last executing test programs:

12m43.430659083s ago: executing program 0 (id=67):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r1, 0x2e, 0x0, @val=@netfilter={0x3, 0x1, 0x9, 0x1}}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000001040)={0x2020}, 0x2020)
r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r7, &(0x7f0000000f40)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100))
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/sync_on_suspend', 0x8a880, 0xbb)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={r8, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4000000000000ffd, 0x0, 0x0, 0x1e, 0xc, "faf98317e5a1149989fc67be43ea6acc96e3a2503dc31c97214d58128bbad0099cebdc25f5ab60c9e69098c8b534464c516bdd8a0f350000000000000300", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}})
ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x44, 0x0, &(0x7f0000000340)=[@transaction={0x40406300, {0x2, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/50, 0x32, 0x2, 0x1d}, @fda={0x66646185, 0x8, 0x2, 0x7}, @flat=@weak_binder={0x77622a85, 0x110a, 0x9}}, &(0x7f0000000300)={0x0, 0x28, 0x48}}}], 0x0, 0x0, 0x0})
r10 = dup3(r9, r6, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r10, 0x80489439, &(0x7f0000000440))
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d030100000000009500000c000000006926000000000000bf67000000000000150600000fff070067060000200000006a0200000ee60000bf050000000000003d350000000000006507000002000000070700004a0000000f75000000000000bf54000000000000070400000400f9ff4e53010000000000840400000000000073720000000000009500000000000000db13d5d8b741f2cdaabc8383caf56b8c2b84a8d09535a1574aefc97d8addaa65b925cd3ded25b8b9e2a095d2c51ef45c5588ec78c7f32946b17cecfe54c53ab530c58b67851b7e0e82452a083b98a6aa766401047d150203b0417edef332233b081df18961d6822d133bf73b18e509402a4de1c2ea17f04537fc211576846ac629d1d93265ba474580047a9dc88de358ce795731891a2031de4e09740c64e5306f991ed4785a9773a433e0db9c1a7d4ab9d658ce9cfdb4db3bed62bcb2bc91ddcdfac2e6d4421c49fb6641cbf56914e76702f673b586c767562a90a3967093b000e3806f825f1d0da2a304e06543b56d35235d78b7a7fe912971aab876022e96f5143b6234f5a6b701690b07fb664a44e22b72e843e7cf55f394cf75d1cd3ee79a25fb98cc45b3fde43e42e150d4a2fddd9a9767748ca3522443097c55dc97c09d38485b18ad2cff7873"], &(0x7f0000000100)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb}, 0x28)

12m41.935871802s ago: executing program 0 (id=69):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_GET_BYNAME(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, 0xe, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x48004}, 0x40050) (fail_nth: 4)

12m41.304391028s ago: executing program 0 (id=72):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000001c0)={0x40000042, 0x1}, 0x10)
bind$tipc(r4, 0x0, 0x0)

12m38.844124302s ago: executing program 0 (id=80):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000240)='htcp', 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e20}, 0x38)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x24, 0x2b, 0xb, 0x0, 0x0, {0x5}, [@typed={0x8, 0x3, 0x0, 0x0, @uid}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x133}]}]}, 0x24}}, 0x8000)
r5 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x13)
ioctl$TCXONC(r5, 0x540a, 0x3)
openat$kvm(0xffffffffffffff9c, 0x0, 0x48e80, 0x0)
r6 = socket(0x10, 0x3, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e24cce36b6bb7bb857891a7f", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
sendmsg$AUDIT_SET_FEATURE(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x20, 0x3fa, 0x400, 0x70bd26, 0x25dfdbff, {0x1, 0x0, 0x1, 0x1}}, 0x20}, 0x1, 0x0, 0x0, 0x8010}, 0x800)

12m34.398632254s ago: executing program 0 (id=83):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x2008084)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}})
bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x3, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)

12m32.526267891s ago: executing program 0 (id=86):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x189082)
r1 = syz_io_uring_setup(0x49b, &(0x7f0000000300)={0x0, 0xf079, 0x0, 0x3, 0x28b}, &(0x7f0000000480)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffe, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r4, r4, 0x0, 0x200000)
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$xdp(0x2c, 0x3, 0x0)

12m15.994352118s ago: executing program 32 (id=86):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x189082)
r1 = syz_io_uring_setup(0x49b, &(0x7f0000000300)={0x0, 0xf079, 0x0, 0x3, 0x28b}, &(0x7f0000000480)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffe, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
connect$unix(r0, &(0x7f00000000c0)=@file={0x1, './file0\x00'}, 0x6e)
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r4, r4, 0x0, 0x200000)
r5 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
mq_notify(r5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$xdp(0x2c, 0x3, 0x0)

11m22.510892123s ago: executing program 2 (id=187):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000001c0)={0x40000042, 0x1}, 0x10)
bind$tipc(r4, 0x0, 0x0)

11m20.378871659s ago: executing program 2 (id=189):
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1)
r0 = userfaultfd(0x801)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000005c0)={0x9, {"a2e3ad21ed0d52f91b25090947f70e06d038e7ff7fc6e5539b5b43078b089b3b073172090890e0878f0e1ac6e7049b3371959b6e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074c0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6b922f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae94bbd06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f1468a3c7841090000005325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92feeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827965e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c044babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f088d8ac2dfad2ba3a50476402759791cc5b0f4758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa0b9d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c71568f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe181d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f490872685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe680800000000000000528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee0875ebe747971a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2de8a50ddefeb12c46342856935125102bb784ed7148b6ce431b63ee356b0c78692f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d6245ed21677c2830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f02f4cded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000004000", 0x1000}}, 0x1006)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x41}, 0x1}}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x9, 0x7f)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000002640)={&(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000d00)="14", 0x1}], 0x1, 0x0, 0x0, 0x20040084}, 0x0)
recvmsg(r2, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000640)=""/130, 0x82}], 0x1, &(0x7f00000004c0)=""/243, 0xf3}, 0x2102)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x13, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000000000000000000001000020756c2500000000002020207b1af8ec00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000010000000951400000000"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
setfsgid(0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r4 = socket(0x22, 0x2, 0x3)
getsockopt$packet_buf(r4, 0x107, 0x2, &(0x7f0000000240)=""/1, &(0x7f0000002180)=0x1)
writev(r1, &(0x7f0000001700)=[{&(0x7f00000001c0)="8a", 0x1}], 0x1)
syz_usb_disconnect(0xffffffffffffffff)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x3}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x20}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}]}}, 0x0, 0x5a}, 0x20)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4})
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, 0x0, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='syscall\x00')
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(r6, &(0x7f0000000380)=""/140, 0x8c, 0x200000000000000)

