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)

3m7.32106055s ago: executing program 39 (id=7175):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000140)={0xcc, 0x0, 0x2001})

3m7.011483036s ago: executing program 5 (id=7233):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0x40000083, 0x0, 0xfff}]})

3m6.040212297s ago: executing program 40 (id=7182):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_REINJECT_CONTROL(r1, 0xae71, &(0x7f0000000200))

3m5.961456852s ago: executing program 5 (id=7236):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[], 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019ef00000000000000002000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

3m5.171118602s ago: executing program 5 (id=7239):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
unlink(&(0x7f0000000040)='.\x00')
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})

3m2.746631296s ago: executing program 5 (id=7242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000480)={{0x5000, 0xb000, 0x10, 0x4, 0x3, 0x5, 0x3d, 0xb9, 0x2, 0x69, 0x1, 0x40}, {0xeeee8000, 0x2000, 0x3, 0x1, 0xa, 0xc0, 0x1, 0x0, 0x5, 0x7, 0x3, 0x2}, {0x1000, 0xffffffff, 0xc, 0x7, 0x9, 0xf, 0xe0, 0x1, 0x9, 0x0, 0x3, 0x2}, {0x26000, 0x4, 0x4, 0x9, 0x3, 0x0, 0x6, 0x4, 0x3, 0x1, 0x1, 0xb}, {0x100000, 0x70000, 0x9, 0x5, 0x5, 0x9, 0x3, 0x8, 0x80, 0x8, 0x2, 0x81}, {0xdddd0000, 0xeeee0000, 0x4, 0x6, 0x47, 0x8, 0x1, 0x10, 0x80, 0x8, 0x3}, {0x0, 0xeeef0000, 0x9, 0x0, 0x8, 0x7a, 0x0, 0x2, 0x37, 0x3, 0x2f, 0x7}, {0xfec00000, 0x7000, 0xb, 0x8d, 0x9, 0x80, 0x9, 0x4, 0x5, 0x5, 0x6, 0x4a}, {0x40000, 0x60}, {0x7000, 0x5}, 0x80000018, 0x0, 0x80a0000, 0x20, 0x9, 0x500, 0xffff1000, 0x0, [0x7, 0x388214f, 0x1, 0x8000000004]})

2m56.664234758s ago: executing program 4 (id=7251):
r0 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10)
connect$l2tp(r0, &(0x7f00000001c0)={0x2, 0x0, @local, 0x1}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)

2m55.414625446s ago: executing program 4 (id=7254):
r0 = semget$private(0x0, 0x6, 0x0)
semop(r0, &(0x7f0000000040)=[{0x1, 0x101}, {0x1}], 0x2)
semop(r0, &(0x7f0000001240)=[{0x0, 0xffff, 0x1000}], 0x1)
semctl$GETNCNT(r0, 0x1, 0xe, 0x0)

2m53.384897652s ago: executing program 4 (id=7258):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000013002f0a2bbd70000000000007006800", @ANYRES32=r1, @ANYBLOB="400a0100652a06003c001a8009000100766c6151000000002c000480280004800c0001"], 0x5c}, 0x1, 0x0, 0x0, 0x11}, 0x8014)

2m51.548394523s ago: executing program 4 (id=7260):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000480)=0xfffffffc, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0xfffd, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @broadcast}, 0x10)

2m49.509206625s ago: executing program 4 (id=7262):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'macvtap0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x5, 0x70bd25, 0x25dfdc00, {0x0, 0x0, 0x0, r2, 0x420, 0x20c0}, [@IFLA_PROTO_DOWN={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)

2m48.792883952s ago: executing program 4 (id=7264):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x1d, 0x0, 0x4})

2m47.459464853s ago: executing program 41 (id=7242):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000480)={{0x5000, 0xb000, 0x10, 0x4, 0x3, 0x5, 0x3d, 0xb9, 0x2, 0x69, 0x1, 0x40}, {0xeeee8000, 0x2000, 0x3, 0x1, 0xa, 0xc0, 0x1, 0x0, 0x5, 0x7, 0x3, 0x2}, {0x1000, 0xffffffff, 0xc, 0x7, 0x9, 0xf, 0xe0, 0x1, 0x9, 0x0, 0x3, 0x2}, {0x26000, 0x4, 0x4, 0x9, 0x3, 0x0, 0x6, 0x4, 0x3, 0x1, 0x1, 0xb}, {0x100000, 0x70000, 0x9, 0x5, 0x5, 0x9, 0x3, 0x8, 0x80, 0x8, 0x2, 0x81}, {0xdddd0000, 0xeeee0000, 0x4, 0x6, 0x47, 0x8, 0x1, 0x10, 0x80, 0x8, 0x3}, {0x0, 0xeeef0000, 0x9, 0x0, 0x8, 0x7a, 0x0, 0x2, 0x37, 0x3, 0x2f, 0x7}, {0xfec00000, 0x7000, 0xb, 0x8d, 0x9, 0x80, 0x9, 0x4, 0x5, 0x5, 0x6, 0x4a}, {0x40000, 0x60}, {0x7000, 0x5}, 0x80000018, 0x0, 0x80a0000, 0x20, 0x9, 0x500, 0xffff1000, 0x0, [0x7, 0x388214f, 0x1, 0x8000000004]})

2m32.373948057s ago: executing program 42 (id=7264):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000080)={0x1d, 0x0, 0x4})

13.491651718s ago: executing program 0 (id=7354):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x301)
ioctl$USBDEVFS_REAPURB(r1, 0x4004550c, &(0x7f0000000180))
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x14, 0x8, 0x2}, 0x8, 0x7, 0x200, 0x0, 0x80, 0x40020000, 0x0})

12.030135796s ago: executing program 0 (id=7355):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="12000000400000000400000002"], 0x50)
socketpair(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000005c0)={r0, &(0x7f00000003c0), &(0x7f0000000580)=@tcp6=r1}, 0x20)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r0, &(0x7f0000000600), &(0x7f0000000340)=@udp6=r2, 0x1}, 0x20)

9.675786365s ago: executing program 0 (id=7356):
r0 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0xfffffff9, 0x4)
syz_emit_ethernet(0x4e, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa3986dd6c370c8900182b01fe800000000000000000000000000025fe8000000000000000000000000000aaff"], 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x6568, 0x4)
recvmmsg(r0, &(0x7f0000000080), 0x40000000000025f, 0x40010002, 0x0)

7.107223163s ago: executing program 0 (id=7357):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xf40, 0x0, 0xfffbfffd, 0x1, 0x50, '\f\x00', 0x4, 0x200})
writev(r0, &(0x7f0000001880)=[{&(0x7f0000000100)='VV', 0x2}], 0x1)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x8)

5.524495945s ago: executing program 0 (id=7358):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0x1fffffffffffffcd, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x2010000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000580)={{r0}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14}, 0x94)

0s ago: executing program 0 (id=7359):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000180)={r0, r0, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x6, 0x0, 0x8, 'syz1\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000040)={0x2, &(0x7f0000000d40)=[{@none}, {}]})

kernel console output (not intermixed with test programs):

