last executing test programs:

5m33.715114618s ago: executing program 0 (id=1):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(0xffffffffffffffff, 0x80044df9, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x404}], 0x1, 0x0, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{&(0x7f0000001d40), 0x6e, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)

5m32.427882407s ago: executing program 0 (id=8):
fsopen(0x0, 0x1)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x20004, <r6=>r4, 0x2})
r7 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000000c0)={<r8=>0x0, 0x0, r6})
ioctl$DRM_IOCTL_GEM_FLINK(r7, 0xc008640a, &(0x7f0000000300)={r8})

5m31.353743166s ago: executing program 0 (id=10):
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010003704db7700951c32b3e138041317", @ANYRES32=r1, @ANYBLOB="8304050000000000240012800b00010067726574617000001400028008000100", @ANYRES16=r0], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x40004)

5m30.949329911s ago: executing program 0 (id=12):
syz_clone(0x80842111, 0x0, 0x0, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000280)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94)
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
io_submit(r2, 0xf000, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f00000001c0)='m', 0xfffffdfc}])
io_destroy(r2)

5m29.253374615s ago: executing program 0 (id=16):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r5 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10, 0x0}, 0x300060c1)

5m26.318474035s ago: executing program 0 (id=17):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(0xffffffffffffffff, 0x80044df9, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x404}], 0x1, 0x0, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{&(0x7f0000001d40), 0x6e, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)

5m10.622171729s ago: executing program 32 (id=17):
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$mixer_OSS_ALSAEMULVER(0xffffffffffffffff, 0x80044df9, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000200)={0x28, 0x0, 0x2711, @my=0x1}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003740)=[{{0x0, 0x0, &(0x7f0000000140)=[{0x0}], 0x1}, 0x404}], 0x1, 0x0, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7fffffff, 0x400, 0x1, 0xd, 0x1, 0x6, 0x6}, 0x1c)
recvmmsg$unix(r1, &(0x7f0000004180)=[{{&(0x7f0000001d40), 0x6e, &(0x7f00000021c0)=[{&(0x7f0000001dc0)=""/69, 0x45}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cmdline\x00')
preadv(r2, &(0x7f0000000040)=[{&(0x7f0000001440)=""/4106, 0x100a}], 0x1, 0x300, 0x0)

4m11.273649978s ago: executing program 5 (id=135):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
io_submit(0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="84010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088058010c8054000b800800090000000000080009000000000008000a000000000008000a000000000008000a000000000008000900000000000800"], 0x184}}, 0x0)

4m9.333026908s ago: executing program 5 (id=137):
r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000100), &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x94, &(0x7f0000000300)='trans=rdma,')
r2 = socket$inet(0x2, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000000040)={'syztnl2\x00', <r3=>0x0, 0x2100, 0x700, 0x0, 0x0, {{0x6, 0x4, 0x0, 0x0, 0x18, 0x60, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0xfe, 0x0}, {[@generic={0x83, 0x2}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000000)={'tunl0\x00', r3, 0x20, 0x40, 0x1001000, 0x6, {{0x5, 0x4, 0x2, 0x6, 0x14, 0x67, 0x0, 0xf9, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0xfe, 0x0}}}}})
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r4, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r0, 0x400448c8, &(0x7f0000000280)={r4, r4, 0x1, 0x0, 0x0, 0x48, 0x41, 0x1000, 0x8, 0x8, 0x1, 0x0, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000007840)=ANY=[@ANYBLOB], &(0x7f0000000000)='syzkaller\x00'}, 0x94)

4m7.508595993s ago: executing program 5 (id=143):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b8000deffffffffffff", @ANYRES32, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
close(r1)
r3 = open(&(0x7f0000000300)='./file0\x00', 0x400, 0x0)
fcntl$setlease(r3, 0x400, 0x1)
r4 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
recvmmsg(0xffffffffffffffff, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000380)}, {&(0x7f0000000440)=""/188, 0xbc}, {&(0x7f0000002080)=""/4093, 0xffd}], 0x3}, 0x1}, {{&(0x7f00000005c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000000500)=[{&(0x7f00000002c0)=""/33, 0x21}, {&(0x7f0000005540)=""/235, 0xeb}, {&(0x7f0000000740)=""/226, 0xe2}], 0x3, &(0x7f0000000840)=""/186, 0xba}, 0x28000}, {{&(0x7f0000000900)=@nl=@proc, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000980)=""/64, 0x40}, {&(0x7f00000009c0)=""/210, 0xd2}], 0x2}, 0x9}, {{&(0x7f0000000b00)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000d80)=[{0x0}, {&(0x7f0000000c00)=""/37, 0x25}, {0x0}, {&(0x7f0000000d00)=""/97, 0x61}], 0x4, &(0x7f0000000dc0)=""/88, 0x58}, 0xfffffff8}, {{0x0, 0x0, &(0x7f0000004380)=[{&(0x7f0000000ec0)=""/236, 0xec}, {&(0x7f0000003080)=""/4096, 0x1000}, {&(0x7f0000004080)=""/182, 0xb6}, {&(0x7f0000004140)=""/194, 0xc2}, {0x0}, {&(0x7f0000000040)=""/9, 0x9}], 0x6, &(0x7f0000005640)=""/4096, 0x1000}, 0x3}], 0x5, 0x40000022, 0x0)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fffffff}]})
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(0xffffffffffffffff)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x200}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000740)='scsi_dispatch_cmd_start\x00', r5}, 0x18)

4m4.761513889s ago: executing program 5 (id=148):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000002c0)={0x28, 0x4, r1, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x10001})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r1, r1, 0x3, 0xfffffffffffffffa, 0x3fff})

4m4.249656472s ago: executing program 5 (id=150):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
connect$pppl2tp(r0, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, 0xffffffffffffffff, 0x0)

4m2.455156218s ago: executing program 5 (id=151):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r3, 0x4b3a, 0x1)
ioctl$TCXONC(r3, 0x4b3a, 0x0)

3m46.714660101s ago: executing program 33 (id=151):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
socket$igmp(0x2, 0x3, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x11, 0x3, &(0x7f0000000940)=ANY=[], &(0x7f00000000c0)='GPL\x00'}, 0x94)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r3, 0x4b3a, 0x1)
ioctl$TCXONC(r3, 0x4b3a, 0x0)

21.032405195s ago: executing program 2 (id=536):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
close(0x3)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa43d, 0x80, 0x2, 0x3b9}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
r4 = syz_open_dev$sg(0x0, 0xe68d, 0x40002)
ioctl$SCSI_IOCTL_DOORLOCK(r4, 0x5380)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x2000808d)

19.599123887s ago: executing program 2 (id=541):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r1, 0x6, 0x24, &(0x7f0000000680)=0xf, 0x4)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb02f, 0x401, 0xe2, 0x3, 0x88d7, 0x80000001, 0x1007, 0x1, 0x1002, 0xffffffff, 0x200, 0x7, 0x10000007, 0x1, 0x5, 0x1ff, 0x8, 0x3, 0x9, 0x8e, 0x10c, 0x4005, 0x2, 0xa, 0x4, 0x1, 0xb0c4, 0xe, 0xff, 0x400002, 0x4000004]})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x2)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r7, 0x0, &(0x7f0000000280)=@tcp=r2}, 0x20)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)

14.471785693s ago: executing program 2 (id=549):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x9c1, 0x0, 0x0, 0x0)
r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0xfffffff5, 0x203}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000000c0)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd=r2, 0x0, &(0x7f0000000340)=[{&(0x7f0000000700)=""/229, 0xe5}], 0x1})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

13.053094073s ago: executing program 4 (id=552):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @empty}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000ac0)={'filter\x00', 0x102, 0x4, 0x418, 0x220, 0x0, 0x220, 0x330, 0x330, 0x330, 0x4, 0x0, {[{{@arp={@remote, @remote, 0x0, 0x0, 0x0, 0xfd, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @remote, @multicast1}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0xb}, @multicast2, @dev={0xac, 0x14, 0x14, 0x3d}, 0x9, 0xffffffff}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'batadv_slave_1\x00', 'ipvlan1\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e9fb760d26c0", @multicast2, @broadcast}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x468)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)

11.92257044s ago: executing program 4 (id=555):
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xf, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030097850000007b00000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r3}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x23, 0x800, 0xffdffffe)
timer_create(0xfffffffc, 0x0, &(0x7f0000000040))
timer_gettime(0x0, &(0x7f0000000540))

10.641330401s ago: executing program 4 (id=556):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/vlan/vlan0\x00')
fsopen(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r2 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000600)={0x0, 0x7f390004, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="60000000020605020000200000000000000000001400078008001340040000000800124000060000050001000700000013000300686173683a6e65742c6966616365000005000440000000000900020073797a3100000000050005000a"], 0x60}}, 0x0)
preadv(r1, &(0x7f00000004c0), 0x0, 0xa3, 0xd)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
dup(0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff})
recvmsg$unix(r5, &(0x7f0000000600)={&(0x7f0000000300)=@abs, 0x6e, 0x0}, 0x160)
timer_create(0x0, 0x0, 0x0)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)

10.017574387s ago: executing program 1 (id=558):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$IPC_RMID(0x0, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000001400110200000000fedbdf25ffffffff000000000000000000000000fc0000000000000000000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="c06b6e000000000008001f00000000000c001500"], 0x64}}, 0x0)
capset(&(0x7f0000a31000)={0x20080522}, &(0x7f0000000080)={0x0, 0x7ff, 0x0, 0x0, 0x9})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0x58, &(0x7f0000000180)}, 0x10)

8.824180019s ago: executing program 1 (id=559):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000480)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000400)=[<r3=>0x0], &(0x7f0000000280), 0x1, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f00000000c0)=[r2], &(0x7f0000000280), &(0x7f0000000300)=[r3], 0x0})

8.767268895s ago: executing program 3 (id=560):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e23, 0x80000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x18}, 0x40c0)

8.442632504s ago: executing program 1 (id=561):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x45, 0x1488, 0xffffffffffffffff, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
write$UHID_INPUT(r4, &(0x7f0000002b40)={0xe, {"a2e3ad099b0d09f91b5f2f0987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f323063090810e0879b0f0a75e70a9b334d959b669a240d5b0af3988f7ef31952010afde8d178708c523c921b1b5b07070d075b0936cd3b78130daa61d8e81a3f00005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397273ce1766769f0c91c00305d3f46635eb016d5b1dda98e2d739be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b7638354a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc3609aa24b7d520c829d095083bba2987a67399eac430d145d546a40b9f6ff14ac488ec130bb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b2860d1b3cff57d8b6d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a4f0492d48604675fde2b34cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827955e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb9754fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94e7475cb74642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd72ea4998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5ff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c58b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b50517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864af090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d885b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1a85ae7e69fd1a47a284f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef8473b53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b344340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cccf8a97406bb5a68a1f0c4549820a73c8859dde0712ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcb7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c2e14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ec00000000000000b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a52830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec685f068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000e00f96f06817fb903729a7fb6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x942}}, 0x1006)

8.442180081s ago: executing program 3 (id=562):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r4, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r4, 0x1)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xde8b3c578d0616d0}, 0x40084)

7.142620667s ago: executing program 1 (id=563):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1)
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x78}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x48)
r5 = dup2(r4, r4)
getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000004e40)={{{@in6=@private0, @in=@empty}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000004f40)=0xe8)

5.689258849s ago: executing program 3 (id=564):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
pselect6(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x3fb, 0x8000, 0x400000000001, 0x9, 0x40000000000000, 0xf, 0x80000002, 0x2}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.537551021s ago: executing program 2 (id=565):
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CALIPSO_C_LISTALL(0xffffffffffffffff, 0x0, 0x24004052)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = fanotify_init(0x1, 0x2)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @rand_addr, 0x0, 0x0, 'none\x00', 0x20, 0x8, 0x5b}, 0x2c)
fanotify_mark(r0, 0x455, 0x40000008, r1, 0x0)

3.511802612s ago: executing program 4 (id=566):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r1, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f0000000340)="b9cd14c222ee", 0x4b}], 0x1}}], 0x1, 0x20008000)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0x10012, r0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000800)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000800)

3.508736489s ago: executing program 1 (id=567):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280"], 0xdc}}, 0x0)

