last executing test programs:

28m11.088663529s ago: executing program 4 (id=103):
r0 = socket(0x840000000002, 0x3, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = timerfd_create(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, 0x0)
connect$inet(r0, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x300, 0x401eb94)

28m1.90816485s ago: executing program 4 (id=116):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x18, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r4, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000340)={'gretap0\x00', &(0x7f0000000280)={'syztnl1\x00', 0x0, 0x10, 0x20, 0x46, 0x208, {{0xe, 0x4, 0x3, 0x2c, 0x38, 0x65, 0x0, 0xe1, 0x29, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0xc, 0x3c, 0x1, 0x9, [{@local, 0x7ff}]}, @rr={0x7, 0xb, 0xc4, [@loopback, @remote]}, @noop, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4, 0x2}]}}}}})
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
connect(r0, &(0x7f0000000400)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-twofish-3way\x00'}, 0x80)
r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/66, 0x42}], 0x1)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d40)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c5a3, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}}, @TCA_CHOKE_STAB={0x104, 0x2, "dc542b4e237011fb38ddb228806571a8633206e26df63a43bbc516382325dedd79c1cf0a26379dfaf72cb5ab9ab7efe16f312ee9ab598d1ac0d7903ac69c51f1b6842ebecf00dec5deff737b59f0c1f0b57cc6c2b7b8c5b2c527aafa57222f4bd2355ccab39fa20d4033b6b687491532080101805feb9c6fa8a56a77186efcb394ce1a1cd7f2130835e3bf9e3ac25d0a102a808be13beb51f37da6d10046f131834545ee5013f43e41e91eb18a12c28540ab4106286e0f7568f6a9cd0c0da51df08e42848096b25d455ebec9adfd6e493d8c9725bc2d49bbbae0a5375b359f91d9dad20ed109ffbc52469cffd2cf5df7773f7a4c72ae167485315c326281efc4"}]}}]}, 0x14c}}, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffa6010000000100000056000000250000001900040004000007fdd411", 0x2b}], 0x1)

27m59.856333446s ago: executing program 4 (id=118):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x36900, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240), 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0xa], 0x10000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000000)={[0x100020000000034, 0x1, 0xfffffffffffffffe, 0x17e, 0x200000004, 0x7, 0xffffffffffffc129, 0x1ffe, 0x7fffffffffffe, 0xa2a, 0x80, 0x5, 0x100000001, 0x8000000000000002, 0xb, 0xbdb], 0xeeee8000, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

27m58.016355073s ago: executing program 4 (id=121):
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000040)=0x2000000, 0x4)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x8e)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000780)='overlay\x00', &(0x7f00000007c0)='/dev/kvm\x00', 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x88182, 0x0)
fanotify_mark(0xffffffffffffffff, 0x1, 0x1, r3, 0x0)
r4 = open(0x0, 0x0, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
sendfile(r8, r7, &(0x7f00000000c0)=0x58, 0x5)
ioctl$AUTOFS_IOC_CATATONIC(r4, 0x9362, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$MSR(0x0, 0xbd, 0x0)
r9 = io_uring_setup(0xf08, &(0x7f00000003c0)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
io_uring_register$IORING_REGISTER_FILES(r9, 0x20, &(0x7f0000000000)=[r9], 0x1)

27m53.413837083s ago: executing program 4 (id=131):
r0 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0x1, 0x87, {"0f22e5c744240060420000c744240233d8cecbc7442406000000000f011c24660f38816810c4027958b20000000064449966baf80cb83284af80ef66bafc0c66ed66baf80cb8cc07ff8aef66bafc0cb8d4000000ef48b8f8000000000000000f23c00f21f835030009000f23f8450f2244c4417c50cc"}}], 0x87})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x36900, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a35", 0x0, 0x9})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0xa], 0x10000, 0x202})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000000)={[0x100020000000034, 0x1, 0xfffffffffffffffe, 0x17e, 0x200000004, 0x7, 0xffffffffffffc129, 0x1ffe, 0x7fffffffffffe, 0xa2a, 0x80, 0x5, 0x100000001, 0x8000000000000002, 0xb, 0xbdb], 0xeeee8000, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

27m52.582672087s ago: executing program 4 (id=134):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8400)

27m37.206847171s ago: executing program 32 (id=134):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x149a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r3)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x14, r4, 0x301, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x8400)

20m57.298689992s ago: executing program 1 (id=757):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)

20m55.658810352s ago: executing program 1 (id=763):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00'}, 0x10)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
dup2(r1, r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000012c0)={&(0x7f0000000200)={0x38, r5, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x5, 0x4}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)={0x2c, r6, 0x2cb3b0415539fbbb, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0x8}, @void}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x2}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xffffff81}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x0)

20m53.485206918s ago: executing program 1 (id=764):
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x4, 0xfb, 0x3, 0x2, 0x9}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xa5a}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
r4 = socket(0x10, 0x80002, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000001c0)=0x1, 0x4)
sendmmsg$alg(r4, &(0x7f00000000c0), 0x492492492492627, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000380)=0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x71}, 0x38)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)

20m50.385414196s ago: executing program 1 (id=768):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000340))
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x47}, &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000480)=<r5=>0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)="b9", 0x0, 0x402, r6}, 0x38)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000000)={0x0, &(0x7f00000004c0)=""/233, &(0x7f00000001c0), &(0x7f0000000240), 0x6, r6}, 0x38)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)

20m46.557074044s ago: executing program 1 (id=773):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x104, 0x2e, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0xf3, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa37", @typed={0x4, 0xe9}]}]}, 0x104}], 0x1, 0x0, 0x0, 0x1}, 0x0)

20m46.161456456s ago: executing program 1 (id=774):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
chdir(&(0x7f0000000300)='./file0\x00')
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r6, &(0x7f00000004c0)="ab", 0xff04, 0xc0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)

20m28.668013209s ago: executing program 33 (id=774):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
chdir(&(0x7f0000000300)='./file0\x00')
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
sendto$inet(r6, &(0x7f00000004c0)="ab", 0xff04, 0xc0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)

20m13.312968076s ago: executing program 0 (id=818):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$evdev(0x0, 0x1840202, 0x4800)
ioctl$EVIOCGREP(r2, 0x80084522, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb0100180000000000000030000000300000000a0000000800000000000004040000000800000002000004f7ffffff0400000001000000000000000300000001000000000000000030615f5f5f2e2e5f"], 0x0, 0x52, 0x0, 0x9, 0x6}, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r4, r3, 0x0, 0x901)
mmap$binder(&(0x7f00008d6000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x5)
r5 = memfd_create(&(0x7f0000000300)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xae\xd1md\xc8\x85\x00\x00\xfb\xff\x00\x18\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x4)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r6 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r6, 0x40946400, &(0x7f00000000c0)={'aio_aio12_8\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x2, 0x1, 0x1, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x3, 0x40000003, 0x89, 0xcaa7, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0x8, 0x6, 0x0, 0xfffffff8]})

20m11.925820827s ago: executing program 0 (id=819):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f271a76d2686dd4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

20m11.437916114s ago: executing program 0 (id=821):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x3b8, 0x2a8, 0x98, 0x2a8, 0x130, 0x1f0, 0x370, 0x370, 0x98, 0x370, 0x370, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x69}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x3, {0x5}}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x110)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, &(0x7f0000000300), &(0x7f0000000000)='GPL\x00', 0x2, 0xe3, &(0x7f0000000780)=""/227}, 0x94)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000540)={0x7, 0xf000, 0x8, 0xffffffffffffffff, 0x5})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a00000004000000060000008000000042"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340), &(0x7f0000000340), 0x619, r4}, 0x38)

20m11.026587264s ago: executing program 0 (id=822):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="170000"], 0x830200)

20m10.902808726s ago: executing program 0 (id=823):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 000000000000040'], 0x2a, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
syz_open_dev$tty1(0xc, 0x4, 0x1)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2250)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
creat(0x0, 0x1)
sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0600000000000000bd7000ffdbdf250f00000008000100ff2337b7e79aabd58dd9dc440ff44162a67512f3787e9487efd2a226c1bcb7a46db18df4a8126d63deedbc2ddb595b80f79e8d89560ab6dda96163478270a1d7435a269a545ca4b9186c57bd5951baf3cfc61ee61be433e02d4d5e185606f4dd8908a34ea1eebfc5"], 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x40010)

20m6.132962827s ago: executing program 0 (id=830):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5'])
open(&(0x7f0000000240)='./file0\x00', 0x606701, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xfffffd9d)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000023000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f000022c000/0x3000)=nil)
memfd_create(0x0, 0x3)
clock_gettime(0x1, &(0x7f0000000000)={<r3=>0x0, <r4=>0x0})
clock_settime(0x0, &(0x7f0000000040)={r3, r4+10000000})
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc8)

19m50.067564779s ago: executing program 34 (id=830):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=5'])
open(&(0x7f0000000240)='./file0\x00', 0x606701, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0'}, 0xfffffd9d)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000023000/0x3000)=nil, 0x3000, 0x3000, 0x6, &(0x7f000022c000/0x3000)=nil)
memfd_create(0x0, 0x3)
clock_gettime(0x1, &(0x7f0000000000)={<r3=>0x0, <r4=>0x0})
clock_settime(0x0, &(0x7f0000000040)={r3, r4+10000000})
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xc8)

14m0.043302791s ago: executing program 2 (id=1255):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
syz_usbip_server_init(0x4)
syz_usbip_server_init(0x3)
read$FUSE(r1, &(0x7f0000006300)={0x2020}, 0x2020)
syz_fuse_handle_req(r1, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
write$tcp_congestion(r2, &(0x7f00000000c0)='lp\x00', 0xfffffdef)

13m58.492374752s ago: executing program 2 (id=1256):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x18)
r3 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040), 0x10)
listen(r3, 0x0)
r4 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)

13m51.301010535s ago: executing program 2 (id=1264):
clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x80000001, 0x800000000b, 0xff, 0x4, 0x20000000008, 0x79800000, 0xffff, 0x6, 0x6, 0xffffffffffffffff, 0x5, 0x810f, 0x2, 0xfffffffffffffffc, 0xe6b, 0xfffffffffffffff0, 0x4, 0x5, 0x800, 0x1, 0x9, 0x0, 0x4, 0x7, 0x8})
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa08004510003e00660000070290780a010102ac1414aa11ff09"], 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000001c0)={'tunl0\x00', 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x6, 0x58, 0x0, 0x0, 0x9, 0x2f, 0x0, @broadcast, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x86dd}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x2)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
fsopen(&(0x7f0000000080)='binder\x00', 0x1)
getdents(0xffffffffffffffff, 0x0, 0x58)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)

13m43.738022707s ago: executing program 2 (id=1269):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x88800, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x1ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_GUEST_DEBUG_x86(r4, 0x4048ae9b, &(0x7f0000000140)={0x120001, 0x0, {[0x3ff, 0xb7, 0x7, 0x8000000287, 0x2, 0x0, 0x7, 0x4]}})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000640)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x5, 0x7d, 0x0, 0x0, 0x0, 0x2, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

13m42.752002738s ago: executing program 2 (id=1271):
clock_adjtime(0x0, &(0x7f0000000000)={0x0, 0x80000001, 0x800000000b, 0xff, 0x4, 0x20000000008, 0x79800000, 0xffff, 0x6, 0x6, 0xffffffffffffffff, 0x5, 0x810f, 0x2, 0xfffffffffffffffc, 0xe6b, 0xfffffffffffffff0, 0x4, 0x5, 0x800, 0x1, 0x9, 0x0, 0x4, 0x7, 0x8})
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa08004510003e00660000070290780a010102ac1414aa11ff09"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x2, 0x6, 0x58, 0x0, 0x0, 0x9, 0x2f, 0x0, @broadcast, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x86dd}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x2)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
fsopen(&(0x7f0000000080)='binder\x00', 0x1)
getdents(0xffffffffffffffff, 0x0, 0x58)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x9, 0x2)

13m28.14186308s ago: executing program 2 (id=1280):
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x4, 0xfb, 0x3, 0x2, 0x9}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xa5a}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
r2 = socket(0x10, 0x80002, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000001c0)=0x1, 0x4)
sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000380)=0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x71}, 0x38)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>r5, {0x4}}, './file0\x00'})
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000002c0)="0f080fd15600baf80c66b8e0f4a48366efbafc0c66ed660f293b66b8010000000f23d80f21f86635800000800f23f865660f3881590021838a000f20e06635020000000f22e066b9320600000f3266b98c08000066b8c4f73bf666ba000000000f30", 0x62}], 0x1, 0x4b, 0x0, 0x0)

13m12.43415526s ago: executing program 35 (id=1280):
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000740), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x4, 0xfb, 0x3, 0x2, 0x9}, 0x3}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xa5a}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x88}, 0x1, 0x0, 0x0, 0x84}, 0x8000)
r2 = socket(0x10, 0x80002, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000001c0)=0x1, 0x4)
sendmmsg$alg(r2, &(0x7f00000000c0), 0x492492492492627, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, &(0x7f0000000380)=0x14)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x71}, 0x38)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r5, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r6=>r5, {0x4}}, './file0\x00'})
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000002c0)="0f080fd15600baf80c66b8e0f4a48366efbafc0c66ed660f293b66b8010000000f23d80f21f86635800000800f23f865660f3881590021838a000f20e06635020000000f22e066b9320600000f3266b98c08000066b8c4f73bf666ba000000000f30", 0x62}], 0x1, 0x4b, 0x0, 0x0)