T806] usblp 9-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 8 proto 3 vid 0x03F0 pid 0x0004
[  712.369609][  T806] usb 9-1: USB disconnect, device number 8
[  712.417876][  T806] usblp0: removed
[  712.981653][T16350] chnl_net:caif_netlink_parms(): no params data found
[  713.051141][ T5806] Bluetooth: hci2: command tx timeout
[  713.051314][    T9] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  713.051334][    T9] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  713.379470][ T2211] bridge_slave_1: left allmulticast mode
[  713.379502][ T2211] bridge_slave_1: left promiscuous mode
[  713.379766][ T2211] bridge0: port 2(bridge_slave_1) entered disabled state
[  713.452865][ T2211] bridge_slave_0: left allmulticast mode
[  713.452898][ T2211] bridge_slave_0: left promiscuous mode
[  713.453152][ T2211] bridge0: port 1(bridge_slave_0) entered disabled state
[  713.642071][    T9] libceph: connect (1)[c::]:6789 error -101
[  713.642299][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  713.834469][T16484] ceph: No mds server is up or the cluster is laggy
[  713.901589][ T5940] libceph: connect (1)[c::]:6789 error -101
[  713.901822][ T5940] libceph: mon0 (1)[c::]:6789 connect error
[  716.633121][T16545] overlayfs: unescaped trailing colons in lowerdir mount option.
[  718.407700][T16571] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  720.632642][ T2211] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  720.714275][ T2211] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  720.776357][ T2211] bond0 (unregistering): Released all slaves
[  722.009735][T16626] kthread_run failed with err -4
[  723.063965][T16686] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  724.181081][  T806] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  724.331106][  T806] usb 7-1: Using ep0 maxpacket: 32
[  724.333893][  T806] usb 7-1: config 0 has an invalid interface number: 132 but max is 0
[  724.333921][  T806] usb 7-1: config 0 has no interface number 0
[  724.333996][  T806] usb 7-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  724.337886][  T806] usb 7-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  724.337915][  T806] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.337936][  T806] usb 7-1: Product: syz
[  724.337952][  T806] usb 7-1: Manufacturer: syz
[  724.337967][  T806] usb 7-1: SerialNumber: syz
[  724.407144][  T806] usb 7-1: config 0 descriptor??
[  724.431617][  T806] em28xx 7-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  724.431655][  T806] em28xx 7-1:0.132: Video interface 132 found:
[  724.494370][T16350] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.495865][T16350] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.496129][T16350] bridge_slave_0: entered allmulticast mode
[  724.501497][T16350] bridge_slave_0: entered promiscuous mode
[  724.514204][T16350] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.516660][T16350] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.516924][T16350] bridge_slave_1: entered allmulticast mode
[  724.533178][T16350] bridge_slave_1: entered promiscuous mode
[  724.830274][  T806] em28xx 7-1:0.132: unknown em28xx chip ID (0)
[  725.021436][ T2211] hsr_slave_0: left promiscuous mode
[  725.064075][ T2211] hsr_slave_1: left promiscuous mode
[  725.065870][ T2211] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  725.065898][ T2211] batman_adv: batadv0: Removing interface: batadv_slave_0
[  725.124832][ T2211] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  725.125096][ T2211] batman_adv: batadv0: Removing interface: batadv_slave_1
[  725.401649][ T2211] veth1_macvtap: left promiscuous mode
[  725.401765][ T2211] veth0_macvtap: left promiscuous mode
[  725.402033][ T2211] veth1_vlan: left promiscuous mode
[  725.402213][ T2211] veth0_vlan: left promiscuous mode
[  725.434617][  T806] em28xx 7-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5)
[  725.434651][  T806] em28xx 7-1:0.132: failed to read eeprom (err=-5)
[  725.434696][  T806] em28xx 7-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  725.493162][  T806] em28xx 7-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  725.493195][  T806] em28xx 7-1:0.132: analog set to bulk mode.
[  725.493620][   T31] em28xx 7-1:0.132: Registering V4L2 extension
[  725.529806][  T806] usb 7-1: USB disconnect, device number 7
[  725.550337][  T806] em28xx 7-1:0.132: Disconnecting em28xx
[  725.809061][   T31] em28xx 7-1:0.132: Config register raw data: 0xffffffed
[  725.809089][   T31] em28xx 7-1:0.132: AC97 chip type couldn't be determined
[  725.809105][   T31] em28xx 7-1:0.132: No AC97 audio processor
[  725.865671][   T31] usb 7-1: Decoder not found
[  725.865694][   T31] em28xx 7-1:0.132: failed to create media graph
[  725.865910][   T31] em28xx 7-1:0.132: V4L2 device video103 deregistered
[  725.908507][   T31] em28xx 7-1:0.132: Remote control support is not available for this card.
[  725.908605][  T806] em28xx 7-1:0.132: Closing input extension
[  725.955964][  T806] em28xx 7-1:0.132: Freeing device
[  730.672157][ T2211] team0 (unregistering): Port device team_slave_1 removed
[  731.122461][ T2211] team0 (unregistering): Port device team_slave_0 removed
[  731.826899][   T31] libceph: connect (1)[c::]:6789 error -101
[  731.827121][   T31] libceph: mon0 (1)[c::]:6789 connect error
[  732.110328][   T31] libceph: connect (1)[c::]:6789 error -101
[  732.110569][   T31] libceph: mon0 (1)[c::]:6789 connect error
[  732.164230][T16931] ceph: No mds server is up or the cluster is laggy
[  737.930894][T17041] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  738.102096][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  738.276901][    T9] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  738.276934][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.282140][    T9] usb 5-1: config 0 descriptor??
[  739.055984][T16350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  739.155128][T16350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  739.194900][    T9] usb 5-1: Cannot set autoneg
[  739.195442][    T9] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  739.199421][    T9] usb 5-1: USB disconnect, device number 23
[  739.627999][T16350] team0: Port device team_slave_0 added
[  739.632469][T16350] team0: Port device team_slave_1 added
[  740.814419][T16350] batman_adv: batadv0: Adding interface: batadv_slave_0
[  740.814440][T16350] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  740.814471][T16350] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  740.822761][T16350] batman_adv: batadv0: Adding interface: batadv_slave_1
[  740.822781][T16350] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  740.822812][T16350] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  741.384174][T16350] hsr_slave_0: entered promiscuous mode
[  741.387673][T16350] hsr_slave_1: entered promiscuous mode
[  741.411594][T16350] debugfs: 'hsr0' already exists in 'hsr'
[  741.411618][T16350] Cannot create hsr debugfs directory
[  743.897013][T17203] gretap1: entered promiscuous mode
[  745.393847][T16350] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  745.442759][T16350] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  745.471201][   T31] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  745.476568][T16350] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  745.518558][T16350] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  745.623309][   T31] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  745.623351][   T31] usb 5-1: config 0 interface 0 has no altsetting 0
[  745.627083][   T31] usb 5-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  745.627116][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.627139][   T31] usb 5-1: Product: syz
[  745.627154][   T31] usb 5-1: Manufacturer: syz
[  745.627170][   T31] usb 5-1: SerialNumber: syz
[  745.690508][   T31] usb 5-1: config 0 descriptor??
[  745.696121][   T31] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  745.714237][   T31] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  745.715670][   T31] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  745.715772][   T31] usb 5-1: media controller created
[  745.765468][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  745.865735][   T31] DVB: Unable to find symbol tda10046_attach()
[  745.865765][   T31] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  745.865787][   T31] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  745.914050][T17241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  745.914458][T17241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  746.026166][T16350] 8021q: adding VLAN 0 to HW filter on device bond0
[  746.107934][T16350] 8021q: adding VLAN 0 to HW filter on device team0
[  746.132735][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.132964][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  746.169946][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.182979][ T6180] bridge0: port 2(bridge_slave_1) entered forwarding state
[  746.202747][T17269] netlink: 'syz.8.4612': attribute type 22 has an invalid length.
[  746.202772][T17269] netlink: 16 bytes leftover after parsing attributes in process `syz.8.4612'.
[  746.742527][   T31] dvb_usb_m920x 5-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  746.761579][   T31] usb 5-1: USB disconnect, device number 24
[  747.235550][T16350] 8021q: adding VLAN 0 to HW filter on device batadv0
[  747.873861][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  747.901568][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  747.909503][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  747.929025][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  747.934067][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  747.951388][ T5806] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  747.954195][ T5806] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  747.954810][ T5806] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  747.959592][ T5806] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  747.975992][ T5806] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  748.222132][T15960] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  748.391328][T15960] usb 5-1: Using ep0 maxpacket: 16
[  748.397166][T16350] veth0_vlan: entered promiscuous mode
[  748.406281][T15960] usb 5-1: New USB device found, idVendor=2001, idProduct=4002, bcdDevice=df.bf
[  748.406318][T15960] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.425928][T15960] usb 5-1: config 0 descriptor??
[  748.884751][T16350] veth1_vlan: entered promiscuous mode
[  749.361441][T15129] libceph: connect (1)[c::]:6789 error -101
[  749.361756][T15129] libceph: mon0 (1)[c::]:6789 connect error
[  749.527503][T16350] veth0_macvtap: entered promiscuous mode
[  749.622051][T15129] libceph: connect (1)[c::]:6789 error -101
[  749.622262][T15129] libceph: mon0 (1)[c::]:6789 connect error
[  749.733116][T16350] veth1_macvtap: entered promiscuous mode
[  749.834737][T17344] ceph: No mds server is up or the cluster is laggy
[  749.869606][T16350] batman_adv: batadv0: Interface activated: batadv_slave_0
[  750.001214][ T5806] Bluetooth: hci0: command tx timeout
[  750.057018][T16350] batman_adv: batadv0: Interface activated: batadv_slave_1
[  750.092626][T17362] overlayfs: overlapping lowerdir path
[  750.138002][T17321] chnl_net:caif_netlink_parms(): no params data found
[  750.162647][ T2211] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  750.189607][ T2211] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  750.261308][ T2211] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  750.345614][T15960] pegasus 5-1:0.0: can't reset MAC
[  750.345985][T15960] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  750.372887][T15960] usb 5-1: USB disconnect, device number 25
[  750.428492][ T2211] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  750.864760][T17321] bridge0: port 1(bridge_slave_0) entered blocking state
[  750.891937][T17321] bridge0: port 1(bridge_slave_0) entered disabled state
[  750.892207][T17321] bridge_slave_0: entered allmulticast mode
[  750.895034][T17321] bridge_slave_0: entered promiscuous mode
[  751.006577][T17321] bridge0: port 2(bridge_slave_1) entered blocking state
[  751.006707][T17321] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.006912][T17321] bridge_slave_1: entered allmulticast mode
[  751.021177][T17321] bridge_slave_1: entered promiscuous mode
[  751.167718][T17396] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  751.169065][   T31] IPVS: starting estimator thread 0...
[  751.281194][T17398] IPVS: using max 8 ests per chain, 19200 per kthread
[  751.372156][T17321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  751.453098][T17321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  752.077730][T17321] team0: Port device team_slave_0 added
[  752.079667][ T2211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  752.079687][ T2211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  752.081730][ T5806] Bluetooth: hci0: command tx timeout
[  752.492912][T17321] team0: Port device team_slave_1 added
[  752.755966][T17429] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  753.720896][T17321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  753.729936][T17321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  753.729964][T17321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  753.732673][T17321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  753.732685][T17321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  753.732706][T17321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  754.560855][ T5806] Bluetooth: hci0: command tx timeout
[  754.581203][ T7363] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  754.731056][ T7363] usb 5-1: Using ep0 maxpacket: 32
[  754.735003][ T7363] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  754.735035][ T7363] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.739178][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.739199][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  754.740148][ T7363] usb 5-1: config 0 descriptor??
[  754.765588][T17321] hsr_slave_0: entered promiscuous mode
[  754.775681][T17321] hsr_slave_1: entered promiscuous mode
[  754.776995][T17321] debugfs: 'hsr0' already exists in 'hsr'
[  754.777027][T17321] Cannot create hsr debugfs directory
[  754.967259][ T7363] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  754.992377][ T7363] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  754.995131][ T7363] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  754.995198][ T7363] usb 5-1: media controller created
[  755.068919][ T7363] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  755.391075][ T7363] az6027: usb out operation failed. (-71)
[  755.391098][ T7363] stb0899_attach: Driver disabled by Kconfig
[  755.391110][ T7363] az6027: no front-end attached
[  755.391110][ T7363] 
[  755.391481][ T7363] az6027: usb out operation failed. (-71)
[  755.391492][ T7363] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  755.393595][ T7363] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input19
[  755.401359][ T7363] dvb-usb: schedule remote query interval to 400 msecs.
[  755.401388][ T7363] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  755.424867][ T7363] usb 5-1: USB disconnect, device number 26
[  755.690181][ T7363] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  756.614294][T17512] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  756.641278][ T5806] Bluetooth: hci0: command tx timeout
[  757.027853][T17526] netlink: 408 bytes leftover after parsing attributes in process `syz.4.4717'.
[  757.253748][T17536] loop2: detected capacity change from 0 to 7
[  757.299743][T17536]  loop2: p1
[  757.299782][T17536] loop2: partition table partially beyond EOD, truncated
[  757.299940][T17536] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  757.532485][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  757.532560][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  757.617872][T17321] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  758.080859][T17321] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  758.611959][T17557] loop2: detected capacity change from 0 to 7
[  758.621725][T17557] Dev loop2: unable to read RDB block 7
[  758.621764][T17557]  loop2: AHDI p1 p2 p3
[  758.621795][T17557] loop2: partition table partially beyond EOD, truncated
[  758.621917][T17557] loop2: p3 start 335544320 is beyond EOD, truncated
[  758.717500][T17321] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  758.807080][T17321] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  759.164162][T17321] 8021q: adding VLAN 0 to HW filter on device bond0
[  759.231750][T17321] 8021q: adding VLAN 0 to HW filter on device team0
[  759.266747][ T2211] bridge0: port 1(bridge_slave_0) entered blocking state
[  759.278394][ T2211] bridge0: port 1(bridge_slave_0) entered forwarding state
[  759.309436][ T2196] bridge0: port 2(bridge_slave_1) entered blocking state
[  759.309681][ T2196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  759.352703][T17586] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4740'.
[  759.390485][T17586] macvtap1: entered promiscuous mode
[  759.390508][T17586] erspan0: entered promiscuous mode
[  759.390696][T17586] macvtap1: entered allmulticast mode
[  759.390710][T17586] erspan0: entered allmulticast mode
[  759.512252][T17589] macvtap1: left promiscuous mode
[  759.512280][T17589] erspan0: left promiscuous mode
[  759.512614][T17589] macvtap1: left allmulticast mode
[  759.512631][T17589] erspan0: left allmulticast mode
[  760.057808][   T31] libceph: connect (1)[c::]:6789 error -101
[  760.057992][   T31] libceph: mon0 (1)[c::]:6789 connect error
[  760.209703][T17321] 8021q: adding VLAN 0 to HW filter on device batadv0
[  760.311290][   T31] libceph: connect (1)[c::]:6789 error -101
[  760.311514][   T31] libceph: mon0 (1)[c::]:6789 connect error
[  760.345812][T17616] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check.
[  760.500192][T17603] ceph: No mds server is up or the cluster is laggy
[  760.993760][ T5997] libceph: connect (1)[c::]:6789 error -101