11m18.841529923s ago: executing program 2 (id=192):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x30000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000001c0), 0x402000, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000480)={&(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000440)=""/41, 0x29})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x7a3480, 0x0)
close(r2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
getsockopt$WPAN_SECURITY_LEVEL(r1, 0x0, 0x2, &(0x7f0000000340), &(0x7f00000003c0)=0x4)
read$FUSE(r3, &(0x7f000000ddc0)={0x2020, 0x0, <r4=>0x0, <r5=>0x0}, 0x2020)
mkdir(&(0x7f0000000180)='./file0/../file0/file0\x00', 0x0)
write$FUSE_INIT(r3, &(0x7f0000004200)={0x50, 0x0, r4, {0x7, 0x24, 0x0, 0x41046100, 0xffff, 0x3, 0xf7, 0xffffffff, 0x0, 0x0, 0x1d6ef038135692fc}}, 0x50)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="1827dacb7cd53e01b4852de2d748e21fa033071acb841f449efc23d452101807ae5c485596338a6d31388444ae8ade7b60a85a37d3db29ef19ae4c4d4db9c2c82c7908debb2e2b5ebef336aad77bef942d064955079af4e914f372cec8ed0440f6ee0bded3c565283bdb75124011227712d5f01e8c1eb86cf69205a8b5b374edee58ebaf09d62191cf41190260c30a719bbc9bc29be0d60c678791de6b236c9b5a057247c281937c2b2ae747c858532113e0a1e7af49298ef54f15572301d3c907b02529bc470beab8f9208cf92b17a9df99ceff90a1e384d6bda3fe823d8eff0e2229a43c31781935de69466b1082c0f88d3716f234e1d6e17e1360f6621e686d661af20eaf08cc97c261590ac3291667a87bbf66f86d9005f034ea5517b2187b6dfecebc1cb8fc4dab511a2890a68ed185483c548168803f353520cc6f820d1349ac985e12a3ff6e8a78b29ed97213962fca3ba7d04d1ab4dbcfe93a88831f784ed278d079eb3e2e69d3161600fc7b0dae825b510a59c14315fc6ca0ce68dafd088f02a92ae0ab3f15ca1a863b640e8e4a89407a8b8d752892e1f8b0e793d430c3ec46cbe2b6a4bdad728c34e734864aeac2b6b2eb51c3a2f9e6773c5834166511086dc35847cfa17974889795ed305353d41c9399bb95936a3c1be1099f21795cfc04d9699929eca65a0edcae5d4e564404e5292dc15f40d78d94be9e8dca92983bc71729ab30a70455bbfd5a98d97cab9778d9b7b69fb20019e7e7c7bc17c84da1dab53a187a116ac229e00312c95b1074afff18a8771a4ab47be2205745836dc3cc1ce531fe697e9a734698fb2343b331ad9f13214d1d7d511dc646fb8b3b70fb4611e6d102a0e2bda6311ca824537f699efdefbd8a3a523e26272f07abd75504188edc788af9c75aabf77f4ac883573f63ded319fa5a8b6317d4490391879629446fa5ea4c695f3db9739f7bc1da7a19f3e1c0ccca98307b3a7a38272b7455c8957b17138c9e170c27895fcf47eb5530948b7cc43d61a621293b0c83dc893f02def2b42a8bd7ad6c9cdfeb7a3bde141e98e5af7500b07d85c6314949b754c88cc666bdaaec89271f56ec11bfa0aa337feb1140b8a07fbd5c79bdd0239f8aa1d454c0e5a16e99d38d1212ff709bb1964c317c98bfef37b56944666f0320ec85b5b1e07731de5584901f8c65e14fd2ba83b500fdbb137c7cdf91d66400688a5da6405ca7e0b8107ed65be0ef5c6234b62f613e7e76d6f3d5cc12bde4342391524e25bab6ec0a358c6c66b7cdbdd9301f91589af65cb7c02fe8271a798c5e122fef9e7581d28884d33d01f0475c9ac052d2d014bdc09e2738487742f7bff40facf2e96dcdfefa336c46923b77b334daf7b01a9fd5d957a29b83adf6f23acc507a58dabe6b2804532bc1a865a01b1126127f7c6a8029531db8a51d8472c0abffca5be97b9b5433ad220ab9ad65cf94a1167f3fb2b8804ce66f9f5cae212724b2b3a04343580f5919f446f40eaa0177f25ebe68ee7c7a35d9d5ef6e1cb220eaf8ad9b269b15c2ab9692c345f3c3bd5965f06adfdfa2d672b5e3184ebe192f73e70e829adfac2e6318d238dceb6e3d7d1422d57ff7124793b92966bd229c0725b0d591e59c57f98841b5ffad16d0ae903406014d3e632d0654e9084f870e124046f3ebae3ecbf5c5365aa32ebf169ccf1243dc8fb296cef006d5f00447ecd2980abb98e3b6e6bf6181e5df7994ea1c1273784af0d92a57394c71926dc143228a8ade103ff61860d21ffd467b2c41bbbd2490dd36add865828fb64396f16831a3a74f57ee2254cc93b25b7219bc00339a2518be3caa4765ed63295c84f1d59144e96aacfb57c6441f64f29729bb7d68127ae2472bbf089570003b1e820191878ab6f53db01c180751e34672cf5a96edfefe164580d6101672281b59f58f3c7b1222f2b6d19c8a8e5f9ad539045f7dbadaa767f993da974dae20744bf5ad0e0ec71ee97696659981e067463c78bd9337b8bcfc070e7e5b47303eaaf9651c19f19a15eab8e2c47041828be50994b5695ee5fbc9a9ecacf9de714215eb7992c07f262db8843937934fdf6fdd31d0f3a44f074f3a1dd6622dbdb3364df79d5ec90ead64c29e05a6c5358cc6b9d8493b7e1c53a91c37aa3653cf2002072461f4b99fcdec142e53b87f61ea55cdb834dd4e03f2f57a206cabe2f3f3cbfad3b4117bf4434718022b09a8419959a9bb97fba50a6b3b9a844cd1301de7bae89f8d1bf549b88dd2bd0697e70ce89cc2e383221ca2ae9d3671a730466c250a8963f6411a42ecc85a00c01b2b43c39432d5065a5fd11c29a23169891cd674cf3a31e82587a26c8d48aa3debeaf067a26669599fae850126dd516512e0cf5ab556b5582add7d2f665723a2244007ddc302f0ec29da73578a80c998849be2f766a334c7ade4dd46f37d648899da5cf7437af2d6e8d03d934903387c4c7e260909d59b546dfac9ffdce11fb92e5bb6ff6836fa0e6d0c5942b4660fdd68d3cc8a76ce0960584dbf634695ca75752b19067ba535e4779189b111c9a3e0ea877067c046d10021b0e60eae8d5dd7536b4474d8ab74679e2d8e68bc9208db5561e28d0bec177cda1e2f944a4cd97b6432033ce40063cbced6b36e486b096adffd699c9fdf58d5ec54bf4afdf52493fbfcd91e807da31ff675b567058697aa088118a6ecf1b7c7dceba3ba87d59d882fce3b3b676763ed658e991c4fd5746946815af0a2c1e96aeb27383cf6638d6d7e1932b3a028250fee18db7c46acd7fab33ab22ff91cf78029a4ed96494151652213fb7dcca0a8944568bf84aded113e20e6897d6b8f6f9fe5f6975c7cbf999d15ce5f8d50454d58e7a5b285fce4ef9d14758cf4a9619b17275fa66f2c6c48d44da95657708062bec9b633ba2df082766f549c5c1b661fc8a5f7b8b6699503da733a66df44f116c4a470b73648cb64bf04101e7bc1d048d230addbf22a5b98aea08beda847e33552faf771d9b181f610ce34530543096257856ea3a08276bec1ea40e7bf6957143623ef47b5c41e61d076eef0a5195431b49beab9fd7f07b1a153491a7250a889b26ce657df550b226fb94cb5f52306f47ee3af4627ef0cdc0c50536af7b386440b878ed5d672670abdb3ea3e3c3c031e67293104a4d6476cf325f6fe4762ce2351dffac116387baadb82f987cab7fe88ce1be7d44ccd572bfd29114d2ce4d5e90f4d6bf7be39ce25ab7de52815e4059d783564d518dd208714de1c524ff69a4ec5f29bb631eff605cc6f30a0bcfba44810a3a6fc263891791b51cb4be0d60d3d0798e38b01b9a21150589a436fb4df4584bf6e7094176884921bbb0f87b1bcdfb6df8aef8f58393800816c15647650448da0ba5bb76f7bf76c3be83aceab79eedae80e1fb46a2557a9485aa7a8053a5835e609fdf54222f5b43cba63c9508dbbd0e22953768f88e2070236d7255f682464d09c7ba12b2e8787a1bc889af686d2c355961d8f92f877bb09baef09d70b5b306047d8d3cb97fb06ba8d09bfbae02314dddf98092b6ef275743e9deb391995003d83b549ecd604daa9bd34ef311aeced5db504242241c0717f8302efedcd3fd43686a7ee21c73ba3c5af98c93d09158c9011e11bc4b51a3a4e904c4b6ced1a786adf310073405c27df6aae6d5da4398d78622ba9144ad09902da49b77046ad22fd303f07c1533f271eb82794b402382d2971f46c7907069907a7afb9e94dd4071685f91cfca10d86aad7c385e4d90f0d44d37588a8f1f267c1d8445634ca4194d1a0c5894a6d00cae3af3aec991cfefda59e3f46c0a6e2fac55b35259a9960ec7dbd1c7dd128368393f0de1e0994ba1f5b41762c22213f56bbf4c2cca458dd5731f9379f0651ba61fbf17a5861eb417e20a7fc9df12c6771f5ab322213ec95beff96dc1811dd0f45be8fb1ed93c2cc01e694620b550e45bd265fb357f52699cf9ca3ddf331fe4d11c5e97bb57631d9c7620b5c19562c85ef8e04ecd5cd5b713fbd94b6b76331a83f304cd8ae1a903ffa722cf5697b1e1bde206735656ce57254744daff8013f47f9aa4f062d8c5956fa8df5ee79d6e6ffbc0c47cd0c99517a6d92fe8ad18c001be4b55af7a6533712c6a2ccb7e813016e7cb74a94bf2a2ce9b3b440faae19210d43320cb81a6472d1da775ca27f2b5bbe5964271eefccdfa0bd6b163357af4539fdb5d5e2e7e1795040776d4d75b70928b8efa954556f4d225bd9b6f9e5a71a8e7a3ef5c36d459233c66650ada1c55dfa02bca3997f93b92028881d9c3ec0e7e1a42c587482b0cfbc77e8520c6ca0f3e5127c96b41056b7279d9e62358e39dc95e779affaaaddc8e9ee66ba336feca8b957ccb4f352c0d162390e3bde27b15132407c97c3a6b5f1704e1e559ee12655a71d7dce3711c8af907d7d2875e2407ff8c59c5457678058d3d00a7971d239c1b1c67dac3ff3fbcc2d8c8035e31040118ac46ba5110a16aedd0b7f731a4f86a63a697501a664946eaf7da6d3cc2a296f294ee765b8f26363ba6116e0ea0ef8eabb0f1e7cc429611194cf0bb66463d26a82dd118cbbd3f1040dca2f5f82ac5eb5df41a4658fcb34b68066c5708a4a16c48fd290b32e392e7f5b662f4e3fa2d79a814f52824cf737872604672bdaf80fc527deb1f690339c92b6c6c6c8635de5a2e1a7ff617d0f1c11bc3a3504d0de94d77678025ab5bea511d783df148e58b0793251db3b7b9e03bb201be89d5939c0a60ab548460d543d015082e00ad9d05418c327ebafbad7924aaf70e5fa6eb0be359b65ac2fbbcad495b17712e033cbf1853d1e2450ac4c8d19287074e76ca3d087d376b0f861b525d4949098dd4e3a3cc50118c8587adf6587ed9aa0352b7d812fe66bb64eb0c0f4d46822aa9c3d4848454d49b61cca24d7d6b82fafc5d8eb4e40e3665f24a95182b70b22c5f9303a49d1278f25de9855246c729fc8ba300fad799a949b9b0ce303477d22337d599d4c8441461d25725965183210a729fc59c4e5ddb45c0b9db06a09619e6009aa0653cd1e8b06d0e55c133d5022dcf91f12a21e9f977de2485f886c5133a8837987e7bc90662156b0250cc76cb03ad9fa36733ef371479ea9c1313682866b963f1f96bba8c658e2c6a10e5e29d8a07d4999b735bdef7f60326aa64fc198c3f2670fa4a44717fc613f1282fc324fd9476e6da7866cb6ce1efa8a1577088f2aa757584b8ade9f2ba34a2287870da2cc7704008b6e057eaf8bfe2fd0d6d60cf03e1751d2284c6439ee6079708451e64b1f7e7dc8400ae99e0d834a7daba6c3a8219812adff0760129e18a41eb0448c57a909714cd395933436e9ae040277f213e30ab7b6e7e3109642ffa051b3c423f6ffa7830c75d229acd617d6bc1f7948f09238f5437ff4fb302034fec1fed96c55c46c7d70d6ab3018c1a3d76120077f815fa67ec8815f44fd0cae7d1509d217a432ce904c778f201a508fdea4672e9cff797bd1d0f58d46f39396e148573ae9b2468e4ee5bd9a5abce8166333c524f0a104da2e3c99ddbc51fc6f4e7c628af79c93d0fbe61b1c4a72b11fe423597f126467a01ee6dad848f24abdfe453592f02c84e017fe553f27e639f88824d70aeeaca54758184f95f12d696291798046bb075fefd6876e8ef893f5b9340e21fc63c67feb6f03055f2f394a591164a61b1aab14c468998175b75974543e79b241dc69a6e346374dec5eebae154e36f29d17273e608ce69d539a5e4702f474bad66fbf3348f0c859bf884576faeeac754e290ec97e863526e55420da72b6b6cd209e6685ffb64e9865d00eb017c843d3c0cf3ab26f53f76316fbe009f0b2c4932b0694fecf1a148dbead458ca9f5f6d678d6c6fbd23fb6aea9e951914300eaaaf69bf35d4ce11c0349a02aa14529a083e701eac0177d4ddb305a9f9a5cf8bacd96327a161bb8b877813ea022d62bac8f0ab9eb5e9d145dda4b1fe79c0bee34c8bbfe866ba376d3a71b9809adda06e64eafaa6cf53fff8ed63e15525fd409e13b1809ae6e6e937acf858a59d2073b304171d5ab35ec92f66fbb2d4e34d46e886c3546c1026d0ff27821a15aa397dbc686540d546ea66fb43dcb9beaeadde6250cfe8e563f9033b432018c88bec07279c6a0228f3eb11031d3435d95c9c1789a5338f74aa6db2c853c87f8f2397f9067fa59774770f64b8ae42b9a07f85f1bcabbc6d3b3456a253bdb73ad3de0aa416589b722053c81db90e7b66a835d636615701e6869fef016bfaba9da0a869005ffc3174b605fdabdb8c7346262ce78a64aa7036960913edfffad202d664d1771018de43b6548a6672f48979b8e30017a93da2c093266306e09eb203fb37d7d54466fb26d4414ba88346d02d8811f100dcb0a3e50ae46247b986b928f12c1ad506c6b33b49d7e6955ae9619f73c79b72a95b053d53c4c54d36dceb8ae780b321aa41b5d61caa21a6c65329f08da522bbbb3d07501b39cc6bfbe4a2ef8054d7c57666bc805ed451517a1432b958141f3ce94752a67a17aadb41590037da8efdb251eb56de30b0e0e75adfbf4e06d4777f843a8d7c31e2ab62d98764217491d46960d67d3ee1213d150c28e75d1f440d41ffc3cf876554e2d4a354f70fce17e4c0fdc64992c32e785263ca4ffcab57d3d46d220627ed05f1628551e9843137996bc7a0b773e1ccfe5364216a8003757ffdc052d93793a3463baf4eef5dd283826f8510bb1f20505a6e61cb3d571d0f77e67ff3c0aa5ca91f6d68c7e0d2d79c649b091b30b2911c5c47157c9c531296eba681e039eaecab83722cc2fd5b91913a463ba9f693e34da60b1adb8ee9f4a83fa67e25f19e4cd6e19ed1381cba8b5b4591109637ae1f7f29b5495fc5f8057da565d937e7577735bd98fe626ce8568897d240f054ad69c8e0ca424d1be51b17d5e639253fb2fe6791e01edcf9c4f8404233d7f98b52c31c4996b6b63112d0126036ca20cf52a2da2478683c41bfd8fb5b34de59d5e87b5075e5e1d78ad06c6a2f6e662145be3d30d140b62c49df203350ea4412c97aaeec7aaa00d81b89f3b7295607840de2a8386f52012b5c4e6e0e1986565bc4f99b6bc10f3a2ab59783a8b9f3c696f741af0f51b6592c68ddff861fc7d2b16876b05a54eae9ec0e170fbf26d9358941c6cba50a5c41e77f72c7f41e0bbf6023f04f7701f676a64cb63ea1a8d373ee6a99ba56449699ccdf8a11dc7d840d695cd5ef987f74e5b16594cc8c6c2251c47b429281b6e34c0288c7242052ac3c9c63213f6ddb08726001e0afe1fb312d463db8722f1617972dc7f365de498027ef0b5c6d100e583348cd777a2afbfd60ef59969c8f88358b6995c177a7d7e69d86b11e36f42bae8c9af599d3f828447c31004000163bb74ef20f656f6a1c8159bd0f867f2e283c10656a40a397b2e514c19efb5d5a5f54316509801bd8208a2c84b2ef13e54d7b8af8787b826b50095a15e33a5e8e306454312a83af7869b7ba0039ca601751b580a9190435d35a8ce9d8e9558ca1bcea3cc3604f4e991aee79fd0d2393b9f87e8dac7782e837e1de5e88a7c79385a2b14556041f49c1113df43efd8aea14c4b651d713fc9989b2fd77ce13a98efef5e83cc6843d313117753d82870c5efec8cc6fd855ab6e0fc6d48c66874fdcb2d007db7fbb9371da3836eb23da1106283a20e32617bcaba574b7b6298d48334eaeef905ff348c2bfbc1c83a88d6915b644d1854161ab4f1d1db12e74de2853e48d1a10f9835c226bca6944d0de6a18e0e07df45ad72a7d354045a6997ffdee010e37091a3a5280e5db8aeea0245217a6f1160a6287d9a28c0eeabaebe755b9485da5b7ccb85166ed902e63200e5e8ac464124bef0196eddee6cfe90fce770b416817e1ca78494786bdaeafa3538841f74bbdb2585d63f667ef227287efa56c030c0999e9ead590f1ce383a138233235494ecec0aed97c803b4d7c4fb80ac9a3bcb1dd2bab51382a94195bee034c3f3d3d9efc44add83ec580a5cfe8f5942b1694b0ab3ef4b2d9f7c0b8634b056c6b6eeb946be1825fa452abdbc1545cd94774abed3fdc2b0399929298221030f6cd0a2b38490f5e4bfd53ee20de10eeb2ffacca980d40e0885cb91c94a4d81a61d863efd0f7a12da233e1dacf7af728950892ef887abcc5e4d08c6b57834a1e5dd1dfc69418fc681b47d8cd34c6a3846b0e1afdc7c7f9033ff817a72ac617c0a1e59e4e6ea40bd668c499f221c5f63700e74b68ba3045b4460f0fa60308cf8964d95237d888d5c1b1be0fa7bd2703eaeb0d2914b8d22cbd8693c16f21bb72566f38aa97e86f212557d40e10b285e1d4de0b153c8f91e168e9d0031bb7ee7fec5f0c3fbf15bc6fbceeae6dd363b7e9835b175b0be16a3348a2c2d07468449fbb2fcfca9e7d8b72b623355715a6a1edc87ea4c699ffeacb2277fbb5658a1eb12d0a7a93bf100ab11cf49b35c16a14044ac8e5bd69af05b252325f0eca41f90681b4a1ec399096939a96685926655a0c4d172d06646c87f35b65c0d7654882b79838f78c35febbdb378f9f28d7e6ba1c1fa191bbcdbf991731f546439a966e4f7a15c77367161bde14b731c9f2b91114fa46e02e70f07d3c40988e8140866ed3dcd98ef5524700deb75c1a6414016da0ce6845e936a8692b7beac01bc855a72a490c667c3b755ffaaa57af54af1bd07ae7b203be85f3653aa63cc5ae10f6e585c7bd8a5257604e82fad6c7be6f1a47eb665c1422c03d3263f351671a48bd5eed22077b8c16e706f009880941c29b90c29a11ef008a371b29200f32523b9847d911fab4ee1468bf98a49ff73703e2d9d7bbf6ae37459c3cb502541f304e1d5918518a06225b65f3b38b91f8e0b49a29ef9aacca369ce5cf8b45738e29118ab06078b885189acf4d0a5200b86cb2269dde90dfada27975dbe6ded12232c0faf7ea12ecacbdf416cff8632e48346478a75c0279c1920b7556fc6670704d5d97912c75d3a9cffe6891abdf747a6850ba7d9668e56c7e7ecc03c5c388e886bc984c8bfd9f470b7e4ea4d146c3c28e4f8ff82b9558266343036e6239a26f567f7633911ccc51522c29ff3ca36ad5b8cfd6ec1c86ae08f30d87a503c909e66dc278e9d14f3fae4bfa4813f315b1610ed76fc149d92f319044e813c3769d4978637e0ee732d3bb86e9fa584181f41d4304c07a1cb71d10f07da649288275a213eff161c536c7366d4c010cf9a4b1c2f2940607dc7468e51204c6983c554d616d48f93ae51e6a7769b3285785ae7bcba3cfb27879df1d7f1f18849a70814eb51df6d1d8cbe80b736cb38326f7db7a06e49cd4fe41b3f7a9156cfac9222ac23d13765e7f2910a365fb23a208f192cfca97b2b8a3de44a2d90d3c865bec109f4bdfb1d37216cf5f71a27c39a83b5562b0c06d76b46b2d8f5b15cb1765d6c78d065d24bedf72405dcb8e795fe183196a6b620f918a2dd7fdfac142aa653fd431ec153e3daac8f615a45b3a0d665d5fe36efb6e2f18b8399429e4f363748eddd5cd2a637e9a0a553fac6d05a3e2bd1b26f2f99433f8f59a3691417a4f35ff7d46a22e39e94641d942706850cb2843ff4a34122e37dcc8224ae9f6ab7f64ff4a0bcb0aaff2f429e4f0f5fcf90ab6a2c45e8f2408d9bbd4f60d6b01a0cf527895e1cd063b178b8973930b9488d81d3f0f7985b900d0a894c29642b809ef39294bfaaa5401f5ed50cbb91a047b60ad54b323a2f2ada04d19d6dbda02e0f22d4d6520f9db2263181c97c9bb74dd8a90adedc80bfd064eb103f67d02ea17571f870c779470bb6460c658da4c502b9a10c8050fc26ad5cc1ae1eb02f0d703d05b48f48ab8c9f9a1bd000181ccf929d45544b44e9a3cd0bcd412ad639323283ed229e5486a2a93babb165880a0a7329834bb51a0631cba5caa30637ca3f07074051c608b7c7170c8c415c2eb88bd6a798bd86953ff71052506ccf0e2357deff6cef24de5b7f68a17082c08d096e43fbe727ab0ab1aa27a703ccd58168039e50dce2d400ed7f2a217c1eea7b29455fbf910d36db324d1c6b53343a78484883ad100a0b5b28c74ab6296df5bf8048fb916e8ddda0ded3f5b08d262b9b1cb1ecb149c02a21490ebebe8856c844d448d2a3878dcc930c3c88d9addf73917e9d3f878fb12fba3e602cfde199a0e69eab56e3d4ffa01135b3145baa613be01f0b94af5bd3b8b432339c954f52b8551fd13790bc1ee18be226b819d8001a3da8e097f84c166e4002e4c1043d3a3721f05105cd17a278b9509d7a04826e8a5b4956bbf976ffb4857fd88da99cfea8d2e0a1c4f52f71f87cbee8c02fbf59b12bdaccb67d0b95f0a56693eafafeefce1953d708b56532ed5bbe12626a3d041c031b48a47b34c504f7dd57e21147b920c058385ddc8cbea5332086c269b0d5c2439f30fa431f88d1a10e25eba0df70d8617ecd5546314ffeae9c4baab872ab82a45eeaf0e1e1533e8a6189c324f31b652aeadc52981b66161313999c5a7bd7c79ef4ee55c7cb00ebd9637ffe01924508a44ab72ab16b70b8b815ce7d27772db315122f4a5a7679af5ac685c26320a71cdd8066b19f749705e2e35d1d9166ecb066053dd05a759270e119944cf99b918cb5e4e6c931031ae2eeffe349ac246c92174091c687c58879e1f05c43b010f7ec3f204c106cf60740b0bc2d355f57bbaec7d060dedab9aebaa4094e72ebffbf61cdfb7d69fbd146daea59339fa83c19c5f75b866af5e7f387740e675e1e2ba29c261d9e7237c6e9ef1b39a8fdacb44de0eaff5f4f9e3e42b75d0a37834eab0cf47acf65e882f0962e01982e783c0dae7efbc95dccb235562e5a2e04fd2b4b43388c0292e6e8198c6df0348920d6e1c8acdd2e892d3f7aef7703824dbb08695642f0e444ade6c4f1ec1e267feb5135cccd50fcde643acb66dbd18f507496957ced435e0db0a8e8441a8e2ebc365f995c32399f7d180b6faeb85ee1921b95f82f3194bed7d157e842257d2da26dfac90f32fb53147e48e232d5115f1cd12b45c55330b29775ab776599afa504b7fe114cd7fb3ab4eb6c30becb82f448b284b20010bea918019af99b2a9ccab1585aec19fd1abe8365a6023f96dddf1a37cce2734bb6585143729850bcd811787bd07cb5fdd57cc987f9278b7f5ef3c7529a9b6d20d18cc4446f1036cf7635da6732986c38df4785e2e428f14b84957319772bdbb7d2d2d20321e522b1ec6c807f3a3f575643d4b71e1bbd1e843b5816aa68900298f5058c65a9fe1022978a44a77bde2b99e221de97cd7fa6a2ea440220bac20e3e4c1e4224958aca15681d3a18f74218114c3e5eefa1fc16de8c07f1d1297b0e772d05f205337175c1dbe88dfc876dcfce367304afac68c41b98ed2ba3f04fd1b37db27dd5d9c9aafaeadfcc44585908ea655ffce1fc2516b060256777e8953e2a6861ec4460034691aed001ea2971627615fc7972773d6a8c343117bae3fc68cfd1f187c478c0f52e86b118c65c39848a8c582ed908fb1242ad3455288cc858e52e119d368e00783c2b8c2916ba564a3501326baefe1dcadac8b4b8b666f20a3a245ca171b43af", 0x2000, &(0x7f0000006d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x7, {0x0, 0x0, 0x7f, 0x4, 0xfffffffd, 0x0, {0xffffffffffffffff, 0x0, 0xa, 0x0, 0x7, 0x8, 0x2, 0x40, 0x0, 0x8000, 0x0, r5, 0x0, 0x403}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
ioctl$SIOCSIFHWADDR(r0, 0x8943, &(0x7f0000002280)={'xfrm0\x00'})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000c, 0x31, 0xffffffffffffffff, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_SREGS2(r8, 0x4140aecd, &(0x7f00000001c0)={{0xeeee0000, 0xdddd3000, 0x8, 0x2, 0x2d, 0x6, 0x2, 0x5, 0x70, 0x7, 0x1c, 0x40}, {0x2000, 0xdddd0000, 0xa, 0x8, 0x5, 0x7, 0x80, 0x2, 0x9, 0x8b, 0x8, 0x8}, {0x1000, 0xddddd000, 0x8, 0x3, 0x4, 0x1, 0x15, 0x9, 0x91, 0x7, 0xaa, 0x3}, {0x8080000, 0x2000, 0x1a08ef8651938a5a, 0xc, 0x4, 0x7, 0x6, 0x2, 0x1, 0x3, 0xb, 0x5}, {0x1000, 0x2000, 0x3, 0xff, 0xe, 0x9, 0x81, 0x9, 0x3, 0x2, 0x3}, {0x5000, 0x0, 0x3, 0x9, 0x6, 0x3, 0xc, 0x0, 0x40, 0x1, 0x2, 0xc}, {0xffff1000, 0x3000, 0xb, 0x1, 0x4, 0x3, 0xd2, 0xe, 0x6, 0x0, 0x9, 0x2}, {0x1, 0x6000, 0x8, 0xc5, 0x6, 0x5, 0xc, 0x2, 0x4, 0x6, 0x9, 0x6}, {0xeeee8000, 0x4}, {0x10000, 0x4}, 0x1, 0x0, 0xdddd1000, 0x220040, 0xc, 0x0, 0xf000, 0x0, [0x7, 0x3, 0x200000003, 0x9]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x4e, 0x0, 0x0)
r9 = socket(0xa, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e21, 0x6, @dev={0xfe, 0x80, '\x00', 0x16}, 0x2000004}, 0x1c)
getsockopt$sock_buf(r9, 0x1, 0x19, &(0x7f0000000000)=""/218, &(0x7f0000000280)=0xda)
syz_usb_connect(0x0, 0x3d, &(0x7f0000001500)=ANY=[@ANYBLOB="00010002d67e26400304156019000102030109022b00010900a0070004bb02026950c71c09050603ff030806ff09050b0800040e030907250103020200"], 0x0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000080)={'team_slave_0\x00', 0xca58c30f81b6079f})