8.813550164s ago: executing program 5 (id=2039):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x4, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @vbi={0x174, 0xfffff800, 0x31384142, 0x31303453, [0x6, 0xa], [0x58e3, 0x741], 0x1}})
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[])
read$FUSE(0xffffffffffffffff, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, 0xffffffffffffffff, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff, 0xffffff00})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r3, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x4000844)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e25, @multicast2}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

8.711103648s ago: executing program 3 (id=2040):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
read(r1, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r1, 0xc08c5334, &(0x7f0000000300)={0x8009, 0x100000d, 0x1, 'queue0\x00', 0x16})
tkill(0x0, 0x7)

7.885641463s ago: executing program 5 (id=2041):
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)
socket$kcm(0x11, 0x2, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480)
ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x81, @value=0x327})
getpid()
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_OSF_FLAGS={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x850}, 0x4040080)

7.683379315s ago: executing program 3 (id=2042):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="000004"], 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)

6.599866739s ago: executing program 5 (id=2043):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x8000)
r2 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, 0x0)
connect$qrtr(r2, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r3 = syz_io_uring_setup(0x497, &(0x7f0000000540)={0x0, 0x4660, 0x400, 0x3, 0x47}, &(0x7f00000004c0)=<r4=>0x0, &(0x7f0000000480)=<r5=>0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)="b9", 0x0, 0x402}, 0x38)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x0, 0x0})
io_uring_enter(r3, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000380)="ebe3a0e961837b796cfd1647e2080000000000000080b3720022205e81f4a7f71c197baae1efd7e8004a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4e}, {&(0x7f00000006c0)="e8710e444d50a969ff678371e3214aeee71dee3819271482a4975a52c18b9b8b4db3945d1032005eabe97b4dc33a47d3a158da98255ccdd4c15eb6c9857345444d8456d30026b433a2efdd5b00186f35cdcdb93a4722bf356a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e8927d2a8103ef2f4b93766b756b66f74f46cf801704d27a8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511ce678c0bb8e26d7b48241847bf9e343ef4e55d45e2a0000000000000000000", 0xd6}, {&(0x7f0000000400)="04c6a9c756754e10ed8d88c06d7a674db97cd0e21437530a3945ac896fa7f8e368f87de990e40a896805e49ce1e13103d82fffe82237f587e63d95e01ef451eaba2dd01c56e7f23c1fcccbea54dae8e295f2e533e4a34175026a9964eebc1aaae05e44a19a27bee2f591abe2f456448754670a7c3e2e4b47a71bc7", 0x7b}, {&(0x7f0000000300)}], 0x5}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

5.477231008s ago: executing program 5 (id=2044):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x190)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x0, 0xe4}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev(r2, &(0x7f0000000080)=[{&(0x7f0000000000)="4e666fb7323d42688130f25af52257dcba5aac374db49fe8cdeca62dd5be5d9e82e6883e83d1b853aa8a9e8e76ffc238761cfe0281e851319e40a8bd2ead16780ae3263b35f087df543d98cf9c8ea1c7f71600b85c", 0x55}], 0x1, 0x8001, 0x7)
write$char_usb(r4, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, 0x0, 0x0)
syz_usb_disconnect(r0)
gettid()

3.955123583s ago: executing program 3 (id=2045):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x4c, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x100, @multicast2}, 0x10)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

2.49094094s ago: executing program 3 (id=2046):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(0x0, r0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xa, 0x5}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$peekuser(0x3, r1, 0x4)
semtimedop(0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r4 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$tipc(r5, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004340)=[{0x0}, {0x0}, {&(0x7f0000000180)="554573ca292366878e10d634e7a0b779488ce16d07", 0x15}], 0x3}, 0x0)
ioctl$SG_GET_VERSION_NUM(r4, 0x2284, &(0x7f0000000080))

2.46245414s ago: executing program 5 (id=2047):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000680), r0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xa, 0x5}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$peekuser(0x3, r3, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
semtimedop(0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$tipc(r7, &(0x7f0000004440)={0x0, 0x0, &(0x7f0000004340)=[{0x0}, {0x0}, {&(0x7f0000000180)="554573ca292366878e10d634e7a0b779488ce16d07", 0x15}], 0x3}, 0x0)
ioctl$SG_GET_VERSION_NUM(r6, 0x2284, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010027bd700000dbdf25250000000a0001007770616e3000000005002a000700000058df7d675aa64f3bc1c385b69d3de9f782759d1902bd7fa4646c1d651efef5c512d3bbeee4ca3783cc3d0c36e08e382f1a458a774a15fa59"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4c0d0)

1.203151576s ago: executing program 5 (id=2048):
syz_emit_ethernet(0x4a, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x60c40, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0xa00, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x60042, 0x0)
write$binfmt_elf64(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="7f454c460e02fab7ff7f00000000000002000300fffeffffdf020000000000004000000000000000030300ef0000000000000000080038000100040004000d0003000000008000"/80], 0x78)
sendmsg(r1, 0x0, 0x80)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x12)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000002100000008"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x1539})

1.090949047s ago: executing program 3 (id=2049):
syz_open_procfs(0x0, &(0x7f00000000c0)='net/udp6\x00')
semctl$GETALL(0x0, 0x0, 0xd, 0x0)
semop(0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x3}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4050000000000006910240000000000bc001000000000009500000000000000ef4f7c81f5427c16bd2aacf32cdbb47063fd9a7bb1f3ad622c3261f324e081c0ea39bd16d9869302cc08fbd94867708cb208e22cc0ad536525e3b39869285c126353f6a49bc5abc6b9a4eab313655286ee33a56f03b665dd5f1739bda6accc3b9b0d26450d3161263aed01194269a5fba4553bb18fa1f37e2f68a8ef81f090829d0ee04b52611a41642b31a6fe2653171379cc327fc11e38418b589777"], 0x0, 0x7, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, 0x80001}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x3)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f000000e0c0), 0x10010)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000b00)=@ccm_128={{0x303}, "0000090800000003", "73b59657269ef929ee540a8a0a86c5d0", "6362dfd5", "21be0dd9f7f3c312"}, 0x28)
sendfile(r4, r5, &(0x7f0000000100)=0x1010, 0x10001)