[  760.993985][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  760.994581][ T5997] libceph: connect (1)[c::]:6789 error -101
[  760.994786][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  761.251685][ T7363] libceph: connect (1)[c::]:6789 error -101
[  761.251913][ T7363] libceph: mon0 (1)[c::]:6789 connect error
[  761.401148][T17632] ceph: No mds server is up or the cluster is laggy
[  761.707198][T17321] veth0_vlan: entered promiscuous mode
[  761.745627][T17321] veth1_vlan: entered promiscuous mode
[  761.939445][T17321] veth0_macvtap: entered promiscuous mode
[  761.947740][T17321] veth1_macvtap: entered promiscuous mode
[  761.979102][T17321] batman_adv: batadv0: Interface activated: batadv_slave_0
[  761.985929][T17321] batman_adv: batadv0: Interface activated: batadv_slave_1
[  762.010791][ T3081] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  762.027668][ T3081] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  762.027717][ T3081] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  762.027757][ T3081] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  763.090501][  T161] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  763.090525][  T161] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  763.191085][  T784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  763.191108][  T784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  764.083169][ T5997] libceph: connect (1)[c::]:6789 error -101
[  764.083360][ T5997] libceph: mon0 (1)[c::]:6789 connect error
[  764.411384][T17690] ceph: No mds server is up or the cluster is laggy
[  764.753134][  T191] libceph: connect (1)[c::]:6789 error -101
[  764.753454][  T191] libceph: mon0 (1)[c::]:6789 connect error
[  765.344442][T17717] input: syz0 as /devices/virtual/input/input20
[  766.271183][  T806] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  766.411138][T15960] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  766.441049][  T806] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  766.441107][  T806] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  766.441133][  T806] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.445310][  T806] usb 5-1: config 0 descriptor??
[  766.446230][T17739] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  766.580170][T15960] usb 10-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  766.580272][T15960] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.580297][T15960] usb 10-1: Product: syz
[  766.580314][T15960] usb 10-1: Manufacturer: syz
[  766.580328][T15960] usb 10-1: SerialNumber: syz
[  766.642660][T15960] usb 10-1: config 0 descriptor??
[  766.858733][  T806] ryos 0003:1E7D:3138.000F: item fetching failed at offset 1/5
[  766.859613][  T806] ryos 0003:1E7D:3138.000F: parse failed
[  766.859696][  T806] ryos 0003:1E7D:3138.000F: probe with driver ryos failed with error -22
[  766.921469][T15960] usb 10-1: USB disconnect, device number 2
[  767.069216][T15129] usb 5-1: USB disconnect, device number 27
[  767.524147][T17774] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1110260093 (4441040372 ns) > initial count (1585815008 ns). Using initial count to start timer.
[  769.323165][T15960] libceph: connect (1)[c::]:6789 error -101
[  769.323380][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  769.372345][T17814] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4824'.
[  769.423710][T17814] IPVS: Error connecting to the multicast addr
[  769.499411][T17807] ceph: No mds server is up or the cluster is laggy
[  769.581476][T15960] libceph: connect (1)[c::]:6789 error -101
[  769.581699][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  773.078187][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  773.108276][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  773.110508][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  773.126021][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  773.126903][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  774.091102][ T7363] usb 5-1: new low-speed USB device number 28 using dummy_hcd
[  774.279321][ T7363] usb 5-1: unable to get BOS descriptor or descriptor too short
[  774.290505][ T7363] usb 5-1: config 3 has an invalid interface number: 197 but max is 0
[  774.290535][ T7363] usb 5-1: config 3 has no interface number 0
[  774.290570][ T7363] usb 5-1: config 3 interface 197 has no altsetting 0
[  774.338289][ T7363] usb 5-1: string descriptor 0 read error: -22
[  774.338402][ T7363] usb 5-1: New USB device found, idVendor=1bc7, idProduct=0021, bcdDevice=7d.ff
[  774.338419][ T7363] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  774.621946][ T7363] usb 5-1: USB disconnect, device number 28
[  774.982733][ T2131] bridge_slave_1: left allmulticast mode
[  774.982766][ T2131] bridge_slave_1: left promiscuous mode
[  774.983047][ T2131] bridge0: port 2(bridge_slave_1) entered disabled state
[  775.153290][ T2131] bridge_slave_0: left allmulticast mode
[  775.153329][ T2131] bridge_slave_0: left promiscuous mode
[  775.153596][ T2131] bridge0: port 1(bridge_slave_0) entered disabled state
[  775.201188][ T5802] Bluetooth: hci4: command tx timeout
[  775.934845][T17966] netlink: 'syz.7.4888': attribute type 10 has an invalid length.
[  777.281081][ T5802] Bluetooth: hci4: command tx timeout
[  778.762022][ T2131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  778.851961][ T2131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  778.893228][ T2131] bond0 (unregistering): Released all slaves
[  778.968026][T17966] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  779.022468][T17971] kthread_run failed with err -4
[  779.102593][T17902] chnl_net:caif_netlink_parms(): no params data found
[  779.365214][ T5802] Bluetooth: hci4: command tx timeout
[  780.330577][T15960] libceph: connect (1)[c::]:6789 error -101
[  780.330792][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  780.581425][T15960] libceph: connect (1)[c::]:6789 error -101
[  780.581583][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  780.773261][T17902] bridge0: port 1(bridge_slave_0) entered blocking state
[  780.773502][T17902] bridge0: port 1(bridge_slave_0) entered disabled state
[  780.773767][T17902] bridge_slave_0: entered allmulticast mode
[  780.781683][T17902] bridge_slave_0: entered promiscuous mode
[  780.819013][T17902] bridge0: port 2(bridge_slave_1) entered blocking state
[  780.819154][T17902] bridge0: port 2(bridge_slave_1) entered disabled state
[  780.819505][T17902] bridge_slave_1: entered allmulticast mode
[  780.825577][T17902] bridge_slave_1: entered promiscuous mode
[  780.881861][T18069] ceph: No mds server is up or the cluster is laggy
[  781.455290][ T5802] Bluetooth: hci4: command tx timeout
[  781.794160][ T2131] hsr_slave_0: left promiscuous mode
[  781.871913][ T2131] hsr_slave_1: left promiscuous mode
[  781.873601][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_0
[  781.947271][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_1
[  782.798053][T15960] libceph: connect (1)[c::]:6789 error -101
[  782.798276][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  783.061691][T15960] libceph: connect (1)[c::]:6789 error -101
[  783.061903][T15960] libceph: mon0 (1)[c::]:6789 connect error
[  783.135402][T18126] ceph: No mds server is up or the cluster is laggy
[  789.661042][    T9] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  789.831164][    T9] usb 10-1: Using ep0 maxpacket: 32
[  789.833942][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  789.833976][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  789.834026][    T9] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  789.834052][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.839359][    T9] usb 10-1: config 0 descriptor??
[  789.844378][    T9] hub 10-1:0.0: USB hub found
[  789.912869][ T2131] team0 (unregistering): Port device team_slave_1 removed
[  790.053316][    T9] hub 10-1:0.0: 1 port detected
[  790.244993][ T2131] team0 (unregistering): Port device team_slave_0 removed
[  791.321269][    T9] hub 10-1:0.0: hub_hub_status failed (err = -32)
[  791.321300][    T9] hub 10-1:0.0: config failed, can't get hub status (err -32)
[  791.327460][    T9] usbhid 10-1:0.0: can't add hid device: -32
[  791.327587][    T9] usbhid 10-1:0.0: probe with driver usbhid failed with error -32
[  791.364236][    T9] usb 10-1: USB disconnect, device number 3
[  791.994919][T18333] loop7: detected capacity change from 0 to 16384
[  792.178576][T18336] loop7: detected capacity change from 16384 to 0
[  792.179349][    C0] I/O error, dev loop7, sector 256 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  794.070721][T17902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  794.142233][T17902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  796.040089][T17902] team0: Port device team_slave_0 added
[  796.161682][T17902] team0: Port device team_slave_1 added
[  796.503762][T18448] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5084'.
[  796.935535][T17902] batman_adv: batadv0: Adding interface: batadv_slave_0
[  796.935555][T17902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  796.935586][T17902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  797.091346][T18455] block device autoloading is deprecated and will be removed.
[  797.099433][T17902] batman_adv: batadv0: Adding interface: batadv_slave_1
[  797.099452][T17902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  797.099482][T17902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  798.714347][T17902] hsr_slave_0: entered promiscuous mode
[  798.715849][T17902] hsr_slave_1: entered promiscuous mode
[  801.085813][T17902] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  801.116553][T17902] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  801.157086][T17902] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  801.218011][T17902] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  801.487716][T17902] 8021q: adding VLAN 0 to HW filter on device bond0
[  801.535677][T17902] 8021q: adding VLAN 0 to HW filter on device team0
[  801.591816][ T1490] bridge0: port 1(bridge_slave_0) entered blocking state
[  801.592053][ T1490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  801.653812][ T6033] bridge0: port 2(bridge_slave_1) entered blocking state
[  801.653977][ T6033] bridge0: port 2(bridge_slave_1) entered forwarding state
[  802.384497][T17902] 8021q: adding VLAN 0 to HW filter on device batadv0
[  802.867676][T17902] veth0_vlan: entered promiscuous mode
[  802.927149][T17902] veth1_vlan: entered promiscuous mode
[  803.283724][T17902] veth0_macvtap: entered promiscuous mode
[  803.334353][T17902] veth1_macvtap: entered promiscuous mode
[  803.539269][T17902] batman_adv: batadv0: Interface activated: batadv_slave_0
[  803.612207][T17902] batman_adv: batadv0: Interface activated: batadv_slave_1
[  804.535061][ T2131] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  804.535679][ T2131] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  804.536301][ T2131] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  804.537559][ T2131] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  804.651797][T18595] netlink: 'syz.7.5145': attribute type 39 has an invalid length.
[  805.469149][ T2131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.469173][ T2131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  805.697605][ T2196] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  805.697630][ T2196] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  808.383051][T18659] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  810.751627][T15129] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  810.926284][T15129] usb 10-1: config 220 has an invalid interface number: 76 but max is 2
[  810.926307][T15129] usb 10-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  810.926321][T15129] usb 10-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  810.926335][T15129] usb 10-1: config 220 has no interface number 2
[  810.926387][T15129] usb 10-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  810.926407][T15129] usb 10-1: config 220 interface 0 has no altsetting 0
[  810.926420][T15129] usb 10-1: config 220 interface 76 has no altsetting 0
[  810.926433][T15129] usb 10-1: config 220 interface 1 has no altsetting 0
[  810.928418][T15129] usb 10-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  810.928439][T15129] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  810.928453][T15129] usb 10-1: Product: syz
[  810.928464][T15129] usb 10-1: Manufacturer: syz
[  810.928474][T15129] usb 10-1: SerialNumber: syz
[  811.540198][T15129] uvcvideo 10-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  811.540236][T15129] uvcvideo 10-1:220.0: No valid video chain found.
[  811.540303][T15129] usb 10-1: selecting invalid altsetting 0
[  811.679327][T15129] usb 10-1: selecting invalid altsetting 0
[  811.697075][T15129] usbtest 10-1:220.1: probe with driver usbtest failed with error -22
[  811.721727][T15129] usb 10-1: USB disconnect, device number 4
[  813.531086][ T5940] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  813.683727][ T5940] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  813.683762][ T5940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  813.687784][ T5940] usb 3-1: config 0 descriptor??
[  814.785292][T18788] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  816.171965][ T5940] usb 3-1: Cannot set autoneg
[  816.172258][ T5940] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  816.175686][T18823] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5233'.
[  816.175719][T18823] netlink: 8 bytes leftover after parsing attributes in process `syz.9.5233'.
[  816.191626][ T5940] usb 3-1: USB disconnect, device number 7
[  817.384153][T18852] loop7: detected capacity change from 0 to 16384
[  817.745258][T18855] loop7: detected capacity change from 16384 to 0
[  817.762478][    C1] I/O error, dev loop7, sector 2056 op 0x0:(READ) flags 0x80700 phys_seg 31 prio class 2
[  819.407071][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  819.408893][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  821.690262][T18927] kvm: pic: non byte read
[  821.753051][T18927] kvm: pic: single mode not supported
[  821.753259][T18927] kvm: pic: level sensitive irq not supported
[  821.754147][T18927] kvm: pic: non byte read
[  821.754566][T18927] kvm: pic: non byte read
[  821.754862][T18927] kvm: pic: single mode not supported
[  821.754929][T18927] kvm: pic: non byte read
[  821.755474][T18927] kvm: pic: non byte read
[  821.755825][T18927] kvm: pic: non byte read
[  821.756131][T18927] kvm: pic: single mode not supported
[  821.756141][T18927] kvm: pic: level sensitive irq not supported
[  821.756216][T18927] kvm: pic: non byte read
[  821.756695][T18927] kvm: pic: non byte read
[  821.756991][T18927] kvm: pic: single mode not supported
[  821.757056][T18927] kvm: pic: non byte read
[  821.757512][T18927] kvm: pic: single mode not supported
[  821.757586][T18927] kvm: pic: non byte read
[  825.085544][ T5997] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  825.233406][ T5997] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  825.233440][ T5997] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  825.233461][ T5997] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  825.233482][ T5997] usb 5-1: config 220 has no interface number 2
[  825.233566][ T5997] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  825.233596][ T5997] usb 5-1: config 220 interface 0 has no altsetting 0
[  825.233615][ T5997] usb 5-1: config 220 interface 76 has no altsetting 0
[  825.233634][ T5997] usb 5-1: config 220 interface 1 has no altsetting 0
[  825.238875][ T5997] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  825.238907][ T5997] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  825.238928][ T5997] usb 5-1: Product: syz
[  825.238943][ T5997] usb 5-1: Manufacturer: syz
[  825.238959][ T5997] usb 5-1: SerialNumber: syz
[  825.711205][ T5997] usb 5-1: selecting invalid altsetting 0
[  825.747871][ T5997] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  825.747908][ T5997] uvcvideo 5-1:220.0: No valid video chain found.
[  825.760851][ T5997] usb 5-1: selecting invalid altsetting 0
[  825.777706][ T5997] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  825.811230][ T5997] usb 5-1: USB disconnect, device number 29
[  827.241937][ T5916] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  827.603362][ T5916] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  827.603401][ T5916] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  827.603441][ T5916] usb 10-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  827.603466][ T5916] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.618606][ T5916] usb 10-1: config 0 descriptor??
[  828.069009][ T5916] hid_parser_main: 5 callbacks suppressed
[  828.069037][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069070][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069098][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069126][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069154][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069182][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.069209][ T5916] cp2112 0003:10C4:EA90.0010: unknown main item tag 0x0
[  828.143950][ T5916] cp2112 0003:10C4:EA90.0010: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.9-1/input0
[  828.267593][ T5916] cp2112 0003:10C4:EA90.0010: Part Number: 0x82 Device Version: 0xFE
[  828.516244][T19006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  828.516947][T19006] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  828.555475][ T5916] cp2112 0003:10C4:EA90.0010: error requesting SMBus config
[  829.452302][ T5916] cp2112 0003:10C4:EA90.0010: probe with driver cp2112 failed with error -71
[  829.478196][ T5916] usb 10-1: USB disconnect, device number 5
[  830.689612][T19080] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  830.849751][T19085] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  834.474087][T19167] kvm: emulating exchange as write