3.466248099s ago: executing program 2 (id=568):
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x41000}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

3.46586968s ago: executing program 3 (id=569):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x20048810)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x3ef, 0x0)

3.189197146s ago: executing program 1 (id=570):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
socket(0x2b, 0x80801, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$cgroup_int(r2, 0x0, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r7, 0x4)
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)

3.11704127s ago: executing program 4 (id=571):
r0 = msgget$private(0x0, 0xfffffffffffffffd)
msgrcv(r0, 0x0, 0x0, 0x1, 0x3000)
msgrcv(r0, 0x0, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x84, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000002", 0x4e, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x88, 0x1}]}], "fb36eeca6fad50b375a22a584d16"}}}}}}}, 0x0)

2.259866223s ago: executing program 3 (id=572):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010101, 0x15, 0x3, 'rr\x00', 0x28, 0x5, 0x72}, 0x2c)

2.077370924s ago: executing program 2 (id=573):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000)
socket$igmp(0x2, 0x3, 0x2)
sched_setaffinity(r2, 0x0, 0x0)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r3, 0x80f86406, &(0x7f0000000300)=""/247)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0x3)
accept4$bt_l2cap(r4, &(0x7f0000000200), 0x0, 0x800)
syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16)

727.764339ms ago: executing program 3 (id=574):
mkdir(&(0x7f0000000200)='./file0\x00', 0x28e08a7aa33ba155)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x18)
mkdir(&(0x7f0000000300)='./bus\x00', 0x54)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
pipe2$9p(&(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x0)
r2 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
splice(r1, 0x0, r2, 0x0, 0x10000000000016, 0x0)
r3 = open(&(0x7f0000000300)='./bus\x00', 0x14103e, 0x18a)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80000001)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 4 (id=575):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mmap(&(0x7f00003f6000/0x3000)=nil, 0x3000, 0x1000009, 0x810, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe)
keyctl$read(0xb, r3, &(0x7f0000001300)=""/4096, 0xffffffffffffffd2)
r4 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000180), 0x40, 0x0)
ioctl$EXT4_IOC_GETFSUUID(r4, 0x8008662c, &(0x7f0000000240))
sendmsg$inet(r0, 0x0, 0x30004084)
socket$pppoe(0x18, 0x1, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x14)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.239' (ED25519) to the list of known hosts.
[  100.754870][ T5819] cgroup: Unknown subsys name 'net'
[  100.876613][ T5819] cgroup: Unknown subsys name 'cpuset'
[  100.886227][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  101.444765][  T979] cfg80211: failed to load regulatory.db
[  102.647204][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.377495][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.385949][ T5857] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  107.394407][ T5857] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  107.403810][ T5857] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.411516][ T5857] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  107.419453][ T5857] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  107.427898][ T5857] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.429668][ T5859] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  107.435207][ T5857] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  107.444563][ T5859] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  107.468728][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  107.477272][ T5859] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  107.482757][ T5857] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  107.487732][ T5859] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  107.494769][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  107.500220][ T5859] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  107.513212][ T5859] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  107.520670][ T5859] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  107.527850][ T5860] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.530140][ T5859] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  107.535662][ T5860] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.542907][ T5859] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  107.550951][ T5860] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  107.559254][ T5859] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  107.563914][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  107.570588][ T5859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  107.577418][ T5860] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  107.587763][ T5859] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  107.597708][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  107.605776][ T5859] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  108.580946][ T5837] chnl_net:caif_netlink_parms(): no params data found
[  108.598865][ T5842] chnl_net:caif_netlink_parms(): no params data found
[  108.700684][ T5841] chnl_net:caif_netlink_parms(): no params data found
[  108.816475][ T5838] chnl_net:caif_netlink_parms(): no params data found
[  108.945495][ T5839] chnl_net:caif_netlink_parms(): no params data found
[  108.975219][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.982943][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.990309][ T5842] bridge_slave_0: entered allmulticast mode
[  108.998393][ T5842] bridge_slave_0: entered promiscuous mode
[  109.007400][ T5840] chnl_net:caif_netlink_parms(): no params data found
[  109.055579][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.062829][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.070015][ T5842] bridge_slave_1: entered allmulticast mode
[  109.077681][ T5842] bridge_slave_1: entered promiscuous mode
[  109.271980][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.279265][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.287013][ T5841] bridge_slave_0: entered allmulticast mode
[  109.295418][ T5841] bridge_slave_0: entered promiscuous mode
[  109.310320][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.317540][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.324791][ T5837] bridge_slave_0: entered allmulticast mode
[  109.332416][ T5837] bridge_slave_0: entered promiscuous mode
[  109.340083][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.347652][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.354962][ T5838] bridge_slave_0: entered allmulticast mode
[  109.362897][ T5838] bridge_slave_0: entered promiscuous mode
[  109.373960][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.391634][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.399231][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.406713][ T5841] bridge_slave_1: entered allmulticast mode
[  109.414358][ T5841] bridge_slave_1: entered promiscuous mode
[  109.428816][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.436160][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.443518][ T5837] bridge_slave_1: entered allmulticast mode
[  109.450984][ T5837] bridge_slave_1: entered promiscuous mode
[  109.459142][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.466646][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.473958][ T5838] bridge_slave_1: entered allmulticast mode
[  109.481510][ T5838] bridge_slave_1: entered promiscuous mode
[  109.491324][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.603496][ T5859] Bluetooth: hci1: command tx timeout
[  109.676711][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.686284][ T5855] Bluetooth: hci4: command tx timeout
[  109.686485][ T5855] Bluetooth: hci5: command tx timeout
[  109.686622][ T5855] Bluetooth: hci0: command tx timeout
[  109.698607][ T5843] Bluetooth: hci3: command tx timeout
[  109.703407][ T5859] Bluetooth: hci2: command tx timeout
[  109.725029][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.737749][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.749728][ T5842] team0: Port device team_slave_0 added
[  109.775767][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.785284][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.793108][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.800272][ T5839] bridge_slave_0: entered allmulticast mode
[  109.808495][ T5839] bridge_slave_0: entered promiscuous mode
[  109.818793][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.830373][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.842549][ T5842] team0: Port device team_slave_1 added
[  109.848335][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.855841][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.863131][ T5840] bridge_slave_0: entered allmulticast mode
[  109.870639][ T5840] bridge_slave_0: entered promiscuous mode
[  109.892558][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.899742][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.907017][ T5839] bridge_slave_1: entered allmulticast mode
[  109.914718][ T5839] bridge_slave_1: entered promiscuous mode
[  109.964366][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.971556][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.979587][ T5840] bridge_slave_1: entered allmulticast mode
[  109.987208][ T5840] bridge_slave_1: entered promiscuous mode
[  110.083826][ T5841] team0: Port device team_slave_0 added
[  110.105870][ T5837] team0: Port device team_slave_0 added
[  110.114885][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.126686][ T5838] team0: Port device team_slave_0 added
[  110.133587][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.140513][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.167057][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.195101][ T5841] team0: Port device team_slave_1 added
[  110.204099][ T5837] team0: Port device team_slave_1 added
[  110.212229][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.224819][ T5838] team0: Port device team_slave_1 added
[  110.231165][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.238454][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.264704][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.278607][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.355695][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.410973][ T5839] team0: Port device team_slave_0 added
[  110.450052][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.457728][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.483731][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.495621][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.502923][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.529100][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.555574][ T5839] team0: Port device team_slave_1 added
[  110.561962][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.569607][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.596133][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.609151][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.616184][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.642257][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.668385][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.675449][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.701524][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.713687][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.720618][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.746883][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.796161][ T5840] team0: Port device team_slave_0 added
[  110.856652][ T5842] hsr_slave_0: entered promiscuous mode
[  110.863482][ T5842] hsr_slave_1: entered promiscuous mode
[  110.875928][ T5840] team0: Port device team_slave_1 added
[  110.883990][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.890938][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.918727][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.931813][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.939052][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  110.965219][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.091994][ T5838] hsr_slave_0: entered promiscuous mode
[  111.099377][ T5838] hsr_slave_1: entered promiscuous mode
[  111.106299][ T5838] debugfs: 'hsr0' already exists in 'hsr'
[  111.112085][ T5838] Cannot create hsr debugfs directory
[  111.191391][ T5841] hsr_slave_0: entered promiscuous mode
[  111.200045][ T5841] hsr_slave_1: entered promiscuous mode
[  111.206858][ T5841] debugfs: 'hsr0' already exists in 'hsr'
[  111.212775][ T5841] Cannot create hsr debugfs directory
[  111.219233][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.226579][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.252797][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.314633][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.321591][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  111.348232][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.380238][ T5837] hsr_slave_0: entered promiscuous mode
[  111.388234][ T5837] hsr_slave_1: entered promiscuous mode
[  111.394601][ T5837] debugfs: 'hsr0' already exists in 'hsr'
[  111.400333][ T5837] Cannot create hsr debugfs directory
[  111.449641][ T5839] hsr_slave_0: entered promiscuous mode
[  111.456584][ T5839] hsr_slave_1: entered promiscuous mode
[  111.463237][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[  111.468963][ T5839] Cannot create hsr debugfs directory
[  111.683169][ T5855] Bluetooth: hci1: command tx timeout
[  111.731241][ T5840] hsr_slave_0: entered promiscuous mode
[  111.738055][ T5840] hsr_slave_1: entered promiscuous mode
[  111.745150][ T5840] debugfs: 'hsr0' already exists in 'hsr'
[  111.750890][ T5840] Cannot create hsr debugfs directory
[  111.763162][ T5854] Bluetooth: hci4: command tx timeout
[  111.763382][ T5152] Bluetooth: hci2: command tx timeout
[  111.768823][ T5859] Bluetooth: hci5: command tx timeout
[  111.774299][ T5843] Bluetooth: hci0: command tx timeout
[  111.779851][ T5855] Bluetooth: hci3: command tx timeout