11m11.682067911s ago: executing program 2 (id=198):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000001c0)={0x40000042, 0x1}, 0x10)
bind$tipc(r4, 0x0, 0x0)

11m9.983401826s ago: executing program 2 (id=202):
r0 = socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket(0x15, 0x5, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@gettaction={0x30, 0x32, 0x400, 0x70bd2c, 0x25dfdbfc, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x3}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x81}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000014)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt(r2, 0x200000000114, 0x2713, 0x0, &(0x7f0000000280))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240), 0x0)
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, 0x0, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040)=0x93, 0x4)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x2004c8a1, 0x0, 0x0)

11m7.352187062s ago: executing program 2 (id=205):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001114210600002907ffdbdf2508004b0028"], 0x20}, 0x1, 0x0, 0x0, 0x2000}, 0x4000)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)={'security\x00', 0x0, [0x7, 0x200, 0xd8a, 0x9, 0x7]}, &(0x7f00000000c0)=0x54)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r2, r3, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x101, @empty, 0x4}, 0x1c, 0x0}}], 0x1, 0x4000840)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_clone(0x81400, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)

10m51.740094856s ago: executing program 33 (id=205):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000001114210600002907ffdbdf2508004b0028"], 0x20}, 0x1, 0x0, 0x0, 0x2000}, 0x4000)
getsockopt$IP6T_SO_GET_INFO(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000040)={'security\x00', 0x0, [0x7, 0x200, 0xd8a, 0x9, 0x7]}, &(0x7f00000000c0)=0x54)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r2, r3, 0x0)
r4 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r4, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x101, @empty, 0x4}, 0x1c, 0x0}}], 0x1, 0x4000840)
setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, 0x0, 0x0)
syz_clone(0x81400, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)