0s ago: executing program 3 (id=2050):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a000008048002000905", @ANYRES64], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x10, 0x0, @mcast2}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x190)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0xff, 0x0, 0x0, 0xe4}}}}}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev(r1, &(0x7f0000000080)=[{&(0x7f0000000000)="4e666fb7323d42688130f25af52257dcba5aac374db49fe8cdeca62dd5be5d9e82e6883e83d1b853aa8a9e8e76ffc238761cfe0281e851319e40a8bd2ead16780ae3263b35f087df543d98cf9c8ea1c7f71600b85c", 0x55}], 0x1, 0x8001, 0x7)
write$char_usb(r3, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 249 > 1
[ 1495.513204][T13144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1495.514705][T13144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1495.518111][T13144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1495.521196][T13144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1496.138127][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1496.258258][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1496.337204][T13558] bond0 (unregistering): Released all slaves
[ 1496.565764][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1496.605234][ T5801] Bluetooth: hci0: command tx timeout
[ 1496.645778][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1496.718887][T13558] bond0 (unregistering): Released all slaves
[ 1497.002465][T14359] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1497.002737][T14359] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1497.002936][T14359] bridge_slave_0: entered allmulticast mode
[ 1497.031059][T14359] bridge_slave_0: entered promiscuous mode
[ 1497.072535][T14359] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1497.072706][T14359] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1497.073315][T14359] bridge_slave_1: entered allmulticast mode
[ 1497.119915][T14359] bridge_slave_1: entered promiscuous mode
[ 1497.646908][ T5801] Bluetooth: hci1: command tx timeout
[ 1498.000468][T14359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1498.097427][T14530] sd 0:0:1:0: device reset
[ 1498.716608][ T5801] Bluetooth: hci0: command tx timeout
[ 1499.010038][T14359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1499.040068][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1499.066062][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1499.374268][T14538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1685'.
[ 1499.785439][ T5801] Bluetooth: hci1: command tx timeout
[ 1499.861939][T13558] hsr_slave_0: left promiscuous mode
[ 1499.875342][T13558] hsr_slave_1: left promiscuous mode
[ 1499.876076][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1499.990684][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1500.475712][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1500.586726][ T5790] libceph: connect (1)[c::]:6789 error -101
[ 1500.587237][ T5790] libceph: mon0 (1)[c::]:6789 connect error
[ 1500.646336][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1500.798156][ T5801] Bluetooth: hci0: command tx timeout
[ 1500.853832][ T5790] libceph: connect (1)[c::]:6789 error -101
[ 1500.853961][ T5790] libceph: mon0 (1)[c::]:6789 connect error
[ 1501.353734][T14541] ceph: No mds server is up or the cluster is laggy
[ 1501.357878][T11397] libceph: connect (1)[c::]:6789 error -101
[ 1501.358079][T11397] libceph: mon0 (1)[c::]:6789 connect error
[ 1501.622894][T14545] netlink: 'syz.5.1687': attribute type 1 has an invalid length.
[ 1501.805097][ T5801] Bluetooth: hci1: command tx timeout
[ 1501.835748][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1501.987370][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1502.845061][ T5801] Bluetooth: hci0: command tx timeout
[ 1502.881836][T14546] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1502.882558][T14546] bond2: (slave vxcan3): Error -95 calling set_mac_address
[ 1503.226271][T14359] team0: Port device team_slave_0 added
[ 1503.240544][T14359] team0: Port device team_slave_1 added
[ 1504.478533][ T5801] Bluetooth: hci1: command tx timeout
[ 1504.808368][T14359] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1504.808384][T14359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1504.808408][T14359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1505.377807][T14359] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1505.377825][T14359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1505.377852][T14359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1507.354210][T14570] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1507.554719][T14359] hsr_slave_0: entered promiscuous mode
[ 1507.577996][T14359] hsr_slave_1: entered promiscuous mode
[ 1512.865359][T14506] chnl_net:caif_netlink_parms(): no params data found
[ 1513.375076][ T8737] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1513.479482][T14517] chnl_net:caif_netlink_parms(): no params data found
[ 1513.537496][ T8737] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1513.537531][ T8737] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1513.537567][ T8737] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1513.537579][ T8737] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1513.565833][T14604] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1513.606202][ T8737] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1515.762128][T14506] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1515.762621][T14506] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1515.763498][T14506] bridge_slave_0: entered allmulticast mode
[ 1515.793417][T14506] bridge_slave_0: entered promiscuous mode
[ 1516.091161][T14506] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1516.091328][T14506] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1516.091593][T14506] bridge_slave_1: entered allmulticast mode
[ 1516.131941][T14506] bridge_slave_1: entered promiscuous mode
[ 1516.276392][   T31] usb 6-1: USB disconnect, device number 28
[ 1517.185094][ T5886] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1517.305151][T14506] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1517.306569][T14517] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1517.306702][T14517] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1517.306885][T14517] bridge_slave_0: entered allmulticast mode
[ 1517.308830][T14517] bridge_slave_0: entered promiscuous mode
[ 1517.345090][ T5886] usb 4-1: Using ep0 maxpacket: 16
[ 1517.359224][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1517.359272][ T5886] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1517.359294][ T5886] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1517.393715][ T5886] usb 4-1: config 0 descriptor??
[ 1517.462690][T14506] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1517.463508][T14517] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1517.463630][T14517] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1517.463831][T14517] bridge_slave_1: entered allmulticast mode
[ 1517.469479][T14517] bridge_slave_1: entered promiscuous mode
[ 1517.820583][ T5886] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[ 1517.820624][ T5886] mcp2221 0003:04D8:00DD.0006: unknown main item tag 0x0
[ 1517.820648][ T5886] mcp2221 0003:04D8:00DD.0006: item fetching failed at offset 2/5
[ 1517.821402][ T5886] mcp2221 0003:04D8:00DD.0006: can't parse reports
[ 1517.821498][ T5886] mcp2221 0003:04D8:00DD.0006: probe with driver mcp2221 failed with error -22
[ 1517.960364][T14506] team0: Port device team_slave_0 added
[ 1517.964350][T14517] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1517.989256][T14506] team0: Port device team_slave_1 added
[ 1518.002587][T14631] netlink: 'syz.5.1702': attribute type 1 has an invalid length.
[ 1518.132633][T14517] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1518.225604][   T31] usb 4-1: USB disconnect, device number 23
[ 1518.290700][T14632] bond3: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1518.291426][T14632] bond3: (slave vxcan3): Error -95 calling set_mac_address
[ 1518.537832][T14359] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1518.646809][T14506] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1518.646826][T14506] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1518.646851][T14506] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1518.648443][T14359] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1518.719442][T14517] team0: Port device team_slave_0 added
[ 1518.720756][T14506] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1518.720770][T14506] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1518.720790][T14506] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1518.731136][T14359] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1518.810326][T14517] team0: Port device team_slave_1 added
[ 1518.811027][T14359] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1521.226119][T14517] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1521.226137][T14517] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1521.226162][T14517] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1521.325128][T13806] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1521.356680][T14517] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1521.356691][T14517] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1521.356706][T14517] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1521.402262][T14506] hsr_slave_0: entered promiscuous mode
[ 1521.403823][T14506] hsr_slave_1: entered promiscuous mode
[ 1521.413317][T14506] debugfs: 'hsr0' already exists in 'hsr'
[ 1521.413345][T14506] Cannot create hsr debugfs directory
[ 1521.481250][T13806] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1521.481282][T13806] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1521.481306][T13806] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1521.481317][T13806] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1521.533616][T14652] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1521.582237][T13806] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1523.582840][T14517] hsr_slave_0: entered promiscuous mode
[ 1523.595941][T14517] hsr_slave_1: entered promiscuous mode
[ 1523.599153][T14517] debugfs: 'hsr0' already exists in 'hsr'
[ 1523.599180][T14517] Cannot create hsr debugfs directory
[ 1523.743573][T13558] bridge_slave_1: left allmulticast mode
[ 1523.743601][T13558] bridge_slave_1: left promiscuous mode
[ 1523.743861][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1523.816983][T13558] bridge_slave_0: left allmulticast mode
[ 1523.817013][T13558] bridge_slave_0: left promiscuous mode
[ 1523.817275][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1524.262217][ T5886] usb 6-1: USB disconnect, device number 29
[ 1524.868661][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1525.776919][T13144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1525.828989][ T9047] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1525.886127][ T9047] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1525.888082][ T9047] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1525.888877][ T9047] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1525.966620][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1526.053550][T13558] bond0 (unregistering): Released all slaves
[ 1528.144511][ T5801] Bluetooth: hci2: command tx timeout
[ 1528.194725][   T31] libceph: connect (1)[c::]:6789 error -101
[ 1528.207460][   T31] libceph: mon0 (1)[c::]:6789 connect error
[ 1528.335989][T14687] ceph: No mds server is up or the cluster is laggy
[ 1528.903245][T13558] hsr_slave_0: left promiscuous mode
[ 1528.951927][T13558] hsr_slave_1: left promiscuous mode
[ 1528.955811][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1529.017469][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1529.811348][T14707] netlink: 'syz.3.1717': attribute type 1 has an invalid length.
[ 1530.145805][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1530.205631][ T5801] Bluetooth: hci2: command tx timeout
[ 1530.365557][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1531.236154][T14708] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1531.236794][T14708] bond4: (slave vxcan3): Error -95 calling set_mac_address
[ 1532.142458][T14506] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1532.291560][T14717] sd 0:0:1:0: device reset
[ 1533.284979][ T5801] Bluetooth: hci2: command tx timeout
[ 1533.439487][T14715] netlink: 'syz.3.1719': attribute type 29 has an invalid length.
[ 1533.439502][T14715] netlink: 'syz.3.1719': attribute type 3 has an invalid length.
[ 1533.439509][T14715] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1719'.
[ 1533.453547][T14506] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1534.130974][T14506] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1534.396925][T14506] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1535.142276][ T5801] Bluetooth: hci3: ACL packet for unknown connection handle 200
[ 1536.295563][ T5801] Bluetooth: hci2: command tx timeout
[ 1537.038742][T14747] sd 0:0:1:0: device reset
[ 1539.605044][ T5886] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1539.777706][ T5886] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1539.777742][ T5886] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1539.777778][ T5886] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1539.777799][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1539.833070][T14765] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1539.861374][ T5886] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1541.390667][T14667] chnl_net:caif_netlink_parms(): no params data found
[ 1542.500582][    C1] dummy_hcd dummy_hcd.5: timer fired with no URBs pending?
[ 1542.505127][   T31] usb 6-1: USB disconnect, device number 30
[ 1547.861238][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1547.861310][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1548.162092][ T5801] Bluetooth: hci3: ACL packet for unknown connection handle 200
[ 1550.834432][T14667] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1550.834508][T14667] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1550.834649][T14667] bridge_slave_0: entered allmulticast mode
[ 1550.837448][T14667] bridge_slave_0: entered promiscuous mode
[ 1550.842736][T14667] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1550.842860][T14667] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1550.843042][T14667] bridge_slave_1: entered allmulticast mode
[ 1550.892612][T14667] bridge_slave_1: entered promiscuous mode
[ 1551.395649][T14667] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1551.397731][T14517] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1551.472733][T14667] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1551.547446][T14517] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1551.931048][T14517] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1553.380412][T14517] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1553.604447][T14667] team0: Port device team_slave_0 added
[ 1553.932761][T14667] team0: Port device team_slave_1 added
[ 1555.339817][T14667] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1555.339835][T14667] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1555.339860][T14667] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1555.419231][T14667] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1555.419247][T14667] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1555.419273][T14667] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1555.489272][T13558] bridge_slave_1: left allmulticast mode
[ 1555.489300][T13558] bridge_slave_1: left promiscuous mode
[ 1555.489558][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1555.586778][T13558] bridge_slave_0: left allmulticast mode
[ 1555.586806][T13558] bridge_slave_0: left promiscuous mode
[ 1555.587006][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1556.015734][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1556.162042][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1556.217067][T13558] bond0 (unregistering): Released all slaves
[ 1556.776376][ T9047] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1556.781258][ T9047] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1556.782527][ T9047] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1556.784055][ T9047] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1556.784867][ T9047] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1556.848087][T14667] hsr_slave_0: entered promiscuous mode
[ 1556.849501][T14667] hsr_slave_1: entered promiscuous mode
[ 1556.850511][T14667] debugfs: 'hsr0' already exists in 'hsr'
[ 1556.850535][T14667] Cannot create hsr debugfs directory
[ 1557.005170][T13558] hsr_slave_0: left promiscuous mode
[ 1557.045208][T13558] hsr_slave_1: left promiscuous mode
[ 1557.048348][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1557.095897][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1558.847167][ T5801] Bluetooth: hci0: command tx timeout
[ 1559.267462][ T9047] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1559.272168][ T9047] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1559.273291][ T9047] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1559.274315][ T9047] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1559.280752][ T9047] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1560.625628][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1560.925338][ T9047] Bluetooth: hci0: command tx timeout
[ 1561.515797][ T9047] Bluetooth: hci1: command tx timeout
[ 1561.636304][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1563.009212][ T9047] Bluetooth: hci0: command tx timeout
[ 1563.153738][T14948] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1747'.
[ 1563.319763][T14951] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1747'.
[ 1563.566603][ T9047] Bluetooth: hci1: command tx timeout
[ 1565.158016][T14962] netlink: 'syz.5.1751': attribute type 1 has an invalid length.
[ 1565.165245][ T9047] Bluetooth: hci0: command tx timeout
[ 1565.339875][T14965] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1565.431801][T14963] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1565.432515][T14963] bond4: (slave vxcan3): Error -95 calling set_mac_address
[ 1565.665631][ T9047] Bluetooth: hci1: command tx timeout
[ 1566.475360][   T37] audit: type=1326 audit(1566.268:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475417][   T37] audit: type=1326 audit(1566.268:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475462][   T37] audit: type=1326 audit(1566.268:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475505][   T37] audit: type=1326 audit(1566.268:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475547][   T37] audit: type=1326 audit(1566.268:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475590][   T37] audit: type=1326 audit(1566.268:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475631][   T37] audit: type=1326 audit(1566.268:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475673][   T37] audit: type=1326 audit(1566.268:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1566.475715][   T37] audit: type=1326 audit(1566.268:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14972 comm="syz.3.1752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1567.725095][ T9047] Bluetooth: hci1: command tx timeout