[  112.273791][ T5842] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  112.301066][ T5842] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  112.331595][ T5842] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  112.344403][ T5842] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.421250][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  112.435655][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  112.448557][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  112.473751][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  112.575738][ T5838] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  112.589467][ T5838] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  112.604719][ T5838] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  112.620097][ T5838] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.738127][ T5841] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  112.757058][ T5841] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  112.768183][ T5841] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  112.787301][ T5841] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  112.943540][ T5839] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  112.957160][ T5839] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  112.978149][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.996038][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.005288][ T5839] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  113.033117][ T5839] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  113.136155][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  113.152964][ T5837] 8021q: adding VLAN 0 to HW filter on device team0
[  113.174029][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  113.188666][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[  113.201124][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  113.217210][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.224505][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.249323][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  113.269381][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.276577][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.301742][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.309030][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.341376][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.375988][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.383170][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.479707][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[  113.530011][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.545176][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.553001][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.575024][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.582181][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.626653][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  113.701670][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[  113.747741][ T3994] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.755013][ T3994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.762546][ T5855] Bluetooth: hci1: command tx timeout
[  113.783064][ T3994] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.790259][ T3994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.843405][ T5859] Bluetooth: hci2: command tx timeout
[  113.843559][ T5152] Bluetooth: hci5: command tx timeout
[  113.848843][ T5854] Bluetooth: hci4: command tx timeout
[  113.855085][ T5843] Bluetooth: hci3: command tx timeout
[  113.860116][ T5855] Bluetooth: hci0: command tx timeout
[  114.016506][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.070566][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.128615][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  114.198610][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.205822][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.251009][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.291418][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.298651][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.328854][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  114.357046][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.368614][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.375797][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.386376][ T1008] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.393535][ T1008] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.618173][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.645203][ T5842] veth0_vlan: entered promiscuous mode
[  114.724612][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.735901][ T5837] veth0_vlan: entered promiscuous mode
[  114.752057][ T5842] veth1_vlan: entered promiscuous mode
[  114.817345][ T5837] veth1_vlan: entered promiscuous mode
[  114.938162][ T5842] veth0_macvtap: entered promiscuous mode
[  115.014976][ T5842] veth1_macvtap: entered promiscuous mode
[  115.033657][ T5841] veth0_vlan: entered promiscuous mode
[  115.045738][ T5837] veth0_macvtap: entered promiscuous mode
[  115.089187][ T5841] veth1_vlan: entered promiscuous mode
[  115.109305][ T5837] veth1_macvtap: entered promiscuous mode
[  115.166826][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.209502][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.274801][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.292960][ T1096] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.325644][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.341640][ T1096] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.361372][ T1096] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.398591][ T1096] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.415792][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.449178][ T5841] veth0_macvtap: entered promiscuous mode
[  115.477522][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.509429][ T5841] veth1_macvtap: entered promiscuous mode
[  115.521210][ T1096] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.546948][ T1096] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.558281][ T1096] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.581418][ T1096] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  115.674440][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.732627][ T1086] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.741520][ T1086] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.757227][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  115.849452][ T1086] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  115.863907][ T5855] Bluetooth: hci1: command tx timeout
[  115.870178][ T1086] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  115.925318][ T5854] Bluetooth: hci5: command tx timeout
[  115.925649][ T5859] Bluetooth: hci4: command tx timeout
[  115.930820][ T5855] Bluetooth: hci3: command tx timeout
[  115.942305][ T5152] Bluetooth: hci0: command tx timeout
[  115.947747][ T5843] Bluetooth: hci2: command tx timeout
[  115.954511][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.975980][ T1086] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  115.988574][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.997430][ T5838] veth0_vlan: entered promiscuous mode
[  116.020819][ T1086] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.060166][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.072000][ T5838] veth1_vlan: entered promiscuous mode
[  116.079953][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.083821][ T5840] veth0_vlan: entered promiscuous mode
[  116.141711][ T1086] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.180370][ T1086] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.204553][ T5840] veth1_vlan: entered promiscuous mode
[  116.256323][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  116.354052][ T1096] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.361933][ T1096] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.433845][ T5839] veth0_vlan: entered promiscuous mode
[  116.588278][ T5840] veth0_macvtap: entered promiscuous mode
[  116.626485][ T5838] veth0_macvtap: entered promiscuous mode
[  116.781342][ T5984] GUP no longer grows the stack in syz.0.1 (5984): 200000004000-20000000a000 (200000002000)
[  116.831313][ T5984] CPU: 0 UID: 0 PID: 5984 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) 
[  116.831364][ T5984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  116.831385][ T5984] Call Trace:
[  116.831396][ T5984]  <TASK>
[  116.831409][ T5984]  dump_stack_lvl+0x16c/0x1f0
[  116.831463][ T5984]  gup_vma_lookup+0x1d2/0x220
[  116.831507][ T5984]  __get_user_pages+0x241/0x33c0
[  116.831564][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.831607][ T5984]  ? find_held_lock+0x2b/0x80
[  116.831644][ T5984]  ? __pfx___get_user_pages+0x10/0x10
[  116.831693][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.831742][ T5984]  get_user_pages_remote+0x243/0xab0
[  116.831787][ T5984]  ? mast_spanning_rebalance.isra.0+0x2020/0x2060
[  116.831845][ T5984]  ? __pfx_get_user_pages_remote+0x10/0x10
[  116.831896][ T5984]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  116.831940][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.831990][ T5984]  __access_remote_vm+0x24d/0x850
[  116.832036][ T5984]  ? do_raw_spin_lock+0x12c/0x2b0
[  116.832095][ T5984]  ? __pfx___access_remote_vm+0x10/0x10
[  116.832136][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832177][ T5984]  ? set_page_refcounted+0xbd/0x230
[  116.832220][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832269][ T5984]  proc_pid_cmdline_read+0x4de/0x8e0
[  116.832314][ T5984]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  116.832362][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832403][ T5984]  ? rw_verify_area+0xcf/0x6c0
[  116.832445][ T5984]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  116.832483][ T5984]  vfs_readv+0x5c1/0x8b0
[  116.832532][ T5984]  ? __pfx_vfs_readv+0x10/0x10
[  116.832570][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832614][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832664][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832725][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832766][ T5984]  ? __fget_files+0x20e/0x3c0
[  116.832828][ T5984]  ? do_preadv+0x1a6/0x270
[  116.832865][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.832906][ T5984]  do_preadv+0x1a6/0x270
[  116.832949][ T5984]  ? __pfx_do_preadv+0x10/0x10
[  116.832991][ T5984]  ? srso_alias_return_thunk+0x5/0xfbef5
[  116.833042][ T5984]  do_syscall_64+0xcd/0xf80
[  116.833095][ T5984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.833130][ T5984] RIP: 0033:0x7fe849f8f749
[  116.833156][ T5984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.833190][ T5984] RSP: 002b:00007fe84ad87038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  116.833223][ T5984] RAX: ffffffffffffffda RBX: 00007fe84a1e6090 RCX: 00007fe849f8f749
[  116.833245][ T5984] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000007
[  116.833267][ T5984] RBP: 00007fe84a013f91 R08: 0000000000000000 R09: 0000000000000000
[  116.833288][ T5984] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  116.833308][ T5984] R13: 00007fe84a1e6128 R14: 00007fe84a1e6090 R15: 00007fff190629b8
[  116.833361][ T5984]  </TASK>
[  116.863033][ T1008] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.874556][ T5838] veth1_macvtap: entered promiscuous mode
[  116.902175][ T1008] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.915860][ T5839] veth1_vlan: entered promiscuous mode
[  117.279880][ T5840] veth1_macvtap: entered promiscuous mode
[  117.553578][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.588567][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.630844][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.748726][ T5990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7'.
[  117.791373][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.862820][ T3994] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.966121][ T3994] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.685119][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.727651][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.837599][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  118.878222][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.902991][ T6000] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10'.
[  118.918968][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.988438][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  119.284408][  T263] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.312659][  T263] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.402410][ T6006] rdma_op ffff88807fba29f0 conn xmit_rdma 0000000000000000
[  120.140652][   T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  120.191776][ T5839] veth0_macvtap: entered promiscuous mode
[  120.244041][ T5996] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.245892][ T5839] veth1_macvtap: entered promiscuous mode
[  120.275055][ T5996] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.352729][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  120.361562][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  120.370543][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  120.448653][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  120.554539][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  120.570249][ T4400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.592167][ T4400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.778783][ T5996] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  120.814694][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.832899][ T5996] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  120.871750][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  121.019404][ T5996] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.101208][ T5996] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  121.192659][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  121.602155][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  122.012521][    T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!!
[  122.114194][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  122.115042][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  122.172698][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  124.255607][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.283202][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  124.288071][ T6028] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  124.487243][ T6028] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  124.773741][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  124.849181][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.103223][ T6046] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  128.025070][ T6042] fido_id[6042]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  128.803397][ T5849] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  128.988761][ T6061] process 'syz.5.6' launched './file0' with NULL argv: empty string added
[  129.219849][ T5849] usb 2-1: Using ep0 maxpacket: 8
[  129.280528][ T5849] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  129.341157][ T5849] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  129.399641][ T5849] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  129.430999][ T5849] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  129.456143][ T5849] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  129.770172][ T6072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.28'.
[  130.505633][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.009840][ T5849] usb 2-1: usb_control_msg returned -71