9m23.864094298s ago: executing program 3 (id=367):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406a053603000000000001090224000100000000090400000203000000092100000c01220700090581030000060a404896cc9a75"], 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x14b, &(0x7f0000000680)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x139, 0x1, 0x1, 0x4e, 0x90, 0x5, [{{0x9, 0x4, 0x0, 0x6, 0x3, 0x2, 0x6, 0x0, 0x9, {{0x8, 0x24, 0x6, 0x0, 0x0, "4ba522"}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x0, 0x0, 0x7b}, [@obex={0x5, 0x24, 0x15, 0x1}, @network_terminal={0x7, 0x24, 0xa, 0x55, 0x4, 0x4, 0x1}, @mdlm_detail={0xdf, 0x24, 0x13, 0xb0, "aca037fae972ba43787e98c3353a3befa929b6f77e12cbea8592431ee61fef56a58f6a8ca1ad20a37380bea2f23ae2d0d0d08187ac6301b16126d6c74546d8e2b87c407a1fbdc512ad97a9035b2dc139b5d94f2c16bcc64face0d90af703806da7a356c9e11d4af9c9f29e5b30685f430106485e9943c4093bae5316a77bfe0eb885258c63407c47847a58df8b854a6712f4ad930775dd7577fc835222d1a49146322f211d2a6a68ec48991db9e1466f033525fa5217c687c20eb8740135910a3ae772c9298c80df19f6f6279fb3575754c480dc77cc5193971a23"}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0xf}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x14}, @ncm={0x6, 0x24, 0x1a, 0x200, 0x25}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x800, 0x8, 0x1, 0x80}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x0, 0xf}}}}}]}}]}}, &(0x7f0000000a80)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x200, 0xb, 0x7, 0x2, 0xff, 0x3}, 0x10, &(0x7f0000000400)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x4, 0x13, 0x9, 0x35, 0xc89, 0x3}]}, 0x5, [{0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0xf0ff}}, {0x4, &(0x7f0000000800)=@lang_id={0x4, 0x3, 0x2a7a}}, {0xc4, &(0x7f0000000840)=@string={0xc4, 0x3, "e4eb102e17191b13f7e929fb3016dc1479272e67b2941602b972a4aee8e0b5e1dbb4d2ea5026c0c7491630a2bcf8081cb9932bbfe438df12a2282716a2770bdc11635148b950be6e55afe29461d9b3cb3665e074c70f7cfc86c50ca0dd71f068af3a21852d2f557d93b25a981de7158a555ff3546da14daec35fa4690518a152909ab54a127843df8e46769dace56627b6369722dc3f006a197638146cd12d1d6158f8104a7cb548b930b20cfeaf5f4142b78ce6fa66b6dcd6f2d86ced45abacd617"}}, {0xe7, &(0x7f0000000940)=@string={0xe7, 0x3, "df5bac9bffddfbf95824ba61ab6f1ab32a53834ce2cb7ed1b1948399778b3c403f023bd5f26e3283f7d125bd72533e672ed02f9d501c32ef59b39f0a9b3f7a5b38679a9bf7858be855cac4c41b251a9988ba9a40f3dd4d60d6dd6bc589981bf35904c0bb02472ba5be1c8a08e891cc24cf80cf3cbd05fd7450a034ec0b4a6a82462496d5ba1d185580540ee6a46b8bf450b488df04b18b441bb77ffffd2da956ebffbbeb06f3f438782bbef3958662c160b77a2424c2aa67f4a34b551af320f8a40387df81e0d26934eaaabeb6225542ea67bf3cf5516785928c31ce69fce8f10e009191cc"}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4, 0x3, 0x3401}}]})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_connect$uac1(0x4, 0xa5, &(0x7f00000000c0)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x93, 0x3, 0x1, 0xe4, 0x0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1000, 0xf}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x1, 0x3, 0x46, 0xff, "1bc4"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x7, 0x5}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x2, 0x1, 0x8, 0x9, "86"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0xf6, 0x3, 0x9, {0x7, 0x25, 0x1, 0x2, 0x5, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x9, 0x4, 0xc5, 0x3, "f7aa34", "3eb0"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x9, 0x9, 0x6, "df2d0305"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x8, 0x60, 0x6, {0x7, 0x25, 0x1, 0x2, 0xe0, 0x7}}}}}}}]}}, &(0x7f0000000580)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x200, 0x8, 0x8, 0xba, 0x8, 0x1}, 0x2f, &(0x7f0000000200)={0x5, 0xf, 0x2f, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x9, 0x5, 0x5}, @ssp_cap={0x20, 0x10, 0xa, 0x1, 0x5, 0x3ff, 0xff0f, 0x7, [0xc0c0, 0x3f00, 0xc000, 0x1bf30, 0xcf]}]}, 0x8, [{0x4, &(0x7f0000000240)=@lang_id={0x4}}, {0xa, &(0x7f0000000280)=@string={0xa, 0x3, "fb1bf6de19343977"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x40c}}, {0xf8, &(0x7f0000000300)=@string={0xf8, 0x3, "1ef2dcdc0435ebf858e5a2603d1bc8f25da76e272ee70b90eff03807c7896369759a9b375004d96372c46fba75654ffee6181c563adfe4df19114fe8e6e19445bd2081dea671992605cce44c4f25cd1a96a8f64d68f440a4cdc3973926b3a9dcc0b55342e0673bb499f43b55ab1ba627c8b9be1069dbb25fa2bfb209cc12616e832955e8bfbb65829d3ab70f83b33d16bc2869e74742ab50043ef16f7c776019d7c0a9af97348b22de66a1d1b104731690bbb9b6e400c6f51772ae079317b02de140d50d45ab343650d34edc2982bd70e76ff7a15a09eb5d8fec51c8308f05423ea9058ede5060f1e78a24962b97fa82432643eec8f3"}}, {0x48, &(0x7f0000000600)=@string={0x48, 0x3, "32982f86506de1dc2abff6a220b0e68ca4c4792e72c679ced668b2ff54f92688e379bdb987917649a0d48ae12696f79584c1ab5184990058e261cedfa821b9ddaa7474ae8779"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x3401}}, {0x50, &(0x7f00000004c0)=@string={0x50, 0x3, "0c0f69ba8624ac2c3add6f60a478a49cb44e1c774e9de3c58c19136af4b9722c76e5b77b218fffa70676983293c6f8415357e2c800f4bfe90ebe421e19765d207203a078c2e662c9152d10db97b1"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x1401}}]})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
ioctl$BLKROSET(r1, 0x40101287, 0x0)
syz_usb_connect(0x4, 0xa15, &(0x7f0000001540)={{0x12, 0x1, 0x300, 0xbb, 0x36, 0xce, 0x40, 0x1b80, 0xd3af, 0xe053, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa03, 0x3, 0x58, 0x9, 0x50, 0x8, [{{0x9, 0x4, 0x7, 0x7, 0xa, 0x66, 0x2a, 0x68, 0xa, [], [{{0x9, 0x5, 0xe, 0x8, 0x200, 0x3, 0x0, 0x2, [@generic={0xae, 0x23, "6ff98324f42b1073574dbfe0fac88e6a10c510a3eb6e63b1b305c6e8064d5ead6f818a848d9ba4a5c7980077dde4d72c55ccb0e74c037cb1381939a4491b4393ee06a5dc2335396b643cfebd869fec39de83101a8e9fbd42e6e6b19143ab0f5ea369d3e7a8d6142cfda943bb47290b76e81de01ccbc62188cf0a3a52d3329bcc2a9d81f9ecaf7b983bf37706e0c4989a4a549dcf0433bcf86da5967878e477d40c326e3e2c37876c89a435d5"}]}}, {{0x9, 0x5, 0x9, 0x18, 0x3ff, 0x0, 0x5, 0xf}}, {{0x9, 0x5, 0x6, 0x0, 0x400, 0x5, 0x80, 0xa, [@generic={0x4c, 0x21, "522baea4e7199bf316fe3faca6ae1fb5ed3166a02d9452c5cd0f878ab86fd67f1e4d4fcbd402bcd993251c12b6f2918e749d03e64a2a910229454f9a8262f0bd08846dca6339ec3ede0c"}, @generic={0xe8, 0xb, "b71cbcd458b3ff8183dd2ee58c31c57900fd30806219570f5a8779d1605d7a657d2908707fcc859db0cf19a5b1ff8c67f39e35e63a10e017aadab2a522dd901c675574da55a4d41a5732a2e5bb9a4e6c03897fdf5f03fb307920794e0628131feb3bf76ad33fcf64e332bf13266376a46246601f2b9797947674e112acf35294e059ce1f7ef0df497c0feda3d4acd0e618819caa1bef71cd959b21d2ee6c011753e49337ffff263ec41743b5d09ecdb0cfd611ea99b0eac2e725433e9830856c3de4072e7165b8c57ac881f5befbfb32701528e333a0126c7687e24e8d767bac833005ca3217"}]}}, {{0x9, 0x5, 0xb, 0x3, 0x40, 0x4, 0x3, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x6, 0x3}]}}, {{0x9, 0x5, 0x2, 0x2, 0x40, 0x6d, 0x0, 0x2}}, {{0x9, 0x5, 0xb, 0x3, 0x400, 0xf8, 0x2, 0x8}}, {{0x9, 0x5, 0x80, 0x0, 0x3ff, 0xff, 0x4, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x80, 0x51}]}}, {{0x9, 0x5, 0xd, 0x3, 0x40, 0x6, 0x4, 0x10}}, {{0x9, 0x5, 0xa, 0x0, 0x200, 0xf8, 0x6, 0x52}}, {{0x9, 0x5, 0x4, 0x12, 0x400, 0x2, 0x4d, 0x9, [@generic={0x5d, 0x6, "cded505324e7ca123c2e7051341c0062dbcb80c03145d0c1429b2f2e6779d7e1eef3290c5f986ba804d799c7b906e4b00be64481a458efd49fd901cb8ecccd399866695662ae3129ceaba1c05907c9f481fff72f5cde18eae9d0c4"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x10, 0x7}]}}]}}, {{0x9, 0x4, 0x6f, 0x2, 0x3, 0xee, 0xae, 0xc1, 0xa8, [@generic={0xa0, 0xc, "57d08509e82896f4f5fc6fe32905e7e3fb45fa6b41a17682b59caddc2d4d9388362c29074629b4bb896b7dbd04b49fc09320c9918abaad466c79adb88c6909eb2d5fd5fd34d417ab2d2d2ae02df6e7b6128bf8072b5d6980dcc7d0d2e570156aa1389b7d78a5de5762e65961e9bb7f7bcc4cedb363edc7f5605b50c13e90082c574253ad0f2ab184e3638972261354cb2990120489331b27a1a0e3c47601"}, @uac_control={{0xa, 0x24, 0x1, 0x0, 0x4}, [@selector_unit={0x8, 0x24, 0x5, 0x6, 0x73, "7585af"}]}], [{{0x9, 0x5, 0xb, 0xc, 0x3ff, 0x80, 0x6, 0xfd, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xff, 0x5}]}}, {{0x9, 0x5, 0x8, 0x0, 0x68b038f80575e0d1, 0xd2, 0x3, 0x1, [@generic={0xb3, 0x21, "bc6d9e51b4c112762a3a9a26906500bcfe80578b2eba44e7603ca341a873cd6a2421912380cd61c1383f09596d5d1abfe7004d47da7306c89c7bd1bbba939785cf6a968bb087755d1ab02874555e9e4f6c65e03f4ff572998a215318a0fa6d45eb24183339eee8fb52bcd53fea707701fe30db506478d697c9c2c027658e4a427831c805f48838519c2e3aabffc5b3722d766afdbaf28f6beb88d8ce99a723ac28f973303484f9862a780a424bde48216b"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x9}]}}, {{0x9, 0x5, 0x6, 0x1, 0x8, 0x8, 0x17, 0x6, [@generic={0x2d, 0x8, "30d8801f62c169636e453e3c011980455037619e93c67e1f715f1ae9a6c714997abf5f1580fe0582d8c13d"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x9}]}}]}}, {{0x9, 0x4, 0x71, 0x1, 0xe, 0x86, 0xd, 0x7, 0xe, [], [{{0x9, 0x5, 0xb, 0x0, 0x230, 0x9, 0x8, 0xf0, [@generic={0x1b, 0xd, "7b7cbaf969767b1f79dfb4d60ea20b772b499fc3d8c65ab87a"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x4}]}}, {{0x9, 0x5, 0x8, 0x10, 0x40, 0xfb, 0xfd, 0x8, [@generic={0x46, 0x10, "183fffa3a62f0960fb29ff2cc112c585299d46ba9e56688825883a2bf1ee4a2c44deb3909bbd088fce967ad30e098219e5724e0d23fc28f213f8c994621d625e8fdbe3b4"}, @generic={0x99, 0x3, "af83f02de1de3fc0f89413ba889e6c34675da4910ef7d0015f143eaa645383990e0154275a49fcae8db67c3a175a6db0f0e11e166ab5ccb465f22a219cb321bbeca99c7e1651e1e638e81f8422f44d32e4d3c907fa4a8b9f201ebee94d26053a986dad1a39e2b71029ae0bfcd3452723ba637fb683f67f826f769c4cdac344a6281bf1ba8f66d779c7230530dbaf143a848cea4f9d5994"}]}}, {{0x9, 0x5, 0xe, 0x8, 0x10, 0xa, 0x5, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x95, 0xfffa}]}}, {{0x9, 0x5, 0x4, 0x1, 0x20, 0x3, 0x0, 0x40, [@generic={0xba, 0x30, "cf242166442d4d8ee848da68d127c2fce41b00ca7d24e1802582dbefb9190db65ba647298a00477b0a6d671dfdf2ab4578e1f185c54f1bd90fe69db2c396df6a35d1ac129779cf7259448d5ca9f1cecee5377b59fe51b5816ac90ede313a87ad4d829943810ace30e955a2c937510470bfe2586fd6618ac00c3f982655d5b2f4f7ed4ade5c935fd96f3f0368635cd1b4498651b4d0fc5c9e1451f25b17e189ccbd0eb3a9b14fbf33933daf62620a4b0268c75de68081bf88"}, @generic={0x99, 0x10, "a292bce5a25456e98b6bcd05464b13a2ca0e8c6d86dd0d966002d1d2db048d8e4a36967402c951c6d6247861b3a6968f2f523eb2d043fc44a3bf85112077a50fca658a0acd6b44fb6f5e867222e68af6b665089b5541aebf3ad2601a6875cef106441629c9a9e6f346abab783673b7631fe4ccd064b6f136c536b246d18d8d694e07af8800995e245b28cc0f00d0b9db9228e5a4dc2cdc"}]}}, {{0x9, 0x5, 0x3f1f50d4c9453448, 0x4, 0x200, 0x3, 0x3, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x0, 0x100}]}}, {{0x9, 0x5, 0x1, 0x0, 0x200, 0x9, 0x5, 0x0, [@generic={0xa0, 0x10, "72ec4231a8f6e33392fd9b38f9ed022a69c1511583ecbb192c3588b53ace60c28c2f9e66020dc50fb96942efc384c8ba893e17e950b12d0528881a9138aa55cbb1947a1246893d4ddeb126c1d2f5b392af18c459387cd6d0d9e19465f4fe399ebc11b69e68e5987dd0149e962f7a4c854fe36014204e33272a84a492b944d8907620408062b741ab3fcecdf1fd7b0c799932b935f74c281a34c23f9da224"}]}}, {{0x9, 0x5, 0x8, 0x2, 0x10, 0x4, 0x7, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xc, 0x4}]}}, {{0x9, 0x5, 0x7, 0x28f0af827501d77, 0x400, 0x9, 0xea, 0x2, [@generic={0x61, 0x39, "aa03e6a7fb59c421578b0d53d04971997ec4ab66f48686b2b2c5131de79f656f4af273ea4b1ac1ebe4767c266cceaf0a0f8154b97a7a7dc3966c9f7ff96caa5220557d041090ccba4c0ecc1a7a7a75a919332289bf4724c3954870e11b6088"}, @generic={0xc1, 0x10, "daba3b5f3e5439abb58ddd5e414fce9c40bd3b81093ce1a4dd7a8dee505d6fcd9afd5cca872d55766dbdd166daadb6b5832c09078264472fa4a3119ca8eb716c063a496dbef44850be1aca599c00dfd7cfe71e686b37a0d93d68a5ecb7ee094fe56b80e9f59796ca881a5ef361ddb1d771072b502dd166c6bfd7be8ec7728fd8964c2a2ef7b24b8369ef1aafcc31a92aefa55a32a4a73fc1e72d31de01c11fc120c8fb07549558ee21b25f819384dc7a418858c37fec7a36908ab1e06c6eff"}]}}, {{0x9, 0x5, 0x7, 0x11, 0x10, 0xf, 0x3, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0xf7, 0x5}]}}, {{0x9, 0x5, 0x7, 0x0, 0x3ff, 0x5, 0x3, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3}]}}, {{0x9, 0x5, 0xb, 0x10, 0x40, 0x80, 0x5, 0x88, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0x4}]}}, {{0x9, 0x5, 0x2, 0x0, 0x400, 0x6, 0x2, 0x4}}, {{0x9, 0x5, 0xb, 0x2, 0x20, 0x3, 0x80, 0x36, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x6, 0x9}, @generic={0x1d, 0x21, "402d3abf9e6f7e7ecd74de3cbb3240a3759f95f72e9ba0892630ad"}]}}, {{0x9, 0x5, 0xf, 0x10, 0x10, 0x8, 0x1, 0x0, [@generic={0x87, 0xa, "9a9551a3a2dfbae6c30de1c3a5699af2f5900e78de0d11fad564761483fb6909e3085d786715a64bee57f77ec57e233827be34010c8d941effcc1769a754e512424279839288305b0419324af6650d31382a181f63243c4a7787fe0fca2b55f9d53aefdf04f8e96e2b5eaeab4ae1783e523fe59d27fae31ad8c310980de0c78582c958e040"}]}}]}}]}}]}}, &(0x7f0000000d80)={0xa, &(0x7f0000000b00)={0xa, 0x6, 0x300, 0x1, 0x1, 0x7f, 0xff, 0x5}, 0x27, &(0x7f0000000b40)={0x5, 0xf, 0x27, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0xc, 0x7, 0x4a35}, @ext_cap={0x7, 0x10, 0x2, 0x1c, 0x4, 0x0, 0x40}, @ssp_cap={0x14, 0x10, 0xa, 0x4, 0x2, 0x1, 0xf00f, 0x6, [0xff00f0, 0x0]}]}, 0x6, [{0x91, &(0x7f0000000b80)=@string={0x91, 0x3, "24f5e42ef46228274a82c23e50927dd7e8a7987fa85a54d74741a29ccbe18ac911dafaf4de3332942a5b639ed75874a971fe0f847ec524afb4378dd11181fa78241995e3d98b0b98e6d1edd3bb5603d7517ff8a6a699ff64652b7f35bc9851315b9663c2db41c697a0ba8074e0f4804fbf3d141d6788dcd68bcd917978ae76d505bff878b0562b2e697210411738bd"}}, {0x4, &(0x7f0000000c40)=@lang_id={0x4}}, {0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x404}}, {0x4, &(0x7f0000000cc0)=@lang_id={0x4, 0x3, 0xc00}}, {0x4, &(0x7f0000000d00)=@lang_id={0x4, 0x3, 0x405}}, {0x4, &(0x7f0000000d40)=@lang_id={0x4, 0x3, 0x810}}]})
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@global=@item_012={0x1, 0x1, 0x8, "1f"}, @main=@item_012={0x2, 0x0, 0x8, 'Q;'}, @local=@item_012={0x1, 0x2, 0x5, "94"}]}}, 0x0}, 0x0)