[ 1572.025075][T15016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1572.625314][T14620] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1572.683506][T14917] chnl_net:caif_netlink_parms(): no params data found
[ 1572.775256][T14620] usb 6-1: Using ep0 maxpacket: 32
[ 1572.779268][T14620] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 1572.779296][T14620] usb 6-1: config 0 has no interface number 0
[ 1572.782313][T14620] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1572.782340][T14620] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1572.782360][T14620] usb 6-1: Product: syz
[ 1572.782373][T14620] usb 6-1: Manufacturer: syz
[ 1572.782387][T14620] usb 6-1: SerialNumber: syz
[ 1572.789249][T14620] usb 6-1: config 0 descriptor??
[ 1572.793288][T14620] smsc95xx v2.0.0
[ 1573.255086][T14620] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1573.255107][T14620] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1573.419398][T14932] chnl_net:caif_netlink_parms(): no params data found
[ 1574.070111][T14620] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1574.070428][T14620] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -32
[ 1574.095149][T14620] usb 6-1: USB disconnect, device number 31
[ 1575.918741][T14917] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1575.918890][T14917] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1575.919131][T14917] bridge_slave_0: entered allmulticast mode
[ 1575.922816][T14917] bridge_slave_0: entered promiscuous mode
[ 1575.982982][T14917] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1575.983109][T14917] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1575.983267][T14917] bridge_slave_1: entered allmulticast mode
[ 1575.984780][T14917] bridge_slave_1: entered promiscuous mode
[ 1579.311797][T14932] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1579.311895][T14932] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1579.312133][T14932] bridge_slave_0: entered allmulticast mode
[ 1579.314903][T14932] bridge_slave_0: entered promiscuous mode
[ 1579.337689][T14917] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1579.407942][T14667] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1579.449325][T14917] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1579.449601][T14932] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1579.449807][T14932] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1579.449983][T14932] bridge_slave_1: entered allmulticast mode
[ 1579.487298][T14932] bridge_slave_1: entered promiscuous mode
[ 1579.493629][T14667] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1579.824715][T15099] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1579.951424][T14667] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1580.169487][T14667] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1580.194564][T14917] team0: Port device team_slave_0 added
[ 1580.204101][T14932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1580.382618][T14932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1580.402989][T14917] team0: Port device team_slave_1 added
[ 1581.669517][T14932] team0: Port device team_slave_0 added
[ 1581.695305][T14932] team0: Port device team_slave_1 added
[ 1581.696237][T14917] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1581.696246][T14917] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1581.696260][T14917] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1581.845047][T13806] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1581.997407][T14917] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1581.997419][T14917] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1581.997433][T14917] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1582.034997][T13806] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1582.035023][T13806] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[ 1582.076278][T13806] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1582.076306][T13806] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1582.076324][T13806] usb 6-1: Product: syz
[ 1582.076333][T13806] usb 6-1: Manufacturer: syz
[ 1582.076340][T13806] usb 6-1: SerialNumber: syz
[ 1582.224505][T14932] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1582.224517][T14932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1582.224530][T14932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1582.598614][T14932] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1582.598632][T14932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1582.598658][T14932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1583.985092][T13806] usb 6-1: USB disconnect, device number 32
[ 1585.543738][T14917] hsr_slave_0: entered promiscuous mode
[ 1585.544567][T14917] hsr_slave_1: entered promiscuous mode
[ 1585.776889][T14932] hsr_slave_0: entered promiscuous mode
[ 1585.777720][T14932] hsr_slave_1: entered promiscuous mode
[ 1585.778329][T14932] debugfs: 'hsr0' already exists in 'hsr'
[ 1585.778345][T14932] Cannot create hsr debugfs directory
[ 1586.739419][T13558] bridge_slave_1: left allmulticast mode
[ 1586.739447][T13558] bridge_slave_1: left promiscuous mode
[ 1586.739598][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1586.826088][T13558] bridge_slave_0: left allmulticast mode
[ 1586.826109][T13558] bridge_slave_0: left promiscuous mode
[ 1586.826275][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1586.887798][T13558] bridge_slave_1: left allmulticast mode
[ 1586.887818][T13558] bridge_slave_1: left promiscuous mode
[ 1586.887976][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1586.957527][T13558] bridge_slave_0: left allmulticast mode
[ 1586.957549][T13558] bridge_slave_0: left promiscuous mode
[ 1586.957705][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1587.330475][T15134] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1590.695514][T15139] netlink: 'syz.5.1777': attribute type 29 has an invalid length.
[ 1590.696011][T15139] netlink: 'syz.5.1777': attribute type 3 has an invalid length.
[ 1590.696165][T15139] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1777'.
[ 1591.794458][ T5801] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1591.833712][ T5801] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1591.851993][ T5801] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1591.908703][ T5801] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1591.912333][ T5801] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1592.501304][T15150] sd 0:0:1:0: device reset
[ 1593.441499][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1593.569397][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1593.686126][T13558] bond0 (unregistering): Released all slaves
[ 1593.997641][ T9047] Bluetooth: hci2: command tx timeout
[ 1595.061911][T15168] sd 0:0:1:0: device reset
[ 1595.859337][T15172] netlink: 'syz.5.1783': attribute type 1 has an invalid length.
[ 1595.935804][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1596.015992][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1596.045241][ T9047] Bluetooth: hci2: command tx timeout
[ 1596.097208][T13558] bond0 (unregistering): Released all slaves
[ 1596.390136][T15174] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1596.391214][T15174] bond5: (slave vxcan3): Error -95 calling set_mac_address
[ 1596.798063][T13558] hsr_slave_0: left promiscuous mode
[ 1596.835202][T13558] hsr_slave_1: left promiscuous mode
[ 1596.835900][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1596.859642][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1596.940184][T15178] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1785'.
[ 1597.016596][T13558] hsr_slave_0: left promiscuous mode
[ 1597.044391][T15180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1785'.
[ 1597.055218][T13558] hsr_slave_1: left promiscuous mode
[ 1597.055881][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1597.096257][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1598.127388][ T9047] Bluetooth: hci2: command tx timeout
[ 1600.066097][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1600.205089][ T9047] Bluetooth: hci2: command tx timeout
[ 1600.216367][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1602.120338][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1602.256586][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1603.545996][T13806] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1603.638715][T15215] sd 0:0:1:0: device reset
[ 1604.354051][T15141] chnl_net:caif_netlink_parms(): no params data found
[ 1604.367900][T13806] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1604.367934][T13806] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1604.367979][T13806] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1604.368001][T13806] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.374683][T15203] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1604.383566][T13806] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1607.395203][T15247] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1607.910348][T15141] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1607.910484][T15141] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1607.910692][T15141] bridge_slave_0: entered allmulticast mode
[ 1607.919782][T15141] bridge_slave_0: entered promiscuous mode
[ 1608.091306][T15141] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1608.091541][T15141] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1608.092274][T15141] bridge_slave_1: entered allmulticast mode
[ 1608.123639][T15141] bridge_slave_1: entered promiscuous mode
[ 1608.390795][T13806] usb 6-1: USB disconnect, device number 33
[ 1608.644848][T15141] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1608.683290][T15141] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1608.996840][T15264] sd 0:0:1:0: device reset
[ 1611.081439][T13806] libceph: connect (1)[c::]:6789 error -101
[ 1611.081572][T13806] libceph: mon0 (1)[c::]:6789 connect error
[ 1611.169392][T15271] ceph: No mds server is up or the cluster is laggy
[ 1611.948228][T15141] team0: Port device team_slave_0 added
[ 1612.110581][T15141] team0: Port device team_slave_1 added
[ 1613.145758][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1613.145832][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1613.255235][T15286] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1613.465145][T15026] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1613.617344][T15026] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1613.617379][T15026] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1613.617457][T15026] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1613.617469][T15026] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1613.622936][T15290] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1613.647577][T15026] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1613.691604][T15141] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1613.691619][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1613.691642][T15141] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1613.722874][T15141] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1613.722891][T15141] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1613.722916][T15141] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1614.076674][T15141] hsr_slave_0: entered promiscuous mode
[ 1614.078201][T15141] hsr_slave_1: entered promiscuous mode
[ 1614.079198][T15141] debugfs: 'hsr0' already exists in 'hsr'
[ 1614.079222][T15141] Cannot create hsr debugfs directory
[ 1615.028810][T15300] sd 0:0:1:0: device reset
[ 1616.144279][T15304] sd 0:0:1:0: device reset
[ 1617.007630][ T5790] usb 6-1: USB disconnect, device number 34
[ 1617.061862][T14917] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1618.044121][T14932] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1618.080546][T14932] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1618.121604][T14932] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1618.182801][T14932] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1618.436318][T13558] bridge_slave_1: left allmulticast mode
[ 1618.436348][T13558] bridge_slave_1: left promiscuous mode
[ 1618.436605][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1618.517002][T13558] bridge_slave_0: left allmulticast mode
[ 1618.517032][T13558] bridge_slave_0: left promiscuous mode
[ 1618.517313][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1618.860449][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1618.863674][ T5801] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1618.864817][ T5801] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1618.867140][ T5801] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1618.877975][ T5801] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1619.205722][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1619.305984][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1619.680237][T13558] bond0 (unregistering): Released all slaves
[ 1620.895987][ T5801] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1620.935474][ T5801] Bluetooth: hci0: command tx timeout
[ 1620.964431][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1621.000173][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1621.436575][T13144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1621.439359][T13144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1623.175766][ T9047] Bluetooth: hci0: command tx timeout
[ 1623.515023][T13144] Bluetooth: hci1: command tx timeout
[ 1625.195900][T13558] hsr_slave_0: left promiscuous mode
[ 1625.246380][T13144] Bluetooth: hci0: command tx timeout
[ 1625.315272][T13558] hsr_slave_1: left promiscuous mode
[ 1625.331986][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1625.418316][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1625.617609][T13144] Bluetooth: hci1: command tx timeout
[ 1626.357772][T15353] sd 0:0:1:0: device reset
[ 1628.042614][T13144] Bluetooth: hci0: command tx timeout
[ 1628.042649][T13144] Bluetooth: hci1: command tx timeout
[ 1629.605659][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1629.735636][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1630.045101][ T9047] Bluetooth: hci1: command tx timeout
[ 1636.064157][T15327] chnl_net:caif_netlink_parms(): no params data found
[ 1636.501329][T15313] chnl_net:caif_netlink_parms(): no params data found
[ 1638.159473][T15141] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1638.218155][T15448] netlink: 'syz.5.1830': attribute type 1 has an invalid length.
[ 1638.506898][T15141] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1638.570907][T15327] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1638.572690][T15327] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1638.572915][T15327] bridge_slave_0: entered allmulticast mode
[ 1638.574577][T15327] bridge_slave_0: entered promiscuous mode
[ 1638.583428][T15141] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1638.673377][T15327] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1638.673793][T15327] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1638.673946][T15327] bridge_slave_1: entered allmulticast mode
[ 1638.678378][T15327] bridge_slave_1: entered promiscuous mode
[ 1638.799526][T15141] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1640.021142][T15488] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1642.097945][T15313] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1642.098167][T15313] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1642.098406][T15313] bridge_slave_0: entered allmulticast mode
[ 1642.139199][T15313] bridge_slave_0: entered promiscuous mode
[ 1642.147306][T15327] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1643.726500][T15327] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1643.728066][T15313] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1643.728213][T15313] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1643.728405][T15313] bridge_slave_1: entered allmulticast mode
[ 1643.732293][T15313] bridge_slave_1: entered promiscuous mode
[ 1643.988675][T15522] binder: 15521:15522 ioctl c0306201 200000000040 returned -22
[ 1644.520958][T15536] sd 0:0:1:0: device reset
[ 1645.077285][T15538] sd 0:0:1:0: device reset
[ 1646.190153][T15327] team0: Port device team_slave_0 added
[ 1647.369202][T15313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1647.377154][T15327] team0: Port device team_slave_1 added
[ 1647.510112][T15313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1647.926359][T15327] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1647.926371][T15327] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1647.926385][T15327] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1648.236145][T15327] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1648.236157][T15327] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1648.236172][T15327] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1648.238053][T15313] team0: Port device team_slave_0 added
[ 1648.493239][T15313] team0: Port device team_slave_1 added
[ 1648.737296][T15313] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1648.737311][T15313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1648.737332][T15313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1648.847137][T15313] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1648.847148][T15313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1648.847162][T15313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1648.900029][T15327] hsr_slave_0: entered promiscuous mode
[ 1648.901491][T15327] hsr_slave_1: entered promiscuous mode
[ 1648.902482][T15327] debugfs: 'hsr0' already exists in 'hsr'
[ 1648.902505][T15327] Cannot create hsr debugfs directory
[ 1650.933444][T15566] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1848'.
[ 1651.014392][T13144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1651.019422][T13144] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1651.020796][T13144] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1651.022529][T13144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1651.023414][T13144] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1651.153805][T15572] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1848'.
[ 1651.457872][T15313] hsr_slave_0: entered promiscuous mode
[ 1651.459430][T15313] hsr_slave_1: entered promiscuous mode
[ 1651.460464][T15313] debugfs: 'hsr0' already exists in 'hsr'
[ 1651.460495][T15313] Cannot create hsr debugfs directory