[  131.096009][ T5849] usbtmc 2-1:16.0: can't read capabilities
[  131.171134][ T6075] mkiss: ax0: crc mode is auto.
[  132.993387][ T5849] usb 2-1: USB disconnect, device number 2
[  133.892260][ T6101] netlink: 8 bytes leftover after parsing attributes in process `syz.1.33'.
[  139.909119][ T6169] usb usb8: usbfs: process 6169 (syz.2.41) did not claim interface 0 before use
[  141.004852][ T5843] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  141.062191][ T5843] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  141.070475][ T5843] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  141.078952][ T5843] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  141.086945][ T5843] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  142.408717][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  142.422150][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  143.364270][ T5843] Bluetooth: hci6: command tx timeout
[  145.196885][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.442170][ T5843] Bluetooth: hci6: command tx timeout
[  145.536251][ T6192] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  145.630407][ T6192] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  145.832351][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  146.573472][ T6214] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[  147.435255][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  147.524667][ T5843] Bluetooth: hci6: command tx timeout
[  147.988375][ T6174] chnl_net:caif_netlink_parms(): no params data found
[  148.132461][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  148.447942][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  148.477383][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.505843][   T10] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  148.510810][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  148.534132][   T10] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  148.554944][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  148.569739][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.611140][   T10] usb 4-1: Product: syz
[  148.661537][   T10] usb 4-1: Manufacturer: syz
[  148.696239][   T10] usb 4-1: SerialNumber: syz
[  148.753183][   T10] cdc_mbim 4-1:1.0: skipping garbage
[  148.936473][ T6218] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  149.138143][ T6174] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.169993][ T6174] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.193771][ T6174] bridge_slave_0: entered allmulticast mode
[  149.212554][ T6174] bridge_slave_0: entered promiscuous mode
[  149.283278][ T6174] bridge0: port 2(bridge_slave_1) entered blocking state
[  149.290571][ T6174] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.311292][ T6174] bridge_slave_1: entered allmulticast mode
[  149.330106][ T6174] bridge_slave_1: entered promiscuous mode
[  149.602589][ T5843] Bluetooth: hci6: command tx timeout
[  149.641534][ T6218] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  149.718639][ T1105] bridge_slave_1: left allmulticast mode
[  149.746170][ T1105] bridge_slave_1: left promiscuous mode
[  149.753234][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  149.817627][ T1105] bridge_slave_0: left allmulticast mode
[  149.861476][ T1105] bridge_slave_0: left promiscuous mode
[  149.873413][   T10] cdc_mbim 4-1:1.0: bind() failure
[  149.899333][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  149.911716][   T10] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  149.953289][   T10] cdc_ncm 4-1:1.1: bind() failure
[  150.122402][  T114] usb 4-1: USB disconnect, device number 2
[  150.523139][ T6242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.54'.
[  154.981692][ T6294] xt_socket: unknown flags 0x4c
[  155.494560][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.592870][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.626075][ T1105] bond0 (unregistering): Released all slaves
[  155.669166][ T6174] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  155.725523][ T6174] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.623968][ T6305] netlink: 152 bytes leftover after parsing attributes in process `syz.4.63'.
[  157.393441][ T6174] team0: Port device team_slave_0 added
[  157.620844][ T6174] team0: Port device team_slave_1 added
[  158.102383][ T6073] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  158.334382][ T6174] batman_adv: batadv0: Adding interface: batadv_slave_0
[  158.341449][ T6174] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  158.632991][ T6073] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  159.403735][ T6073] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.492018][ T6174] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  159.632576][ T6073] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  159.677685][ T6174] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.772267][ T6073] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  159.806483][ T6174] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  159.864931][ T6073] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  159.962165][ T6073] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.095449][ T6073] usb 2-1: Product: syz
[  160.515533][ T6174] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.547276][ T6073] usb 2-1: Manufacturer: syz
[  160.571706][ T6073] usb 2-1: SerialNumber: syz
[  160.842017][ T6073] cdc_mbim 2-1:1.0: skipping garbage
[  161.705156][ T6337] xt_socket: unknown flags 0x4c
[  162.429578][ T6073] cdc_mbim 2-1:1.0: bind() failure
[  162.602726][ T6073] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  162.632223][ T6073] cdc_ncm 2-1:1.1: bind() failure
[  162.744935][ T6073] usb 2-1: USB disconnect, device number 3
[  164.123406][ T6353] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  164.279113][ T1105] hsr_slave_0: left promiscuous mode
[  165.341052][ T1105] hsr_slave_1: left promiscuous mode
[  165.384490][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  165.572710][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  165.745621][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  165.820154][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.509488][ T1105] veth1_macvtap: left promiscuous mode
[  167.523903][ T1105] veth0_macvtap: left promiscuous mode
[  167.529626][ T1105] veth1_vlan: left promiscuous mode
[  167.555945][ T1105] veth0_vlan: left promiscuous mode
[  167.562301][  T979] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  168.305226][  T979] usb 4-1: Using ep0 maxpacket: 8
[  168.391733][  T979] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  168.429542][  T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.454953][  T979] usb 4-1: Product: syz
[  168.485308][  T979] usb 4-1: Manufacturer: syz
[  168.489922][  T979] usb 4-1: SerialNumber: syz
[  168.555921][  T979] usb 4-1: config 0 descriptor??
[  168.623382][  T979] gspca_main: se401-2.14.0 probing 047d:5003
[  169.182768][  T979] usb 4-1: reset high-speed USB device number 3 using dummy_hcd
[  169.978609][  T979] gspca_se401: write req failed req 0x57 val 0x00 error -71
[  169.987125][  T979] se401 4-1:0.0: probe with driver se401 failed with error -71
[  170.168906][  T979] usb 4-1: USB disconnect, device number 3
[  170.425009][ T6391] syz.2.91 uses obsolete (PF_INET,SOCK_PACKET)
[  173.840258][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  174.141489][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  176.417170][ T6174] hsr_slave_0: entered promiscuous mode
[  176.455799][ T6174] hsr_slave_1: entered promiscuous mode
[  176.502910][ T6434] netlink: 8 bytes leftover after parsing attributes in process `syz.1.101'.
[  177.173295][ T6444] Bluetooth: MGMT ver 1.23
[  182.030873][ T6461] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input5
[  182.784876][ T6174] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  183.303269][ T6174] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  183.678864][ T6174] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  183.776798][ T6174] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  183.831640][ T6483] kAFS: unparsable volume name
[  184.695916][ T6174] 8021q: adding VLAN 0 to HW filter on device bond0
[  184.741016][ T6174] 8021q: adding VLAN 0 to HW filter on device team0
[  184.787852][ T6150] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.795049][ T6150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  184.855100][ T6150] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.862305][ T6150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  186.497575][ T6512] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  186.908808][ T6174] 8021q: adding VLAN 0 to HW filter on device batadv0
[  187.286885][ T6517] netlink: 'syz.3.116': attribute type 1 has an invalid length.
[  187.430276][ T6524] Zero length message leads to an empty skb
[  188.417088][ T6523] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  189.122305][ T6536] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  189.908975][ T6525] veth3: entered promiscuous mode
[  189.937254][ T6525] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  195.239669][ T6174] veth0_vlan: entered promiscuous mode
[  195.369493][ T6174] veth1_vlan: entered promiscuous mode
[  195.587012][ T6174] veth0_macvtap: entered promiscuous mode
[  195.660602][ T6174] veth1_macvtap: entered promiscuous mode
[  195.682166][ T6073] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  197.127076][ T6073] usb 2-1: config 0 has an invalid interface number: 187 but max is 0
[  197.127137][ T6073] usb 2-1: config 0 has no interface number 0
[  197.134837][ T6073] usb 2-1: New USB device found, idVendor=05ac, idProduct=0225, bcdDevice=f7.32
[  197.134885][ T6073] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.134929][ T6073] usb 2-1: Product: syz
[  197.134957][ T6073] usb 2-1: Manufacturer: syz
[  197.134986][ T6073] usb 2-1: SerialNumber: syz
[  197.136730][ T6174] batman_adv: batadv0: Interface activated: batadv_slave_0
[  197.151142][ T6073] usb 2-1: config 0 descriptor??
[  197.213211][ T6174] batman_adv: batadv0: Interface activated: batadv_slave_1
[  197.237390][ T6073] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.187/input/input6
[  197.357222][   T24] IPVS: starting estimator thread 0...
[  197.375188][ T6593] tty tty1: ldisc open failed (-12), clearing slot 0
[  197.932427][ T6597] IPVS: using max 23 ests per chain, 55200 per kthread
[  197.962769][ T6027] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  197.971541][ T6027] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  198.355207][ T6027] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  198.443611][ T6027] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  198.909713][ T6284] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  198.961067][ T6284] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.123355][ T5187] bcm5974 2-1:0.187: could not read from device
[  200.157681][ T5948] usb 2-1: USB disconnect, device number 4
[  200.163076][ T6284] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  200.171347][ T6284] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  200.364690][ T6458] bcm5974 2-1:0.187: could not read from device
[  200.617476][ T6609] netlink: 256 bytes leftover after parsing attributes in process `syz.5.135'.
[  200.626736][ T6609] netlink: 24 bytes leftover after parsing attributes in process `syz.5.135'.
[  203.438467][ T5855] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  203.454664][ T5855] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  203.463218][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  203.473210][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  203.481047][ T5855] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  203.846629][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  203.853072][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  205.518012][ T1096] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.582271][ T5843] Bluetooth: hci4: command tx timeout
[  207.602508][ T5843] Bluetooth: hci4: command tx timeout
[  208.515840][ T1096] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.800297][ T6641] chnl_net:caif_netlink_parms(): no params data found
[  209.682394][ T5843] Bluetooth: hci4: command tx timeout
[  211.946929][ T5843] Bluetooth: hci4: command tx timeout
[  212.067977][ T1096] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  212.897569][ T1096] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.291626][ T6710] netlink: 148 bytes leftover after parsing attributes in process `syz.2.160'.
[  213.606201][ T6641] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.635270][ T6641] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.651722][ T6641] bridge_slave_0: entered allmulticast mode
[  213.676017][ T6641] bridge_slave_0: entered promiscuous mode
[  213.717070][ T6641] bridge0: port 2(bridge_slave_1) entered blocking state
[  213.865448][ T6641] bridge0: port 2(bridge_slave_1) entered disabled state
[  213.903151][ T6641] bridge_slave_1: entered allmulticast mode
[  213.911215][ T6641] bridge_slave_1: entered promiscuous mode
[  214.445527][ T6641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.501014][ T6727] usb usb8: usbfs: process 6727 (syz.4.163) did not claim interface 0 before use
[  215.428587][ T6641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  218.171377][ T6641] team0: Port device team_slave_0 added
[  218.257089][ T6741] Falling back ldisc for ttyS3.
[  218.405142][ T1096] bridge_slave_1: left allmulticast mode
[  218.421162][ T1096] bridge_slave_1: left promiscuous mode
[  218.456372][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  218.534919][ T1096] bridge_slave_0: left allmulticast mode
[  218.547364][ T1096] bridge_slave_0: left promiscuous mode
[  218.563025][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.863166][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  221.897337][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  221.937724][ T1096] bond0 (unregistering): Released all slaves
[  222.015401][ T6641] team0: Port device team_slave_1 added
[  224.212719][ T6641] batman_adv: batadv0: Adding interface: batadv_slave_0
[  224.219748][ T6641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  224.345140][ T6641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  225.630012][ T6641] batman_adv: batadv0: Adding interface: batadv_slave_1
[  225.685819][ T6641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  225.815512][ T6641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  226.247008][ T1096] hsr_slave_0: left promiscuous mode
[  226.438006][ T5975] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  226.470868][ T1096] hsr_slave_1: left promiscuous mode