9m21.063946572s ago: executing program 3 (id=372):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x3a4, &(0x7f0000000040)=ANY=[])
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000029c0)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r3, &(0x7f0000001580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
recvmmsg(r3, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000015c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f0000003a40)=""/4105, 0x1009}, {&(0x7f00000002c0)=""/70, 0x46}, {&(0x7f0000000480)=""/74, 0x4a}], 0x5}, 0x1801}], 0x1, 0x120, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)

9m17.186730099s ago: executing program 3 (id=378):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001340)={0xf, {"a2e3ad21e08eeb661b5d500987f70e06d038e7ff7fc6e5539b0d650e8b089b3f373b68090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bd4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000b8fd84e9463889dae599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) (fail_nth: 1)
lseek(0xffffffffffffffff, 0x851, 0x0)
execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x1c3425, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180))
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000080), 0xc, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x4000)
keyctl$read(0xb, 0x0, 0x0, 0x0)
setuid(0x0)

9m15.388151114s ago: executing program 3 (id=379):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000300)="2000000011008188040f80ec59acbc0413a181014100000000010000000000000e0041", 0x23}], 0x1}, 0x20000010)

9m14.220834733s ago: executing program 3 (id=381):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x2008084)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, 0x0)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}})
bind$llc(r0, &(0x7f0000000140)={0x1a, 0x0, 0x0, 0x0, 0x3, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)

9m10.622146114s ago: executing program 3 (id=386):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x8d0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
sendto(r0, &(0x7f0000000000)="f52a", 0x2, 0x20008080, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x2, 0x7, 0x4e, 0x5, 0x2, 0x0, 0x70bd29, 0x25dfdbfc}, 0x10}}, 0x4040004)
read$usbmon(r2, &(0x7f0000000040)=""/206, 0xce)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061115b0000000000850000001a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
request_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000240)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa1b86dd60cb653e00483afffe800000000000000000000000000000ff02000000000000000000000000000101049078140000006f02dc5f000900fffe800000000000000000000000000010fe8000000000000000000000000000aa2f010000000000000708c696b4199f0c15a19a00000003000d08000000000000000a14be257acb4d053928124460c9a72b1a748060f9784c0cf95cee60a2364963232e1bfd072d6450e48fcc5e50ce"], 0x0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000000)={0x60, 0x3, 0x2, 0x0, 0xf7, 0x9, &(0x7f0000000140)="3ff2662ac9062b457b2bea457ce45435f9430fe70c5f6e15c289c19a00770857ad59b3474bf7e8b61ca6d05130666db0bbde7a99b058802cd099dd0e06d235a3971c4a0439eb6a4415a32a43762500f875cd6ad3e4022e245c2f0c5dbdb3cf9733573a72172443b23e3a15d830d596d88f8674c998bad7349a0390d89145b6003edb8e5c4ad2aa933f36809eac7ca636eee9923968e9af8d15848fabe87782c5e5fc14f0b55a84631f49ea6326169e0eb3a46c9427076fee0059e9e003491860ee7020106ab0160cb07715b597b472896cbcbc952fa3c284af097c818911305a03019b41d9bd92ba194da0546df512d3ed28dcb11c5512"})
openat$full(0xffffffffffffff9c, &(0x7f0000000340), 0x290540, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1})

8m55.537811464s ago: executing program 34 (id=386):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x5820a61ca228651, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x8d0)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
sendto(r0, &(0x7f0000000000)="f52a", 0x2, 0x20008080, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/raw6\x00')
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)={0x2, 0x7, 0x4e, 0x5, 0x2, 0x0, 0x70bd29, 0x25dfdbfc}, 0x10}}, 0x4040004)
read$usbmon(r2, &(0x7f0000000040)=""/206, 0xce)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90f24fc60", 0x8c0}], 0x1}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061115b0000000000850000001a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
request_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000240)=ANY=[@ANYBLOB="e33110495bfdaaaaaaaaaa1b86dd60cb653e00483afffe800000000000000000000000000000ff02000000000000000000000000000101049078140000006f02dc5f000900fffe800000000000000000000000000010fe8000000000000000000000000000aa2f010000000000000708c696b4199f0c15a19a00000003000d08000000000000000a14be257acb4d053928124460c9a72b1a748060f9784c0cf95cee60a2364963232e1bfd072d6450e48fcc5e50ce"], 0x0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000000)={0x60, 0x3, 0x2, 0x0, 0xf7, 0x9, &(0x7f0000000140)="3ff2662ac9062b457b2bea457ce45435f9430fe70c5f6e15c289c19a00770857ad59b3474bf7e8b61ca6d05130666db0bbde7a99b058802cd099dd0e06d235a3971c4a0439eb6a4415a32a43762500f875cd6ad3e4022e245c2f0c5dbdb3cf9733573a72172443b23e3a15d830d596d88f8674c998bad7349a0390d89145b6003edb8e5c4ad2aa933f36809eac7ca636eee9923968e9af8d15848fabe87782c5e5fc14f0b55a84631f49ea6326169e0eb3a46c9427076fee0059e9e003491860ee7020106ab0160cb07715b597b472896cbcbc952fa3c284af097c818911305a03019b41d9bd92ba194da0546df512d3ed28dcb11c5512"})
openat$full(0xffffffffffffff9c, &(0x7f0000000340), 0x290540, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0xc0105502, &(0x7f0000000300)={0x1})

5.793752293s ago: executing program 1 (id=1384):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000000)=ANY=[], 0x8, 0x0)

5.625959007s ago: executing program 1 (id=1386):
r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000500), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x10, 0x3, 0x0)
write(r4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000040)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r1, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r8 = semget$private(0x0, 0x4000000009, 0x0)
semop(r8, 0x0, 0x0)
semctl$IPC_RMID(r8, 0x0, 0x0)
open$dir(0x0, 0x200200, 0x15)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r9, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'rr\x00', 0x15, 0x80001088, 0x73}, 0x2c)
sendmsg$NL80211_CMD_SET_QOS_MAP(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYRES16=r6], 0x38}, 0x1, 0x0, 0x0, 0x4000050}, 0x4004090)

5.513115358s ago: executing program 4 (id=1387):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x8000000080000004, 0x1c1a80)
ioctl$LOOP_CHANGE_FD(r0, 0x4c05, 0xffffffffffffffff)

5.223185422s ago: executing program 4 (id=1388):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$nullb(0xffffffffffffff9c, 0x0, 0x147c40, 0x0)
keyctl$clear(0x5, 0xffffffffffffffff)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
syz_usb_connect(0x6, 0x63, &(0x7f0000000540)=ANY=[@ANYBLOB="1201010240d85bc7b1131100345c010203010902510011040800070904880400f7f98a060724060000d2cf0524001c620d240f01000000000200050002090403080353ee970509050810200009090c05f6ce740000000000000f0300040609fe09050d00000402070eec32319e86e1a0923deb6449e03f9aa6603c260ad68e2734f7b91a46a2196270e99100b939d904f58158fa891b3fcf862e1984569f07805cd77cbb771e9db1f5a9cecebadd88c31afc697b826b27b31f655c746714c4cd3039a01944e8875f55cdc21a3f7edc61406450bc7ffbd7bc19490ebfe3849bf447a7751b8abf1448b511ecfa16585d2136a7aa77b4e820190d3c83d3280faf728c58154338cdac0ca5940abca16afa0e14d635a68e004e0f44649a09631639bb22e03bce46cb4d1e53bf341434574a71fb"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x5c, 0x30, 0x301, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xffffffff}}]}, {0x5b}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x5c}}, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000300)={0x6a, {{0x2, 0x4e22, @broadcast}}}, 0x88)
sched_setaffinity(0x0, 0x0, 0x0)
r7 = socket$phonet_pipe(0x23, 0x5, 0x2)
connect$phonet_pipe(r7, &(0x7f0000000040)={0x23, 0x0, 0x0, 0x1}, 0x10)
ioctl$SIOCPNENABLEPIPE(r7, 0x89ed, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40186f40, &(0x7f0000000440)=0x1f)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={0x60, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_a, @device_a, @from_mac}, 0x0, @default, 0x8001, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_BEACON_TAIL={0x4}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x60}}, 0x0)

2.981434233s ago: executing program 1 (id=1389):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$vbi(0x0, 0x0, 0x2)
syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r3, 0xc0040d07, &(0x7f0000000040)=0x121)

1.702498347s ago: executing program 4 (id=1390):
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x10, 0x0)
mmap$usbfs(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000000, 0x8010, r0, 0x3)
mount(&(0x7f0000000000)=@nullb, 0x0, 0x0, 0x2808008, &(0x7f00000000c0)='\x00')
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
ptrace$poke(0x5, r2, &(0x7f00000002c0), 0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$mouse(&(0x7f0000000340), 0x6, 0x2a2442)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount(&(0x7f0000000040)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x4418, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x74, 0x30, 0x51b, 0x0, 0x0, {}, [{0x60, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}]}]}, 0x74}}, 0x0)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e0001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

1.469992163s ago: executing program 1 (id=1391):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001340), 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x44, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x10, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x1, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x8000010}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqsrc(r2, 0x0, 0x3, 0x0, 0x0)
sendmmsg(r1, 0x0, 0x0, 0x0)
read$msr(r0, &(0x7f000001b700)=""/102392, 0x18ff8)
r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000000)=0x101000000, 0x12)
r4 = socket$inet6(0xa, 0x3, 0x3a)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r4, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14)
bind$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)

658.7529ms ago: executing program 4 (id=1392):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f0000000080)="0f231335200000000f060f01d19cc46ac31578bc2e14ca000800c800c801cfb9800000c00f3235000800000f300f79e9362e0f01fa43ad410f21fb", 0x3b}], 0x1, 0x63, 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000800, &(0x7f0000000040)={0xa, 0x3, 0xffff, @empty, 0xfffffff9}, 0x1c)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_audit(0x10, 0x3, 0x9)
mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x0)
syz_open_dev$video4linux(&(0x7f0000000080), 0x100000008, 0x0)
r1 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
getsockopt$inet_opts(r1, 0x0, 0x4, 0xfffffffffffffffe, &(0x7f0000000200))
socket(0x2, 0x80805, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = dup(r0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
pipe(0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

488.505007ms ago: executing program 1 (id=1393):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000000)=ANY=[], 0x8, 0x0)

442.82703ms ago: executing program 4 (id=1394):
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20000045)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newtaction={0x18, 0x1e, 0x109, 0x0, 0xfffffffe, {}, [{0x4}]}, 0x18}, 0x1, 0x2b1e}, 0x40)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000040), 0x4)
listen(r1, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0))
setns(r2, 0x8000000)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(r3, 0x54a0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40841}, 0x4)

430.427481ms ago: executing program 1 (id=1395):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000040))
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCSETSF2(r2, 0x402c542d, &(0x7f0000000140)={0xffff0000, 0x6, 0x9, 0x2, 0x7, "d171a6100600000009e49200", 0x802046, 0x200068e})
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0)
listen(r1, 0xf)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="12000000070000000400", @ANYBLOB="5a9ce97ca6bb6fb4caaa087df785f5233879ffb86468fe6a7be85a9594369e3e1e0b090556290186a14590d6405481b7ce4844d81a03230212bf86bb6d2348ed0da06ada63bfed6c551d9ebe5cdca44afbff5473eca0f2ab5754dc75044b9faefe2ca9d7975c", @ANYBLOB="00ffffffe900000005000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYRESHEX=r1], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000003c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000180)=""/52, 0x34}], 0x1}, 0xe}], 0x2, 0x0, 0x0)
unshare(0x20000400)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r4, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r4, 0xe)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0xad1, 0x0, 0xc})
ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x80}, {r4, 0x60}], 0x2, 0x0, 0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000008080), 0x1c3581, 0x0)
shutdown(r1, 0x1)