[ 1652.632526][ T5886] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1652.785087][ T5886] usb 6-1: Using ep0 maxpacket: 16
[ 1652.788113][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1652.788161][ T5886] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1652.788183][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1652.832697][ T5886] usb 6-1: config 0 descriptor??
[ 1653.165222][ T9047] Bluetooth: hci2: command tx timeout
[ 1653.369505][ T5886] mcp2221 0003:04D8:00DD.0007: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[ 1654.146098][ T5886] usb 6-1: USB disconnect, device number 35
[ 1655.772413][T15597] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1655.863206][ T9047] Bluetooth: hci2: command tx timeout
[ 1657.634185][T15617] sd 0:0:1:0: device reset
[ 1657.886280][ T9047] Bluetooth: hci2: command tx timeout
[ 1660.318462][ T9047] Bluetooth: hci2: command tx timeout
[ 1660.538758][T15568] chnl_net:caif_netlink_parms(): no params data found
[ 1661.486202][T13558] bridge_slave_1: left allmulticast mode
[ 1661.486232][T13558] bridge_slave_1: left promiscuous mode
[ 1661.510182][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1662.146081][T13558] bridge_slave_0: left allmulticast mode
[ 1662.146102][T13558] bridge_slave_0: left promiscuous mode
[ 1662.146269][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1662.279514][T13558] bridge_slave_1: left allmulticast mode
[ 1662.279545][T13558] bridge_slave_1: left promiscuous mode
[ 1662.279784][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1662.283090][T15639] binder: 15638:15639 ioctl c0306201 200000000040 returned -22
[ 1662.377385][T13558] bridge_slave_0: left allmulticast mode
[ 1662.377413][T13558] bridge_slave_0: left promiscuous mode
[ 1662.377651][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1662.435296][T13806] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1662.585050][T13806] usb 6-1: Using ep0 maxpacket: 16
[ 1662.586881][T13806] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1662.586912][T13806] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1662.589160][T13806] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1662.589186][T13806] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1662.589200][T13806] usb 6-1: Product: syz
[ 1662.589207][T13806] usb 6-1: Manufacturer: syz
[ 1662.589214][T13806] usb 6-1: SerialNumber: syz
[ 1662.592393][T13806] usb 6-1: config 0 descriptor??
[ 1662.670987][T13806] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1662.671021][T13806] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[ 1662.690571][T15643] sd 0:0:1:0: device reset
[ 1663.240833][T13806] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[ 1663.241547][T13806] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[ 1663.244269][T13806] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[ 1663.244287][T13806] em28xx 6-1:0.0: No AC97 audio processor
[ 1663.298862][T13806] usb 6-1: USB disconnect, device number 36
[ 1663.301494][T13806] em28xx 6-1:0.0: Disconnecting em28xx
[ 1663.305802][T13806] em28xx 6-1:0.0: Freeing device
[ 1663.353103][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1663.457246][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1663.518066][T13558] bond0 (unregistering): Released all slaves
[ 1664.667211][T15652] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1665.006698][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1665.215678][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1667.623145][T13558] bond0 (unregistering): Released all slaves
[ 1669.575310][T15034] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1669.725393][T15034] usb 6-1: Using ep0 maxpacket: 16
[ 1669.730186][T15034] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1669.730220][T15034] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1669.733458][T15034] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1669.733487][T15034] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1669.733509][T15034] usb 6-1: Product: syz
[ 1669.733525][T15034] usb 6-1: Manufacturer: syz
[ 1669.733540][T15034] usb 6-1: SerialNumber: syz
[ 1669.796531][T15034] usb 6-1: config 0 descriptor??
[ 1669.808435][T15034] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1669.808467][T15034] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[ 1670.105169][T13558] hsr_slave_0: left promiscuous mode
[ 1670.135971][T13558] hsr_slave_1: left promiscuous mode
[ 1670.138400][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1670.160491][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1670.355231][T13558] hsr_slave_0: left promiscuous mode
[ 1670.395064][T13558] hsr_slave_1: left promiscuous mode
[ 1670.396000][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1670.437591][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1670.478669][T15034] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[ 1670.479345][T15034] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[ 1670.479964][T15034] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[ 1670.479980][T15034] em28xx 6-1:0.0: No AC97 audio processor
[ 1670.499616][T15034] usb 6-1: USB disconnect, device number 37
[ 1670.501847][T15034] em28xx 6-1:0.0: Disconnecting em28xx
[ 1670.511296][T15034] em28xx 6-1:0.0: Freeing device
[ 1674.036888][T15695] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1878'.
[ 1674.133681][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1674.133780][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1674.366430][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1674.551979][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1676.992833][T15711] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1678.556408][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1678.725685][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1679.635641][T15568] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1679.635818][T15568] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1679.636031][T15568] bridge_slave_0: entered allmulticast mode
[ 1679.638075][T15568] bridge_slave_0: entered promiscuous mode
[ 1679.640852][T15568] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1679.641031][T15568] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1679.641227][T15568] bridge_slave_1: entered allmulticast mode
[ 1679.647484][T15568] bridge_slave_1: entered promiscuous mode
[ 1679.866275][T15568] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1679.869579][T15568] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1680.112196][T15568] team0: Port device team_slave_0 added
[ 1680.126411][T15568] team0: Port device team_slave_1 added
[ 1682.126636][T13144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1682.153128][ T5801] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1682.877330][ T5801] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1682.902043][T15738] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1682.931055][T15738] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1682.937648][T15738] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1682.939153][T15738] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1682.957160][T15738] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1683.222046][T15568] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1683.222064][T15568] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1683.222091][T15568] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1683.331080][T15735] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1683.350228][T15735] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1685.365117][T13144] Bluetooth: hci4: command tx timeout
[ 1685.565133][T13144] Bluetooth: hci6: command tx timeout
[ 1685.714697][T15568] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1685.714715][T15568] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1685.714740][T15568] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1687.651627][T13144] Bluetooth: hci6: command tx timeout
[ 1687.885091][T13144] Bluetooth: hci4: command tx timeout
[ 1688.073969][T15767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1894'.
[ 1688.212818][T15568] hsr_slave_0: entered promiscuous mode
[ 1688.235661][T15568] hsr_slave_1: entered promiscuous mode
[ 1688.707050][T15771] sd 0:0:1:0: device reset
[ 1689.732060][T13144] Bluetooth: hci6: command tx timeout
[ 1689.967922][T13144] Bluetooth: hci4: command tx timeout
[ 1690.965101][T13806] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1691.175064][T13806] usb 4-1: Using ep0 maxpacket: 16
[ 1691.184871][T13806] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1691.187353][T13806] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1691.190371][T13806] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1691.190404][T13806] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1691.190423][T13806] usb 4-1: Product: syz
[ 1691.190436][T13806] usb 4-1: Manufacturer: syz
[ 1691.190449][T13806] usb 4-1: SerialNumber: syz
[ 1691.196822][T13806] usb 4-1: config 0 descriptor??
[ 1691.204543][T13806] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1691.204577][T13806] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 1691.905420][T13144] Bluetooth: hci6: command tx timeout
[ 1691.914506][T13806] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1691.929038][T13806] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[ 1691.931411][T13806] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[ 1691.931429][T13806] em28xx 4-1:0.0: No AC97 audio processor
[ 1692.143537][T13144] Bluetooth: hci4: command tx timeout
[ 1692.354065][T13806] usb 4-1: USB disconnect, device number 24
[ 1692.817231][T13806] em28xx 4-1:0.0: Disconnecting em28xx
[ 1692.976263][T13806] em28xx 4-1:0.0: Freeing device
[ 1696.008321][T15808] sd 0:0:1:0: device reset
[ 1697.313608][T15816] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1698.325477][T15729] chnl_net:caif_netlink_parms(): no params data found
[ 1698.344199][T15733] chnl_net:caif_netlink_parms(): no params data found
[ 1699.305162][T15826] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1700.893519][T15838] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1701.647748][T15851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1702.924386][T15860] netlink: 'syz.3.1916': attribute type 1 has an invalid length.
[ 1703.076179][T15861] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1703.077182][T15861] bond5: (slave vxcan3): Error -95 calling set_mac_address
[ 1705.356460][T15729] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1705.356547][T15729] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1705.356726][T15729] bridge_slave_0: entered allmulticast mode
[ 1705.405543][T15729] bridge_slave_0: entered promiscuous mode
[ 1705.411670][T15733] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1705.411809][T15733] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1705.412013][T15733] bridge_slave_0: entered allmulticast mode
[ 1705.443985][T15733] bridge_slave_0: entered promiscuous mode
[ 1705.462201][T15729] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1705.462332][T15729] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1705.468018][T15729] bridge_slave_1: entered allmulticast mode
[ 1705.488963][T15729] bridge_slave_1: entered promiscuous mode
[ 1705.496211][T15733] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1705.496316][T15733] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1705.496640][T15733] bridge_slave_1: entered allmulticast mode
[ 1705.502199][T15733] bridge_slave_1: entered promiscuous mode
[ 1706.228028][T15892] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1708.118697][T15729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1708.233228][T15733] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1708.583233][T15729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1709.391320][T15733] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1709.939331][T15729] team0: Port device team_slave_0 added
[ 1709.944780][T15733] team0: Port device team_slave_0 added
[ 1709.972152][T15729] team0: Port device team_slave_1 added
[ 1709.973908][T15733] team0: Port device team_slave_1 added
[ 1710.298938][T13558] bridge_slave_1: left allmulticast mode
[ 1710.298984][T13558] bridge_slave_1: left promiscuous mode
[ 1710.299240][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1710.367525][T13558] bridge_slave_0: left allmulticast mode
[ 1710.367554][T13558] bridge_slave_0: left promiscuous mode
[ 1710.367844][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1710.439822][T13558] bridge_slave_1: left allmulticast mode
[ 1710.439852][T13558] bridge_slave_1: left promiscuous mode
[ 1710.440090][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1710.526843][T13558] bridge_slave_0: left allmulticast mode
[ 1710.526873][T13558] bridge_slave_0: left promiscuous mode
[ 1710.527169][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1710.637873][T13558] bridge_slave_1: left allmulticast mode
[ 1710.637893][T13558] bridge_slave_1: left promiscuous mode
[ 1710.638076][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1710.716165][T13558] bridge_slave_0: left allmulticast mode
[ 1710.716186][T13558] bridge_slave_0: left promiscuous mode
[ 1710.716350][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1711.046238][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1711.135790][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1711.198043][T13558] bond0 (unregistering): Released all slaves
[ 1712.633909][T15735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1712.647755][T15735] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1712.650674][T15735] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1712.654578][T15735] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1712.656150][T15735] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1712.706188][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1712.915782][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1713.000159][T13558] bond0 (unregistering): Released all slaves
[ 1713.468850][T15919] sd 0:0:1:0: device reset
[ 1714.235592][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1714.348979][T15922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1929'.
[ 1714.366895][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1714.724468][T15735] Bluetooth: hci0: command tx timeout
[ 1714.739316][T13558] bond0 (unregistering): Released all slaves
[ 1714.765618][T15909] bridge0: entered allmulticast mode
[ 1714.770633][T15729] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1714.770650][T15729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1714.770677][T15729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1714.772441][T15733] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1714.772454][T15733] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1714.772487][T15733] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1716.686470][T15733] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1716.723249][T15733] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1716.723285][T15733] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1716.736251][T15729] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1716.736268][T15729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1716.736293][T15729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1716.765277][T15735] Bluetooth: hci0: command tx timeout
[ 1717.839078][T15733] hsr_slave_0: entered promiscuous mode
[ 1717.840172][T15733] hsr_slave_1: entered promiscuous mode
[ 1717.841199][T15733] debugfs: 'hsr0' already exists in 'hsr'
[ 1717.841222][T15733] Cannot create hsr debugfs directory
[ 1718.100774][T13558] hsr_slave_0: left promiscuous mode
[ 1718.131258][T13558] hsr_slave_1: left promiscuous mode
[ 1718.132144][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1718.225555][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1718.278334][T15936] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1718.495084][T13558] hsr_slave_0: left promiscuous mode
[ 1718.515086][T13558] hsr_slave_1: left promiscuous mode
[ 1718.516070][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1718.587289][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1718.748561][T13558] hsr_slave_0: left promiscuous mode
[ 1718.785221][T13558] hsr_slave_1: left promiscuous mode
[ 1718.786207][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1718.845090][T15735] Bluetooth: hci0: command tx timeout
[ 1719.834692][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1720.977290][T15735] Bluetooth: hci0: command tx timeout
[ 1721.198714][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1721.335885][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1721.525114][ T5886] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1721.715131][ T5886] usb 4-1: Using ep0 maxpacket: 32
[ 1721.804295][ T5886] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1721.818640][ T5886] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1721.818669][ T5886] usb 4-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0
[ 1721.818688][ T5886] usb 4-1: Manufacturer: syz
[ 1721.824009][ T5886] usb 4-1: config 0 descriptor??
[ 1722.262797][ T5886] ft260 0003:0403:6030.0008: unknown main item tag 0x7
[ 1722.355812][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1722.469934][ T5886] ft260 0003:0403:6030.0008: chip code: 6424 8183
[ 1722.495936][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1722.671853][ T5886] ft260 0003:0403:6030.0008: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1722.911289][ T5886] ft260 0003:0403:6030.0008: failed to retrieve status: -32, no wakeup
[ 1723.675793][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1723.815899][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1724.542928][T15729] hsr_slave_0: entered promiscuous mode
[ 1724.544394][T15729] hsr_slave_1: entered promiscuous mode
[ 1724.562636][T11397] usb 4-1: USB disconnect, device number 25
[ 1724.603546][T15729] debugfs: 'hsr0' already exists in 'hsr'
[ 1724.603573][T15729] Cannot create hsr debugfs directory
[ 1725.095079][T11397] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1725.245382][T11397] usb 6-1: Using ep0 maxpacket: 32
[ 1725.252701][T11397] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[ 1725.252725][T11397] usb 6-1: config 0 has no interface number 0
[ 1725.252776][T11397] usb 6-1: config 0 interface 184 has no altsetting 0
[ 1725.283105][T11397] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1725.283133][T11397] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1725.283153][T11397] usb 6-1: Product: syz
[ 1725.283166][T11397] usb 6-1: Manufacturer: syz
[ 1725.283180][T11397] usb 6-1: SerialNumber: syz
[ 1725.324817][T11397] usb 6-1: config 0 descriptor??
[ 1725.338031][T11397] smsc75xx v1.0.0
[ 1727.053914][T11397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1727.053945][T11397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1727.165661][T11397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[ 1727.165694][T11397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[ 1727.165713][T11397] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1727.166018][T11397] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -32