[  835.731756][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  836.098860][    T9] usb 3-1: Using ep0 maxpacket: 32
[  836.486097][T19216] loop2: detected capacity change from 0 to 7
[  836.506159][T19216] Dev loop2: unable to read RDB block 7
[  836.506212][T19216]  loop2: unable to read partition table
[  836.506784][T19216] loop2: partition table beyond EOD, truncated
[  836.506808][T19216] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  836.569009][    T9] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  836.569039][    T9] usb 3-1: config 0 has no interface number 0
[  836.569095][    T9] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  836.606312][    T9] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  836.606345][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.606366][    T9] usb 3-1: Product: syz
[  836.606382][    T9] usb 3-1: Manufacturer: syz
[  836.606396][    T9] usb 3-1: SerialNumber: syz
[  836.612162][    T9] usb 3-1: config 0 descriptor??
[  836.652807][T19203] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  836.858528][T19203] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  838.679206][    T9] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  838.679241][    T9] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  838.679612][    T9] asix 3-1:0.188: probe with driver asix failed with error -71
[  838.882058][    T9] usb 3-1: USB disconnect, device number 8
[  842.181920][    T9] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  843.170995][    T9] usb 10-1: Using ep0 maxpacket: 16
[  843.174235][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  843.176912][    T9] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  843.176942][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  843.176974][    T9] usb 10-1: Product: syz
[  843.176989][    T9] usb 10-1: Manufacturer: syz
[  843.177004][    T9] usb 10-1: SerialNumber: syz
[  843.194424][    T9] usb 10-1: config 0 descriptor??
[  843.233137][    T9] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  843.233173][    T9] em28xx 10-1:0.0: DVB interface 0 found: bulk
[  844.541930][T19309] overlayfs: failed to clone upperpath
[  844.658251][    T9] em28xx 10-1:0.0: unknown em28xx chip ID (0)
[  844.838784][T19318] overlayfs: failed to clone upperpath
[  845.066323][    T9] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  845.066355][    T9] em28xx 10-1:0.0: board has no eeprom
[  845.351018][    T9] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  845.351049][    T9] em28xx 10-1:0.0: dvb set to bulk mode.
[  845.351406][ T7169] em28xx 10-1:0.0: Binding DVB extension
[  845.394341][    T9] usb 10-1: USB disconnect, device number 6
[  845.408307][    T9] em28xx 10-1:0.0: Disconnecting em28xx
[  845.556216][ T7169] em28xx 10-1:0.0: Registering input extension
[  845.556712][    T9] em28xx 10-1:0.0: Closing input extension
[  845.601340][    T9] em28xx 10-1:0.0: Freeing device
[  845.941852][T19352] netlink: 4 bytes leftover after parsing attributes in process `syz.7.5436'.
[  845.942026][T19352] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  846.164967][T19352] batman_adv: batadv0: Removing interface: batadv_slave_1
[  848.511775][T19392] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  848.515195][T19392] /dev/nullb0: Can't open blockdev
[  848.727418][   T38] audit: type=1804 audit(1765043250.033:73): pid=19398 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.5453" name="/newroot/89/file0" dev="fuse" ino=1 res=1 errno=0
[  848.811183][   T31] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[  848.977524][   T31] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  848.977558][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  848.977579][   T31] usb 5-1: Product: syz
[  848.977594][   T31] usb 5-1: Manufacturer: syz
[  848.977609][   T31] usb 5-1: SerialNumber: syz
[  849.021517][   T31] usb 5-1: config 0 descriptor??
[  849.039692][   T31] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  851.266548][   T31] gspca_stk1135: reg_w 0x2ff err -71
[  851.267627][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267640][   T31] gspca_stk1135: Sensor write failed
[  851.267669][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267677][   T31] gspca_stk1135: Sensor write failed
[  851.267706][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267714][   T31] gspca_stk1135: Sensor read failed
[  851.267743][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267750][   T31] gspca_stk1135: Sensor read failed
[  851.267756][   T31] gspca_stk1135: Detected sensor type unknown (0x0)
[  851.267789][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267796][   T31] gspca_stk1135: Sensor read failed
[  851.267825][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267832][   T31] gspca_stk1135: Sensor read failed
[  851.267861][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267869][   T31] gspca_stk1135: Sensor write failed
[  851.267898][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  851.267906][   T31] gspca_stk1135: Sensor write failed
[  851.267980][   T31] stk1135 5-1:0.0: probe with driver stk1135 failed with error -71
[  851.272924][   T31] usb 5-1: USB disconnect, device number 30
[  851.873996][T19460] syzkaller0: entered promiscuous mode
[  851.874018][T19460] syzkaller0: entered allmulticast mode
[  857.303432][T19552] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  859.480421][   T31] usb 10-1: new full-speed USB device number 7 using dummy_hcd
[  859.499931][T19584] input: syz1 as /devices/virtual/input/input22
[  859.677413][   T31] usb 10-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  859.677437][   T31] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  859.677451][   T31] usb 10-1: Product: syz
[  859.677462][   T31] usb 10-1: Manufacturer: syz
[  859.677473][   T31] usb 10-1: SerialNumber: syz
[  859.743089][   T31] usb 10-1: config 0 descriptor??
[  859.762921][   T31] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  862.763036][   T31] gspca_stk1135: reg_w 0x2ff err -110
[  862.764076][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764084][   T31] gspca_stk1135: Sensor write failed
[  862.764111][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764118][   T31] gspca_stk1135: Sensor write failed
[  862.764144][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764151][   T31] gspca_stk1135: Sensor read failed
[  862.764183][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764190][   T31] gspca_stk1135: Sensor read failed
[  862.764196][   T31] gspca_stk1135: Detected sensor type unknown (0x0)
[  862.764225][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764232][   T31] gspca_stk1135: Sensor read failed
[  862.764257][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764264][   T31] gspca_stk1135: Sensor read failed
[  862.764290][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764297][   T31] gspca_stk1135: Sensor write failed
[  862.764322][   T31] gspca_stk1135: serial bus timeout: status=0x00
[  862.764329][   T31] gspca_stk1135: Sensor write failed
[  862.764392][   T31] stk1135 10-1:0.0: probe with driver stk1135 failed with error -110
[  864.352791][  T191] usb 10-1: USB disconnect, device number 7
[  864.489569][T19625] Bluetooth: MGMT ver 1.23
[  864.819165][T19628] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  866.257964][T19651] tipc: Failed to remove unknown binding: 66,1,1/0:3113795119/3113795121
[  866.258010][T19651] tipc: Failed to remove unknown binding: 66,1,1/0:3113795119/3113795121
[  867.264373][T19666] netlink: 'syz.4.5561': attribute type 4 has an invalid length.
[  867.317465][T19668] netlink: 'syz.4.5561': attribute type 4 has an invalid length.
[  872.867393][ T5806] Bluetooth: hci0: command 0x0406 tx timeout
[  876.765649][ T5970] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  877.351147][ T5970] usb 5-1: Using ep0 maxpacket: 16
[  877.414400][ T5970] usb 5-1: device descriptor read/all, error -71
[  877.602875][T19794] netlink: 'syz.2.5604': attribute type 1 has an invalid length.
[  877.602900][T19794] netlink: 'syz.2.5604': attribute type 4 has an invalid length.
[  877.602915][T19794] netlink: 15334 bytes leftover after parsing attributes in process `syz.2.5604'.
[  880.428108][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  880.428185][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  880.817211][ T5802] Bluetooth: hci0: unexpected event for opcode 0x1408
[  881.095341][T19860] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5633'.
[  887.381050][ T5997] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  887.542794][ T5997] usb 3-1: Using ep0 maxpacket: 16
[  887.581628][ T5997] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  887.581659][ T5997] usb 3-1: config 0 has no interface number 0
[  887.581712][ T5997] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  887.581740][ T5997] usb 3-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  887.581767][ T5997] usb 3-1: config 0 interface 41 has no altsetting 0
[  887.587174][ T5997] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  887.587216][ T5997] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  887.587238][ T5997] usb 3-1: Product: syz
[  887.587327][ T5997] usb 3-1: Manufacturer: syz
[  887.587344][ T5997] usb 3-1: SerialNumber: syz
[  887.644391][ T5997] usb 3-1: config 0 descriptor??
[  887.645632][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  887.645816][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  887.888322][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  887.894027][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  888.524527][ T5937] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  888.563155][ T5997] Error reading MAC address
[  888.582491][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  888.582686][T19902] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  889.880798][ T5997] sr9700 3-1:0.41 eth1: register 'sr9700' at usb-dummy_hcd.2-1, CoreChip SR9700 USB Ethernet, 68:bc:62:06:1e:f1
[  889.925753][ T5997] usb 3-1: USB disconnect, device number 9
[  889.929526][ T5997] sr9700 3-1:0.41 eth1: unregister 'sr9700' usb-dummy_hcd.2-1, CoreChip SR9700 USB Ethernet
[  890.131446][ T5937] usb 5-1: Using ep0 maxpacket: 32
[  890.136468][ T5937] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  890.136494][ T5937] usb 5-1: config 0 has no interface number 0
[  890.136535][ T5937] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  890.140670][ T5937] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  890.140702][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  890.140723][ T5937] usb 5-1: Product: syz
[  890.140746][ T5937] usb 5-1: Manufacturer: syz
[  890.140761][ T5937] usb 5-1: SerialNumber: syz
[  890.264762][ T5937] usb 5-1: config 0 descriptor??
[  890.266440][T19918] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  890.484306][T19918] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  894.616686][ T5937] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  894.616722][ T5937] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  894.617010][ T5937] asix 5-1:0.188: probe with driver asix failed with error -71
[  894.634591][ T5937] usb 5-1: USB disconnect, device number 33
[  894.913855][T19992] 9pnet: Unknown protocol version 9
[  895.892406][T20002] netlink: 24 bytes leftover after parsing attributes in process `syz.7.5684'.
[  895.986755][T20001] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5683'.
[  897.066281][T20001] 8021q: adding VLAN 0 to HW filter on device bond1
[  897.877036][ T5802] Bluetooth: hci4: command 0x0406 tx timeout
[  898.756182][T20024] delete_channel: no stack
[  899.323611][T20021] binder: 20019:20021 ioctl c0306201 200000000680 returned -14
[  902.550119][T20060] delete_channel: no stack
[  909.863250][T20101] binder: BINDER_SET_CONTEXT_MGR already set
[  909.863269][T20101] binder: 20100:20101 ioctl 4018620d 200000004a80 returned -16
[  920.545998][T20078] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  920.726200][T20078] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  920.726233][T20078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  920.726256][T20078] usb 5-1: Product: syz
[  920.726271][T20078] usb 5-1: Manufacturer: syz
[  920.726287][T20078] usb 5-1: SerialNumber: syz
[  921.483554][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  921.483624][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  922.716226][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  922.716969][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPIPE
[  923.554566][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000080. ret = -EPROTO
[  923.554611][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  923.559967][T20078] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  923.637062][T20078] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  923.674376][T20078] usb 5-1: USB disconnect, device number 34
[  936.563474][T20323] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5781'.
[  936.563505][T20323] netlink: 28 bytes leftover after parsing attributes in process `syz.9.5781'.
[  936.582549][T20323] bridge0: entered promiscuous mode
[  936.584631][T20323] ip6gretap0: entered promiscuous mode
[  937.052371][ T5802] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  937.064734][ T5802] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  937.078314][ T5802] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  937.090193][ T5802] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  937.094309][ T5802] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  939.266896][ T5802] Bluetooth: hci5: command tx timeout
[  939.458704][T20331] chnl_net:caif_netlink_parms(): no params data found
[  941.492535][ T5806] Bluetooth: hci5: command tx timeout
[  943.689747][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[  943.689825][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[  943.705797][ T5802] Bluetooth: hci5: command tx timeout
[  945.069970][T20331] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.079294][T20331] bridge0: port 1(bridge_slave_0) entered disabled state
[  945.079647][T20331] bridge_slave_0: entered allmulticast mode
[  945.083446][T20331] bridge_slave_0: entered promiscuous mode
[  945.121415][T20331] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.121587][T20331] bridge0: port 2(bridge_slave_1) entered disabled state
[  945.121864][T20331] bridge_slave_1: entered allmulticast mode
[  945.127803][T20331] bridge_slave_1: entered promiscuous mode
[  945.280043][T20388] Bluetooth: hci0: invalid length 0, exp 2 for type 14
[  945.548184][ T2131] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  945.641115][ T5937] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  945.762412][ T5802] Bluetooth: hci5: command tx timeout
[  945.806426][ T5937] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  945.806460][ T5937] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  945.806482][ T5937] usb 10-1: Product: syz
[  945.806498][ T5937] usb 10-1: Manufacturer: syz
[  945.806514][ T5937] usb 10-1: SerialNumber: syz
[  948.120006][ T5937] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  948.120074][ T5937] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  948.247369][ T2131] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.378377][T20331] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  949.845092][ T5937] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPROTO
[  949.845155][ T5937] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  949.845989][ T5937] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  951.442370][T20331] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  951.446035][ T5937] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -71
[  951.523271][ T5937] usb 10-1: USB disconnect, device number 8
[  953.085630][ T2131] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  956.152459][T20331] team0: Port device team_slave_0 added
[  956.821063][   T38] audit: type=1326 audit(1765043358.163:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.821118][   T38] audit: type=1326 audit(1765043358.163:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.821151][   T38] audit: type=1326 audit(1765043358.163:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.821183][   T38] audit: type=1326 audit(1765043358.163:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed8f74f783 code=0x7ffc0000
[  956.821214][   T38] audit: type=1326 audit(1765043358.163:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed8f74f783 code=0x7ffc0000
[  956.821246][   T38] audit: type=1326 audit(1765043358.173:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.821533][   T38] audit: type=1326 audit(1765043358.183:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.822363][   T38] audit: type=1326 audit(1765043358.183:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.822597][   T38] audit: type=1326 audit(1765043358.183:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  956.822860][   T38] audit: type=1326 audit(1765043358.183:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20503 comm="syz.9.5841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7fed8f74f749 code=0x7ffc0000
[  957.303086][ T2131] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.574893][T20331] team0: Port device team_slave_1 added
[  957.575775][T20492] veth1_macvtap: left promiscuous mode
[  957.575799][T20492] macsec0: entered allmulticast mode
[  958.348527][T20493] veth1_macvtap: entered promiscuous mode
[  958.348558][T20493] veth1_macvtap: entered allmulticast mode
[  958.350349][T20493] macsec0: left allmulticast mode
[  958.350370][T20493] veth1_macvtap: left allmulticast mode
[  962.240637][T20331] batman_adv: batadv0: Adding interface: batadv_slave_0
[  962.240658][T20331] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  962.240689][T20331] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  962.301013][T20331] batman_adv: batadv0: Adding interface: batadv_slave_1
[  962.301031][T20331] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  962.301063][T20331] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  966.085099][T20331] hsr_slave_0: entered promiscuous mode