0s ago: executing program 4 (id=1396):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e2000000400060008000a00b5"], 0x48}}, 0x4000)

kernel console output (not intermixed with test programs):

v: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  471.313216][ T5841] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  472.703542][ T8231] batman_adv: batadv0: Adding interface: batadv_slave_0
[  472.703558][ T8231] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  472.703583][ T8231] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  472.757956][ T8231] batman_adv: batadv0: Adding interface: batadv_slave_1
[  472.757971][ T8231] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  472.757996][ T8231] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  473.229543][ T5841] Bluetooth: hci2: command tx timeout
[  476.824650][ T5841] Bluetooth: hci0: SCO packet for unknown connection handle 200
[  476.924508][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  476.933605][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  476.935830][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  476.947336][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  476.954881][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  478.560503][ T8231] hsr_slave_0: entered promiscuous mode
[  478.561793][ T8231] hsr_slave_1: entered promiscuous mode
[  478.563420][ T8231] debugfs: 'hsr0' already exists in 'hsr'
[  478.563436][ T8231] Cannot create hsr debugfs directory
[  479.074661][ T5853] Bluetooth: hci3: command tx timeout
[  479.942473][ T8599] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  479.942513][ T8599] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  479.956353][ T8599] overlayfs: overlapping lowerdir path
[  481.154678][ T5853] Bluetooth: hci3: command tx timeout
[  481.629259][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  481.650847][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  481.652029][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  481.653170][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  481.653945][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  482.613708][ T8477] chnl_net:caif_netlink_parms(): no params data found
[  482.755514][ T8646] FAULT_INJECTION: forcing a failure.
[  482.755514][ T8646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.755547][ T8646] CPU: 0 UID: 0 PID: 8646 Comm: syz.1.621 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  482.755568][ T8646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  482.755578][ T8646] Call Trace:
[  482.755585][ T8646]  <TASK>
[  482.755594][ T8646]  dump_stack_lvl+0x189/0x250
[  482.755627][ T8646]  ? __pfx____ratelimit+0x10/0x10
[  482.755652][ T8646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  482.755675][ T8646]  ? __pfx__printk+0x10/0x10
[  482.755694][ T8646]  ? __might_fault+0xb0/0x130
[  482.755728][ T8646]  should_fail_ex+0x46c/0x600
[  482.755758][ T8646]  _copy_from_user+0x2d/0xb0
[  482.755780][ T8646]  vmemdup_user+0x59/0xd0
[  482.755801][ T8646]  map_lookup_elem+0x23d/0x630
[  482.755823][ T8646]  ? bpf_lsm_bpf+0x9/0x20
[  482.755847][ T8646]  __sys_bpf+0x470/0x870
[  482.755868][ T8646]  ? __pfx___sys_bpf+0x10/0x10
[  482.755902][ T8646]  ? ksys_write+0x230/0x260
[  482.755925][ T8646]  ? __pfx_ksys_write+0x10/0x10
[  482.755942][ T8646]  ? rcu_is_watching+0x15/0xb0
[  482.755973][ T8646]  __x64_sys_bpf+0x7c/0x90
[  482.755993][ T8646]  do_syscall_64+0xfa/0x3b0
[  482.756009][ T8646]  ? lockdep_hardirqs_on+0x9c/0x150
[  482.756032][ T8646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.756049][ T8646]  ? clear_bhb_loop+0x60/0xb0
[  482.756070][ T8646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  482.756087][ T8646] RIP: 0033:0x7f62bc1feec9
[  482.756102][ T8646] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  482.756116][ T8646] RSP: 002b:00007f62ba466038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  482.756136][ T8646] RAX: ffffffffffffffda RBX: 00007f62bc455fa0 RCX: 00007f62bc1feec9
[  482.756148][ T8646] RDX: 0000000000000020 RSI: 0000200000000080 RDI: 0000000000000001
[  482.756160][ T8646] RBP: 00007f62ba466090 R08: 0000000000000000 R09: 0000000000000000
[  482.756171][ T8646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  482.756181][ T8646] R13: 00007f62bc456038 R14: 00007f62bc455fa0 R15: 00007ffc2282abc8
[  482.756216][ T8646]  </TASK>
[  483.255478][ T5853] Bluetooth: hci3: command tx timeout
[  483.797162][ T5853] Bluetooth: hci4: command tx timeout
[  484.233455][ T6446] bridge_slave_1: left allmulticast mode
[  484.233485][ T6446] bridge_slave_1: left promiscuous mode
[  484.234715][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.417794][ T6446] bridge_slave_0: left allmulticast mode
[  484.417824][ T6446] bridge_slave_0: left promiscuous mode
[  484.418075][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.510628][ T6446] bridge_slave_1: left allmulticast mode
[  484.510658][ T6446] bridge_slave_1: left promiscuous mode
[  484.510906][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.618484][ T6446] bridge_slave_0: left allmulticast mode
[  484.618514][ T6446] bridge_slave_0: left promiscuous mode
[  484.618762][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.953306][ T6446] bridge_slave_1: left allmulticast mode
[  484.953336][ T6446] bridge_slave_1: left promiscuous mode
[  484.953574][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.389340][ T8666] loop6: detected capacity change from 0 to 7
[  485.410664][ T5853] Bluetooth: hci3: command tx timeout
[  485.413192][    C1] blk_print_req_error: 25 callbacks suppressed
[  485.413232][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.413330][    C1] buffer_io_error: 25 callbacks suppressed
[  485.413364][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.425662][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.425765][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.427619][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.427671][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.429262][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.429336][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.553347][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.553604][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.568903][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.569008][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.575121][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.575222][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.575488][ T8666] ldm_validate_partition_table(): Disk read failed.
[  485.578259][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.578333][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.580533][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.580607][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.582441][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  485.582516][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  485.584976][ T8666] Dev loop6: unable to read RDB block 0
[  485.596078][ T8666]  loop6: unable to read partition table
[  485.598626][ T8666] loop6: partition table beyond EOD, truncated
[  485.598691][ T8666] loop_reread_partitions: partition scan of loop6 (úùƒå¡™‰üg¾CêjÌ–ã¢P=×!MX‹ºÐ	œëÜ%õ«`Éæ�˜Èµ4FLQkÝŠ5) failed (rc=-5)
[  485.962716][ T5853] Bluetooth: hci4: command tx timeout
[  486.376193][ T6446] bridge_slave_0: left allmulticast mode
[  486.377141][ T6446] bridge_slave_0: left promiscuous mode
[  486.381530][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.731617][ T6446] bridge_slave_1: left allmulticast mode
[  487.731647][ T6446] bridge_slave_1: left promiscuous mode
[  487.731891][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.838158][ T6446] bridge_slave_0: left allmulticast mode
[  487.838188][ T6446] bridge_slave_0: left promiscuous mode
[  487.838432][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.047486][ T5853] Bluetooth: hci4: command tx timeout
[  488.058731][ T8683] openvswitch: netlink: Missing valid actions attribute.
[  488.058766][ T8683] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  490.045661][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  490.114768][ T5853] Bluetooth: hci4: command tx timeout
[  490.190291][ T6446] bond0 (unregistering): Released all slaves
[  493.440032][ T8733] netlink: 20 bytes leftover after parsing attributes in process `syz.4.637'.
[  493.935363][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  494.106744][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  494.159207][ T5947] IPVS: starting estimator thread 0...
[  494.192428][ T6446] bond0 (unregistering): Released all slaves
[  494.254808][ T8747] IPVS: using max 9 ests per chain, 21600 per kthread
[  494.686849][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  494.821575][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  494.919017][ T6446] bond0 (unregistering): Released all slaves
[  495.265410][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  495.385445][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  495.485519][ T6446] bond0 (unregistering): Released all slaves
[  496.573609][ T8477] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.573756][ T8477] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.573968][ T8477] bridge_slave_0: entered allmulticast mode
[  496.597333][ T8477] bridge_slave_0: entered promiscuous mode
[  496.763148][ T8477] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.763258][ T8477] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.763444][ T8477] bridge_slave_1: entered allmulticast mode
[  496.808019][ T8477] bridge_slave_1: entered promiscuous mode
[  496.815055][ T8560] chnl_net:caif_netlink_parms(): no params data found
[  497.396910][ T8794] netlink: 'syz.1.645': attribute type 1 has an invalid length.
[  497.396931][ T8794] netlink: 224 bytes leftover after parsing attributes in process `syz.1.645'.
[  499.609891][ T8799] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  499.718422][ T8477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  499.907816][ T8477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  500.331344][ T8477] team0: Port device team_slave_0 added
[  500.474680][ T6446] hsr_slave_0: left promiscuous mode
[  500.525400][ T6446] hsr_slave_1: left promiscuous mode
[  500.526231][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  500.578431][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  500.829394][ T8823] capability: warning: `syz.4.654' uses deprecated v2 capabilities in a way that may be insecure
[  500.840047][ T6446] hsr_slave_0: left promiscuous mode
[  500.885283][ T6446] hsr_slave_1: left promiscuous mode
[  500.885811][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  500.927353][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.161326][ T6446] hsr_slave_0: left promiscuous mode
[  501.196720][ T6446] hsr_slave_1: left promiscuous mode
[  501.203856][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  501.230601][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  501.481943][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  501.482018][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  503.565397][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  503.685659][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  504.895679][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  505.006882][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  506.245268][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  506.375898][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  506.952118][ T8477] team0: Port device team_slave_1 added
[  507.215227][ T8838] vcan0: tx drop: invalid da for name 0xfffffffffffffffc
[  507.288939][ T8840] fuse: Unknown parameter 'user_i0000000000000000000000000000000000000000'
[  507.356479][ T8840] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  507.457913][   T37] audit: type=1800 audit(2000000129.540:186): pid=8843 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.661" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  508.295664][ T8560] bridge0: port 1(bridge_slave_0) entered blocking state
[  508.295804][ T8560] bridge0: port 1(bridge_slave_0) entered disabled state
[  508.295934][ T8560] bridge_slave_0: entered allmulticast mode
[  508.297457][ T8560] bridge_slave_0: entered promiscuous mode
[  508.363626][ T8560] bridge0: port 2(bridge_slave_1) entered blocking state
[  508.363825][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state
[  508.364025][ T8560] bridge_slave_1: entered allmulticast mode
[  508.369036][ T8560] bridge_slave_1: entered promiscuous mode
[  508.371199][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  508.371211][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  508.371235][ T8477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  508.405375][ T8477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  508.405388][ T8477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  508.405412][ T8477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  509.010468][ T8560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  509.068018][ T8560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  509.914913][ T8477] hsr_slave_0: entered promiscuous mode
[  509.916319][ T8477] hsr_slave_1: entered promiscuous mode
[  509.988376][ T8560] team0: Port device team_slave_0 added
[  509.989270][ T8618] chnl_net:caif_netlink_parms(): no params data found
[  510.035109][ T8560] team0: Port device team_slave_1 added
[  510.834771][ T8861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.664'.
[  510.836402][ T8861] netlink: 28 bytes leftover after parsing attributes in process `syz.1.664'.
[  510.935668][ T8861] ubi31: attaching mtd0
[  511.002038][ T8861] ubi31: scanning is finished
[  511.002083][ T8861] ubi31: empty MTD device detected
[  511.572848][ T8861] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  511.572877][ T8861] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  511.572894][ T8861] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  511.572910][ T8861] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  511.572927][ T8861] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  511.572942][ T8861] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  511.572959][ T8861] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3292495821
[  511.572980][ T8861] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  511.573964][ T8865] ubi31: background thread "ubi_bgt31d" started, PID 8865
[  512.088896][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_0
[  512.088911][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  512.088935][ T8560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  513.074894][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_1
[  513.074911][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  513.074936][ T8560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  515.691533][ T1239] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  515.715416][ T8618] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.715549][ T8618] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.715732][ T8618] bridge_slave_0: entered allmulticast mode
[  515.717917][ T8618] bridge_slave_0: entered promiscuous mode
[  515.844621][ T1239] usb 2-1: Using ep0 maxpacket: 8
[  515.846923][ T1239] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 15
[  515.846987][ T1239] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x16, changing to 0x6
[  515.847012][ T1239] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  515.850040][ T1239] usb 2-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  515.850065][ T1239] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  515.850084][ T1239] usb 2-1: Product: syz
[  515.850098][ T1239] usb 2-1: Manufacturer: syz
[  515.850111][ T1239] usb 2-1: SerialNumber: syz
[  515.925425][ T1239] usb 2-1: config 0 descriptor??
[  516.188532][ T1239] powermate 2-1:0.0: probe with driver powermate failed with error -5
[  516.239094][ T8618] bridge0: port 2(bridge_slave_1) entered blocking state
[  516.241533][ T8618] bridge0: port 2(bridge_slave_1) entered disabled state
[  516.241652][ T8618] bridge_slave_1: entered allmulticast mode
[  516.243079][ T8618] bridge_slave_1: entered promiscuous mode
[  516.862681][ T8560] hsr_slave_0: entered promiscuous mode
[  516.875036][ T8560] hsr_slave_1: entered promiscuous mode
[  516.876005][ T8560] debugfs: 'hsr0' already exists in 'hsr'
[  516.876029][ T8560] Cannot create hsr debugfs directory
[  517.188336][ T5842] usb 2-1: USB disconnect, device number 13
[  517.550228][ T8618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  517.587719][ T8618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.471396][ T5853] Bluetooth: hci1: unexpected event for opcode 0x0c23
[  519.136728][ T8618] team0: Port device team_slave_0 added
[  519.195089][ T8618] team0: Port device team_slave_1 added
[  520.629042][ T8618] batman_adv: batadv0: Adding interface: batadv_slave_0
[  520.629057][ T8618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  520.629082][ T8618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  520.788521][ T8618] batman_adv: batadv0: Adding interface: batadv_slave_1
[  520.788536][ T8618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  520.788561][ T8618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  521.317834][ T8941] netlink: 20 bytes leftover after parsing attributes in process `syz.4.688'.
[  523.464325][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  523.483150][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  523.500703][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  523.501961][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  523.502585][ T8941] netlink: 8 bytes leftover after parsing attributes in process `syz.4.688'.