[ 1727.558047][T15729] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1727.618840][T15911] chnl_net:caif_netlink_parms(): no params data found
[ 1727.793371][T15729] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1727.857810][T15729] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1727.924514][T15729] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1728.388619][T15990] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1728.587783][ T5886] usb 6-1: USB disconnect, device number 38
[ 1728.979264][T15911] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1728.981539][T15911] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1728.981763][T15911] bridge_slave_0: entered allmulticast mode
[ 1729.013765][T15911] bridge_slave_0: entered promiscuous mode
[ 1729.077994][T15911] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1729.078132][T15911] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1729.078388][T15911] bridge_slave_1: entered allmulticast mode
[ 1729.081648][T15911] bridge_slave_1: entered promiscuous mode
[ 1729.310650][T15997] sp0: Synchronizing with TNC
[ 1729.532888][T15911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1729.599111][T15911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1729.971544][T16005] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1730.051674][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1730.366263][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1730.543027][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1730.616028][T16007] netlink: 'syz.5.1947': attribute type 1 has an invalid length.
[ 1730.701379][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1730.897279][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1731.385135][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1731.861917][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.030056][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.092666][T15911] team0: Port device team_slave_0 added
[ 1732.226632][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.272012][T15911] team0: Port device team_slave_1 added
[ 1732.584415][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.710619][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1733.278075][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1733.349398][T16018] bridge0: entered allmulticast mode
[ 1733.562654][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1733.634094][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1734.361470][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1734.711507][T15911] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1734.711531][T15911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.711558][T15911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1734.844665][   T37] audit: type=1326 audit(1734.638:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1734.847975][   T37] audit: type=1326 audit(1734.638:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1734.897974][T15911] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1734.897986][T15911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1734.898000][T15911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1734.906889][T15733] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1735.044015][   T37] audit: type=1326 audit(1734.808:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.075946][T16033] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1952'.
[ 1735.084675][T15733] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1735.145059][   T37] audit: type=1326 audit(1734.938:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.145116][   T37] audit: type=1326 audit(1734.938:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.192185][   T37] audit: type=1326 audit(1734.978:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.192244][   T37] audit: type=1326 audit(1734.988:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.192287][   T37] audit: type=1326 audit(1734.988:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.192921][   T37] audit: type=1326 audit(1734.988:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.192963][   T37] audit: type=1326 audit(1734.988:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16022 comm="syz.3.1951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1735.490998][T15733] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1735.575558][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1735.575628][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1735.598327][T16028] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1735.598345][T16028] CPU: 0 UID: 0 PID: 16028 Comm: syz.3.1951 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1735.598359][T16028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1735.598367][T16028] Call Trace:
[ 1735.598372][T16028]  <TASK>
[ 1735.598377][T16028]  dump_stack_lvl+0x189/0x250
[ 1735.598400][T16028]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1735.598413][T16028]  ? __pfx__printk+0x10/0x10
[ 1735.598428][T16028]  ? kernfs_path_from_node+0x2c/0x280
[ 1735.598477][T16028]  ? kernfs_path_from_node+0x2c/0x280
[ 1735.598490][T16028]  ? kernfs_path_from_node+0x243/0x280
[ 1735.598504][T16028]  ? kernfs_path_from_node+0x2c/0x280
[ 1735.598520][T16028]  sysfs_warn_dup+0x8e/0xa0
[ 1735.598533][T16028]  sysfs_do_create_link_sd+0xc0/0x110
[ 1735.598549][T16028]  device_add_class_symlinks+0x1d2/0x240
[ 1735.598628][T16028]  device_add+0x475/0xb50
[ 1735.598643][T16028]  wiphy_register+0x1c81/0x2aa0
[ 1735.598726][T16028]  ? __pfx_wiphy_register+0x10/0x10
[ 1735.598742][T16028]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1735.598808][T16028]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1735.598851][T16028]  ieee80211_register_hw+0x3473/0x40d0
[ 1735.598912][T16028]  ? ieee80211_register_hw+0x1441/0x40d0
[ 1735.598931][T16028]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1735.598942][T16028]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1735.598993][T16028]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1735.599009][T16028]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1735.599029][T16028]  ? __hrtimer_setup+0x18a/0x200
[ 1735.599047][T16028]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1735.599110][T16028]  mac80211_hwsim_new_radio+0x2efe/0x5160
[ 1735.599134][T16028]  ? mac80211_hwsim_new_radio+0x10f/0x5160
[ 1735.599156][T16028]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1735.599165][T16028]  ? trace_kmalloc+0x1f/0xd0
[ 1735.599222][T16028]  ? __kmalloc_node_track_caller_noprof+0x3b1/0x7e0
[ 1735.599234][T16028]  ? kstrndup+0xbf/0x160
[ 1735.599256][T16028]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1735.599271][T16028]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1735.599372][T16028]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1735.599386][T16028]  ? rcu_is_watching+0x15/0xb0
[ 1735.599402][T16028]  ? __nla_parse+0x40/0x60
[ 1735.599419][T16028]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1735.599475][T16028]  genl_family_rcv_msg_doit+0x215/0x300
[ 1735.599492][T16028]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1735.599512][T16028]  ? bpf_lsm_capable+0x9/0x20
[ 1735.599541][T16028]  ? security_capable+0x7e/0x2e0
[ 1735.599562][T16028]  genl_rcv_msg+0x60e/0x790
[ 1735.599578][T16028]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1735.599589][T16028]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1735.599602][T16028]  ? __lock_acquire+0xab9/0xd20
[ 1735.599628][T16028]  netlink_rcv_skb+0x208/0x470
[ 1735.599665][T16028]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1735.599678][T16028]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1735.599702][T16028]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1735.599716][T16028]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1735.599733][T16028]  genl_rcv+0x28/0x40
[ 1735.599743][T16028]  netlink_unicast+0x846/0xa10
[ 1735.599762][T16028]  ? __pfx_netlink_unicast+0x10/0x10
[ 1735.599776][T16028]  ? netlink_sendmsg+0x642/0xb30
[ 1735.599789][T16028]  ? skb_put+0x11b/0x210
[ 1735.599842][T16028]  netlink_sendmsg+0x805/0xb30
[ 1735.599863][T16028]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1735.599883][T16028]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1735.599895][T16028]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1735.599910][T16028]  __sock_sendmsg+0x21c/0x270
[ 1735.599945][T16028]  ____sys_sendmsg+0x508/0x820
[ 1735.599981][T16028]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1735.599997][T16028]  ? import_iovec+0x74/0xa0
[ 1735.600053][T16028]  ___sys_sendmsg+0x21f/0x2a0
[ 1735.600065][T16028]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1735.600097][T16028]  ? __fget_files+0x2a/0x420
[ 1735.600109][T16028]  ? __fget_files+0x3a6/0x420
[ 1735.600127][T16028]  __x64_sys_sendmsg+0x1a1/0x260
[ 1735.600138][T16028]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1735.600159][T16028]  ? do_syscall_64+0xbe/0xfa0
[ 1735.600184][T16028]  do_syscall_64+0xfa/0xfa0
[ 1735.600198][T16028]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1735.600214][T16028]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1735.600226][T16028]  ? clear_bhb_loop+0x60/0xb0
[ 1735.600238][T16028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1735.600248][T16028] RIP: 0033:0x7f2becf5efc9
[ 1735.600260][T16028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1735.600269][T16028] RSP: 002b:00007f2beb17c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1735.600283][T16028] RAX: ffffffffffffffda RBX: 00007f2bed1b6180 RCX: 00007f2becf5efc9
[ 1735.600291][T16028] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000008
[ 1735.600298][T16028] RBP: 00007f2becfe1f91 R08: 0000000000000000 R09: 0000000000000000
[ 1735.600305][T16028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1735.600311][T16028] R13: 00007f2bed1b6218 R14: 00007f2bed1b6180 R15: 00007fffd6910c88
[ 1735.600329][T16028]  </TASK>
[ 1736.289573][T15733] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1736.633763][T16038] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1738.168732][T15911] hsr_slave_0: entered promiscuous mode
[ 1738.169536][T15911] hsr_slave_1: entered promiscuous mode
[ 1738.170053][T15911] debugfs: 'hsr0' already exists in 'hsr'
[ 1738.170067][T15911] Cannot create hsr debugfs directory
[ 1738.405131][ T5886] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[ 1738.556918][ T5886] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[ 1738.556945][ T5886] usb 6-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config
[ 1738.556963][ T5886] usb 6-1: config 1 has no interface number 0
[ 1738.557011][ T5886] usb 6-1: config 1 interface 105 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[ 1738.557023][ T5886] usb 6-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1738.557037][ T5886] usb 6-1: config 1 interface 105 has no altsetting 0
[ 1738.559225][ T5886] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=31.6d
[ 1738.559246][ T5886] usb 6-1: New USB device strings: Mfr=107, Product=102, SerialNumber=146
[ 1738.559256][ T5886] usb 6-1: Product: syz
[ 1738.559264][ T5886] usb 6-1: Manufacturer: syz
[ 1738.559271][ T5886] usb 6-1: SerialNumber: syz
[ 1738.859664][ T5886] aqc111 6-1:1.105: probe with driver aqc111 failed with error -22
[ 1739.442067][T15729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1739.713927][T15729] 8021q: adding VLAN 0 to HW filter on device team0
[ 1739.803798][ T6703] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1739.804121][ T6703] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1739.847646][ T6703] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1739.868405][ T6703] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1740.405659][T15733] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1740.634772][T15733] 8021q: adding VLAN 0 to HW filter on device team0
[ 1740.639260][T13558] bridge_slave_1: left allmulticast mode
[ 1740.639288][T13558] bridge_slave_1: left promiscuous mode
[ 1740.639535][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1740.737664][T13558] bridge_slave_0: left allmulticast mode
[ 1740.737693][T13558] bridge_slave_0: left promiscuous mode
[ 1740.739166][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1741.140596][T11397] usb 6-1: USB disconnect, device number 39
[ 1741.215705][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1741.392176][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1741.457949][T13558] bond0 (unregistering): Released all slaves
[ 1741.867454][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1741.870046][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1742.015197][T13558] hsr_slave_0: left promiscuous mode
[ 1742.055550][T13558] hsr_slave_1: left promiscuous mode
[ 1742.056509][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1742.079085][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1742.482697][T13144] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1742.497324][T13144] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1742.499621][T13144] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1742.500771][T13144] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1742.501505][T13144] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1742.867853][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1742.995757][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1749.832177][T13144] Bluetooth: hci1: command tx timeout
[ 1750.101788][T13144] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1750.118959][T13144] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1750.120696][T13144] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1750.124004][T13144] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1750.127738][T13144] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1750.544430][T16083] netlink: 'syz.5.1962': attribute type 1 has an invalid length.
[ 1751.903097][T13144] Bluetooth: hci1: command tx timeout
[ 1752.240780][T13144] Bluetooth: hci2: command tx timeout
[ 1753.965852][T13144] Bluetooth: hci1: command tx timeout
[ 1754.387465][T13144] Bluetooth: hci2: command tx timeout
[ 1756.052224][T13144] Bluetooth: hci1: command tx timeout
[ 1757.085112][T13144] Bluetooth: hci2: command tx timeout
[ 1757.140349][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.254794][T16126] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1757.308549][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.415078][T11397] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1757.529929][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.705095][T11397] usb 6-1: Using ep0 maxpacket: 32
[ 1757.803440][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1757.839919][T11397] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1757.862813][T11397] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1757.862832][T11397] usb 6-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0
[ 1757.862842][T11397] usb 6-1: Manufacturer: syz
[ 1757.898098][T11397] usb 6-1: config 0 descriptor??
[ 1758.118180][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.158365][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.033586][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.165111][T13144] Bluetooth: hci2: command tx timeout
[ 1759.536889][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.556796][T16075] chnl_net:caif_netlink_parms(): no params data found
[ 1759.586449][T11397] ft260 0003:0403:6030.0009: unknown main item tag 0x7
[ 1759.714652][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.949458][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.951730][T11397] ft260 0003:0403:6030.0009: chip code: 6424 8183
[ 1761.180288][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1761.206052][T15911] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1761.526198][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1761.528118][T15911] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1761.686101][T16144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1762.546864][   T37] kauditd_printk_skb: 12 callbacks suppressed
[ 1762.546882][   T37] audit: type=1326 audit(1762.338:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.546929][   T37] audit: type=1326 audit(1762.338:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.546976][   T37] audit: type=1326 audit(1762.338:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.547019][   T37] audit: type=1326 audit(1762.338:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.547048][   T37] audit: type=1326 audit(1762.338:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.547071][   T37] audit: type=1326 audit(1762.338:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.547112][   T37] audit: type=1326 audit(1762.348:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.547155][   T37] audit: type=1326 audit(1762.348:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16145 comm="syz.3.1976" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1762.815572][T15911] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1762.904841][T15911] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1763.389330][T16063] chnl_net:caif_netlink_parms(): no params data found
[ 1763.639296][T16148] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1763.639324][T16148] CPU: 1 UID: 0 PID: 16148 Comm: syz.3.1976 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1763.639348][T16148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1763.639361][T16148] Call Trace:
[ 1763.639371][T16148]  <TASK>
[ 1763.639382][T16148]  dump_stack_lvl+0x189/0x250
[ 1763.639419][T16148]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1763.639444][T16148]  ? __pfx__printk+0x10/0x10
[ 1763.639472][T16148]  ? __rcu_read_unlock+0x84/0xe0
[ 1763.639502][T16148]  ? kernfs_path_from_node+0x2c/0x280
[ 1763.639528][T16148]  ? kernfs_path_from_node+0x243/0x280
[ 1763.639552][T16148]  ? kernfs_path_from_node+0x2c/0x280
[ 1763.639582][T16148]  sysfs_warn_dup+0x8e/0xa0
[ 1763.639607][T16148]  sysfs_do_create_link_sd+0xc0/0x110
[ 1763.639636][T16148]  device_add_class_symlinks+0x1d2/0x240
[ 1763.639667][T16148]  device_add+0x475/0xb50
[ 1763.639696][T16148]  wiphy_register+0x1c81/0x2aa0
[ 1763.639746][T16148]  ? __pfx_wiphy_register+0x10/0x10
[ 1763.639771][T16148]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1763.639799][T16148]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1763.639825][T16148]  ieee80211_register_hw+0x3473/0x40d0
[ 1763.639867][T16148]  ? ieee80211_register_hw+0x1441/0x40d0
[ 1763.639903][T16148]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1763.639924][T16148]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1763.639959][T16148]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1763.639988][T16148]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1763.640027][T16148]  ? __hrtimer_setup+0x18a/0x200