[  226.532901][ T5855] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  226.533684][ T1096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  226.543678][ T5855] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  226.556389][ T5855] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  226.575584][ T5855] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  226.585514][ T5855] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  226.660210][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  226.714258][ T5975] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  226.763117][ T1096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  226.782297][ T5975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.790390][ T5975] usb 5-1: Product: syz
[  226.798825][ T5975] usb 5-1: Manufacturer: syz
[  226.815511][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  226.822736][ T5975] usb 5-1: SerialNumber: syz
[  226.920666][ T5975] usb 5-1: config 0 descriptor??
[  228.057180][ T1096] veth1_macvtap: left promiscuous mode
[  228.091742][ T1096] veth0_macvtap: left promiscuous mode
[  228.134553][ T6840] binder: 6834:6840 ioctl c0306201 200000000080 returned -14
[  228.163524][ T1096] veth1_vlan: left promiscuous mode
[  228.168982][ T1096] veth0_vlan: left promiscuous mode
[  228.582861][ T6840] xt_cluster: node mask cannot exceed total number of nodes
[  228.715243][ T5855] Bluetooth: hci6: command tx timeout
[  229.609497][ T5975] usb 5-1: USB disconnect, device number 2
[  230.280183][ T6475] udevd[6475]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  230.722472][ T5855] Bluetooth: hci6: command tx timeout
[  231.560901][ T5857] Bluetooth: hci0: command 0x0406 tx timeout
[  231.567062][ T5858] Bluetooth: hci1: command 0x0406 tx timeout
[  231.573151][ T5859] Bluetooth: hci2: command 0x0406 tx timeout
[  231.581139][ T5855] Bluetooth: hci5: command 0x0406 tx timeout
[  231.588837][ T5850] Bluetooth: hci3: command 0x0406 tx timeout
[  232.789182][ T6856] Falling back ldisc for ttyS3.
[  232.803889][   T52] Bluetooth: hci6: command tx timeout
[  234.801888][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  234.892619][   T52] Bluetooth: hci6: command tx timeout
[  234.942476][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  237.464804][ T6641] hsr_slave_0: entered promiscuous mode
[  237.502757][ T6641] hsr_slave_1: entered promiscuous mode
[  241.958712][ T6934] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input7
[  248.791644][ T6992] futex_wake_op: syz.2.220 tries to shift op by -1; fix this program
[  249.391196][ T1096] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  251.774089][ T1096] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  253.143896][ T6827] chnl_net:caif_netlink_parms(): no params data found
[  254.164417][ T1096] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  254.686958][ T1096] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  255.380241][ T6641] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  255.513465][ T6827] bridge0: port 1(bridge_slave_0) entered blocking state
[  255.521421][ T6827] bridge0: port 1(bridge_slave_0) entered disabled state
[  255.549688][ T6827] bridge_slave_0: entered allmulticast mode
[  255.581887][ T6827] bridge_slave_0: entered promiscuous mode
[  255.594244][ T6641] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  255.682432][ T6827] bridge0: port 2(bridge_slave_1) entered blocking state
[  255.703916][ T6827] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.717776][ T6827] bridge_slave_1: entered allmulticast mode
[  255.727167][ T6827] bridge_slave_1: entered promiscuous mode
[  255.740115][ T6641] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  255.932210][ T6192] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  256.235447][ T6641] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  256.284089][ T6192] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  256.284133][ T6192] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  256.285615][ T6192] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  256.285659][ T6192] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  256.285696][ T6192] usb 4-1: SerialNumber: syz
[  256.574110][ T6192] usb 4-1: 0:2 : does not exist
[  256.591924][ T6192] usb 4-1: 5:0: failed to get current value for ch 1 (-22)
[  256.646276][ T6192] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  256.663255][ T6827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  256.663276][ T6192] usb 4-1: 5:0: cannot get min/max values for control 2 (id 5)
[  256.732762][ T6827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  256.762453][ T6192] usb 4-1: USB disconnect, device number 4
[  256.990139][ T6447] udevd[6447]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  257.174429][ T7052] mkiss: ax0: crc mode is auto.
[  257.407824][ T6827] team0: Port device team_slave_0 added
[  257.410124][ T1096] bridge_slave_1: left allmulticast mode
[  257.410155][ T1096] bridge_slave_1: left promiscuous mode
[  257.411553][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.695118][ T1096] bridge_slave_0: left allmulticast mode
[  257.695154][ T1096] bridge_slave_0: left promiscuous mode
[  257.695406][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.464422][   T30] audit: type=1326 audit(1764909970.357:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  259.500012][   T30] audit: type=1326 audit(1764909970.357:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  259.538625][   T30] audit: type=1326 audit(1764909970.357:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  259.562104][   T30] audit: type=1326 audit(1764909970.357:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  259.954122][   T30] audit: type=1326 audit(1764909970.357:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  259.983092][   T30] audit: type=1326 audit(1764909970.367:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  260.011559][   T30] audit: type=1326 audit(1764909970.367:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  260.071107][   T30] audit: type=1326 audit(1764909970.367:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7084 comm="syz.4.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  261.592845][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  261.676603][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  261.913915][ T1096] bond0 (unregistering): Released all slaves
[  262.703284][ T6827] team0: Port device team_slave_1 added
[  264.248167][ T6827] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.305994][ T6827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  264.398345][ T6827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.684023][ T5860] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  264.693733][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  264.711898][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  264.914245][ T5860] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  264.935783][ T5860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  265.290513][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  265.310294][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  265.729458][ T6827] batman_adv: batadv0: Adding interface: batadv_slave_1
[  265.742232][ T6827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  265.871596][ T6827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.447851][ T7150] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  267.373395][ T5860] Bluetooth: hci2: command tx timeout
[  269.442267][ T5860] Bluetooth: hci2: command tx timeout
[  270.462277][ T1096] hsr_slave_0: left promiscuous mode
[  270.777604][ T1096] hsr_slave_1: left promiscuous mode
[  270.802776][ T1096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  270.904031][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  270.977205][ T1096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  271.008929][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  271.097779][ T7196] Falling back ldisc for ttyS3.
[  271.116063][ T1096] veth1_macvtap: left promiscuous mode
[  271.134450][ T1096] veth0_macvtap: left promiscuous mode
[  271.140140][ T1096] veth1_vlan: left promiscuous mode
[  271.166033][ T1096] veth0_vlan: left promiscuous mode
[  271.522245][ T5860] Bluetooth: hci2: command tx timeout
[  273.157888][ T7225] xt_socket: unknown flags 0x4c
[  273.404474][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  273.478210][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  273.602464][ T5860] Bluetooth: hci2: command tx timeout
[  276.039618][ T7205] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.047180][ T7205] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.118476][ T6827] hsr_slave_0: entered promiscuous mode
[  276.154153][ T6827] hsr_slave_1: entered promiscuous mode
[  276.175231][ T6827] debugfs: 'hsr0' already exists in 'hsr'
[  276.181005][ T6827] Cannot create hsr debugfs directory
[  280.457004][   T30] audit: type=1326 audit(1764909991.337:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7281 comm="syz.4.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  280.752300][   T30] audit: type=1326 audit(1764909991.387:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7281 comm="syz.4.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  280.835695][   T30] audit: type=1326 audit(1764909991.387:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7281 comm="syz.4.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  280.932185][   T30] audit: type=1326 audit(1764909991.387:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7281 comm="syz.4.278" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3163b8f749 code=0x7ffc0000
[  282.639773][ T6827] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  282.731060][ T7130] chnl_net:caif_netlink_parms(): no params data found
[  282.832483][ T6827] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  283.542545][ T6827] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  283.631073][ T7315] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input8
[  284.553707][ T7327] random: crng reseeded on system resumption
[  286.051155][ T7342] capability: warning: `syz.1.291' uses 32-bit capabilities (legacy support in use)
[  286.235195][ T7130] bridge0: port 1(bridge_slave_0) entered blocking state
[  286.308721][ T7130] bridge0: port 1(bridge_slave_0) entered disabled state
[  286.332910][ T7130] bridge_slave_0: entered allmulticast mode
[  286.380036][ T7130] bridge_slave_0: entered promiscuous mode
[  286.565645][   T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  286.576349][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  286.584142][   T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  286.592538][   T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  286.600210][   T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  286.833517][ T7130] bridge0: port 2(bridge_slave_1) entered blocking state
[  286.840776][ T7130] bridge0: port 2(bridge_slave_1) entered disabled state
[  286.907735][ T7130] bridge_slave_1: entered allmulticast mode
[  286.925503][ T7130] bridge_slave_1: entered promiscuous mode
[  287.407015][ T7130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  287.505156][ T7130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.068414][ T7130] team0: Port device team_slave_0 added
[  288.195917][ T1096] bridge_slave_1: left allmulticast mode
[  288.232163][ T1096] bridge_slave_1: left promiscuous mode
[  288.246499][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.423368][ T1096] bridge_slave_0: left allmulticast mode
[  288.429067][ T1096] bridge_slave_0: left promiscuous mode
[  288.486527][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.832513][   T52] Bluetooth: hci4: command tx timeout
[  290.010184][  T979] IPVS: starting estimator thread 0...
[  290.333848][ T7396] IPVS: using max 24 ests per chain, 57600 per kthread
[  290.972183][   T52] Bluetooth: hci4: command tx timeout
[  291.979730][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  292.194234][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.296056][ T1096] bond0 (unregistering): Released all slaves
[  293.547629][   T52] Bluetooth: hci4: command tx timeout
[  293.586697][ T7130] team0: Port device team_slave_1 added
[  294.072521][ T6073] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  294.178762][ T7130] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.192206][ T7130] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  294.256148][ T7130] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.281928][ T6073] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  294.319103][ T6073] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.369638][ T1096] hsr_slave_0: left promiscuous mode
[  294.388955][ T6073] usb 3-1: config 0 descriptor??
[  294.435945][ T1096] hsr_slave_1: left promiscuous mode
[  294.455164][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  294.489757][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  295.387616][ T6073] pegasus 3-1:0.0: probe with driver pegasus failed with error -71
[  295.512460][ T6073] usb 3-1: USB disconnect, device number 2
[  295.602571][   T52] Bluetooth: hci4: command tx timeout
[  295.697684][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  295.835106][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  298.931532][ T7130] batman_adv: batadv0: Adding interface: batadv_slave_1
[  298.984825][ T7130] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  299.072263][ T7130] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.555836][ T7130] hsr_slave_0: entered promiscuous mode
[  301.583221][ T7130] hsr_slave_1: entered promiscuous mode
[  301.969974][ T7347] chnl_net:caif_netlink_parms(): no params data found
[  306.348368][ T7347] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.392605][ T7347] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.399980][ T7347] bridge_slave_0: entered allmulticast mode
[  306.602234][ T7347] bridge_slave_0: entered promiscuous mode
[  306.633175][ T7347] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.672387][ T7347] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.679664][ T7347] bridge_slave_1: entered allmulticast mode
[  306.742990][ T7347] bridge_slave_1: entered promiscuous mode
[  307.036910][ T7347] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.079043][ T7347] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  308.629213][ T7347] team0: Port device team_slave_0 added
[  308.761609][ T7347] team0: Port device team_slave_1 added
[  309.411809][ T7550] debugfs: 'ttyS3' already exists in 'caif_serial'
[  311.966099][ T7347] batman_adv: batadv0: Adding interface: batadv_slave_0
[  311.997027][ T7347] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  312.067925][ T7347] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  312.186292][ T7559] team0: Device ip6tnl1 is up. Set it down before adding it as a team port
[  312.437788][ T7347] batman_adv: batadv0: Adding interface: batadv_slave_1
[  312.466845][ T7347] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  312.712194][ T7347] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  315.009253][ T7605] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  315.016201][ T7605] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  315.025093][ T7605] vhci_hcd vhci_hcd.0: Device attached
[  315.161142][ T7606] vhci_hcd: connection closed
[  315.293910][ T6802] vhci_hcd: stop threads