[  523.502604][ T8941] netlink: 12 bytes leftover after parsing attributes in process `syz.4.688'.
[  523.538658][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  523.724724][   T31] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  523.821858][ T8618] hsr_slave_0: entered promiscuous mode
[  523.830934][ T8618] hsr_slave_1: entered promiscuous mode
[  523.837200][ T8618] debugfs: 'hsr0' already exists in 'hsr'
[  523.837224][ T8618] Cannot create hsr debugfs directory
[  523.886254][   T31] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  523.886279][   T31] usb 2-1: config 1 has no interface number 0
[  523.886327][   T31] usb 2-1: config 1 interface 105 has no altsetting 0
[  523.897456][   T31] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  523.897481][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.897507][   T31] usb 2-1: Product: syz
[  523.897521][   T31] usb 2-1: Manufacturer: syz
[  523.897534][   T31] usb 2-1: SerialNumber: syz
[  524.476329][ T8961] netlink: 'syz.4.691': attribute type 8 has an invalid length.
[  524.604046][ T8963] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.692'.
[  525.141091][   T31] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  525.141632][   T31] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  525.635175][ T8969] _ÐZ`Ô€@ÿÃ: entered promiscuous mode
[  525.923086][ T5853] Bluetooth: hci5: command tx timeout
[  526.140572][   T31] aqc111 2-1:1.105 eth13: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 38:ed:5c:4a:89:cc
[  526.147805][   T31] usb 2-1: USB disconnect, device number 14
[  526.153769][   T31] aqc111 2-1:1.105 eth13: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  526.625389][ T6446] bridge_slave_1: left allmulticast mode
[  526.625420][ T6446] bridge_slave_1: left promiscuous mode
[  526.625669][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.637830][   T31] aqc111 2-1:1.105 eth13 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  526.637989][   T31] aqc111 2-1:1.105 eth13 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  526.638127][   T31] aqc111 2-1:1.105 eth13 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  526.730163][ T6446] bridge_slave_0: left allmulticast mode
[  526.730255][ T6446] bridge_slave_0: left promiscuous mode
[  526.730515][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.834909][ T6446] bridge_slave_1: left allmulticast mode
[  526.834939][ T6446] bridge_slave_1: left promiscuous mode
[  526.837284][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.930906][ T6446] bridge_slave_0: left allmulticast mode
[  526.930941][ T6446] bridge_slave_0: left promiscuous mode
[  526.931937][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  527.455322][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  527.545318][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  527.622779][ T6446] bond0 (unregistering): Released all slaves
[  527.954692][ T5853] Bluetooth: hci5: command tx timeout
[  528.029405][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  528.125501][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  528.229529][ T8984] netlink: 60 bytes leftover after parsing attributes in process `syz.4.697'.
[  528.239368][ T8984] unsupported nlmsg_type 40
[  529.218530][ T8986] overlayfs: failed to clone upperpath
[  529.223243][ T6446] bond0 (unregistering): Released all slaves
[  530.357509][ T5853] Bluetooth: hci5: command tx timeout
[  531.053235][ T8998] sp0: Synchronizing with TNC
[  531.322518][ T8560] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  531.418919][ T8992] [U] è
[  531.823929][ T8560] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  532.472766][ T5853] Bluetooth: hci5: command tx timeout
[  532.550350][ T8560] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  532.745202][ T9008] netlink: 'syz.4.704': attribute type 11 has an invalid length.
[  532.961182][ T8560] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  533.129085][ T6446] hsr_slave_0: left promiscuous mode
[  533.166070][ T6446] hsr_slave_1: left promiscuous mode
[  533.167528][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  533.533404][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  534.348657][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  534.552931][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  534.609296][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  534.622781][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  534.636388][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  534.901342][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  534.902189][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  538.115826][ T5841] Bluetooth: hci2: command tx timeout
[  540.194593][ T5853] Bluetooth: hci2: command tx timeout
[  540.245251][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  540.365608][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  541.257970][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  541.276204][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  541.282895][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  541.302218][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  541.313312][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  541.830508][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  541.922290][ T9048] loop5: detected capacity change from 0 to 7
[  542.015021][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  542.024321][ T6314] blk_print_req_error: 5 callbacks suppressed
[  542.024331][ T6314] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.024347][ T6314] buffer_io_error: 5 callbacks suppressed
[  542.024352][ T6314] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.085591][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.085624][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.090449][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.091583][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.096914][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.097237][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.101902][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.102294][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.124683][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.124712][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.124808][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.124822][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.124872][ T9048] ldm_validate_partition_table(): Disk read failed.
[  542.124906][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.124919][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.124988][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.125001][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.125069][ T9048] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  542.125081][ T9048] Buffer I/O error on dev loop5, logical block 0, async page read
[  542.125189][ T9048] Dev loop5: unable to read RDB block 0
[  542.125466][ T9048]  loop5: unable to read partition table
[  542.125596][ T9048] loop5: partition table beyond EOD, truncated
[  542.125626][ T9048] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  542.304593][ T5841] Bluetooth: hci2: command tx timeout
[  543.387618][    C1] vkms_vblank_simulate: vblank timer overrun
[  543.617218][ T5841] Bluetooth: hci3: command tx timeout
[  544.173512][ T9067] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  544.292235][ T8946] chnl_net:caif_netlink_parms(): no params data found
[  544.369315][ T5841] Bluetooth: hci2: command tx timeout
[  544.940094][    C1] vkms_vblank_simulate: vblank timer overrun
[  544.967373][    C1] vkms_vblank_simulate: vblank timer overrun
[  545.634911][ T5841] Bluetooth: hci3: command tx timeout
[  545.807248][ T5947] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  545.994590][ T5947] usb 2-1: Using ep0 maxpacket: 32
[  545.999300][ T5947] usb 2-1: config 0 has an invalid interface number: 230 but max is 0
[  545.999325][ T5947] usb 2-1: config 0 has no interface number 0
[  545.999355][ T5947] usb 2-1: too many endpoints for config 0 interface 230 altsetting 2: 210, using maximum allowed: 30
[  545.999398][ T5947] usb 2-1: config 0 interface 230 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 210
[  545.999424][ T5947] usb 2-1: config 0 interface 230 has no altsetting 0
[  546.002513][ T5947] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  546.002539][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  546.002558][ T5947] usb 2-1: Product: syz
[  546.002572][ T5947] usb 2-1: Manufacturer: syz
[  546.002586][ T5947] usb 2-1: SerialNumber: syz
[  546.016046][ T5947] usb 2-1: config 0 descriptor??
[  546.031644][ T5947] ums-usbat 2-1:0.230: USB Mass Storage device detected
[  546.056596][ T5947] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  546.118154][ T8946] bridge0: port 1(bridge_slave_0) entered blocking state
[  546.118776][ T8946] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.119488][ T8946] bridge_slave_0: entered allmulticast mode
[  546.131242][ T8946] bridge_slave_0: entered promiscuous mode
[  546.193207][ T8946] bridge0: port 2(bridge_slave_1) entered blocking state
[  546.193482][ T8946] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.193720][ T8946] bridge_slave_1: entered allmulticast mode
[  546.201317][ T8946] bridge_slave_1: entered promiscuous mode
[  546.319383][ T5947] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5
[  546.334265][ T5947] usb 2-1: USB disconnect, device number 15
[  546.689971][ T8946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  546.753530][ T8946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  547.157546][ T8946] team0: Port device team_slave_0 added
[  547.158336][ T9021] chnl_net:caif_netlink_parms(): no params data found
[  547.177360][ T9044] chnl_net:caif_netlink_parms(): no params data found
[  547.184550][ T5849] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  547.209059][ T8946] team0: Port device team_slave_1 added
[  547.555146][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.564345][ T5849] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  547.564371][ T5849] usb 2-1: config 0 has no interface number 0
[  547.564418][ T5849] usb 2-1: config 0 interface 51 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  547.564556][ T5849] usb 2-1: config 0 interface 51 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  547.567001][ T5849] usb 2-1: New USB device found, idVendor=061c, idProduct=c084, bcdDevice=f5.fc
[  547.567027][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3
[  547.567047][ T5849] usb 2-1: Product: syz
[  547.567061][ T5849] usb 2-1: Manufacturer: syz
[  547.567075][ T5849] usb 2-1: SerialNumber: syz
[  547.725824][    C1] vkms_vblank_simulate: vblank timer overrun
[  547.779696][ T5849] usb 2-1: config 0 descriptor??
[  547.893234][    C1] vkms_vblank_simulate: vblank timer overrun
[  548.174810][ T5841] Bluetooth: hci3: command tx timeout
[  548.967297][ T9108] input: syz0 as /devices/virtual/input/input19
[  549.877429][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_0
[  549.877441][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.877455][ T8946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  549.904096][ T8946] batman_adv: batadv0: Adding interface: batadv_slave_1
[  549.904110][ T8946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  549.904135][ T8946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  550.194556][ T5841] Bluetooth: hci3: command tx timeout
[  551.576323][    T9] usb 2-1: USB disconnect, device number 16
[  552.015757][ T9021] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.023653][ T9021] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.023789][ T9021] bridge_slave_0: entered allmulticast mode
[  552.032022][ T9021] bridge_slave_0: entered promiscuous mode
[  552.051437][ T9044] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.051587][ T9044] bridge0: port 1(bridge_slave_0) entered disabled state
[  552.051784][ T9044] bridge_slave_0: entered allmulticast mode
[  552.078082][ T9044] bridge_slave_0: entered promiscuous mode
[  552.102831][ T8946] hsr_slave_0: entered promiscuous mode
[  552.157301][ T8946] hsr_slave_1: entered promiscuous mode
[  552.158261][ T8946] debugfs: 'hsr0' already exists in 'hsr'
[  552.164136][ T8946] Cannot create hsr debugfs directory
[  552.168925][ T9021] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.169053][ T9021] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.169242][ T9021] bridge_slave_1: entered allmulticast mode
[  552.306066][ T9021] bridge_slave_1: entered promiscuous mode
[  552.309293][ T9044] bridge0: port 2(bridge_slave_1) entered blocking state
[  552.309369][ T9044] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.309496][ T9044] bridge_slave_1: entered allmulticast mode
[  552.310924][ T9044] bridge_slave_1: entered promiscuous mode
[  552.435016][ T9141] netlink: 8 bytes leftover after parsing attributes in process `syz.4.737'.
[  552.435039][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.4.737'.
[  553.671202][ T9044] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  554.099393][ T9149] netlink: 'syz.1.739': attribute type 11 has an invalid length.
[  554.125827][ T9021] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  554.299336][ T9044] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  554.433069][ T9021] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  558.202834][   T49] libceph: connect (1)[c::]:6789 error -101
[  558.203424][   T49] libceph: mon0 (1)[c::]:6789 connect error
[  558.216062][   T49] libceph: connect (1)[c::]:6789 error -101
[  558.216264][   T49] libceph: mon0 (1)[c::]:6789 connect error
[  558.249352][ T9176] ceph: No mds server is up or the cluster is laggy
[  558.378514][ T9182] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized
[  558.501466][   T49] libceph: connect (1)[c::]:6789 error -101
[  558.803930][   T49] libceph: mon0 (1)[c::]:6789 connect error
[  558.866858][ T9044] team0: Port device team_slave_0 added
[  558.868012][ T9182] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  558.966782][ T9186] netlink: 20 bytes leftover after parsing attributes in process `syz.4.748'.
[  558.996231][ T9186] netlink: 20 bytes leftover after parsing attributes in process `syz.4.748'.
[  559.052330][ T9021] team0: Port device team_slave_0 added
[  559.140951][ T9044] team0: Port device team_slave_1 added
[  559.149235][ T9021] team0: Port device team_slave_1 added
[  559.790130][ T9191] netlink: 'syz.1.750': attribute type 11 has an invalid length.
[  560.018408][ T9195] netlink: 'syz.1.751': attribute type 9 has an invalid length.
[  560.184786][ T9044] batman_adv: batadv0: Adding interface: batadv_slave_0
[  560.184803][ T9044] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  560.184828][ T9044] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  560.279782][ T9021] batman_adv: batadv0: Adding interface: batadv_slave_0
[  560.279796][ T9021] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  560.279821][ T9021] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.241169][ T9044] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.241306][ T9044] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.241528][ T9044] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.667070][ T9021] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.667087][ T9021] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.667113][ T9021] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.923267][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  562.923342][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  566.739905][ T9021] hsr_slave_0: entered promiscuous mode
[  566.741248][ T9021] hsr_slave_1: entered promiscuous mode
[  566.742142][ T9021] debugfs: 'hsr0' already exists in 'hsr'
[  566.742164][ T9021] Cannot create hsr debugfs directory
[  567.672270][ T9044] hsr_slave_0: entered promiscuous mode
[  567.673631][ T9044] hsr_slave_1: entered promiscuous mode
[  567.729014][ T9044] debugfs: 'hsr0' already exists in 'hsr'
[  567.729039][ T9044] Cannot create hsr debugfs directory
[  567.804054][ T9239] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  571.173748][ T8946] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  571.604497][ T8946] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  572.388434][ T8946] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  572.774816][ T8946] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  578.151775][ T9296] team0 (unregistering): Port device team_slave_0 removed
[  578.172468][ T9296] team0 (unregistering): Port device team_slave_1 removed
[  580.325221][ T8946] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.325700][ T6446] bridge_slave_1: left allmulticast mode
[  580.325728][ T6446] bridge_slave_1: left promiscuous mode
[  580.325978][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.451186][ T6446] bridge_slave_0: left allmulticast mode
[  580.451217][ T6446] bridge_slave_0: left promiscuous mode
[  580.451480][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.689511][ T6446] bridge_slave_1: left allmulticast mode
[  580.689543][ T6446] bridge_slave_1: left promiscuous mode
[  580.689781][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.852153][ T6446] bridge_slave_0: left allmulticast mode
[  580.852174][ T6446] bridge_slave_0: left promiscuous mode
[  580.852323][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.899607][ T6446] bridge_slave_1: left allmulticast mode
[  580.899637][ T6446] bridge_slave_1: left promiscuous mode
[  580.899883][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  580.982589][ T6446] bridge_slave_0: left allmulticast mode
[  580.982618][ T6446] bridge_slave_0: left promiscuous mode