[ 1763.640047][T16148]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1763.640083][T16148]  mac80211_hwsim_new_radio+0x2efe/0x5160
[ 1763.640118][T16148]  ? mac80211_hwsim_new_radio+0x10f/0x5160
[ 1763.640160][T16148]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1763.640180][T16148]  ? trace_kmalloc+0x1f/0xd0
[ 1763.640198][T16148]  ? __kmalloc_node_track_caller_noprof+0x3b1/0x7e0
[ 1763.640219][T16148]  ? kstrndup+0xbf/0x160
[ 1763.640259][T16148]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1763.640287][T16148]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1763.640330][T16148]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1763.640358][T16148]  ? rcu_is_watching+0x15/0xb0
[ 1763.640387][T16148]  ? __nla_parse+0x40/0x60
[ 1763.640419][T16148]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1763.640452][T16148]  genl_family_rcv_msg_doit+0x215/0x300
[ 1763.640483][T16148]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1763.640522][T16148]  ? bpf_lsm_capable+0x9/0x20
[ 1763.640546][T16148]  ? security_capable+0x7e/0x2e0
[ 1763.640582][T16148]  genl_rcv_msg+0x60e/0x790
[ 1763.640612][T16148]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1763.640633][T16148]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1763.640658][T16148]  ? __lock_acquire+0xab9/0xd20
[ 1763.640689][T16148]  netlink_rcv_skb+0x208/0x470
[ 1763.640717][T16148]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1763.640741][T16148]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1763.640764][T16148]  ? rcu_read_unlock_special+0x35b/0x470
[ 1763.640801][T16148]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1763.640833][T16148]  genl_rcv+0x28/0x40
[ 1763.640852][T16148]  netlink_unicast+0x846/0xa10
[ 1763.640887][T16148]  ? __pfx_netlink_unicast+0x10/0x10
[ 1763.640913][T16148]  ? netlink_sendmsg+0x642/0xb30
[ 1763.640938][T16148]  ? skb_put+0x11b/0x210
[ 1763.640970][T16148]  netlink_sendmsg+0x805/0xb30
[ 1763.641009][T16148]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1763.641046][T16148]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1763.641074][T16148]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1763.641104][T16148]  __sock_sendmsg+0x21c/0x270
[ 1763.641133][T16148]  ____sys_sendmsg+0x508/0x820
[ 1763.641161][T16148]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1763.641193][T16148]  ? import_iovec+0x74/0xa0
[ 1763.641220][T16148]  ___sys_sendmsg+0x21f/0x2a0
[ 1763.641243][T16148]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1763.641308][T16148]  ? __fget_files+0x2a/0x420
[ 1763.641328][T16148]  ? __fget_files+0x3a6/0x420
[ 1763.641362][T16148]  __x64_sys_sendmsg+0x1a1/0x260
[ 1763.641381][T16148]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1763.641411][T16148]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1763.641446][T16148]  ? __secure_computing+0xe2/0x2a0
[ 1763.641481][T16148]  do_syscall_64+0xfa/0xfa0
[ 1763.641508][T16148]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1763.641536][T16148]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1763.641556][T16148]  ? clear_bhb_loop+0x60/0xb0
[ 1763.641581][T16148]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1763.641600][T16148] RIP: 0033:0x7f2becf5efc9
[ 1763.641619][T16148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1763.641637][T16148] RSP: 002b:00007f2beb17c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1763.641659][T16148] RAX: ffffffffffffffda RBX: 00007f2bed1b6180 RCX: 00007f2becf5efc9
[ 1763.641675][T16148] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000008
[ 1763.641689][T16148] RBP: 00007f2becfe1f91 R08: 0000000000000000 R09: 0000000000000000
[ 1763.641702][T16148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1763.641714][T16148] R13: 00007f2bed1b6218 R14: 00007f2bed1b6180 R15: 00007fffd6910c88
[ 1763.641752][T16148]  </TASK>
[ 1764.736079][T16075] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1764.737270][T16075] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1764.740145][T16075] bridge_slave_0: entered allmulticast mode
[ 1764.755267][T16075] bridge_slave_0: entered promiscuous mode
[ 1764.822688][T11397] ft260 0003:0403:6030.0009: failed to retrieve system status
[ 1764.822921][T11397] ft260 0003:0403:6030.0009: probe with driver ft260 failed with error -71
[ 1764.833553][T11397] usb 6-1: USB disconnect, device number 40
[ 1764.855756][T16075] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1764.855830][T16075] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1764.856007][T16075] bridge_slave_1: entered allmulticast mode
[ 1764.963396][T16075] bridge_slave_1: entered promiscuous mode
[ 1767.465725][T15034] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1768.463762][T15034] usb 6-1: Using ep0 maxpacket: 32
[ 1768.498370][T15034] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1768.501820][T16075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1768.502413][T15034] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1768.502428][T15034] usb 6-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0
[ 1768.502438][T15034] usb 6-1: Manufacturer: syz
[ 1768.535806][T15034] usb 6-1: config 0 descriptor??
[ 1768.790129][T16075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1768.791259][T16063] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1768.794081][T16063] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1768.794297][T16063] bridge_slave_0: entered allmulticast mode
[ 1768.799934][T16063] bridge_slave_0: entered promiscuous mode
[ 1768.927287][T16063] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1768.928314][T16063] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1768.928529][T16063] bridge_slave_1: entered allmulticast mode
[ 1768.936579][T16063] bridge_slave_1: entered promiscuous mode
[ 1768.971372][T15034] ft260 0003:0403:6030.000A: unknown main item tag 0x7
[ 1769.139638][T16075] team0: Port device team_slave_0 added
[ 1769.167541][T15034] ft260 0003:0403:6030.000A: chip code: 6424 8183
[ 1769.318121][T16075] team0: Port device team_slave_1 added
[ 1769.377819][T15034] ft260 0003:0403:6030.000A: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 1769.378288][T16063] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1769.503569][T16063] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1769.585446][T15034] ft260 0003:0403:6030.000A: failed to retrieve status: -32, no wakeup
[ 1769.831189][T15034] usb 6-1: USB disconnect, device number 41
[ 1770.425194][T16075] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1770.425212][T16075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1770.425239][T16075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1770.589808][T16075] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1770.589822][T16075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1770.589836][T16075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1770.649689][T16063] team0: Port device team_slave_0 added
[ 1771.043435][T16063] team0: Port device team_slave_1 added
[ 1772.461438][T16063] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1772.461455][T16063] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1772.461481][T16063] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1772.590163][T16063] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1772.590179][T16063] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1772.590204][T16063] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1772.602429][T16075] hsr_slave_0: entered promiscuous mode
[ 1772.603789][T16075] hsr_slave_1: entered promiscuous mode
[ 1773.416535][   T37] audit: type=1326 audit(1773.178:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.416592][   T37] audit: type=1326 audit(1773.198:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16214 comm="syz.3.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1773.416633][   T37] audit: type=1326 audit(1773.218:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.416672][   T37] audit: type=1326 audit(1773.218:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.416715][   T37] audit: type=1326 audit(1773.218:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.416759][   T37] audit: type=1326 audit(1773.218:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.417207][   T37] audit: type=1326 audit(1773.218:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16213 comm="syz.5.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f272ed1efc9 code=0x7ffc0000
[ 1773.417537][   T37] audit: type=1326 audit(1773.218:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16214 comm="syz.3.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1773.430948][   T37] audit: type=1326 audit(1773.218:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16214 comm="syz.3.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1773.431069][   T37] audit: type=1326 audit(1773.218:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16214 comm="syz.3.1986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1774.280017][T15735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1774.291947][T15735] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1774.293241][T15735] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1774.297821][T15735] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1774.298612][T15735] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1774.675881][T16063] hsr_slave_0: entered promiscuous mode
[ 1774.699511][T16063] hsr_slave_1: entered promiscuous mode
[ 1774.700136][T16063] debugfs: 'hsr0' already exists in 'hsr'
[ 1774.700159][T16063] Cannot create hsr debugfs directory
[ 1774.744013][T16221] debugfs: '!' already exists in 'ieee80211'
[ 1775.576990][T16248] sd 0:0:1:0: device reset
[ 1776.389821][T15735] Bluetooth: hci0: command tx timeout
[ 1778.445695][T15735] Bluetooth: hci0: command tx timeout
[ 1779.025864][T16253] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1779.047843][T16253] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1779.556036][T13558] bridge_slave_1: left allmulticast mode
[ 1779.556063][T13558] bridge_slave_1: left promiscuous mode
[ 1779.556290][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1780.446546][T13558] bridge_slave_0: left allmulticast mode
[ 1780.446574][T13558] bridge_slave_0: left promiscuous mode
[ 1780.446870][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1780.510723][T13558] bridge_slave_1: left allmulticast mode
[ 1780.510752][T13558] bridge_slave_1: left promiscuous mode
[ 1780.510997][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1780.525286][T15735] Bluetooth: hci0: command tx timeout
[ 1780.618029][T13558] bridge_slave_0: left allmulticast mode
[ 1780.618060][T13558] bridge_slave_0: left promiscuous mode
[ 1780.618310][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1782.486692][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1782.596850][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1782.605286][T15735] Bluetooth: hci0: command tx timeout
[ 1782.661509][T13558] bond0 (unregistering): Released all slaves
[ 1784.295743][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1784.376430][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1784.399341][T13558] bond0 (unregistering): Released all slaves
[ 1787.815184][T13558] hsr_slave_0: left promiscuous mode
[ 1788.168163][T13558] hsr_slave_1: left promiscuous mode
[ 1788.169136][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1788.339488][T16334] sd 0:0:1:0: device reset
[ 1788.906478][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1791.963797][T13558] hsr_slave_0: left promiscuous mode
[ 1792.015700][T13558] hsr_slave_1: left promiscuous mode
[ 1792.041846][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1792.997948][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1793.885603][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1794.128323][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1797.018365][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1797.018439][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1798.597813][T16412] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1798.809731][T13558] team0 (unregistering): Port device team_slave_1 removed
[ 1799.055826][T13558] team0 (unregistering): Port device team_slave_0 removed
[ 1799.633718][T16418] sd 0:0:1:0: device reset
[ 1801.824600][T16426] sd 0:0:1:0: device reset
[ 1804.667365][T13144] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1804.693448][T13144] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1804.708753][T13144] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1804.709919][T13144] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1804.728243][T16233] chnl_net:caif_netlink_parms(): no params data found
[ 1804.787408][T13144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1805.623257][T16233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1805.623393][T16233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1805.623636][T16233] bridge_slave_0: entered allmulticast mode
[ 1805.626903][T16233] bridge_slave_0: entered promiscuous mode
[ 1805.689165][T16233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1805.689319][T16233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1805.689570][T16233] bridge_slave_1: entered allmulticast mode
[ 1805.692355][T16233] bridge_slave_1: entered promiscuous mode
[ 1806.176519][T16462] sd 0:0:1:0: device reset
[ 1806.888164][T13144] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1806.923964][T13144] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1806.933943][T15738] Bluetooth: hci4: command tx timeout
[ 1806.938182][T13144] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1806.939828][T13144] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1806.942050][T13144] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1809.005235][T15735] Bluetooth: hci4: command tx timeout
[ 1809.085089][T15735] Bluetooth: hci6: command tx timeout
[ 1809.710376][T16233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1809.785726][T16233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1811.112294][T15735] Bluetooth: hci4: command tx timeout
[ 1811.167520][T15735] Bluetooth: hci6: command tx timeout
[ 1811.794667][T16233] team0: Port device team_slave_0 added
[ 1812.651928][T16233] team0: Port device team_slave_1 added
[ 1814.219798][T15735] Bluetooth: hci4: command tx timeout
[ 1814.219935][T15735] Bluetooth: hci6: command tx timeout
[ 1815.760373][T16233] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1815.760391][T16233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1815.760417][T16233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1815.834061][T16233] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1815.834079][T16233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1815.834105][T16233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1816.285027][T13144] Bluetooth: hci6: command tx timeout
[ 1818.243217][T16519] sd 0:0:1:0: device reset
[ 1818.677518][T16233] hsr_slave_0: entered promiscuous mode
[ 1818.678954][T16233] hsr_slave_1: entered promiscuous mode
[ 1818.679967][T16233] debugfs: 'hsr0' already exists in 'hsr'
[ 1818.679998][T16233] Cannot create hsr debugfs directory
[ 1821.519143][   T37] kauditd_printk_skb: 4 callbacks suppressed
[ 1821.519160][   T37] audit: type=1326 audit(1821.318:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.519460][   T37] audit: type=1326 audit(1821.318:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.519725][   T37] audit: type=1326 audit(1821.318:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.520267][   T37] audit: type=1326 audit(1821.318:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.520712][   T37] audit: type=1326 audit(1821.318:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.521332][   T37] audit: type=1326 audit(1821.318:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16537 comm="syz.3.2023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2becf5efc9 code=0x7ffc0000
[ 1821.940528][T16542] Invalid logical block size (16384)
[ 1822.382946][T16432] chnl_net:caif_netlink_parms(): no params data found
[ 1822.734331][T16540] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[ 1822.734348][T16540] CPU: 1 UID: 0 PID: 16540 Comm: syz.3.2023 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1822.734362][T16540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1822.734370][T16540] Call Trace:
[ 1822.734375][T16540]  <TASK>
[ 1822.734380][T16540]  dump_stack_lvl+0x189/0x250
[ 1822.734404][T16540]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1822.734417][T16540]  ? __pfx__printk+0x10/0x10
[ 1822.734431][T16540]  ? kernfs_path_from_node+0x2c/0x280
[ 1822.734449][T16540]  ? kernfs_path_from_node+0x2c/0x280
[ 1822.734462][T16540]  ? kernfs_path_from_node+0x243/0x280
[ 1822.734475][T16540]  ? kernfs_path_from_node+0x2c/0x280
[ 1822.734491][T16540]  sysfs_warn_dup+0x8e/0xa0
[ 1822.734504][T16540]  sysfs_do_create_link_sd+0xc0/0x110
[ 1822.734528][T16540]  device_add_class_symlinks+0x1d2/0x240
[ 1822.734545][T16540]  device_add+0x475/0xb50
[ 1822.734562][T16540]  wiphy_register+0x1c81/0x2aa0
[ 1822.734590][T16540]  ? __pfx_wiphy_register+0x10/0x10
[ 1822.734605][T16540]  ? minstrel_ht_alloc+0x6e0/0x7e0
[ 1822.734622][T16540]  ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0
[ 1822.734637][T16540]  ieee80211_register_hw+0x3473/0x40d0
[ 1822.734659][T16540]  ? ieee80211_register_hw+0x1441/0x40d0
[ 1822.734677][T16540]  ? __pfx_ieee80211_register_hw+0x10/0x10
[ 1822.734688][T16540]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1822.734708][T16540]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1822.734723][T16540]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1822.734744][T16540]  ? __hrtimer_setup+0x18a/0x200
[ 1822.734756][T16540]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[ 1822.734775][T16540]  mac80211_hwsim_new_radio+0x2efe/0x5160
[ 1822.734793][T16540]  ? mac80211_hwsim_new_radio+0x10f/0x5160
[ 1822.734813][T16540]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 1822.734823][T16540]  ? trace_kmalloc+0x1f/0xd0
[ 1822.734833][T16540]  ? __kmalloc_node_track_caller_noprof+0x3b1/0x7e0
[ 1822.734844][T16540]  ? kstrndup+0xbf/0x160
[ 1822.734865][T16540]  hwsim_new_radio_nl+0xf5b/0x1bd0
[ 1822.734879][T16540]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1822.734914][T16540]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1822.734938][T16540]  ? rcu_is_watching+0x15/0xb0
[ 1822.734962][T16540]  ? __nla_parse+0x40/0x60
[ 1822.734991][T16540]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[ 1822.735021][T16540]  genl_family_rcv_msg_doit+0x215/0x300
[ 1822.735049][T16540]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1822.735083][T16540]  ? bpf_lsm_capable+0x9/0x20
[ 1822.735108][T16540]  ? security_capable+0x7e/0x2e0
[ 1822.735142][T16540]  genl_rcv_msg+0x60e/0x790