[  966.086131][T20331] hsr_slave_1: entered promiscuous mode
[  966.086773][T20331] debugfs: 'hsr0' already exists in 'hsr'
[  966.086791][T20331] Cannot create hsr debugfs directory
[  971.345392][T20603] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  971.345407][T20603] IPv6: NLM_F_CREATE should be set when creating new route
[  971.491515][ T2131] bridge_slave_1: left allmulticast mode
[  971.491547][ T2131] bridge_slave_1: left promiscuous mode
[  971.491827][ T2131] bridge0: port 2(bridge_slave_1) entered disabled state
[  971.782644][ T2131] bridge_slave_0: left allmulticast mode
[  971.782675][ T2131] bridge_slave_0: left promiscuous mode
[  971.782928][ T2131] bridge0: port 1(bridge_slave_0) entered disabled state
[  975.357529][T20637] overlayfs: failed to clone lowerpath
[  975.383390][T20637] overlayfs: failed to clone lowerpath
[  997.616584][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  997.645072][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  997.646857][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  997.661347][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  997.662490][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  999.196843][T20744] overlayfs: failed to clone lowerpath
[  999.799320][ T5806] Bluetooth: hci4: command tx timeout
[ 1001.891166][ T5806] Bluetooth: hci4: command tx timeout
[ 1004.549326][ T5806] Bluetooth: hci4: command tx timeout
[ 1006.119568][T20809] omfs: Invalid superblock (0)
[ 1007.042510][ T5806] Bluetooth: hci4: command tx timeout
[ 1007.444581][ T2131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1008.468486][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1008.468816][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1009.983414][T20824] binder: 20821:20824 ioctl c0306201 0 returned -14
[ 1010.885103][ T2131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1013.027638][T20833] block device autoloading is deprecated and will be removed.
[ 1013.668543][ T2131] bond0 (unregistering): Released all slaves
[ 1018.549829][ T5937] libceph: connect (1)[c::]:6789 error -101
[ 1018.550054][ T5937] libceph: mon0 (1)[c::]:6789 connect error
[ 1018.551011][ T5937] libceph: connect (1)[c::]:6789 error -101
[ 1018.551221][ T5937] libceph: mon0 (1)[c::]:6789 connect error
[ 1018.561728][T20868] ceph: No mds server is up or the cluster is laggy
[ 1018.989372][ T5916] libceph: connect (1)[c::]:6789 error -101
[ 1018.989575][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[ 1023.920945][ T2131] bond1 (unregistering): Released all slaves
[ 1027.967165][ T5916] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[ 1028.365505][ T5916] usb 10-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[ 1028.365540][ T5916] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1028.374297][ T5916] usb 10-1: config 0 descriptor??
[ 1029.414023][ T5916] udl 10-1:0.0: [drm] Unrecognized vendor firmware descriptor
[ 1030.734840][ T5916] [drm] Initialized udl 0.0.1 for 10-1:0.0 on minor 2
[ 1030.734870][ T5916] [drm] Initialized udl on minor 2
[ 1030.836424][ T5916] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1031.878651][ T5916] udl 10-1:0.0: [drm] Cannot find any crtc or sizes
[ 1031.981023][   T31] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1033.042260][ T5916] usb 10-1: USB disconnect, device number 9
[ 1033.103505][   T31] udl 10-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[ 1033.104910][   T31] udl 10-1:0.0: [drm] Cannot find any crtc or sizes
[ 1037.637683][ T2131] hsr_slave_0: left promiscuous mode
[ 1037.716877][ T2131] hsr_slave_1: left promiscuous mode
[ 1037.718066][ T2131] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1037.718095][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1037.752205][ T2131] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1037.752235][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1039.372796][ T2131] veth1_macvtap: left promiscuous mode
[ 1039.372906][ T2131] veth0_macvtap: left promiscuous mode
[ 1039.373166][ T2131] veth1_vlan: left promiscuous mode
[ 1039.373340][ T2131] veth0_vlan: left promiscuous mode
[ 1054.522291][T21198] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6065'.
[ 1055.973596][T21212] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1055.996330][T21212] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1055.997985][T21212] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1056.001873][T21212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1056.002901][T21212] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1056.721008][ T5802] Bluetooth: hci4: command 0x0405 tx timeout
[ 1058.330088][ T5806] Bluetooth: hci5: command tx timeout
[ 1060.401902][ T5806] Bluetooth: hci5: command tx timeout
[ 1063.574941][ T5806] Bluetooth: hci5: command tx timeout
[ 1064.046688][ T2131] team0 (unregistering): Port device team_slave_1 removed
[ 1065.174437][ T2131] team0 (unregistering): Port device team_slave_0 removed
[ 1065.540472][T21313] netlink: 24 bytes leftover after parsing attributes in process `syz.7.6102'.
[ 1065.707585][ T5806] Bluetooth: hci5: command tx timeout
[ 1068.422068][T21328] netlink: 'syz.9.6107': attribute type 4 has an invalid length.
[ 1068.422158][T21328] netlink: 224 bytes leftover after parsing attributes in process `syz.9.6107'.
[ 1070.481119][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1070.481176][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1076.702922][T21425] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1080.008734][T21467] netlink: 'syz.4.6168': attribute type 13 has an invalid length.
[ 1080.008769][T21467] netlink: 'syz.4.6168': attribute type 17 has an invalid length.
[ 1080.811375][T21484] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1080.811412][T21484] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1080.811427][T21484] overlayfs: missing 'lowerdir'
[ 1083.353905][T21467] bond0: left promiscuous mode
[ 1083.353931][T21467] bond_slave_0: left promiscuous mode
[ 1083.354150][T21467] bond_slave_1: left promiscuous mode
[ 1083.357255][T21467] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1083.431124][T21467] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1085.022678][ T5802] Bluetooth: hci6: command 0x1003 tx timeout
[ 1085.023357][ T5806] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1088.538039][ T2131] bridge_slave_1: left allmulticast mode
[ 1088.538072][ T2131] bridge_slave_1: left promiscuous mode
[ 1088.538355][ T2131] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1088.691970][ T2131] bridge_slave_0: left allmulticast mode
[ 1088.691994][ T2131] bridge_slave_0: left promiscuous mode
[ 1088.692195][ T2131] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1090.191119][ T5888] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[ 1093.508746][ T5888] usb 10-1: device descriptor read/all, error -71
[ 1094.382089][T21593] netlink: 24 bytes leftover after parsing attributes in process `syz.9.6206'.
[ 1095.675107][ T2131] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1096.905776][ T2131] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1097.965517][ T2131] bond0 (unregistering): Released all slaves
[ 1098.906583][T21624] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6220'.
[ 1102.588044][ T2131] hsr_slave_0: left promiscuous mode
[ 1102.810732][ T2131] hsr_slave_1: left promiscuous mode
[ 1102.879472][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1103.775157][ T2131] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1104.881400][ T5802] Bluetooth: hci5: command 0x0405 tx timeout
[ 1105.993696][T21675] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6236'.
[ 1108.440692][T21685] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6240'.
[ 1108.540993][ T5888] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1110.193662][ T2131] team0 (unregistering): Port device team_slave_1 removed
[ 1111.487388][ T2131] team0 (unregistering): Port device team_slave_0 removed
[ 1116.026359][ T5888] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 1116.235853][T21797] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6279'.
[ 1117.124187][ T5888] usb 10-1: config 0 has an invalid descriptor of length 138, skipping remainder of the config
[ 1117.124255][ T5888] usb 10-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1117.124281][ T5888] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 150, changing to 11
[ 1117.124313][ T5888] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 24814, setting to 1024
[ 1117.124345][ T5888] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1117.127696][ T5888] usb 10-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1117.127726][ T5888] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.127748][ T5888] usb 10-1: Product: syz
[ 1117.127763][ T5888] usb 10-1: Manufacturer: syz
[ 1117.127778][ T5888] usb 10-1: SerialNumber: syz
[ 1117.133551][ T5888] usb 10-1: config 0 descriptor??
[ 1117.137669][ T5888] garmin_gps 10-1:0.0: Garmin GPS usb/tty converter detected
[ 1117.154384][ T5888] garmin_gps ttyUSB0: garmin_write_bulk - usb_submit_urb(write bulk) failed with status = -8
[ 1117.171902][ T5888] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -8
[ 1117.403757][T15960] usb 10-1: USB disconnect, device number 12
[ 1117.417923][T15960] garmin_gps 10-1:0.0: device disconnected
[ 1117.663696][ T5806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1118.330105][ T5806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1118.346842][ T5806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1118.349320][ T5806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1118.350266][ T5806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1118.646518][T21811] netlink: 28 bytes leftover after parsing attributes in process `syz.9.6282'.
[ 1120.466447][ T5806] Bluetooth: hci4: command tx timeout
[ 1122.790581][ T5806] Bluetooth: hci4: command tx timeout
[ 1125.699827][ T5806] Bluetooth: hci4: command tx timeout
[ 1126.403568][T21802] chnl_net:caif_netlink_parms(): no params data found
[ 1127.980523][ T5802] Bluetooth: hci4: command tx timeout
[ 1130.001126][ T5802] Bluetooth: hci4: command 0x0405 tx timeout
[ 1131.288286][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1131.288365][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1132.900476][ T2131] bond0 (unregistering): Released all slaves
[ 1132.941670][T21802] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1132.941963][T21802] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1132.942240][T21802] bridge_slave_0: entered allmulticast mode
[ 1132.945063][T21802] bridge_slave_0: entered promiscuous mode
[ 1132.982998][T21802] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1133.001258][T21802] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1133.001594][T21802] bridge_slave_1: entered allmulticast mode
[ 1133.004850][T21802] bridge_slave_1: entered promiscuous mode
[ 1133.768228][T21802] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1133.787883][T21802] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1134.110006][T21802] team0: Port device team_slave_0 added
[ 1134.149259][T21802] team0: Port device team_slave_1 added
[ 1134.403016][T21802] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1134.403038][T21802] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.403069][T21802] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1134.457412][T21802] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1134.457432][T21802] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1134.457463][T21802] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1136.942348][T21802] hsr_slave_0: entered promiscuous mode
[ 1136.944940][T21802] hsr_slave_1: entered promiscuous mode
[ 1138.143571][T20078] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 1138.295368][T20078] usb 10-1: Using ep0 maxpacket: 32
[ 1138.299172][T20078] usb 10-1: config 0 has an invalid interface number: 74 but max is 1
[ 1138.299202][T20078] usb 10-1: config 0 has no interface number 1
[ 1138.320514][T20078] usb 10-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[ 1138.320545][T20078] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.320567][T20078] usb 10-1: Product: syz
[ 1138.320581][T20078] usb 10-1: Manufacturer: syz
[ 1138.320597][T20078] usb 10-1: SerialNumber: syz
[ 1138.383079][T20078] usb 10-1: config 0 descriptor??
[ 1139.527914][T20078] snd-usb-audio 10-1:0.74: probe with driver snd-usb-audio failed with error -22
[ 1139.915595][T20078] usb 10-1: USB disconnect, device number 13
[ 1140.251092][ T5937] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1140.402788][ T5937] usb 5-1: Using ep0 maxpacket: 16
[ 1140.410221][ T5937] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1140.410252][ T5937] usb 5-1: config 1 has no interface number 1
[ 1140.410299][ T5937] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1140.410321][ T5937] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1140.410366][ T5937] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1140.428660][ T5937] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1140.428694][ T5937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1140.428716][ T5937] usb 5-1: Product: syz
[ 1140.428730][ T5937] usb 5-1: Manufacturer: syz
[ 1140.428746][ T5937] usb 5-1: SerialNumber: syz
[ 1140.722695][ T5937] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[ 1140.727836][ T5937] usb 5-1: 2:1: cannot set freq 9338507 to ep 0x82
[ 1140.830726][ T5937] usb 5-1: USB disconnect, device number 36
[ 1141.111055][T20078] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 1141.262421][T20078] usb 10-1: Using ep0 maxpacket: 8
[ 1141.264426][T20078] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.264477][T20078] usb 10-1: too many endpoints for config 1 interface 0 altsetting 240: 255, using maximum allowed: 30
[ 1141.264523][T20078] usb 10-1: config 1 interface 0 altsetting 240 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1141.264569][T20078] usb 10-1: config 1 interface 0 has no altsetting 0
[ 1141.266351][T20078] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1141.266379][T20078] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1141.266401][T20078] usb 10-1: SerialNumber: syz
[ 1141.808349][T20078] cdc_acm 10-1:1.0: Control and data interfaces are not separated!
[ 1141.808450][T20078] cdc_acm 10-1:1.0: This needs exactly 3 endpoints
[ 1141.808606][T20078] cdc_acm 10-1:1.0: probe with driver cdc_acm failed with error -22
[ 1141.871376][T20078] usb 10-1: USB disconnect, device number 14
[ 1142.998474][ T5997] usb 10-1: new full-speed USB device number 15 using dummy_hcd
[ 1145.274264][ T5997] usb 10-1: config 0 has an invalid interface number: 113 but max is 0
[ 1145.274295][ T5997] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1145.274315][ T5997] usb 10-1: config 0 has no interface number 0
[ 1145.274363][ T5997] usb 10-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[ 1145.274391][ T5997] usb 10-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1145.274420][ T5997] usb 10-1: config 0 interface 113 has no altsetting 0
[ 1145.302317][T21802] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1145.323206][ T5997] usb 10-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[ 1145.323239][ T5997] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1145.323260][ T5997] usb 10-1: Product: syz
[ 1145.323276][ T5997] usb 10-1: Manufacturer: syz
[ 1145.323290][ T5997] usb 10-1: SerialNumber: syz
[ 1145.382215][ T5997] usb 10-1: config 0 descriptor??
[ 1145.412815][ T5997] pn533_usb 10-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[ 1145.438216][T21802] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1145.771239][T21802] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1146.146759][ T5937] usb 10-1: USB disconnect, device number 15
[ 1146.228870][T21802] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1146.630897][T22099] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6383'.
[ 1147.633752][T21802] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1147.759585][T21802] 8021q: adding VLAN 0 to HW filter on device team0
[ 1147.768981][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1147.769226][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1147.781548][ T6180] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1147.781791][ T6180] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1147.982565][T22114] binder: 22103:22114 ioctl 4018620d 0 returned -22
[ 1148.180878][T22115] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6389'.
[ 1149.213296][T22125] binder: 22117:22125 ioctl 4018620d 0 returned -22
[ 1150.737809][T21802] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1152.223461][T22161] 9pnet_virtio: no channels available for device syz
[ 1153.396184][T21802] veth0_vlan: entered promiscuous mode
[ 1153.417708][T21802] veth1_vlan: entered promiscuous mode
[ 1153.482670][T21802] veth0_macvtap: entered promiscuous mode
[ 1153.490152][T21802] veth1_macvtap: entered promiscuous mode
[ 1153.568032][T21802] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1153.608155][T21802] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1153.637119][ T7166] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.637400][ T7166] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.637443][ T7166] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.637482][ T7166] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.940999][T15129] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[ 1154.104120][T15129] usb 5-1: config 0 has an invalid interface number: 3 but max is 2
[ 1154.104151][T15129] usb 5-1: config 0 has an invalid interface number: 176 but max is 2
[ 1154.104174][T15129] usb 5-1: config 0 has no interface number 1
[ 1154.104192][T15129] usb 5-1: config 0 has no interface number 2
[ 1154.104270][T15129] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1154.104295][T15129] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1154.109579][T15129] usb 5-1: config 0 descriptor??
[ 1155.393723][T15129] usb 5-1: Could not set interface, error -71
[ 1155.441461][T15129] usb 5-1: USB disconnect, device number 37