[  315.743713][ T6802] vhci_hcd: release socket
[  315.889063][ T7347] hsr_slave_0: entered promiscuous mode
[  315.890722][ T6802] vhci_hcd: disconnect device
[  315.962604][ T7347] hsr_slave_1: entered promiscuous mode
[  315.992209][ T7347] debugfs: 'hsr0' already exists in 'hsr'
[  315.997997][ T7347] Cannot create hsr debugfs directory
[  318.587716][ T1096] bridge_slave_1: left allmulticast mode
[  318.601038][ T1096] bridge_slave_1: left promiscuous mode
[  318.660924][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  319.234526][ T1096] bridge_slave_0: left allmulticast mode
[  319.548025][ T1096] bridge_slave_0: left promiscuous mode
[  319.584185][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  324.735300][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  326.403075][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  326.715823][ T1096] bond0 (unregistering): Released all slaves
[  326.742150][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  326.752128][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  326.888329][ T7672] tipc: Started in network mode
[  326.896989][ T7672] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  326.933522][ T7672] tipc: Enabled bearer <udp:syz1>, priority 10
[  327.443591][ T1096] hsr_slave_0: left promiscuous mode
[  327.465650][ T1096] hsr_slave_1: left promiscuous mode
[  327.492366][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  327.532946][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  327.659595][ T5860] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  327.669742][ T5860] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  327.678200][ T5860] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  327.686838][ T5860] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  327.694843][ T5860] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  328.184552][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  328.266013][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  329.935245][   T52] Bluetooth: hci6: command tx timeout
[  330.312734][ T5948] tipc: Node number set to 4269801514
[  332.002129][   T52] Bluetooth: hci6: command tx timeout
[  333.195731][ T7689] chnl_net:caif_netlink_parms(): no params data found
[  334.021774][ T7759] mkiss: ax0: crc mode is auto.
[  334.083915][   T52] Bluetooth: hci6: command tx timeout
[  335.475195][ T7689] bridge0: port 1(bridge_slave_0) entered blocking state
[  335.715100][ T7689] bridge0: port 1(bridge_slave_0) entered disabled state
[  336.427523][   T52] Bluetooth: hci6: command tx timeout
[  336.464307][ T7689] bridge_slave_0: entered allmulticast mode
[  336.477552][ T7689] bridge_slave_0: entered promiscuous mode
[  336.748481][ T7689] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.792428][ T7689] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.799760][ T7689] bridge_slave_1: entered allmulticast mode
[  336.825131][ T7689] bridge_slave_1: entered promiscuous mode
[  336.872501][ T7798] netlink: 'syz.1.388': attribute type 27 has an invalid length.
[  336.900718][ T7798] netlink: 'syz.1.388': attribute type 4 has an invalid length.
[  337.164330][ T7798] netlink: 152 bytes leftover after parsing attributes in process `syz.1.388'.
[  337.566457][ T7689] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  337.729476][ T7689] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  337.818506][ T7347] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  338.816018][ T7347] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  339.029027][ T7689] team0: Port device team_slave_0 added
[  339.062379][ T7347] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  339.171900][ T7689] team0: Port device team_slave_1 added
[  339.232485][ T7347] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  339.739605][ T7689] batman_adv: batadv0: Adding interface: batadv_slave_0
[  339.915986][ T7689] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  340.469450][ T7689] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  341.962075][ T7689] batman_adv: batadv0: Adding interface: batadv_slave_1
[  341.970122][ T7689] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  341.996519][ T7689] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.430174][ T7689] hsr_slave_0: entered promiscuous mode
[  342.493443][ T7689] hsr_slave_1: entered promiscuous mode
[  342.499928][ T7689] debugfs: 'hsr0' already exists in 'hsr'
[  342.543105][ T7689] Cannot create hsr debugfs directory
[  344.004557][ T7853] kAFS: unparsable volume name
[  344.200000][ T1096] bridge_slave_1: left allmulticast mode
[  344.433960][ T1096] bridge_slave_1: left promiscuous mode
[  344.952303][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.084558][ T1096] bridge_slave_0: left allmulticast mode
[  345.102134][ T1096] bridge_slave_0: left promiscuous mode
[  345.107944][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  347.172937][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  347.236963][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  347.272673][ T1096] bond0 (unregistering): Released all slaves
[  348.331545][ T7871] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  348.357810][ T5860] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  348.367675][ T5860] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  348.525952][ T5860] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  348.538527][ T5860] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  348.559889][ T5860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  350.675197][ T5860] Bluetooth: hci2: command tx timeout
[  352.752116][ T5860] Bluetooth: hci2: command tx timeout
[  353.672568][ T1096] hsr_slave_0: left promiscuous mode
[  353.712223][ T1096] hsr_slave_1: left promiscuous mode
[  353.735588][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  353.787765][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  353.942578][ T5846] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  354.099315][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  354.131430][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  354.872176][ T5860] Bluetooth: hci2: command tx timeout
[  355.102107][ T5846] usb 5-1: Using ep0 maxpacket: 8
[  355.112591][ T5846] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  355.126602][ T5846] usb 5-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  355.140126][ T5846] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  355.149793][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.181526][ T5846] usbtmc 5-1:16.0: bulk endpoints not found
[  355.931479][ T7946] tipc: Started in network mode
[  355.954385][ T7946] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711
[  355.993024][ T7946] tipc: Enabled bearer <udp:syz1>, priority 10
[  356.882810][ T5860] Bluetooth: hci2: command tx timeout
[  357.476746][ T7959] netlink: 8 bytes leftover after parsing attributes in process `syz.3.424'.
[  357.547308][ T5928] usb 5-1: USB disconnect, device number 3
[  357.617157][ T6192] tipc: Node number set to 4269801514
[  358.115679][ T7883] chnl_net:caif_netlink_parms(): no params data found
[  361.186634][ T7883] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.356844][ T7883] bridge0: port 1(bridge_slave_0) entered disabled state
[  361.402427][ T7883] bridge_slave_0: entered allmulticast mode
[  361.410471][ T7883] bridge_slave_0: entered promiscuous mode
[  361.435761][ T7883] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.473120][ T7883] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.480349][ T7883] bridge_slave_1: entered allmulticast mode
[  361.547758][ T7883] bridge_slave_1: entered promiscuous mode
[  362.296981][ T7883] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  362.307385][ T7689] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  363.003263][ T7883] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  363.096764][ T7689] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  365.453419][ T7689] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  365.528121][ T7883] team0: Port device team_slave_0 added
[  365.538445][ T7689] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  365.590941][ T7883] team0: Port device team_slave_1 added
[  369.082840][ T7883] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.089820][ T7883] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  369.423231][ T7883] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.550090][ T7883] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.621848][ T7883] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  369.758704][ T7883] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.803209][ T1096] bridge_slave_1: left allmulticast mode
[  369.808894][ T1096] bridge_slave_1: left promiscuous mode
[  369.937002][ T1096] bridge0: port 2(bridge_slave_1) entered disabled state
[  370.056799][ T1096] bridge_slave_0: left allmulticast mode
[  370.075014][ T1096] bridge_slave_0: left promiscuous mode
[  370.102266][ T1096] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.487553][ T1096] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.527907][ T1096] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.562297][ T1096] bond0 (unregistering): Released all slaves
[  370.847925][ T8085] netlink: 8 bytes leftover after parsing attributes in process `syz.2.449'.
[  370.961968][ T7883] hsr_slave_0: entered promiscuous mode
[  370.976329][ T7883] hsr_slave_1: entered promiscuous mode
[  371.021210][ T1096] hsr_slave_0: left promiscuous mode
[  371.029160][ T1096] hsr_slave_1: left promiscuous mode
[  371.041416][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.054205][ T1096] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.744484][ T1096] team0 (unregistering): Port device team_slave_1 removed
[  374.151766][ T1096] team0 (unregistering): Port device team_slave_0 removed
[  376.505144][ T8123] 9pnet_fd: Insufficient options for proto=fd
[  384.870752][ T7689] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.255157][ T7689] 8021q: adding VLAN 0 to HW filter on device team0
[  385.356373][ T1008] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.363586][ T1008] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.832781][ T7883] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  385.899374][ T7883] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  385.940652][ T7883] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  386.034546][ T7883] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  387.397735][ T7883] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.514953][ T7883] 8021q: adding VLAN 0 to HW filter on device team0
[  387.664311][ T1148] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.671496][ T1148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.929973][ T8074] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.937183][ T8074] bridge0: port 2(bridge_slave_1) entered forwarding state
[  388.173565][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  388.179963][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  388.540265][   T52] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  388.549773][   T52] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  388.560876][   T52] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  388.570641][   T52] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  388.578574][   T52] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  390.642143][ T5860] Bluetooth: hci4: command tx timeout
[  392.762104][ T5860] Bluetooth: hci4: command tx timeout
[  394.829158][ T5860] Bluetooth: hci4: command tx timeout
[  398.083641][ T5860] Bluetooth: hci4: command tx timeout
[  398.235157][ T7883] 8021q: adding VLAN 0 to HW filter on device batadv0
[  398.320657][ T8190] chnl_net:caif_netlink_parms(): no params data found
[  398.742299][ T7795] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  398.933577][ T7795] usb 5-1: Using ep0 maxpacket: 32
[  398.968689][ T7795] usb 5-1: config 0 has an invalid interface number: 188 but max is 0
[  399.010181][ T7795] usb 5-1: config 0 has no interface number 0
[  399.078122][   T13] bridge_slave_1: left allmulticast mode
[  399.087310][ T7795] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  399.102204][   T13] bridge_slave_1: left promiscuous mode
[  399.109785][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  399.119608][ T7795] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.143048][ T7795] usb 5-1: Product: syz
[  399.147275][ T7795] usb 5-1: Manufacturer: syz
[  399.151878][ T7795] usb 5-1: SerialNumber: syz
[  399.174431][ T7795] usb 5-1: config 0 descriptor??
[  399.183347][ T7795] asix 5-1:0.188: probe with driver asix failed with error -22
[  399.220074][   T13] bridge_slave_0: left allmulticast mode
[  399.238584][   T13] bridge_slave_0: left promiscuous mode
[  399.256872][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.088493][ T5849] usb 5-1: USB disconnect, device number 4
[  405.428622][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  405.754022][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  405.837897][   T13] bond0 (unregistering): Released all slaves
[  406.373712][ T8190] bridge0: port 1(bridge_slave_0) entered blocking state
[  406.552593][ T8190] bridge0: port 1(bridge_slave_0) entered disabled state
[  406.563079][ T8190] bridge_slave_0: entered allmulticast mode
[  406.656718][ T8190] bridge_slave_0: entered promiscuous mode
[  406.708159][ T8190] bridge0: port 2(bridge_slave_1) entered blocking state
[  406.920479][ T8190] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.082482][ T8190] bridge_slave_1: entered allmulticast mode
[  407.557448][ T8190] bridge_slave_1: entered promiscuous mode
[  407.930889][   T52] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  407.973001][   T52] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  407.992587][   T52] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  408.020817][   T52] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  408.054311][   T52] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  408.573434][ T8370] sctp: [Deprecated]: syz.1.498 (pid 8370) Use of struct sctp_assoc_value in delayed_ack socket option.
[  408.573434][ T8370] Use struct sctp_sack_info instead
[  409.382266][   T13] hsr_slave_0: left promiscuous mode
[  409.622232][   T13] hsr_slave_1: left promiscuous mode
[  409.628437][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.180449][   T52] Bluetooth: hci6: command tx timeout
[  410.656054][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  412.452694][   T52] Bluetooth: hci6: command tx timeout
[  413.102158][   T13] team0 (unregistering): Port device team_slave_1 removed
[  413.209858][   T13] team0 (unregistering): Port device team_slave_0 removed
[  413.495571][ T8396] netlink: 256 bytes leftover after parsing attributes in process `syz.1.505'.
[  413.505049][ T8396] netlink: 72 bytes leftover after parsing attributes in process `syz.1.505'.
[  414.925876][   T52] Bluetooth: hci6: command tx timeout
[  414.937926][   T24] IPVS: starting estimator thread 0...
[  415.072121][ T8401] IPVS: using max 29 ests per chain, 69600 per kthread