[ 1822.735168][T16540]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1822.735189][T16540]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 1822.735215][T16540]  ? __lock_acquire+0xab9/0xd20
[ 1822.735246][T16540]  netlink_rcv_skb+0x208/0x470
[ 1822.735274][T16540]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1822.735298][T16540]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1822.735342][T16540]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1822.735368][T16540]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1822.735400][T16540]  genl_rcv+0x28/0x40
[ 1822.735419][T16540]  netlink_unicast+0x846/0xa10
[ 1822.735454][T16540]  ? __pfx_netlink_unicast+0x10/0x10
[ 1822.735482][T16540]  ? netlink_sendmsg+0x642/0xb30
[ 1822.735507][T16540]  ? skb_put+0x11b/0x210
[ 1822.735550][T16540]  netlink_sendmsg+0x805/0xb30
[ 1822.735590][T16540]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1822.735627][T16540]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1822.735648][T16540]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1822.735677][T16540]  __sock_sendmsg+0x21c/0x270
[ 1822.735704][T16540]  ____sys_sendmsg+0x508/0x820
[ 1822.735731][T16540]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1822.735762][T16540]  ? import_iovec+0x74/0xa0
[ 1822.735788][T16540]  ___sys_sendmsg+0x21f/0x2a0
[ 1822.735811][T16540]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1822.735875][T16540]  ? __fget_files+0x2a/0x420
[ 1822.735895][T16540]  ? __fget_files+0x3a6/0x420
[ 1822.735929][T16540]  __x64_sys_sendmsg+0x1a1/0x260
[ 1822.735952][T16540]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1822.735987][T16540]  ? __secure_computing+0xe2/0x2a0
[ 1822.736023][T16540]  do_syscall_64+0xfa/0xfa0
[ 1822.736050][T16540]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1822.736078][T16540]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.736098][T16540]  ? clear_bhb_loop+0x60/0xb0
[ 1822.736122][T16540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1822.736141][T16540] RIP: 0033:0x7f2becf5efc9
[ 1822.736160][T16540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1822.736176][T16540] RSP: 002b:00007f2beb17c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1822.736197][T16540] RAX: ffffffffffffffda RBX: 00007f2bed1b6180 RCX: 00007f2becf5efc9
[ 1822.736223][T16540] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000008
[ 1822.736235][T16540] RBP: 00007f2becfe1f91 R08: 0000000000000000 R09: 0000000000000000
[ 1822.736249][T16540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1822.736261][T16540] R13: 00007f2bed1b6218 R14: 00007f2bed1b6180 R15: 00007fffd6910c88
[ 1822.736298][T16540]  </TASK>
[ 1832.694477][T16569] sd 0:0:1:0: device reset
[ 1834.581742][T16460] chnl_net:caif_netlink_parms(): no params data found
[ 1834.981497][T16432] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1834.981621][T16432] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1834.981790][T16432] bridge_slave_0: entered allmulticast mode
[ 1834.983368][T16432] bridge_slave_0: entered promiscuous mode
[ 1835.235583][T16432] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1835.235736][T16432] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1835.235967][T16432] bridge_slave_1: entered allmulticast mode
[ 1835.237807][T16432] bridge_slave_1: entered promiscuous mode
[ 1835.635055][T11397] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1835.848074][T15735] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1835.896116][T11397] usb 4-1: Using ep0 maxpacket: 32
[ 1836.286411][T11397] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[ 1836.286487][T11397] usb 4-1: config 0 has no interface number 0
[ 1836.286988][T11397] usb 4-1: config 0 interface 184 has no altsetting 0
[ 1836.497889][T11397] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1836.497920][T11397] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1836.497940][T11397] usb 4-1: Product: syz
[ 1836.497954][T11397] usb 4-1: Manufacturer: syz
[ 1836.497968][T11397] usb 4-1: SerialNumber: syz
[ 1836.543812][T11397] usb 4-1: config 0 descriptor??
[ 1836.553320][T11397] smsc75xx v1.0.0
[ 1836.596181][T15735] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1836.621976][T15735] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1836.632891][T15735] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1836.638437][T15735] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1837.249366][T16432] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1837.423191][T16432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1838.015169][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1838.015199][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1838.283911][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1838.283941][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1838.283959][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1838.284672][T11397] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1838.285072][T11397] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[ 1838.297639][T11397] usb 4-1: USB disconnect, device number 26
[ 1838.847999][T15735] Bluetooth: hci0: command tx timeout
[ 1840.434269][T16460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1840.438038][T16460] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1840.448166][T16460] bridge_slave_0: entered allmulticast mode
[ 1840.479702][T16460] bridge_slave_0: entered promiscuous mode
[ 1841.209681][T15735] Bluetooth: hci0: command tx timeout
[ 1841.725904][T16432] team0: Port device team_slave_0 added
[ 1841.729557][T16460] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1841.729693][T16460] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1841.730240][T16460] bridge_slave_1: entered allmulticast mode
[ 1841.732976][T16460] bridge_slave_1: entered promiscuous mode
[ 1841.744655][T16432] team0: Port device team_slave_1 added
[ 1843.245177][T15735] Bluetooth: hci0: command tx timeout
[ 1843.819550][T16630] sd 0:0:1:0: device reset
[ 1844.783769][T16460] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1844.823001][T16432] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1844.823013][T16432] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1844.823027][T16432] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1844.873034][T16460] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1844.874069][T16432] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1844.874079][T16432] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1844.874094][T16432] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1845.165844][T16460] team0: Port device team_slave_0 added
[ 1845.247750][T16460] team0: Port device team_slave_1 added
[ 1845.253709][T13558] bridge_slave_1: left allmulticast mode
[ 1845.253737][T13558] bridge_slave_1: left promiscuous mode
[ 1845.254147][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1845.316352][T13558] bridge_slave_0: left allmulticast mode
[ 1845.316373][T13558] bridge_slave_0: left promiscuous mode
[ 1845.316556][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1845.325249][T15735] Bluetooth: hci0: command tx timeout
[ 1845.398191][T13558] bridge_slave_1: left allmulticast mode
[ 1845.398211][T13558] bridge_slave_1: left promiscuous mode
[ 1845.398361][T13558] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1845.466759][T13558] bridge_slave_0: left allmulticast mode
[ 1845.466788][T13558] bridge_slave_0: left promiscuous mode
[ 1845.467017][T13558] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1846.795128][T15026] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1847.591616][T15026] usb 4-1: Using ep0 maxpacket: 32
[ 1847.668382][T15026] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[ 1847.668409][T15026] usb 4-1: config 0 has no interface number 0
[ 1847.668460][T15026] usb 4-1: config 0 interface 184 has no altsetting 0
[ 1847.680773][T15026] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1847.680802][T15026] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1847.680822][T15026] usb 4-1: Product: syz
[ 1847.680836][T15026] usb 4-1: Manufacturer: syz
[ 1847.680850][T15026] usb 4-1: SerialNumber: syz
[ 1847.687265][T15026] usb 4-1: config 0 descriptor??
[ 1847.698032][T15026] smsc75xx v1.0.0
[ 1847.839326][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1847.978046][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1848.072434][T13558] bond0 (unregistering): Released all slaves
[ 1848.195247][ T5790] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1848.407230][ T5790] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1848.407251][ T5790] usb 6-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1848.407261][ T5790] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1848.407290][ T5790] usb 6-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1848.407303][ T5790] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1848.407316][ T5790] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1848.409102][ T5790] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1848.409117][ T5790] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1848.409127][ T5790] usb 6-1: Product: syz
[ 1848.409172][ T5790] usb 6-1: Manufacturer: syz
[ 1848.448099][T16653] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1848.531416][ T5790] cdc_wdm 6-1:1.0: skipping garbage
[ 1848.531436][ T5790] cdc_wdm 6-1:1.0: skipping garbage
[ 1848.624462][ T5790] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1848.624488][ T5790] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1848.690095][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.690264][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.690707][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.690727][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.690953][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.690971][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.691197][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.691215][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.691441][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.691460][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.691692][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.691713][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.691939][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.691959][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.692194][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.692212][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.692404][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.692415][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.692616][    C0] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[ 1848.692636][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[ 1848.763257][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[ 1848.763289][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1848.763649][    C1] raw-gadget.0 gadget.3: ignoring, device is not running
[ 1848.765583][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1848.765610][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[ 1848.765628][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1848.765647][T15026] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[ 1848.765941][T15026] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -32
[ 1848.852302][T15026] usb 4-1: USB disconnect, device number 27
[ 1848.946246][T13558] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1849.036089][T13558] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1849.085351][T13558] bond0 (unregistering): Released all slaves
[ 1849.104784][T15026] usb 6-1: USB disconnect, device number 42
[ 1849.104986][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1849.451442][T16432] hsr_slave_0: entered promiscuous mode
[ 1849.452964][T16432] hsr_slave_1: entered promiscuous mode
[ 1849.454047][T16432] debugfs: 'hsr0' already exists in 'hsr'
[ 1849.454072][T16432] Cannot create hsr debugfs directory
[ 1850.673305][T16460] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1850.673319][T16460] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1850.673343][T16460] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1850.712865][T16460] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1850.712881][T16460] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1850.712907][T16460] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1851.681502][T16666] sd 0:0:1:0: device reset
[ 1851.704540][T16673] sd 0:0:1:0: device reset
[ 1852.155114][T13558] hsr_slave_0: left promiscuous mode
[ 1852.237728][T13558] hsr_slave_1: left promiscuous mode
[ 1852.238860][T13558] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1852.296102][T13558] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1853.355046][    C1] ------------[ cut here ]------------
[ 1853.355061][    C1] WARNING: CPU: 1 PID: 29 at kernel/time/timer.c:1785 __run_timer_base+0x777/0x970
[ 1853.355090][    C1] Modules linked in:
[ 1853.355101][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1853.355114][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1853.355121][    C1] RIP: 0010:__run_timer_base+0x777/0x970
[ 1853.355137][    C1] Code: 26 4d 85 e4 74 7d e8 f8 f5 12 00 e9 48 fe ff ff e8 ee f5 12 00 48 8b 5c 24 28 43 80 7c 3d 00 00 75 d4 eb da e8 da f5 12 00 90 <0f> 0b 90 48 8b 44 24 40 42 80 3c 38 00 48 8b 5c 24 28 74 a9 48 89
[ 1853.355147][    C1] RSP: 0018:ffffc90000a3f9a0 EFLAGS: 00010046
[ 1853.355161][    C1] RAX: ffffffff81ac0756 RBX: 0000000000000000 RCX: ffff88801c2d9e00
[ 1853.355169][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1853.355176][    C1] RBP: ffffc90000a3fb10 R08: 0000000000000000 R09: 0000000000000100
[ 1853.355184][    C1] R10: dffffc0000000000 R11: fffffbfff1deee6f R12: ffff88802f5e3c10
[ 1853.355192][    C1] R13: 1ffff92000147f4c R14: ffffc90000a3fa60 R15: dffffc0000000000
[ 1853.355200][    C1] FS:  0000000000000000(0000) GS:ffff888126cc6000(0000) knlGS:0000000000000000
[ 1853.355209][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1853.355217][    C1] CR2: 0000200000017000 CR3: 000000006741a000 CR4: 00000000003526f0
[ 1853.355227][    C1] DR0: 00000000000003ff DR1: 00000000000000b7 DR2: 0000000000000007
[ 1853.355233][    C1] DR3: 0000008000000287 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1853.355240][    C1] Call Trace:
[ 1853.355245][    C1]  <TASK>
[ 1853.355260][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1853.355286][    C1]  run_timer_softirq+0xb7/0x180
[ 1853.355296][    C1]  handle_softirqs+0x22f/0x710
[ 1853.355343][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1853.355364][    C1]  run_ktimerd+0xcf/0x190
[ 1853.355375][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1853.355385][    C1]  ? schedule+0x91/0x360
[ 1853.355405][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1853.355415][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1853.355426][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1853.355440][    C1]  kthread+0x711/0x8a0
[ 1853.355455][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1853.355465][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.355475][    C1]  ? rt_spin_unlock+0x150/0x200
[ 1853.355491][    C1]  ? rt_spin_unlock+0x161/0x200
[ 1853.355502][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.355514][    C1]  ret_from_fork+0x4bc/0x870
[ 1853.355544][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1853.355563][    C1]  ? __switch_to_asm+0x39/0x70
[ 1853.355576][    C1]  ? __switch_to_asm+0x33/0x70
[ 1853.355588][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.355601][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1853.355624][    C1]  </TASK>
[ 1853.355634][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1853.355642][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1853.355654][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1853.355660][    C1] Call Trace:
[ 1853.355665][    C1]  <TASK>
[ 1853.355669][    C1]  dump_stack_lvl+0x99/0x250
[ 1853.355682][    C1]  ? __asan_memcpy+0x40/0x70
[ 1853.355698][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1853.355711][    C1]  ? __pfx__printk+0x10/0x10
[ 1853.355732][    C1]  vpanic+0x237/0x6d0
[ 1853.355749][    C1]  ? __pfx_vpanic+0x10/0x10
[ 1853.355766][    C1]  panic+0xb9/0xc0
[ 1853.355776][    C1]  ? __pfx_panic+0x10/0x10
[ 1853.355794][    C1]  __warn+0x31b/0x4b0
[ 1853.355804][    C1]  ? __run_timer_base+0x777/0x970
[ 1853.355820][    C1]  ? __run_timer_base+0x777/0x970
[ 1853.355835][    C1]  report_bug+0x2be/0x4f0
[ 1853.355930][    C1]  ? __run_timer_base+0x777/0x970
[ 1853.355946][    C1]  ? __run_timer_base+0x777/0x970
[ 1853.355960][    C1]  ? __run_timer_base+0x779/0x970
[ 1853.355975][    C1]  handle_bug+0x84/0x160
[ 1853.355987][    C1]  exc_invalid_op+0x1a/0x50
[ 1853.355999][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1853.356010][    C1] RIP: 0010:__run_timer_base+0x777/0x970
[ 1853.356026][    C1] Code: 26 4d 85 e4 74 7d e8 f8 f5 12 00 e9 48 fe ff ff e8 ee f5 12 00 48 8b 5c 24 28 43 80 7c 3d 00 00 75 d4 eb da e8 da f5 12 00 90 <0f> 0b 90 48 8b 44 24 40 42 80 3c 38 00 48 8b 5c 24 28 74 a9 48 89
[ 1853.356036][    C1] RSP: 0018:ffffc90000a3f9a0 EFLAGS: 00010046
[ 1853.356046][    C1] RAX: ffffffff81ac0756 RBX: 0000000000000000 RCX: ffff88801c2d9e00
[ 1853.356054][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000100
[ 1853.356062][    C1] RBP: ffffc90000a3fb10 R08: 0000000000000000 R09: 0000000000000100
[ 1853.356069][    C1] R10: dffffc0000000000 R11: fffffbfff1deee6f R12: ffff88802f5e3c10
[ 1853.356078][    C1] R13: 1ffff92000147f4c R14: ffffc90000a3fa60 R15: dffffc0000000000
[ 1853.356091][    C1]  ? __run_timer_base+0x776/0x970
[ 1853.356120][    C1]  ? __pfx___run_timer_base+0x10/0x10
[ 1853.356145][    C1]  run_timer_softirq+0xb7/0x180
[ 1853.356162][    C1]  handle_softirqs+0x22f/0x710
[ 1853.356183][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1853.356205][    C1]  run_ktimerd+0xcf/0x190
[ 1853.356216][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 1853.356226][    C1]  ? schedule+0x91/0x360
[ 1853.356245][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1853.356255][    C1]  smpboot_thread_fn+0x542/0xa60
[ 1853.356266][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 1853.356282][    C1]  kthread+0x711/0x8a0
[ 1853.356296][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1853.356306][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.356317][    C1]  ? rt_spin_unlock+0x150/0x200
[ 1853.356333][    C1]  ? rt_spin_unlock+0x161/0x200
[ 1853.356345][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.356358][    C1]  ret_from_fork+0x4bc/0x870
[ 1853.356375][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1853.356395][    C1]  ? __switch_to_asm+0x39/0x70
[ 1853.356408][    C1]  ? __switch_to_asm+0x33/0x70
[ 1853.356421][    C1]  ? __pfx_kthread+0x10/0x10
[ 1853.356434][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1853.356458][    C1]  </TASK>
[ 1853.356717][    C1] Kernel Offset: disabled