[ 1156.764620][ T2211] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1156.764644][ T2211] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1157.244337][ T2211] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1157.244361][ T2211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1157.972448][T15960] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[ 1158.846106][T15960] usb 5-1: config 0 has an invalid interface number: 97 but max is 0
[ 1158.846140][T15960] usb 5-1: config 0 has no interface number 0
[ 1158.846196][T15960] usb 5-1: config 0 interface 97 altsetting 2 endpoint 0xF has invalid maxpacket 512, setting to 64
[ 1158.846227][T15960] usb 5-1: config 0 interface 97 altsetting 2 endpoint 0x4 has invalid maxpacket 1015, setting to 64
[ 1158.846255][T15960] usb 5-1: config 0 interface 97 has no altsetting 0
[ 1158.891849][T15960] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=87.2a
[ 1158.891886][T15960] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.891911][T15960] usb 5-1: Product: syz
[ 1158.891938][T15960] usb 5-1: Manufacturer: syz
[ 1158.891957][T15960] usb 5-1: SerialNumber: syz
[ 1158.904093][T15960] usb 5-1: config 0 descriptor??
[ 1158.906116][T22206] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1158.965125][T15960] imon_raw 5-1:0.97: IR endpoint missing
[ 1160.337316][ T5937] usb 5-1: USB disconnect, device number 38
[ 1161.113163][T22257] netlink: 'syz.9.6435': attribute type 21 has an invalid length.
[ 1161.113190][T22257] netlink: 128 bytes leftover after parsing attributes in process `syz.9.6435'.
[ 1161.113303][T22257] netlink: 'syz.9.6435': attribute type 4 has an invalid length.
[ 1161.113319][T22257] netlink: 'syz.9.6435': attribute type 3 has an invalid length.
[ 1161.113334][T22257] netlink: 3 bytes leftover after parsing attributes in process `syz.9.6435'.
[ 1163.654964][T22291] netlink: 12 bytes leftover after parsing attributes in process `syz.5.6450'.
[ 1163.655012][T22291] netlink: 'syz.5.6450': attribute type 1 has an invalid length.
[ 1163.655028][T22291] netlink: 'syz.5.6450': attribute type 2 has an invalid length.
[ 1163.750432][T22295] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6448'.
[ 1165.104076][T22307] binder: 22305:22307 ioctl 4018620d 0 returned -22
[ 1165.731162][T22335] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6465'.
[ 1166.807604][T22344] netlink: 'syz.9.6471': attribute type 10 has an invalid length.
[ 1166.807631][T22344] netlink: 224 bytes leftover after parsing attributes in process `syz.9.6471'.
[ 1166.841355][   T38] kauditd_printk_skb: 98 callbacks suppressed
[ 1166.841378][   T38] audit: type=1326 audit(1765043568.193:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22343 comm="syz.4.6472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1166.841799][   T38] audit: type=1326 audit(1765043568.203:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22343 comm="syz.4.6472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1166.845947][   T38] audit: type=1326 audit(1765043568.203:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22343 comm="syz.4.6472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1166.846012][   T38] audit: type=1326 audit(1765043568.203:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22343 comm="syz.4.6472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1166.846058][   T38] audit: type=1326 audit(1765043568.203:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22343 comm="syz.4.6472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1167.060888][ T5937] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1167.240496][ T5937] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1167.240530][ T5937] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1167.240551][ T5937] usb 6-1: Product: syz
[ 1167.240566][ T5937] usb 6-1: Manufacturer: syz
[ 1167.240581][ T5937] usb 6-1: SerialNumber: syz
[ 1167.924460][ T7363] usb 10-1: new full-speed USB device number 16 using dummy_hcd
[ 1167.928187][ T5937] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1167.928253][ T5937] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1167.929193][ T5937] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1167.929251][ T5937] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1167.930087][ T5937] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1168.033263][ T5937] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -32
[ 1168.084025][ T7363] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1168.091129][ T7363] usb 10-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1168.091163][ T7363] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1168.091188][ T7363] usb 10-1: Product: syz
[ 1168.091206][ T7363] usb 10-1: Manufacturer: syz
[ 1168.091224][ T7363] usb 10-1: SerialNumber: syz
[ 1168.119167][ T7363] usb 10-1: config 0 descriptor??
[ 1168.601562][T22384] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6488'.
[ 1169.595809][T22392] comedi comedi0: dt2814: I/O port conflict (0x4f27,2)
[ 1169.640934][ T7363] rc_core: IR keymap rc-streamzap not found
[ 1169.640957][ T7363] Registered IR keymap rc-empty
[ 1169.659258][ T7363] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0
[ 1169.663084][ T7363] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/rc/rc0/input23
[ 1169.773024][T22395] binder: 22386:22395 ioctl 4018620d 0 returned -22
[ 1170.627380][ T7363] usb 10-1: USB disconnect, device number 16
[ 1170.721786][ T5806] Bluetooth: hci4: command 0x0405 tx timeout
[ 1170.731721][ T5997] usb 6-1: USB disconnect, device number 3
[ 1172.247678][T22426] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6501'.
[ 1174.053175][T22446] binder: 22429:22446 ioctl 4018620d 0 returned -22
[ 1174.116891][T22447] binder: 22437:22447 ioctl 4018620d 0 returned -22
[ 1175.153467][T22455] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6512'.
[ 1175.362287][   T31] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1175.961514][   T31] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1175.961555][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.961578][   T31] usb 5-1: Product: syz
[ 1175.961593][   T31] usb 5-1: Manufacturer: syz
[ 1175.961609][   T31] usb 5-1: SerialNumber: syz
[ 1176.050422][T22459] netlink: 20 bytes leftover after parsing attributes in process `syz.9.6514'.
[ 1176.322443][T22467] netlink: 'syz.9.6518': attribute type 8 has an invalid length.
[ 1176.426402][   T31] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1176.426467][   T31] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1176.427179][   T31] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1176.427234][   T31] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1176.428059][   T31] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1176.504517][   T31] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -32
[ 1176.959360][T22490] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1176.959394][T22490] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1176.959408][T22490] overlayfs: missing 'lowerdir'
[ 1177.468701][ T7363] usb 5-1: USB disconnect, device number 39
[ 1177.661400][T22509] netlink: 9 bytes leftover after parsing attributes in process `syz.4.6535'.
[ 1177.699840][T22509] netlink: 9 bytes leftover after parsing attributes in process `syz.4.6535'.
[ 1178.983373][T22542] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6549'.
[ 1180.460950][ T5940] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1180.610919][ T5940] usb 6-1: Using ep0 maxpacket: 32
[ 1180.614158][ T5940] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1180.634560][ T5940] usb 6-1: config 40 has an invalid interface number: 144 but max is 0
[ 1180.634591][ T5940] usb 6-1: config 40 has no interface number 0
[ 1180.634628][ T5940] usb 6-1: config 40 interface 144 has no altsetting 0
[ 1180.671991][ T5940] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=6e.65
[ 1180.672023][ T5940] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1180.672045][ T5940] usb 6-1: Product: syz
[ 1180.672060][ T5940] usb 6-1: Manufacturer: syz
[ 1180.672077][ T5940] usb 6-1: SerialNumber: syz
[ 1180.888642][T22567] netlink: 'syz.7.6562': attribute type 1 has an invalid length.
[ 1180.888666][T22567] netlink: 'syz.7.6562': attribute type 2 has an invalid length.
[ 1180.974703][ T5940] usbhid 6-1:40.144: couldn't find an input interrupt endpoint
[ 1180.978467][ T5940] usb 6-1: USB disconnect, device number 4
[ 1181.749170][T22588] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1181.749205][T22588] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1181.749220][T22588] overlayfs: missing 'lowerdir'
[ 1184.444643][T22616] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6581'.
[ 1188.078091][T22668] tmpfs: Bad value for 'mpol'
[ 1188.651096][ T5806] Bluetooth: hci5: command 0x1003 tx timeout
[ 1188.651616][ T5802] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1190.333066][T22700] binder: 22696:22700 ioctl 4018620d 0 returned -22
[ 1190.608744][T22706] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1190.608778][T22706] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1190.608794][T22706] overlayfs: missing 'lowerdir'
[ 1191.474698][T22727] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6625'.
[ 1192.728180][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1192.731879][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1192.991138][T22744] netlink: 'syz.9.6633': attribute type 3 has an invalid length.
[ 1195.479814][T22776] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6646'.
[ 1196.504822][T22782] comedi comedi0: dmm32at: I/O port conflict (0x3,16)
[ 1196.740962][T22793] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6652'.
[ 1197.880940][T22790] binder: 22788:22790 ioctl 4018620d 0 returned -22
[ 1199.240886][   T31] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[ 1199.512627][   T31] usb 10-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1199.512662][   T31] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1199.512685][   T31] usb 10-1: Product: syz
[ 1199.512700][   T31] usb 10-1: Manufacturer: syz
[ 1199.512716][   T31] usb 10-1: SerialNumber: syz
[ 1199.935366][T22830] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1199.935399][T22830] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1199.935414][T22830] overlayfs: missing 'lowerdir'
[ 1200.429974][   T31] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1200.430038][   T31] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1201.007404][T22841] binder: 22840:22841 ioctl 4018620d 0 returned -22
[ 1201.208481][   T31] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPIPE
[ 1201.208544][   T31] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1201.209371][   T31] lan78xx 10-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1201.254036][   T31] lan78xx 10-1:1.0: probe with driver lan78xx failed with error -32
[ 1201.834912][T22868] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6681'.
[ 1203.224441][T22884] netlink: 8 bytes leftover after parsing attributes in process `syz.5.6689'.
[ 1203.434467][T20078] usb 10-1: USB disconnect, device number 17
[ 1203.653297][T22897] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6692'.
[ 1204.985786][T22904] binder: 22903:22904 ioctl 4018620d 0 returned -22
[ 1205.095100][T22910] binder: 22902:22910 ioctl 4018620d 0 returned -22
[ 1205.921672][T22931] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6707'.
[ 1207.206563][T22946] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6714'.
[ 1208.930909][   T31] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[ 1209.330128][T22965] binder: 22963:22965 ioctl 4018620d 0 returned -22
[ 1209.371970][T22969] binder: 22964:22969 ioctl 4018620d 0 returned -22
[ 1209.375994][   T31] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[ 1209.376029][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[ 1209.376058][   T31] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1209.376085][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1209.376111][   T31] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1209.637463][   T31] usb 10-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[ 1209.637496][   T31] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1209.637516][   T31] usb 10-1: Product: syz
[ 1209.637531][   T31] usb 10-1: Manufacturer: syz
[ 1209.637548][   T31] usb 10-1: SerialNumber: syz
[ 1209.683870][   T31] usb 10-1: config 0 descriptor??
[ 1209.706580][   T31] iguanair 10-1:0.0: probe with driver iguanair failed with error -12
[ 1209.941401][   T31] usb 10-1: USB disconnect, device number 18
[ 1211.307850][T22997] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6731'.
[ 1213.038399][T23008] binder: 23007:23008 ioctl 4018620d 0 returned -22
[ 1213.120884][ T5802] Bluetooth: hci4: command 0x0405 tx timeout
[ 1213.292285][T23026] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6745'.
[ 1214.345292][T23035] comedi comedi0: dt2815: I/O port conflict (0x8002f,2)
[ 1215.073638][T23054] tmpfs: Bad value for 'mpol'
[ 1216.053615][T23070] binder: 23061:23070 ioctl 4018620d 0 returned -22
[ 1218.110921][T23095] binder: 23092:23095 ioctl 4018620d 0 returned -22
[ 1219.022808][T23127] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6785'.
[ 1219.057715][T23128] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6786'.
[ 1220.416170][T23139] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6789'.
[ 1222.969331][T23167] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6801'.
[ 1223.914428][   T31] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[ 1224.192255][   T31] usb 10-1: Using ep0 maxpacket: 32
[ 1224.194654][   T31] usb 10-1: config 0 has an invalid interface number: 89 but max is 0
[ 1224.194683][   T31] usb 10-1: config 0 has no interface number 0
[ 1224.194735][   T31] usb 10-1: config 0 interface 89 has no altsetting 0
[ 1224.200335][   T31] usb 10-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[ 1224.200367][   T31] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.200389][   T31] usb 10-1: Product: syz
[ 1224.200405][   T31] usb 10-1: Manufacturer: syz
[ 1224.200420][   T31] usb 10-1: SerialNumber: syz
[ 1224.346667][   T31] usb 10-1: config 0 descriptor??
[ 1224.384344][   T31] em28xx 10-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[ 1224.384383][   T31] em28xx 10-1:0.89: Video interface 89 found: bulk
[ 1224.471386][T23181] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6805'.
[ 1225.711360][   T31] em28xx 10-1:0.89: unknown em28xx chip ID (0)
[ 1225.810860][   T31] em28xx 10-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[ 1225.810907][   T31] em28xx 10-1:0.89: board has no eeprom
[ 1225.870884][   T31] em28xx 10-1:0.89: Identified as Terratec Grabby (card=67)
[ 1225.870913][   T31] em28xx 10-1:0.89: analog set to bulk mode.
[ 1225.871297][T15960] em28xx 10-1:0.89: Registering V4L2 extension
[ 1225.888129][   T31] usb 10-1: USB disconnect, device number 19
[ 1225.907026][   T31] em28xx 10-1:0.89: Disconnecting em28xx
[ 1226.063443][T15960] em28xx 10-1:0.89: Config register raw data: 0xffffffed
[ 1226.063471][T15960] em28xx 10-1:0.89: AC97 chip type couldn't be determined
[ 1226.063486][T15960] em28xx 10-1:0.89: No AC97 audio processor
[ 1226.075059][T15960] usb 10-1: Decoder not found
[ 1226.075080][T15960] em28xx 10-1:0.89: failed to create media graph
[ 1226.075116][T15960] em28xx 10-1:0.89: V4L2 device video103 deregistered
[ 1226.092682][T15960] em28xx 10-1:0.89: Registering snapshot button...
[ 1226.133020][T15960] input: em28xx snapshot button as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.89/input/input26
[ 1226.174933][T15960] em28xx 10-1:0.89: Remote control support is not available for this card.
[ 1226.176285][   T31] em28xx 10-1:0.89: Closing input extension
[ 1226.177628][   T31] em28xx 10-1:0.89: Deregistering snapshot button
[ 1226.254153][T23206] netlink: 168 bytes leftover after parsing attributes in process `syz.4.6823'.
[ 1226.451873][   T31] em28xx 10-1:0.89: Freeing device
[ 1226.969712][T23237] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6836'.
[ 1227.363813][T23253] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 1228.401829][T23280] binder: 23274:23280 ioctl 4018620d 0 returned -22
[ 1230.283272][T23299] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1230.283470][T23299] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1230.656903][T23299] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1230.656999][T23299] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1230.706577][T23306] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1230.706611][T23306] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1230.706626][T23306] overlayfs: missing 'lowerdir'
[ 1231.424942][T23299] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1232.039746][T23329] ALSA: mixer_oss: invalid OSS volume ';'
[ 1232.317915][ T5802] Bluetooth: hci0: command 0x0406 tx timeout
[ 1232.530659][T23341] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1232.530754][T23341] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1232.530769][T23341] overlayfs: missing 'lowerdir'
[ 1232.603548][T23344] overlayfs: missing 'lowerdir'
[ 1232.800905][ T5802] Bluetooth: hci4: command 0x0405 tx timeout
[ 1233.353778][T23373] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6894'.
[ 1233.847719][T23383] binder: 23374:23383 ioctl 4018620d 0 returned -22
[ 1235.140898][ T5806] Bluetooth: hci0: command 0x0406 tx timeout
[ 1235.140941][ T5806] Bluetooth: hci4: command 0x0405 tx timeout
[ 1235.217340][T23389] binder: 23378:23389 ioctl 4018620d 0 returned -22
[ 1235.383761][T23395] netlink: 300 bytes leftover after parsing attributes in process `syz.9.6904'.
[ 1235.805701][T23415] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6913'.
[ 1236.119466][T23426] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1236.119498][T23426] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1236.119721][T23426] vhci_hcd vhci_hcd.0: Device attached
[ 1236.246060][T23429] binder: 23413:23429 ioctl 4018620d 0 returned -22
[ 1237.290953][ T5997] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[ 1237.432116][T23434] tipc: Started in network mode