[  416.985582][ T5860] Bluetooth: hci6: command tx timeout
[  418.065055][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.512'.
[  418.102153][ T8418] netlink: 28 bytes leftover after parsing attributes in process `syz.2.512'.
[  419.273221][ T8418] team0: entered promiscuous mode
[  419.289770][ T8418] team_slave_0: entered promiscuous mode
[  419.304100][ T8418] team_slave_1: entered promiscuous mode
[  419.317420][ T8418] bond0: entered promiscuous mode
[  419.322506][ T8418] bond_slave_0: entered promiscuous mode
[  419.328366][ T8418] bond_slave_1: entered promiscuous mode
[  419.337220][ T8418] 8021q: adding VLAN 0 to HW filter on device hsr1
[  419.370566][ T8190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  419.478881][ T8190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  420.178185][ T8442] netlink: 256 bytes leftover after parsing attributes in process `syz.4.517'.
[  420.217417][ T8442] netlink: 72 bytes leftover after parsing attributes in process `syz.4.517'.
[  420.424954][ T8190] team0: Port device team_slave_0 added
[  420.569493][ T8190] team0: Port device team_slave_1 added
[  421.313962][ T8479] netlink: 132 bytes leftover after parsing attributes in process `syz.2.521'.
[  422.600117][ T8190] batman_adv: batadv0: Adding interface: batadv_slave_0
[  422.624113][ T8190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  422.705536][ T8190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  422.960224][ T8190] batman_adv: batadv0: Adding interface: batadv_slave_1
[  423.238656][ T8190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  423.518659][ T8190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  424.037749][ T8190] hsr_slave_0: entered promiscuous mode
[  424.084067][ T8190] hsr_slave_1: entered promiscuous mode
[  424.101858][ T8190] debugfs: 'hsr0' already exists in 'hsr'
[  424.116856][ T8190] Cannot create hsr debugfs directory
[  424.219875][ T8495] mkiss: ax0: crc mode is auto.
[  424.522182][ T6694] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  425.617216][ T6694] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  425.662110][ T6694] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  425.702057][ T6694] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  425.763156][ T6694] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  425.906815][ T6694] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.718772][ T6694] usb 2-1: config 0 descriptor??
[  426.904923][ T8361] chnl_net:caif_netlink_parms(): no params data found
[  427.177224][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.207149][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.290865][ T8535] netlink: 256 bytes leftover after parsing attributes in process `syz.2.532'.
[  427.299953][ T8535] netlink: 72 bytes leftover after parsing attributes in process `syz.2.532'.
[  427.318113][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.325948][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.366564][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.377873][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.394510][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.405334][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.433343][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  427.461156][ T6694] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  429.081742][ T6694] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  429.109381][ T6694] usb 2-1: USB disconnect, device number 5
[  430.435636][ T8546] fido_id[8546]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  432.431692][ T8361] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.463546][ T8361] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.515953][ T8361] bridge_slave_0: entered allmulticast mode
[  432.537473][ T8361] bridge_slave_0: entered promiscuous mode
[  432.854324][ T8361] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.074235][ T8361] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.081532][ T8361] bridge_slave_1: entered allmulticast mode
[  433.142314][ T8361] bridge_slave_1: entered promiscuous mode
[  433.492422][ T8593] Falling back ldisc for ttyS3.
[  433.657009][ T8604] netlink: 256 bytes leftover after parsing attributes in process `syz.1.544'.
[  433.666032][ T8604] netlink: 48 bytes leftover after parsing attributes in process `syz.1.544'.
[  434.716887][ T8361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  435.568655][ T8361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  437.004909][ T8361] team0: Port device team_slave_0 added
[  437.032819][   T13] bridge_slave_1: left allmulticast mode
[  437.819611][   T13] bridge_slave_1: left promiscuous mode
[  437.842362][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.909332][   T13] bridge_slave_0: left allmulticast mode
[  437.925594][   T13] bridge_slave_0: left promiscuous mode
[  437.933001][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.604076][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  441.702845][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  441.765130][   T13] bond0 (unregistering): Released all slaves
[  442.967747][ T8361] team0: Port device team_slave_1 added
[  444.508646][ T8361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.556155][ T8361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  444.732109][ T8361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  444.746906][ T8361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  444.754343][ T8361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  444.793819][ T8361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.865567][   T13] hsr_slave_0: left promiscuous mode
[  444.902572][   T13] hsr_slave_1: left promiscuous mode
[  444.916519][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  445.136711][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  446.420775][   T13] team0 (unregistering): Port device team_slave_1 removed
[  446.453603][   T13] team0 (unregistering): Port device team_slave_0 removed
[  449.395983][   T52] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  449.414255][ T5152] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  449.424417][   T52] CPU: 0 UID: 0 PID: 52 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  449.424471][   T52] Tainted: [L]=SOFTLOCKUP
[  449.424483][   T52] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  449.424508][   T52] Workqueue: hci3 hci_rx_work
[  449.424547][   T52] Call Trace:
[  449.424559][   T52]  <TASK>
[  449.424572][   T52]  dump_stack_lvl+0x16c/0x1f0
[  449.424624][   T52]  sysfs_warn_dup+0x7f/0xa0
[  449.424676][   T52]  sysfs_create_dir_ns+0x24b/0x2b0
[  449.424723][   T52]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  449.424767][   T52]  ? find_held_lock+0x2b/0x80
[  449.424812][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.424856][   T52]  ? do_raw_spin_unlock+0x172/0x230
[  449.424919][   T52]  kobject_add_internal+0x2c4/0x9b0
[  449.424983][   T52]  kobject_add+0x16e/0x240
[  449.425039][   T52]  ? __pfx_kobject_add+0x10/0x10
[  449.425097][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.425140][   T52]  ? do_raw_spin_unlock+0x172/0x230
[  449.425199][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.425242][   T52]  ? kobject_put+0xab/0x590
[  449.425301][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.425355][   T52]  device_add+0x288/0x1950
[  449.425422][   T52]  ? __pfx_dev_set_name+0x10/0x10
[  449.425475][   T52]  ? __pfx_device_add+0x10/0x10
[  449.425521][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.425565][   T52]  ? mgmt_send_event_skb+0x2fb/0x460
[  449.425618][   T52]  hci_conn_add_sysfs+0x17e/0x230
[  449.425672][   T52]  le_conn_complete_evt+0x11ed/0x1f20
[  449.425724][   T52]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  449.425769][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.425820][   T52]  hci_le_conn_complete_evt+0x23c/0x370
[  449.425872][   T52]  hci_le_meta_evt+0x357/0x5e0
[  449.425914][   T52]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  449.425962][   T52]  hci_event_packet+0x685/0x11c0
[  449.426002][   T52]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  449.426048][   T52]  ? __pfx_hci_event_packet+0x10/0x10
[  449.426089][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.426136][   T52]  ? kcov_remote_start+0x384/0x670
[  449.426181][   T52]  ? lockdep_hardirqs_on+0x7c/0x110
[  449.426231][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.426286][   T52]  hci_rx_work+0x2c9/0xeb0
[  449.426321][   T52]  ? __entry_text_end+0x1020b5/0x1020b9
[  449.426374][   T52]  process_one_work+0x9ba/0x1b20
[  449.426445][   T52]  ? __pfx_process_one_work+0x10/0x10
[  449.426498][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.426553][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.426596][   T52]  ? assign_work+0x1a0/0x250
[  449.426650][   T52]  worker_thread+0x6c8/0xf10
[  449.426728][   T52]  ? __pfx_worker_thread+0x10/0x10
[  449.426781][   T52]  kthread+0x3c5/0x780
[  449.426830][   T52]  ? __pfx_kthread+0x10/0x10
[  449.426880][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.426923][   T52]  ? rcu_is_watching+0x12/0xc0
[  449.426965][   T52]  ? __pfx_kthread+0x10/0x10
[  449.427015][   T52]  ret_from_fork+0x983/0xb10
[  449.427055][   T52]  ? __pfx_ret_from_fork+0x10/0x10
[  449.427098][   T52]  ? srso_alias_return_thunk+0x5/0xfbef5
[  449.427141][   T52]  ? __switch_to+0x7af/0x10d0
[  449.427187][   T52]  ? __pfx_kthread+0x10/0x10
[  449.427237][   T52]  ret_from_fork_asm+0x1a/0x30
[  449.427314][   T52]  </TASK>
[  449.427421][   T52] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  449.496658][ T5152] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  449.497576][   T52] Bluetooth: hci3: failed to register connection device
[  449.503116][ T5152] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  449.607335][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  449.760029][ T5152] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  449.816343][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  449.830587][ T5152] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  450.051271][ T5860] ==================================================================
[  450.059383][ T5860] BUG: KASAN: slab-use-after-free in l2cap_sock_new_connection_cb+0x221/0x240
[  450.068274][ T5860] Read of size 8 at addr ffff888021b555a8 by task kworker/u9:9/5860
[  450.076268][ T5860] 
[  450.078609][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: kworker/u9:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  450.078674][ T5860] Tainted: [L]=SOFTLOCKUP
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  450.078689][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  450.078716][ T5860] Workqueue: hci2 hci_rx_work
[  450.078758][ T5860] Call Trace:
[  450.078770][ T5860]  <TASK>
[  450.078784][ T5860]  dump_stack_lvl+0x116/0x1f0
[  450.078840][ T5860]  print_report+0xcd/0x630
[  450.078892][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.078941][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.078989][ T5860]  ? __phys_addr+0xe8/0x180
[  450.079030][ T5860]  ? l2cap_sock_new_connection_cb+0x221/0x240
[  450.079083][ T5860]  kasan_report+0xe0/0x110
[  450.079136][ T5860]  ? l2cap_sock_new_connection_cb+0x221/0x240
[  450.079197][ T5860]  l2cap_sock_new_connection_cb+0x221/0x240
[  450.079252][ T5860]  l2cap_connect_cfm+0x4c7/0xfa0
[  450.079299][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  450.079346][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  450.079388][ T5860]  le_conn_complete_evt+0x1968/0x1f20
[  450.079437][ T5860]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  450.079482][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.079534][ T5860]  hci_le_conn_complete_evt+0x23c/0x370
[  450.079583][ T5860]  hci_le_meta_evt+0x357/0x5e0
[  450.079629][ T5860]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  450.079683][ T5860]  hci_event_packet+0x685/0x11c0
[  450.079725][ T5860]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  450.079774][ T5860]  ? __pfx_hci_event_packet+0x10/0x10
[  450.079816][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.079866][ T5860]  ? kcov_remote_start+0x384/0x670
[  450.079915][ T5860]  ? lockdep_hardirqs_on+0x7c/0x110
[  450.079969][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.080024][ T5860]  hci_rx_work+0x2c9/0xeb0
[  450.080062][ T5860]  ? __entry_text_end+0x1020b5/0x1020b9
[  450.080115][ T5860]  process_one_work+0x9ba/0x1b20
[  450.080183][ T5860]  ? __pfx_process_one_work+0x10/0x10
[  450.080240][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.080294][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.080343][ T5860]  ? assign_work+0x1a0/0x250
[  450.080397][ T5860]  worker_thread+0x6c8/0xf10
[  450.080465][ T5860]  ? __pfx_worker_thread+0x10/0x10
[  450.080521][ T5860]  kthread+0x3c5/0x780
[  450.080573][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.080625][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.080678][ T5860]  ? rcu_is_watching+0x12/0xc0
[  450.080722][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.080775][ T5860]  ret_from_fork+0x983/0xb10
[  450.080818][ T5860]  ? __pfx_ret_from_fork+0x10/0x10
[  450.080862][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.080910][ T5860]  ? __switch_to+0x7af/0x10d0
[  450.080960][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.081012][ T5860]  ret_from_fork_asm+0x1a/0x30
[  450.081082][ T5860]  </TASK>
[  450.081095][ T5860] 
[  450.353464][ T5860] Allocated by task 5860:
[  450.357784][ T5860]  kasan_save_stack+0x33/0x60
[  450.362476][ T5860]  kasan_save_track+0x14/0x30
[  450.367171][ T5860]  __kasan_kmalloc+0xaa/0xb0
[  450.371768][ T5860]  __kmalloc_noprof+0x32f/0x8f0
[  450.376647][ T5860]  sk_prot_alloc+0x1a8/0x2a0
[  450.381242][ T5860]  sk_alloc+0x36/0xc20
[  450.385327][ T5860]  bt_sock_alloc+0x3b/0x3a0
[  450.389847][ T5860]  l2cap_sock_alloc.constprop.0+0x33/0x1d0
[  450.395667][ T5860]  l2cap_sock_new_connection_cb+0x101/0x240
[  450.401576][ T5860]  l2cap_connect_cfm+0x4c7/0xfa0
[  450.406519][ T5860]  le_conn_complete_evt+0x1968/0x1f20
[  450.411899][ T5860]  hci_le_conn_complete_evt+0x23c/0x370
[  450.417455][ T5860]  hci_le_meta_evt+0x357/0x5e0
[  450.422232][ T5860]  hci_event_packet+0x685/0x11c0
[  450.427176][ T5860]  hci_rx_work+0x2c9/0xeb0
[  450.431597][ T5860]  process_one_work+0x9ba/0x1b20
[  450.436560][ T5860]  worker_thread+0x6c8/0xf10
[  450.441167][ T5860]  kthread+0x3c5/0x780
[  450.445274][ T5860]  ret_from_fork+0x983/0xb10
[  450.449872][ T5860]  ret_from_fork_asm+0x1a/0x30
[  450.454665][ T5860] 
[  450.456977][ T5860] Freed by task 8718:
[  450.460945][ T5860]  kasan_save_stack+0x33/0x60
[  450.465632][ T5860]  kasan_save_track+0x14/0x30
[  450.470323][ T5860]  __kasan_save_free_info+0x3b/0x60
[  450.475526][ T5860]  __kasan_slab_free+0x5f/0x80
[  450.480301][ T5860]  kfree+0x2f8/0x6e0
[  450.484216][ T5860]  __sk_destruct+0x73f/0x910
[  450.488823][ T5860]  sk_destruct+0xc2/0xf0
[  450.493090][ T5860]  __sk_free+0xf4/0x3e0
[  450.497263][ T5860]  sk_free+0x6a/0x90