[ 1237.432158][T23434] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[ 1237.459783][T23434] tipc: Enabled bearer <udp:syz1>, priority 10
[ 1237.483570][T21212] Bluetooth: hci4: command 0x0405 tx timeout
[ 1237.837745][   T31] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[ 1238.920614][T23457] netlink: 16 bytes leftover after parsing attributes in process `syz.7.6929'.
[ 1238.944152][ T7363] tipc: Node number set to 4269801514
[ 1239.064933][   T31] usb 5-1: config 0 has no interfaces?
[ 1239.064976][   T31] usb 5-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice=f0.b2
[ 1239.065001][   T31] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1239.072890][   T31] usb 5-1: config 0 descriptor??
[ 1239.078481][T23458] ptrace attach of "./syz-executor exec"[21802] was attempted by "\x22"[23458]
[ 1239.195722][   T31] usb 5-1: USB disconnect, device number 40
[ 1239.199518][T23427] vhci_hcd: connection reset by peer
[ 1239.221319][  T784] vhci_hcd: stop threads
[ 1239.221341][  T784] vhci_hcd: release socket
[ 1239.221598][  T784] vhci_hcd: disconnect device
[ 1239.521250][T21212] Bluetooth: hci4: command 0x0405 tx timeout
[ 1239.529171][T23480] netlink: 16 bytes leftover after parsing attributes in process `syz.9.6932'.
[ 1239.877115][T23481] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1239.877148][T23481] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1239.877162][T23481] overlayfs: missing 'lowerdir'
[ 1239.892925][T23478] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 1242.400929][ T5997] vhci_hcd: vhci_device speed not set
[ 1244.544445][T23571] binder: 23554:23571 ioctl 4018620d 0 returned -22
[ 1245.736596][T23584] tmpfs: Cannot disable swap on remount
[ 1245.757794][T23585] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6977'.
[ 1249.231849][T23688] netlink: 16 bytes leftover after parsing attributes in process `syz.9.7028'.
[ 1250.694110][T23709] netlink: 476 bytes leftover after parsing attributes in process `syz.7.7035'.
[ 1250.694278][T23709] netlink: 48 bytes leftover after parsing attributes in process `syz.7.7035'.
[ 1250.694296][T23709] tipc: Started in network mode
[ 1250.694311][T23709] tipc: Node identity 4, cluster identity 2
[ 1250.694323][T23709] tipc: Node number set to 4
[ 1250.881105][ T5986] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1250.960912][T15960] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[ 1251.040396][ T5986] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[ 1251.040428][ T5986] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1251.040450][ T5986] usb 6-1: config 220 has no interface number 2
[ 1251.040528][ T5986] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1251.040557][ T5986] usb 6-1: config 220 interface 0 has no altsetting 0
[ 1251.040577][ T5986] usb 6-1: config 220 interface 76 has no altsetting 0
[ 1251.040596][ T5986] usb 6-1: config 220 interface 1 has no altsetting 0
[ 1251.043779][ T5986] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1251.043815][ T5986] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.043839][ T5986] usb 6-1: Product: syz
[ 1251.043856][ T5986] usb 6-1: Manufacturer: syz
[ 1251.043873][ T5986] usb 6-1: SerialNumber: syz
[ 1251.230607][T23730] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7046'.
[ 1251.230634][T23730] netlink: 6 bytes leftover after parsing attributes in process `syz.7.7046'.
[ 1251.376163][T15960] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1251.376199][T15960] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1251.381047][ T5986] usb 6-1: selecting invalid altsetting 0
[ 1251.381680][ T5986] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1251.381711][ T5986] uvcvideo 6-1:220.0: No valid video chain found.
[ 1251.388217][T15960] usb 10-1: config 0 descriptor??
[ 1251.409088][T15960] cp210x 10-1:0.0: cp210x converter detected
[ 1251.420822][ T5986] usb 6-1: selecting invalid altsetting 0
[ 1251.420863][ T5986] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[ 1253.411826][ T5986] usb 6-1: USB disconnect, device number 5
[ 1253.889719][T15960] usb 10-1: cp210x converter now attached to ttyUSB0
[ 1254.108957][ T7363] usb 10-1: USB disconnect, device number 20
[ 1254.124555][ T7363] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1254.173574][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1254.173662][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1254.436743][T21212] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1255.540375][ T7363] cp210x 10-1:0.0: device disconnected
[ 1257.591884][   T31] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1258.451921][   T31] usb 6-1: Using ep0 maxpacket: 8
[ 1258.454985][   T31] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1258.456570][   T31] usb 6-1: config 4 interface 0 has no altsetting 0
[ 1258.459317][T23790] netlink: 20 bytes leftover after parsing attributes in process `syz.9.7068'.
[ 1258.496833][   T31] usb 6-1: string descriptor 0 read error: -22
[ 1258.496995][   T31] usb 6-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1258.497022][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1258.533554][   T31] usb 6-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1258.551090][   T31] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1258.575352][   T31] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1258.575415][   T31] usb 6-1: media controller created
[ 1258.608573][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1258.755878][   T31] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1258.834551][   T31] usb 6-1: USB disconnect, device number 6
[ 1260.444536][ T5888] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[ 1260.449868][T23815] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7079'.
[ 1260.590865][ T5888] usb 10-1: Using ep0 maxpacket: 8
[ 1260.593265][ T5888] usb 10-1: unable to get BOS descriptor or descriptor too short
[ 1260.594552][ T5888] usb 10-1: config 4 interface 0 has no altsetting 0
[ 1260.598025][ T5888] usb 10-1: string descriptor 0 read error: -22
[ 1260.598195][ T5888] usb 10-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[ 1260.598222][ T5888] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1260.649749][ T5888] usb 10-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[ 1260.729689][ T5888] usb 10-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1260.730094][ T5888] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[ 1260.730146][ T5888] usb 10-1: media controller created
[ 1260.842913][ T5888] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1261.115720][ T5888] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1261.764077][   T38] audit: type=1326 audit(1765043663.123:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=23836 comm="syz.5.7089" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6f5a6f749 code=0x0
[ 1261.944493][ T5888] usb 10-1: USB disconnect, device number 21
[ 1265.133092][T23872] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7102'.
[ 1267.216132][ T5888] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1267.400649][ T5888] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1267.407548][ T5888] usb 6-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[ 1267.407579][ T5888] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.444762][ T5888] usb 6-1: config 0 descriptor??
[ 1267.663362][ T5888]  (null): keene_cmd_main failed (-71)
[ 1267.731049][ T5888] video4linux radio48: keene_cmd_main failed (-71)
[ 1267.731079][ T5888] radio-keene 6-1:0.0: V4L2 device registered as radio48
[ 1267.734604][ T5888] usb 6-1: USB disconnect, device number 7
[ 1267.897522][T23756] syz.4.7054 (23756): drop_caches: 1
[ 1269.585007][T23916] binder: 23910:23916 ioctl 4018620d 0 returned -22
[ 1270.735788][T23923] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1270.735977][T23923] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[ 1270.736024][T23923] overlayfs: missing 'lowerdir'
[ 1272.575998][  T191] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1272.730962][  T191] usb 5-1: Using ep0 maxpacket: 16
[ 1272.751553][  T191] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1272.751598][  T191] usb 5-1: New USB device found, idVendor=1532, idProduct=011d, bcdDevice= 0.00
[ 1272.751624][  T191] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1272.793512][  T191] usb 5-1: config 0 descriptor??
[ 1273.336940][  T191] hid-rmi 0003:1532:011D.0011: unknown main item tag 0x0
[ 1273.336981][  T191] hid-rmi 0003:1532:011D.0011: unknown main item tag 0x0
[ 1273.337011][  T191] hid-rmi 0003:1532:011D.0011: unknown main item tag 0x0
[ 1273.337040][  T191] hid-rmi 0003:1532:011D.0011: unknown main item tag 0x0
[ 1273.337069][  T191] hid-rmi 0003:1532:011D.0011: unknown main item tag 0x0
[ 1273.449279][  T191] hid-rmi 0003:1532:011D.0011: hidraw0: USB HID v0.04 Device [HID 1532:011d] on usb-dummy_hcd.4-1/input0
[ 1273.482909][  T191] usb 5-1: USB disconnect, device number 41
[ 1273.727941][T23969] netlink: 16 bytes leftover after parsing attributes in process `syz.9.7142'.
[ 1277.936257][ T5802] Bluetooth: hci4: command 0x0405 tx timeout
[ 1278.102400][  T191] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1278.279924][  T191] usb 10-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[ 1278.279957][  T191] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1278.279979][  T191] usb 10-1: Product: syz
[ 1278.279994][  T191] usb 10-1: Manufacturer: syz
[ 1278.280009][  T191] usb 10-1: SerialNumber: syz
[ 1278.336705][  T191] usb 10-1: config 0 descriptor??
[ 1278.402828][  T191] gspca_main: sunplus-2.14.0 probing 04fc:504a
[ 1279.420981][  T191] gspca_sunplus: reg_r err -110
[ 1279.871170][T24040] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7174'.
[ 1281.018708][  T191] usb 10-1: USB disconnect, device number 22
[ 1282.881479][T24096] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7196'.
[ 1283.042441][  T191] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1283.199820][  T191] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1283.199854][  T191] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1283.234334][  T191] usb 6-1: config 0 descriptor??
[ 1283.240040][  T191] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1283.648249][  T191] gspca_cpia1: usb_control_msg 03, error -32
[ 1283.648698][  T191] gspca_cpia1: usb_control_msg 03, error -71
[ 1283.649139][  T191] gspca_cpia1: usb_control_msg 01, error -71
[ 1283.649155][  T191] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0)
[ 1283.713227][  T191] usb 6-1: USB disconnect, device number 8
[ 1283.822137][T24113] netlink: 87 bytes leftover after parsing attributes in process `syz.4.7205'.
[ 1287.207231][T24141] binder: 24136:24141 ioctl 4018620d 0 returned -22
[ 1288.688522][ T7363] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1290.010869][ T7363] usb 5-1: Using ep0 maxpacket: 32
[ 1290.013412][ T7363] usb 5-1: config index 0 descriptor too short (expected 12546, got 36)
[ 1290.013439][ T7363] usb 5-1: config 85 has too many interfaces: 125, using maximum allowed: 32
[ 1290.013462][ T7363] usb 5-1: config 85 contains an unexpected descriptor of type 0x2, skipping
[ 1290.013481][ T7363] usb 5-1: config 85 has an invalid descriptor of length 0, skipping remainder of the config
[ 1290.013502][ T7363] usb 5-1: config 85 has 0 interfaces, different from the descriptor's value: 125
[ 1290.017147][ T7363] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.75
[ 1290.017175][ T7363] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.017196][ T7363] usb 5-1: Product: syz
[ 1290.017221][ T7363] usb 5-1: Manufacturer: syz
[ 1290.017236][ T7363] usb 5-1: SerialNumber: syz
[ 1292.040135][T24165] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7226'.
[ 1293.379116][T15129] usb 5-1: USB disconnect, device number 42
[ 1296.605371][   T38] audit: type=1326 audit(1765043697.953:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24176 comm="syz.4.7232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1296.829884][   T38] audit: type=1326 audit(1765043698.183:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24176 comm="syz.4.7232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1296.831046][   T38] audit: type=1326 audit(1765043698.183:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24176 comm="syz.4.7232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1296.833844][   T38] audit: type=1326 audit(1765043698.193:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24176 comm="syz.4.7232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1296.834171][   T38] audit: type=1326 audit(1765043698.193:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24176 comm="syz.4.7232" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f06b7d0f749 code=0x7ffc0000
[ 1298.441872][  T191] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1299.270825][  T191] usb 5-1: Using ep0 maxpacket: 8
[ 1299.573723][  T191] usb 5-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[ 1299.573787][  T191] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[ 1299.573813][  T191] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1299.653452][  T191] hub 5-1:32.0: bad descriptor, ignoring hub
[ 1299.653497][  T191] hub 5-1:32.0: probe with driver hub failed with error -5
[ 1300.394635][  T191] usb 5-1: USB disconnect, device number 43
[ 1302.506779][ T5806] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1302.594045][ T5806] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1302.611153][ T5806] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1302.621161][ T5806] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1302.622738][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1302.631036][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1302.692971][T21212] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1302.703902][T21212] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1302.726646][T21212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1302.727659][T21212] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1304.077040][T24064] usb 5-1: new low-speed USB device number 44 using dummy_hcd
[ 1304.950891][ T5802] Bluetooth: hci5: command tx timeout
[ 1304.951505][T21212] Bluetooth: hci2: command tx timeout
[ 1305.082760][T24064] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[ 1305.082792][T24064] usb 5-1: config 0 has no interface number 0
[ 1305.082842][T24064] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1305.082871][T24064] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1305.082915][T24064] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1305.082940][T24064] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1305.089304][T24064] usb 5-1: config 0 descriptor??
[ 1305.092821][T24220] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1305.175048][T24064] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1305.783372][  T191] usb 5-1: USB disconnect, device number 44
[ 1306.964153][ T5802] Bluetooth: hci5: command tx timeout
[ 1306.969520][T21212] Bluetooth: hci2: command tx timeout
[ 1308.009784][T24237] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1308.009784][T24237] The task syz.4.7254 (24237) triggered the difference, watch for misbehavior.
[ 1309.041332][ T5802] Bluetooth: hci5: command tx timeout
[ 1309.044831][T21212] Bluetooth: hci2: command tx timeout
[ 1309.991205][T24244] netlink: 'syz.4.7258': attribute type 1 has an invalid length.
[ 1311.451015][T21212] Bluetooth: hci2: command tx timeout
[ 1311.451054][T21212] Bluetooth: hci5: command tx timeout
[ 1315.621429][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1315.621505][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1323.843266][ T5802] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1323.876054][ T5802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1323.878508][ T5802] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1323.880220][ T5802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1323.881512][ T5802] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1324.877046][T24204] chnl_net:caif_netlink_parms(): no params data found
[ 1324.954076][T24201] chnl_net:caif_netlink_parms(): no params data found
[ 1326.001295][ T5802] Bluetooth: hci6: command tx timeout
[ 1328.084316][ T5802] Bluetooth: hci6: command tx timeout
[ 1330.161288][ T5802] Bluetooth: hci6: command tx timeout
[ 1332.241185][ T5802] Bluetooth: hci6: command tx timeout
[ 1337.853344][T21212] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1337.891089][T21212] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1337.892961][T21212] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1337.942030][T21212] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1337.943101][T21212] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1340.320958][T21212] Bluetooth: hci0: command tx timeout
[ 1342.400947][T21212] Bluetooth: hci0: command tx timeout
[ 1344.489487][T21212] Bluetooth: hci0: command tx timeout
[ 1346.560869][T21212] Bluetooth: hci0: command tx timeout
[ 1351.593543][T24204] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1351.620962][T24204] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1351.621609][T24204] bridge_slave_0: entered allmulticast mode
[ 1351.624875][T24204] bridge_slave_0: entered promiscuous mode
[ 1352.192147][T24201] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1352.192291][T24201] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1352.192545][T24201] bridge_slave_0: entered allmulticast mode
[ 1352.261006][T24201] bridge_slave_0: entered promiscuous mode
[ 1352.272115][T24204] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1352.272273][T24204] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1352.272510][T24204] bridge_slave_1: entered allmulticast mode
[ 1352.277334][T24204] bridge_slave_1: entered promiscuous mode
[ 1352.463593][T24201] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1352.463736][T24201] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1352.463959][T24201] bridge_slave_1: entered allmulticast mode
[ 1352.470866][T24201] bridge_slave_1: entered promiscuous mode