[  450.501172][ T5860]  l2cap_sock_kill+0x171/0x2d0
[  450.505948][ T5860]  l2cap_sock_cleanup_listen+0x3d/0x2a0
[  450.511513][ T5860]  l2cap_sock_release+0x69/0x250
[  450.516468][ T5860]  __sock_release+0xb3/0x270
[  450.521060][ T5860]  sock_close+0x1c/0x30
[  450.525213][ T5860]  __fput+0x402/0xb70
[  450.529200][ T5860]  task_work_run+0x150/0x240
[  450.533806][ T5860]  exit_to_user_mode_loop+0xfb/0x540
[  450.539120][ T5860]  do_syscall_64+0x4ee/0xf80
[  450.543732][ T5860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  450.549630][ T5860] 
[  450.551956][ T5860] The buggy address belongs to the object at ffff888021b55000
[  450.551956][ T5860]  which belongs to the cache kmalloc-2k of size 2048
[  450.566016][ T5860] The buggy address is located 1448 bytes inside of
[  450.566016][ T5860]  freed 2048-byte region [ffff888021b55000, ffff888021b55800)
[  450.580005][ T5860] 
[  450.582328][ T5860] The buggy address belongs to the physical page:
[  450.588731][ T5860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21b50
[  450.597489][ T5860] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  450.605989][ T5860] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  450.613539][ T5860] page_type: f5(slab)
[  450.617527][ T5860] raw: 00fff00000000040 ffff88813ff27000 ffffea0000a60e00 dead000000000002
[  450.626115][ T5860] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  450.634708][ T5860] head: 00fff00000000040 ffff88813ff27000 ffffea0000a60e00 dead000000000002
[  450.643384][ T5860] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  450.652066][ T5860] head: 00fff00000000003 ffffea000086d401 00000000ffffffff 00000000ffffffff
[  450.660742][ T5860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  450.669410][ T5860] page dumped because: kasan: bad access detected
[  450.675812][ T5860] page_owner tracks the page as allocated
[  450.681515][ T5860] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, tgid 9 (kworker/0:0), ts 15029173031, free_ts 0
[  450.701418][ T5860]  post_alloc_hook+0x1af/0x220
[  450.706211][ T5860]  get_page_from_freelist+0xd0b/0x31a0
[  450.711698][ T5860]  __alloc_frozen_pages_noprof+0x25f/0x2440
[  450.717595][ T5860]  alloc_pages_mpol+0x1fb/0x550
[  450.722464][ T5860]  new_slab+0x2c3/0x430
[  450.726704][ T5860]  ___slab_alloc+0xe18/0x1c90
[  450.731401][ T5860]  __slab_alloc.constprop.0+0x63/0x110
[  450.736883][ T5860]  __kmalloc_cache_noprof+0x477/0x800
[  450.742278][ T5860]  acpi_ds_create_walk_state+0x95/0x300
[  450.747827][ T5860]  acpi_ps_execute_method+0x2c1/0xe90
[  450.753207][ T5860]  acpi_ns_evaluate+0x98c/0x16d0
[  450.758157][ T5860]  acpi_ut_evaluate_object+0xf7/0x610
[  450.763547][ T5860]  acpi_rs_get_method_data+0xa1/0x160
[  450.768948][ T5860]  acpi_walk_resources+0x178/0x270
[  450.774083][ T5860]  acpi_pci_link_get_current+0x1ce/0x3e0
[  450.779729][ T5860]  acpi_pci_link_set+0x593/0xa60
[  450.784677][ T5860] page_owner free stack trace missing
[  450.790048][ T5860] 
[  450.792371][ T5860] Memory state around the buggy address:
[  450.797993][ T5860]  ffff888021b55480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.806052][ T5860]  ffff888021b55500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.814115][ T5860] >ffff888021b55580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.822172][ T5860]                                   ^
[  450.827542][ T5860]  ffff888021b55600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.835606][ T5860]  ffff888021b55680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  450.843663][ T5860] ==================================================================
[  450.877028][ T5860] Disabling lock debugging due to kernel taint
[  450.886330][ T5860] ==================================================================
[  450.894401][ T5860] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x4e9/0xfa0
[  450.902316][ T5860] Write of size 6 at addr ffff88802983c018 by task kworker/u9:9/5860
[  450.910379][ T5860] 
[  450.912716][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: kworker/u9:9 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[  450.912769][ T5860] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  450.912783][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  450.912807][ T5860] Workqueue: hci2 hci_rx_work
[  450.912843][ T5860] Call Trace:
[  450.912854][ T5860]  <TASK>
[  450.912867][ T5860]  dump_stack_lvl+0x116/0x1f0
[  450.912915][ T5860]  print_report+0xcd/0x630
[  450.912960][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.913009][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.913051][ T5860]  ? __phys_addr+0xe8/0x180
[  450.913086][ T5860]  ? l2cap_connect_cfm+0x4e9/0xfa0
[  450.913120][ T5860]  kasan_report+0xe0/0x110
[  450.913167][ T5860]  ? l2cap_connect_cfm+0x4e9/0xfa0
[  450.913207][ T5860]  kasan_check_range+0x100/0x1b0
[  450.913263][ T5860]  __asan_memcpy+0x3c/0x60
[  450.913299][ T5860]  l2cap_connect_cfm+0x4e9/0xfa0
[  450.913340][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  450.913380][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  450.913434][ T5860]  le_conn_complete_evt+0x1968/0x1f20
[  450.913476][ T5860]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  450.913515][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.913560][ T5860]  hci_le_conn_complete_evt+0x23c/0x370
[  450.913603][ T5860]  hci_le_meta_evt+0x357/0x5e0
[  450.913643][ T5860]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  450.913731][ T5860]  hci_event_packet+0x685/0x11c0
[  450.913768][ T5860]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  450.913811][ T5860]  ? __pfx_hci_event_packet+0x10/0x10
[  450.913847][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.913891][ T5860]  ? kcov_remote_start+0x384/0x670
[  450.913933][ T5860]  ? lockdep_hardirqs_on+0x7c/0x110
[  450.913981][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.914028][ T5860]  hci_rx_work+0x2c9/0xeb0
[  450.914061][ T5860]  ? __entry_text_end+0x1020b5/0x1020b9
[  450.914106][ T5860]  process_one_work+0x9ba/0x1b20
[  450.914173][ T5860]  ? __pfx_process_one_work+0x10/0x10
[  450.914223][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.914270][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.914311][ T5860]  ? assign_work+0x1a0/0x250
[  450.914358][ T5860]  worker_thread+0x6c8/0xf10
[  450.914423][ T5860]  ? __pfx_worker_thread+0x10/0x10
[  450.914472][ T5860]  kthread+0x3c5/0x780
[  450.914517][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.914562][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.914604][ T5860]  ? rcu_is_watching+0x12/0xc0
[  450.914643][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.914689][ T5860]  ret_from_fork+0x983/0xb10
[  450.914725][ T5860]  ? __pfx_ret_from_fork+0x10/0x10
[  450.914762][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  450.914804][ T5860]  ? __switch_to+0x7af/0x10d0
[  450.914847][ T5860]  ? __pfx_kthread+0x10/0x10
[  450.914892][ T5860]  ret_from_fork_asm+0x1a/0x30
[  450.914952][ T5860]  </TASK>
[  450.914963][ T5860] 
[  451.190400][ T5860] Allocated by task 5860:
[  451.194720][ T5860]  kasan_save_stack+0x33/0x60
[  451.199426][ T5860]  kasan_save_track+0x14/0x30
[  451.204111][ T5860]  __kasan_kmalloc+0xaa/0xb0
[  451.208710][ T5860]  l2cap_chan_create+0x44/0x920
[  451.213581][ T5860]  l2cap_sock_alloc.constprop.0+0xf5/0x1d0
[  451.219404][ T5860]  l2cap_sock_new_connection_cb+0x101/0x240
[  451.225330][ T5860]  l2cap_connect_cfm+0x4c7/0xfa0
[  451.230289][ T5860]  le_conn_complete_evt+0x1968/0x1f20
[  451.235669][ T5860]  hci_le_conn_complete_evt+0x23c/0x370
[  451.241223][ T5860]  hci_le_meta_evt+0x357/0x5e0
[  451.245999][ T5860]  hci_event_packet+0x685/0x11c0
[  451.250939][ T5860]  hci_rx_work+0x2c9/0xeb0
[  451.255355][ T5860]  process_one_work+0x9ba/0x1b20
[  451.260319][ T5860]  worker_thread+0x6c8/0xf10
[  451.264929][ T5860]  kthread+0x3c5/0x780
[  451.269011][ T5860]  ret_from_fork+0x983/0xb10
[  451.273607][ T5860]  ret_from_fork_asm+0x1a/0x30
[  451.278391][ T5860] 
[  451.280701][ T5860] Freed by task 8718:
[  451.284666][ T5860]  kasan_save_stack+0x33/0x60
[  451.289353][ T5860]  kasan_save_track+0x14/0x30
[  451.294042][ T5860]  __kasan_save_free_info+0x3b/0x60
[  451.299240][ T5860]  __kasan_slab_free+0x5f/0x80
[  451.304012][ T5860]  kfree+0x2f8/0x6e0
[  451.307926][ T5860]  l2cap_chan_put+0x216/0x2c0
[  451.312618][ T5860]  l2cap_sock_cleanup_listen+0x4d/0x2a0
[  451.318177][ T5860]  l2cap_sock_release+0x69/0x250
[  451.323127][ T5860]  __sock_release+0xb3/0x270
[  451.327715][ T5860]  sock_close+0x1c/0x30
[  451.331868][ T5860]  __fput+0x402/0xb70
[  451.335852][ T5860]  task_work_run+0x150/0x240
[  451.340461][ T5860]  exit_to_user_mode_loop+0xfb/0x540
[  451.345772][ T5860]  do_syscall_64+0x4ee/0xf80
[  451.350377][ T5860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.356276][ T5860] 
[  451.358589][ T5860] The buggy address belongs to the object at ffff88802983c000
[  451.358589][ T5860]  which belongs to the cache kmalloc-2k of size 2048
[  451.372638][ T5860] The buggy address is located 24 bytes inside of
[  451.372638][ T5860]  freed 2048-byte region [ffff88802983c000, ffff88802983c800)
[  451.386437][ T5860] 
[  451.388750][ T5860] The buggy address belongs to the physical page:
[  451.395146][ T5860] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x29838
[  451.403908][ T5860] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  451.412407][ T5860] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  451.420385][ T5860] page_type: f5(slab)
[  451.424372][ T5860] raw: 00fff00000000040 ffff88813ff27000 0000000000000000 dead000000000001
[  451.432968][ T5860] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  451.441557][ T5860] head: 00fff00000000040 ffff88813ff27000 0000000000000000 dead000000000001
[  451.450231][ T5860] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000
[  451.458907][ T5860] head: 00fff00000000003 ffffea0000a60e01 00000000ffffffff 00000000ffffffff
[  451.467587][ T5860] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  451.476249][ T5860] page dumped because: kasan: bad access detected
[  451.482650][ T5860] page_owner tracks the page as allocated
[  451.488349][ T5860] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 20286786807, free_ts 0
[  451.508081][ T5860]  post_alloc_hook+0x1af/0x220
[  451.512872][ T5860]  get_page_from_freelist+0xd0b/0x31a0
[  451.518356][ T5860]  __alloc_frozen_pages_noprof+0x25f/0x2440
[  451.524254][ T5860]  alloc_pages_mpol+0x1fb/0x550
[  451.529116][ T5860]  new_slab+0x2c3/0x430
[  451.533289][ T5860]  ___slab_alloc+0xe18/0x1c90
[  451.537986][ T5860]  __slab_alloc.constprop.0+0x63/0x110
[  451.543471][ T5860]  __kmalloc_cache_noprof+0x477/0x800
[  451.548870][ T5860]  device_create_groups_vargs+0x8a/0x270
[  451.554516][ T5860]  device_create+0xed/0x130
[  451.559030][ T5860]  mon_bin_add+0xba/0x160
[  451.563371][ T5860]  mon_bus_init+0x18e/0x320
[  451.567880][ T5860]  mon_notify+0x31c/0x480
[  451.572213][ T5860]  notifier_call_chain+0xbc/0x3e0
[  451.577250][ T5860]  blocking_notifier_call_chain+0x69/0xa0
[  451.582983][ T5860]  usb_add_hcd+0x498/0x1730
[  451.587495][ T5860] page_owner free stack trace missing
[  451.592848][ T5860] 
[  451.595158][ T5860] Memory state around the buggy address:
[  451.600779][ T5860]  ffff88802983bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  451.608834][ T5860]  ffff88802983bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  451.616898][ T5860] >ffff88802983c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.624949][ T5860]                             ^
[  451.629787][ T5860]  ffff88802983c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.637845][ T5860]  ffff88802983c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  451.645899][ T5860] ==================================================================
[  451.687120][ T5860] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  451.694898][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: kworker/u9:9 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[  451.705947][ T5860] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  451.711487][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  451.721549][ T5860] Workqueue: hci2 hci_rx_work
[  451.726250][ T5860] Call Trace:
[  451.729527][ T5860]  <TASK>
[  451.732461][ T5860]  dump_stack_lvl+0x3d/0x1f0
[  451.737081][ T5860]  vpanic+0x640/0x6f0
[  451.741086][ T5860]  panic+0xca/0xd0
[  451.744828][ T5860]  ? __pfx_panic+0x10/0x10
[  451.749263][ T5860]  ? l2cap_connect_cfm+0x4e9/0xfa0
[  451.754398][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.760059][ T5860]  ? preempt_schedule_thunk+0x16/0x30
[  451.765479][ T5860]  end_report+0x13f/0x160
[  451.769836][ T5860]  kasan_report+0xee/0x110
[  451.774282][ T5860]  ? l2cap_connect_cfm+0x4e9/0xfa0
[  451.779416][ T5860]  kasan_check_range+0x100/0x1b0
[  451.784391][ T5860]  __asan_memcpy+0x3c/0x60
[  451.788823][ T5860]  l2cap_connect_cfm+0x4e9/0xfa0
[  451.793786][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  451.799265][ T5860]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  451.804745][ T5860]  le_conn_complete_evt+0x1968/0x1f20
[  451.810140][ T5860]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  451.815875][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.821533][ T5860]  hci_le_conn_complete_evt+0x23c/0x370
[  451.827099][ T5860]  hci_le_meta_evt+0x357/0x5e0
[  451.831883][ T5860]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  451.837970][ T5860]  hci_event_packet+0x685/0x11c0
[  451.842928][ T5860]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  451.848237][ T5860]  ? __pfx_hci_event_packet+0x10/0x10
[  451.853624][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.859285][ T5860]  ? kcov_remote_start+0x384/0x670
[  451.864416][ T5860]  ? lockdep_hardirqs_on+0x7c/0x110
[  451.869638][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.875293][ T5860]  hci_rx_work+0x2c9/0xeb0
[  451.879723][ T5860]  ? __entry_text_end+0x1020b5/0x1020b9
[  451.885286][ T5860]  process_one_work+0x9ba/0x1b20
[  451.890257][ T5860]  ? __pfx_process_one_work+0x10/0x10
[  451.895654][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.901311][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.906957][ T5860]  ? assign_work+0x1a0/0x250
[  451.911570][ T5860]  worker_thread+0x6c8/0xf10
[  451.916195][ T5860]  ? __pfx_worker_thread+0x10/0x10
[  451.921325][ T5860]  kthread+0x3c5/0x780
[  451.925425][ T5860]  ? __pfx_kthread+0x10/0x10
[  451.930033][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.935677][ T5860]  ? rcu_is_watching+0x12/0xc0
[  451.940454][ T5860]  ? __pfx_kthread+0x10/0x10
[  451.945062][ T5860]  ret_from_fork+0x983/0xb10
[  451.949664][ T5860]  ? __pfx_ret_from_fork+0x10/0x10
[  451.954788][ T5860]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.960436][ T5860]  ? __switch_to+0x7af/0x10d0
[  451.965126][ T5860]  ? __pfx_kthread+0x10/0x10
[  451.969733][ T5860]  ret_from_fork_asm+0x1a/0x30
[  451.974531][ T5860]  </TASK>
[  451.977810][ T5860] Kernel Offset: disabled
[  451.982124][ T5860] Rebooting in 86400 seconds..