[ 1362.672728][ T5802] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1362.731362][ T5802] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1362.748754][ T5802] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1362.770522][ T5802] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1362.782644][ T5802] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1362.973065][ T5802] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1363.005598][ T5802] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1363.029219][ T5802] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1363.410266][ T5802] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1363.446146][ T5802] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1364.885577][T21212] Bluetooth: hci7: command tx timeout
[ 1366.167858][T21212] Bluetooth: hci8: command tx timeout
[ 1366.960927][T21212] Bluetooth: hci7: command tx timeout
[ 1368.280861][T21212] Bluetooth: hci8: command tx timeout
[ 1369.040785][T21212] Bluetooth: hci7: command tx timeout
[ 1370.496878][T21212] Bluetooth: hci8: command tx timeout
[ 1371.120766][T21212] Bluetooth: hci7: command tx timeout
[ 1372.810790][T21212] Bluetooth: hci8: command tx timeout
[ 1377.071797][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1377.071875][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1382.940819][ T5802] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1382.973927][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1382.979240][ T5802] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1382.980345][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1382.982857][ T5802] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1385.120866][ T5802] Bluetooth: hci2: command tx timeout
[ 1387.201248][ T5802] Bluetooth: hci2: command tx timeout
[ 1389.474378][ T5802] Bluetooth: hci2: command tx timeout
[ 1391.581166][ T5802] Bluetooth: hci2: command tx timeout
[ 1397.446320][T21212] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1397.492976][T21212] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1397.500465][T21212] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1397.520375][T21212] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1397.537714][T21212] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1399.924430][T21212] Bluetooth: hci4: command tx timeout
[ 1402.001332][ T5802] Bluetooth: hci4: command tx timeout
[ 1404.080762][T21212] Bluetooth: hci4: command tx timeout
[ 1406.171167][T21212] Bluetooth: hci4: command tx timeout
[ 1419.522049][T24345] workqueue: Failed to create a rescuer kthread for wq "bond0": -EINTR
[ 1423.297135][ T5802] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1423.324537][ T5802] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1423.326855][ T5802] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1423.350454][ T5802] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1423.357317][ T5802] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1423.419113][T21212] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1424.091359][T21212] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1424.097780][T21212] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1424.102930][T21212] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1424.121427][T21212] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1425.441439][T21212] Bluetooth: hci0: command tx timeout
[ 1426.240810][T21212] Bluetooth: hci5: command tx timeout
[ 1427.520921][T21212] Bluetooth: hci0: command tx timeout
[ 1428.331118][T21212] Bluetooth: hci5: command tx timeout
[ 1429.601685][T21212] Bluetooth: hci0: command tx timeout
[ 1430.061356][T24382] chnl_net:caif_netlink_parms(): no params data found
[ 1430.410948][T21212] Bluetooth: hci5: command tx timeout
[ 1431.696773][T21212] Bluetooth: hci0: command tx timeout
[ 1432.480772][T21212] Bluetooth: hci5: command tx timeout
[ 1438.958125][ T1319] ieee802154 phy0 wpan0: encryption failed: -22
[ 1438.967987][ T1319] ieee802154 phy1 wpan1: encryption failed: -22
[ 1443.094502][ T5802] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1443.232392][ T5802] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1443.261063][ T5802] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1443.263804][ T5802] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1443.264730][ T5802] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1445.523112][ T5802] Bluetooth: hci6: command tx timeout
[ 1447.600838][ T5802] Bluetooth: hci6: command tx timeout
[ 1449.681192][ T5802] Bluetooth: hci6: command tx timeout
[ 1452.519116][ T5802] Bluetooth: hci6: command tx timeout
[ 1453.510664][    C0] sched: DL replenish lagged too much
[ 1458.684593][T21212] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1458.708103][T21212] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1458.728209][T21212] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1458.756071][T21212] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1458.772074][T21212] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1460.880914][T21212] Bluetooth: hci2: command tx timeout
[ 1463.033342][T21212] Bluetooth: hci2: command tx timeout
[ 1465.042321][T21212] Bluetooth: hci2: command tx timeout
[ 1467.121041][T21212] Bluetooth: hci2: command tx timeout
[ 1483.281482][   T39] INFO: task syz.9.7182:24060 blocked for more than 143 seconds.
[ 1483.281512][   T39]       Tainted: G             L      syzkaller #0
[ 1483.281526][   T39]       Blocked by coredump.
[ 1483.281533][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1483.281558][   T39] task:syz.9.7182      state:D stack:21080 pid:24060 tgid:24060 ppid:17321  task_flags:0x40044c flags:0x00080003
[ 1483.282677][   T39] Call Trace:
[ 1483.282688][   T39]  <TASK>
[ 1483.282703][   T39]  __schedule+0x1480/0x50a0
[ 1483.282757][   T39]  ? finish_task_switch+0x23d/0x940
[ 1483.282795][   T39]  ? __lock_acquire+0x6b6/0x2cf0
[ 1483.282826][   T39]  ? __pfx___schedule+0x10/0x10
[ 1483.282868][   T39]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1483.282900][   T39]  rt_mutex_schedule+0x77/0xf0
[ 1483.282921][   T39]  rt_mutex_slowlock_block+0x5ba/0x6d0
[ 1483.282956][   T39]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[ 1483.283011][   T39]  rt_mutex_slowlock+0x2a8/0x6b0
[ 1483.283036][   T39]  ? rt_mutex_slowlock+0x1c9/0x6b0
[ 1483.283059][   T39]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[ 1483.283094][   T39]  ? rcu_barrier+0x4c/0x570
[ 1483.283134][   T39]  ? rcu_barrier+0x4c/0x570
[ 1483.283156][   T39]  mutex_lock_nested+0x16a/0x1d0
[ 1483.283176][   T39]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1483.283201][   T39]  ? __pfx_tun_chr_close+0x10/0x10
[ 1483.283232][   T39]  rcu_barrier+0x4c/0x570
[ 1483.283261][   T39]  ? __pfx_tun_chr_close+0x10/0x10
[ 1483.283292][   T39]  ? __pfx_tun_chr_close+0x10/0x10
[ 1483.283321][   T39]  netdev_run_todo+0x327/0xea0
[ 1483.283351][   T39]  ? __pfx_netif_state_change+0x10/0x10
[ 1483.283383][   T39]  ? __pfx_netdev_run_todo+0x10/0x10
[ 1483.283408][   T39]  ? lockdep_hardirqs_on+0x98/0x140
[ 1483.283446][   T39]  ? netdev_state_change+0x1ca/0x220
[ 1483.283469][   T39]  ? __pfx_tun_chr_close+0x10/0x10
[ 1483.283499][   T39]  tun_chr_close+0x13f/0x1c0
[ 1483.283531][   T39]  __fput+0x45b/0xa80
[ 1483.283569][   T39]  task_work_run+0x1d4/0x260
[ 1483.283612][   T39]  ? __pfx_task_work_run+0x10/0x10
[ 1483.283646][   T39]  ? do_exit+0x6c0/0x2310
[ 1483.283679][   T39]  ? do_exit+0x6c0/0x2310
[ 1483.283716][   T39]  do_exit+0x6c5/0x2310
[ 1483.283747][   T39]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1483.283788][   T39]  ? __pfx_do_exit+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1483.283817][   T39]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1483.283838][   T39]  ? rt_spin_lock+0x1c1/0x3e0
[ 1483.283876][   T39]  do_group_exit+0x21c/0x2d0
[ 1483.283909][   T39]  ? rt_spin_unlock+0x161/0x200
[ 1483.283934][   T39]  get_signal+0x125d/0x1310
[ 1483.283984][   T39]  arch_do_signal_or_restart+0x9a/0x7a0
[ 1483.284018][   T39]  ? task_work_run+0x1d4/0x260
[ 1483.284054][   T39]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1483.284097][   T39]  ? __se_sys_close_range+0x4f0/0x650
[ 1483.284126][   T39]  ? exit_to_user_mode_loop+0x55/0x4f0
[ 1483.284161][   T39]  exit_to_user_mode_loop+0x87/0x4f0
[ 1483.284191][   T39]  ? rcu_is_watching+0x15/0xb0
[ 1483.284218][   T39]  do_syscall_64+0x2e3/0xf80
[ 1483.284247][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.284270][   T39]  ? clear_bhb_loop+0x60/0xb0
[ 1483.284298][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.284320][   T39] RIP: 0033:0x7fed8f74f749
[ 1483.284340][   T39] RSP: 002b:00007ffe0a0c3b88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1483.284364][   T39] RAX: 0000000000000000 RBX: 00007fed8f9a7da0 RCX: 00007fed8f74f749
[ 1483.284380][   T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1483.284394][   T39] RBP: 00007fed8f9a7da0 R08: 0000000000000050 R09: 000000040a0c3e7f
[ 1483.284410][   T39] R10: 00000000003ffd8c R11: 0000000000000246 R12: 0000000000138fc8
[ 1483.284425][   T39] R13: 00007fed8f9a6090 R14: ffffffffffffffff R15: 00007ffe0a0c3ca0
[ 1483.284463][   T39]  </TASK>
[ 1483.284505][   T39] 
[ 1483.284505][   T39] Showing all locks held in the system:
[ 1483.284516][   T39] 4 locks held by ksoftirqd/0/15:
[ 1483.284531][   T39] 3 locks held by rcuc/1/28:
[ 1483.284544][   T39] 1 lock held by khungtaskd/39:
[ 1483.284556][   T39]  #0: ffffffff8d5aecc0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1483.284662][   T39] 2 locks held by getty/5559:
[ 1483.284675][   T39]  #0: ffff88814e0ce0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1483.284745][   T39]  #1: ffffc90003e832e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1400
[ 1483.284803][   T39] 3 locks held by kworker/u8:16/6033:
[ 1483.284815][   T39]  #0: ffff888019ad4938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1483.284869][   T39]  #1: ffffc90006a0fb80 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1483.284923][   T39]  #2: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.284979][   T39] 2 locks held by kworker/0:3/15488:
[ 1483.284992][   T39]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1483.285047][   T39]  #1: ffffc900069ffb80 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1483.285104][   T39] 1 lock held by syz.9.7182/24060:
[ 1483.285116][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285170][   T39] 3 locks held by kworker/1:3/24143:
[ 1483.285189][   T39]  #0: ffff88813ff55138 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[ 1483.285244][   T39]  #1: ffffc9000497fb80 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[ 1483.285298][   T39]  #2: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285352][   T39] 1 lock held by syz-executor/24201:
[ 1483.285364][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285418][   T39] 1 lock held by syz.5.7242/24203:
[ 1483.285430][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285483][   T39] 1 lock held by syz-executor/24204:
[ 1483.285496][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285549][   T39] 1 lock held by syz.4.7264/24260:
[ 1483.285562][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285622][   T39] 1 lock held by syz-executor/24279:
[ 1483.285635][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285689][   T39] 1 lock held by syz-executor/24302:
[ 1483.285701][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285754][   T39] 1 lock held by syz-executor/24345:
[ 1483.285767][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285819][   T39] 1 lock held by syz-executor/24346:
[ 1483.285832][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285885][   T39] 1 lock held by syz-executor/24382:
[ 1483.285898][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.285951][   T39] 1 lock held by syz-executor/24403:
[ 1483.285963][   T39]  #0: ffffffff8d5b4730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 1483.286017][   T39] 1 lock held by syz-executor/24444:
[ 1483.286030][   T39] 1 lock held by syz-executor/24471:
[ 1483.286044][   T39] 1 lock held by syz-executor/24489:
[ 1483.286056][   T39] 1 lock held by syz-executor/24519:
[ 1483.286069][   T39] 4 locks held by syz-executor/24520:
[ 1483.286082][   T39] 
[ 1483.286087][   T39] =============================================
[ 1483.286087][   T39] 
[ 1483.286103][   T39] NMI backtrace for cpu 1
[ 1483.286131][   T39] CPU: 1 UID: 0 PID: 39 Comm: khungtaskd Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1483.286161][   T39] Tainted: [L]=SOFTLOCKUP
[ 1483.286169][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1483.286181][   T39] Call Trace:
[ 1483.286190][   T39]  <TASK>
[ 1483.286199][   T39]  dump_stack_lvl+0x189/0x250
[ 1483.286232][   T39]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1483.286261][   T39]  ? __pfx__printk+0x10/0x10
[ 1483.286295][   T39]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1483.286334][   T39]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1483.286371][   T39]  ? __pfx__printk+0x10/0x10
[ 1483.286398][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1483.286424][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1483.286460][   T39]  watchdog+0xf3c/0xf80
[ 1483.286490][   T39]  ? watchdog+0x1e2/0xf80
[ 1483.286520][   T39]  kthread+0x711/0x8a0
[ 1483.286554][   T39]  ? __pfx_watchdog+0x10/0x10
[ 1483.286576][   T39]  ? __pfx_kthread+0x10/0x10
[ 1483.286609][   T39]  ? rt_spin_unlock+0x150/0x200
[ 1483.286635][   T39]  ? rt_spin_unlock+0x161/0x200
[ 1483.286652][   T39]  ? __pfx_kthread+0x10/0x10
[ 1483.286679][   T39]  ret_from_fork+0x599/0xb30
[ 1483.286703][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[ 1483.286734][   T39]  ? __switch_to_asm+0x39/0x70
[ 1483.286759][   T39]  ? __switch_to_asm+0x33/0x70
[ 1483.286785][   T39]  ? __pfx_kthread+0x10/0x10
[ 1483.286812][   T39]  ret_from_fork_asm+0x1a/0x30
[ 1483.286855][   T39]  </TASK>
[ 1483.286863][   T39] Sending NMI from CPU 1 to CPUs 0:
[ 1483.286893][    C0] NMI backtrace for cpu 0
[ 1483.286911][    C0] CPU: 0 UID: 0 PID: 24443 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1483.286937][    C0] Tainted: [L]=SOFTLOCKUP
[ 1483.286944][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1483.286955][    C0] RIP: 0010:lock_release+0x60/0x3b0
[ 1483.286984][    C0] Code: 87 02 00 00 89 c0 48 0f a3 05 fc 4c 3d 0d 73 0d e8 c5 fa 08 00 84 c0 0f 84 a3 02 00 00 83 3d e6 5c 3d 0d 00 0f 84 3e 02 00 00 <65> 8b 05 19 12 10 10 85 c0 0f 85 2f 02 00 00 65 4c 8b 3c 25 08 e0
[ 1483.287000][    C0] RSP: 0018:ffffc9000478f718 EFLAGS: 00000002
[ 1483.287017][    C0] RAX: 0000000000000001 RBX: 0000000000000a06 RCX: 075ad9c51d557a00
[ 1483.287029][    C0] RDX: dffffc0000000000 RSI: ffffffff8b3ede40 RDI: ffffffff8b3ede00
[ 1483.287043][    C0] RBP: ffffc9000478f818 R08: 0000000000000003 R09: 0000000000000004
[ 1483.287056][    C0] R10: dffffc0000000000 R11: fffff520008f1ee0 R12: dffffc0000000000
[ 1483.287070][    C0] R13: ffffffff8485bb1e R14: ffffffff98e94880 R15: 1ffff920008f1ef0
[ 1483.287085][    C0] FS:  0000000000000000(0000) GS:ffff888126d52000(0000) knlGS:0000000000000000
[ 1483.287100][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1483.287112][    C0] CR2: 000055555c6ec808 CR3: 00000000602fa000 CR4: 00000000003526f0
[ 1483.287129][    C0] Call Trace:
[ 1483.287136][    C0]  <TASK>
[ 1483.287148][    C0]  _raw_spin_unlock_irqrestore+0x70/0x110
[ 1483.287174][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1483.287198][    C0]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1483.287217][    C0]  ? rt_spin_unlock+0x150/0x200
[ 1483.287237][    C0]  debug_check_no_obj_freed+0x52e/0x550
[ 1483.287272][    C0]  remove_vm_area+0x1d3/0x300
[ 1483.287298][    C0]  ? __pfx_kcov_close+0x10/0x10
[ 1483.287319][    C0]  vfree+0xb7/0x470
[ 1483.287342][    C0]  ? rt_spin_unlock+0x161/0x200
[ 1483.287359][    C0]  ? __pfx_kcov_close+0x10/0x10
[ 1483.287379][    C0]  kcov_close+0x2e/0x60
[ 1483.287397][    C0]  __fput+0x45b/0xa80
[ 1483.287423][    C0]  task_work_run+0x1d4/0x260
[ 1483.287452][    C0]  ? __pfx_task_work_run+0x10/0x10
[ 1483.287479][    C0]  ? do_exit+0x6c0/0x2310
[ 1483.287506][    C0]  ? do_exit+0x6c0/0x2310
[ 1483.287533][    C0]  do_exit+0x6c5/0x2310
[ 1483.287558][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1483.287588][    C0]  ? __pfx_do_exit+0x10/0x10
[ 1483.287613][    C0]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 1483.287631][    C0]  ? rt_spin_lock+0x1c1/0x3e0
[ 1483.287656][    C0]  do_group_exit+0x21c/0x2d0
[ 1483.287682][    C0]  ? rt_spin_unlock+0x161/0x200
[ 1483.287701][    C0]  get_signal+0x125d/0x1310
[ 1483.287734][    C0]  arch_do_signal_or_restart+0x9a/0x7a0
[ 1483.287765][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1483.287802][    C0]  ? exit_to_user_mode_loop+0x55/0x4f0
[ 1483.287830][    C0]  exit_to_user_mode_loop+0x87/0x4f0
[ 1483.287862][    C0]  ? rcu_is_watching+0x15/0xb0
[ 1483.287882][    C0]  do_syscall_64+0x2e3/0xf80
[ 1483.287906][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.287924][    C0]  ? clear_bhb_loop+0x60/0xb0
[ 1483.287945][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1483.287963][    C0] RIP: 0033:0x7fb148c215dc
[ 1483.287977][    C0] Code: Unable to access opcode bytes at 0x7fb148c215b2.
[ 1483.287987][    C0] RSP: 002b:00007ffdd5d240f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1483.288006][    C0] RAX: 0000000000000038 RBX: 00007fb1499a4620 RCX: 00007fb148c215dc
[ 1483.288018][    C0] RDX: 0000000000000038 RSI: 00007fb1499a4670 RDI: 0000000000000003
[ 1483.288030][    C0] RBP: 0000000000000000 R08: 00007ffdd5d24144 R09: 000000000000000c
[ 1483.288041][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[ 1483.288053][    C0] R13: 0000000000000000 R14: 00007fb1499a4670 R15: 0000000000000000
[ 1483.288075][    C0]  </TASK>
[ 1486.083028][ T5802] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1486.102472][ T5802] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1486.106479][ T5802] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1486.121817][ T5802] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1486.129936][ T5802] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1488.438539][ T5802] Bluetooth: hci4: command tx timeout
[ 1490.732331][ T5802] Bluetooth: hci4: command tx timeout
[ 1492.800729][ T5802] Bluetooth: hci4: command tx timeout