[  580.982867][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.444106][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  581.568323][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  581.618294][ T6446] bond0 (unregistering): Released all slaves
[  581.946735][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.045340][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.108426][ T6446] bond0 (unregistering): Released all slaves
[  582.465318][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.486729][ T5841] Bluetooth: hci0: unexpected subevent 0x0a length: 99 > 30
[  582.536707][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.588220][ T6446] bond0 (unregistering): Released all slaves
[  583.787926][ T9351] ubi: mtd0 is already attached to ubi31
[  583.908158][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  583.922179][ T9352] ip6erspan0: entered allmulticast mode
[  585.194781][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  585.205089][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  585.207524][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  585.208692][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  586.115004][ T6446] hsr_slave_0: left promiscuous mode
[  586.168438][ T6446] hsr_slave_1: left promiscuous mode
[  586.169314][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  586.226121][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  586.384591][ T9366] netlink: 60 bytes leftover after parsing attributes in process `syz.4.802'.
[  587.314631][ T5853] Bluetooth: hci4: command tx timeout
[  587.318125][ T6446] hsr_slave_0: left promiscuous mode
[  587.364605][ T6446] hsr_slave_1: left promiscuous mode
[  587.365467][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  587.390583][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  588.544607][ T6446] hsr_slave_0: left promiscuous mode
[  588.553253][ T9376] ubi: mtd0 is already attached to ubi31
[  588.594668][ T6446] hsr_slave_1: left promiscuous mode
[  588.595558][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  588.885098][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  589.503343][ T5853] Bluetooth: hci4: command tx timeout
[  590.190271][ T9388] netlink: 60 bytes leftover after parsing attributes in process `syz.1.810'.
[  591.276129][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  591.407156][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  591.557333][ T5853] Bluetooth: hci4: command tx timeout
[  593.284391][ T5849] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  593.497832][ T5849] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  593.497868][ T5849] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  593.497911][ T5849] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  593.497934][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.545363][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  593.615689][ T9403] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  593.635058][ T5853] Bluetooth: hci4: command tx timeout
[  593.645895][ T5849] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  593.689001][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  594.054644][ T5849] usb 2-1: USB disconnect, device number 17
[  594.438801][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  594.451811][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  594.460796][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  594.462504][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  594.463389][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  595.137084][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  596.405124][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  596.514594][ T5853] Bluetooth: hci5: command tx timeout
[  597.276867][ T9426] netlink: 60 bytes leftover after parsing attributes in process `syz.1.818'.
[  598.600120][ T5853] Bluetooth: hci5: command tx timeout
[  600.675033][ T5853] Bluetooth: hci5: command tx timeout
[  601.042234][ T9444] syz.1.822: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  601.042456][ T9444] CPU: 1 UID: 0 PID: 9444 Comm: syz.1.822 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  601.042482][ T9444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  601.042495][ T9444] Call Trace:
[  601.042503][ T9444]  <TASK>
[  601.042512][ T9444]  dump_stack_lvl+0x189/0x250
[  601.042547][ T9444]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  601.042582][ T9444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  601.042611][ T9444]  ? __pfx__printk+0x10/0x10
[  601.042635][ T9444]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  601.042657][ T9444]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  601.042686][ T9444]  warn_alloc+0x22e/0x3b0
[  601.042716][ T9444]  ? __pfx_warn_alloc+0x10/0x10
[  601.042740][ T9444]  ? __kasan_kmalloc+0x93/0xb0
[  601.042763][ T9444]  ? __kmalloc_cache_noprof+0x1a8/0x320
[  601.042788][ T9444]  ? xskq_create+0x56/0x170
[  601.042814][ T9444]  ? xsk_init_queue+0xb0/0x110
[  601.042839][ T9444]  ? xsk_setsockopt+0x57b/0x8d0
[  601.042861][ T9444]  ? do_sock_setsockopt+0x179/0x1b0
[  601.042879][ T9444]  ? __x64_sys_setsockopt+0x145/0x1b0
[  601.042895][ T9444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.042921][ T9444]  __vmalloc_node_range_noprof+0x125/0x12f0
[  601.042983][ T9444]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  601.043020][ T9444]  ? __kasan_kmalloc+0x93/0xb0
[  601.043048][ T9444]  vmalloc_user_noprof+0xad/0xf0
[  601.043077][ T9444]  ? xskq_create+0xbf/0x170
[  601.043106][ T9444]  xskq_create+0xbf/0x170
[  601.043138][ T9444]  xsk_init_queue+0xb0/0x110
[  601.043168][ T9444]  xsk_setsockopt+0x57b/0x8d0
[  601.043198][ T9444]  ? __pfx_xsk_setsockopt+0x10/0x10
[  601.043232][ T9444]  ? __fget_files+0x2a/0x420
[  601.043263][ T9444]  ? __fget_files+0x2a/0x420
[  601.043289][ T9444]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  601.043309][ T9444]  ? __pfx_xsk_setsockopt+0x10/0x10
[  601.043337][ T9444]  do_sock_setsockopt+0x179/0x1b0
[  601.043361][ T9444]  __x64_sys_setsockopt+0x145/0x1b0
[  601.043394][ T9444]  do_syscall_64+0xfa/0x3b0
[  601.043413][ T9444]  ? lockdep_hardirqs_on+0x9c/0x150
[  601.043442][ T9444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.043461][ T9444]  ? clear_bhb_loop+0x60/0xb0
[  601.043486][ T9444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.043505][ T9444] RIP: 0033:0x7f62bc1feec9
[  601.043524][ T9444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.043541][ T9444] RSP: 002b:00007f62ba424038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  601.043561][ T9444] RAX: ffffffffffffffda RBX: 00007f62bc456180 RCX: 00007f62bc1feec9
[  601.043577][ T9444] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000006
[  601.043589][ T9444] RBP: 00007f62bc281f91 R08: 0000000000000004 R09: 0000000000000000
[  601.043601][ T9444] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  601.043614][ T9444] R13: 00007f62bc456218 R14: 00007f62bc456180 R15: 00007ffc2282abc8
[  601.043646][ T9444]  </TASK>
[  601.052357][ T9444] Mem-Info:
[  601.052425][ T9444] active_anon:273 inactive_anon:29012 isolated_anon:0
[  601.052425][ T9444]  active_file:15997 inactive_file:41499 isolated_file:0
[  601.052425][ T9444]  unevictable:768 dirty:44 writeback:0
[  601.052425][ T9444]  slab_reclaimable:12410 slab_unreclaimable:101977
[  601.052425][ T9444]  mapped:32660 shmem:24052 pagetables:1292
[  601.052425][ T9444]  sec_pagetables:0 bounce:0
[  601.052425][ T9444]  kernel_misc_reclaimable:0
[  601.052425][ T9444]  free:1285892 free_pcp:8482 free_cma:0
[  601.052506][ T9444] Node 0 active_anon:1092kB inactive_anon:116048kB active_file:63652kB inactive_file:165996kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130588kB dirty:176kB writeback:0kB shmem:94672kB kernel_stack:13064kB pagetables:5036kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  601.052578][ T9444] Node 1 active_anon:0kB inactive_anon:0kB active_file:336kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  601.052644][ T9444] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  601.052750][ T9444] lowmem_reserve[]: 0 2511 2513 2513 2513
[  601.052847][ T9444] Node 0 DMA32 free:1228520kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1088kB inactive_anon:116004kB active_file:62636kB inactive_file:165928kB unevictable:1536kB writepending:176kB present:3129332kB managed:2572276kB mlocked:0kB bounce:0kB free_pcp:33928kB local_pcp:33268kB free_cma:0kB
[  601.052950][ T9444] lowmem_reserve[]: 0 0 1 1 1
[  601.053045][ T9444] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:44kB active_file:1016kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  601.053142][ T9444] lowmem_reserve[]: 0 0 0 0 0
[  601.053238][ T9444] Node 1 Normal free:3899688kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:336kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  601.053339][ T9444] lowmem_reserve[]: 0 0 0 0 0
[  601.053440][ T9444] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  601.058080][ T9444] Node 0 DMA32: 183*4kB (U) 745*8kB (UME) 86*16kB (UME) 290*32kB (UME) 96*64kB (UME) 54*128kB (UME) 188*256kB (UME) 84*512kB (UM) 33*1024kB (UM) 14*2048kB (UME) 255*4096kB (UM) = 1228484kB
[  601.058239][ T9444] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  601.058336][ T9444] Node 1 Normal: 242*4kB (U) 56*8kB (UE) 46*16kB (UME) 212*32kB (UME) 105*64kB (UME) 26*128kB (UE) 15*256kB (UME) 6*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3899688kB
[  601.058504][ T9444] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  601.058521][ T9444] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  601.058539][ T9444] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  601.058555][ T9444] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  601.058572][ T9444] 81546 total pagecache pages
[  601.058586][ T9444] 0 pages in swap cache
[  601.058593][ T9444] Free swap  = 124996kB
[  601.058601][ T9444] Total swap = 124996kB
[  601.058609][ T9444] 2097051 pages RAM
[  601.058616][ T9444] 0 pages HighMem/MovableOnly
[  601.058623][ T9444] 422084 pages reserved
[  601.058630][ T9444] 0 pages cma reserved
[  602.029395][ T9449] tmpfs: Unsupported parameter 'huge'
[  602.757327][ T5853] Bluetooth: hci5: command tx timeout
[  603.018689][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  603.034192][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  603.044822][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  603.063908][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  603.072503][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  604.041612][ T9353] chnl_net:caif_netlink_parms(): no params data found
[  604.452478][ T9473] netlink: 60 bytes leftover after parsing attributes in process `syz.1.827'.
[  605.229235][ T5853] Bluetooth: hci2: command tx timeout
[  607.290802][ T5853] Bluetooth: hci2: command tx timeout
[  608.301016][ T9411] chnl_net:caif_netlink_parms(): no params data found
[  608.588396][ T9353] bridge0: port 1(bridge_slave_0) entered blocking state
[  608.588539][ T9353] bridge0: port 1(bridge_slave_0) entered disabled state
[  608.588736][ T9353] bridge_slave_0: entered allmulticast mode
[  608.591429][ T9353] bridge_slave_0: entered promiscuous mode
[  608.648478][ T9353] bridge0: port 2(bridge_slave_1) entered blocking state
[  608.648615][ T9353] bridge0: port 2(bridge_slave_1) entered disabled state
[  608.648786][ T9353] bridge_slave_1: entered allmulticast mode
[  608.651465][ T9353] bridge_slave_1: entered promiscuous mode
[  608.700567][ T9504] overlayfs: failed to clone upperpath
[  608.905468][ T9504] ./file0: Can't lookup blockdev
[  608.971629][ T9509] netlink: 60 bytes leftover after parsing attributes in process `syz.1.837'.
[  609.325415][ T5853] Bluetooth: hci2: command tx timeout
[  611.459880][ T5853] Bluetooth: hci2: command tx timeout
[  611.887080][ T9353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.375974][ T9353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  614.487931][ T9353] team0: Port device team_slave_0 added
[  614.500234][ T9411] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.500451][ T9411] bridge0: port 1(bridge_slave_0) entered disabled state
[  614.500639][ T9411] bridge_slave_0: entered allmulticast mode
[  614.503455][ T9411] bridge_slave_0: entered promiscuous mode
[  615.036374][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.1.847'.
[  615.038285][ T9544] netlink: 28 bytes leftover after parsing attributes in process `syz.1.847'.
[  615.040634][ T9544] ubi: mtd0 is already attached to ubi31
[  616.587935][ T9353] team0: Port device team_slave_1 added
[  616.615332][ T9411] bridge0: port 2(bridge_slave_1) entered blocking state
[  616.615468][ T9411] bridge0: port 2(bridge_slave_1) entered disabled state
[  616.615654][ T9411] bridge_slave_1: entered allmulticast mode
[  616.618852][ T9411] bridge_slave_1: entered promiscuous mode
[  617.239255][ T9353] batman_adv: batadv0: Adding interface: batadv_slave_0
[  617.239270][ T9353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  617.239294][ T9353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  617.331316][ T9411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  617.334127][ T9353] batman_adv: batadv0: Adding interface: batadv_slave_1
[  617.334141][ T9353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  617.334173][ T9353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  617.420038][ T9411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  618.210759][ T9411] team0: Port device team_slave_0 added
[  618.501164][ T9457] chnl_net:caif_netlink_parms(): no params data found
[  619.443391][ T9411] team0: Port device team_slave_1 added
[  620.160505][ T9581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.858'.
[  620.160532][ T9581] netlink: 28 bytes leftover after parsing attributes in process `syz.4.858'.
[  621.113937][ T9353] hsr_slave_0: entered promiscuous mode
[  621.121397][ T9353] hsr_slave_1: entered promiscuous mode
[  621.342318][ T9411] batman_adv: batadv0: Adding interface: batadv_slave_0
[  621.342335][ T9411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.342360][ T9411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  621.514197][ T9411] batman_adv: batadv0: Adding interface: batadv_slave_1
[  621.514213][ T9411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.514238][ T9411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.616679][ T9589] syzkaller1: entered promiscuous mode
[  621.616698][ T9589] syzkaller1: entered allmulticast mode
[  623.495476][ T9457] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.495553][ T9457] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.495691][ T9457] bridge_slave_0: entered allmulticast mode
[  623.497121][ T9457] bridge_slave_0: entered promiscuous mode
[  624.478525][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  624.478600][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  624.616380][ T9618] =======================================================
[  624.616380][ T9618] WARNING: The mand mount option has been deprecated and
[  624.616380][ T9618]          and is ignored by this kernel. Remove the mand
[  624.616380][ T9618]          option from the mount to silence this warning.
[  624.616380][ T9618] =======================================================
[  624.619747][ T9618] overlayfs: failed to clone lowerpath
[  624.745099][ T9457] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.745252][ T9457] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.745477][ T9457] bridge_slave_1: entered allmulticast mode
[  624.757429][ T9457] bridge_slave_1: entered promiscuous mode
[  624.986022][ T9411] hsr_slave_0: entered promiscuous mode
[  624.987336][ T9411] hsr_slave_1: entered promiscuous mode
[  624.988237][ T9411] debugfs: 'hsr0' already exists in 'hsr'
[  624.988260][ T9411] Cannot create hsr debugfs directory
[  625.391119][ T9457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  627.631416][ T9457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  629.308796][ T9661] netlink: 20 bytes leftover after parsing attributes in process `syz.1.888'.
[  630.243689][ T9661] netlink: 8 bytes leftover after parsing attributes in process `syz.1.888'.
[  630.243764][ T9661] netlink: 12 bytes leftover after parsing attributes in process `syz.1.888'.
[  631.287119][ T9457] team0: Port device team_slave_0 added
[  631.343194][ T9457] team0: Port device team_slave_1 added
[  633.118903][ T9687] netlink: 20 bytes leftover after parsing attributes in process `syz.4.898'.
[  633.252468][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  633.252484][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.252514][ T9457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  633.309301][ T9687] netlink: 8 bytes leftover after parsing attributes in process `syz.4.898'.
[  633.309321][ T9687] netlink: 12 bytes leftover after parsing attributes in process `syz.4.898'.
[  633.337025][ T9457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  633.337039][ T9457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.337064][ T9457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  633.891929][ T6446] bridge_slave_1: left allmulticast mode
[  633.891960][ T6446] bridge_slave_1: left promiscuous mode
[  633.892207][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  633.976011][ T6446] bridge_slave_0: left allmulticast mode
[  633.976042][ T6446] bridge_slave_0: left promiscuous mode
[  633.976305][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  634.074630][ T6446] bridge_slave_1: left allmulticast mode
[  634.074661][ T6446] bridge_slave_1: left promiscuous mode
[  634.074901][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.166711][ T6446] bridge_slave_0: left allmulticast mode
[  634.166742][ T6446] bridge_slave_0: left promiscuous mode
[  634.166979][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  634.618025][ T6446] bridge_slave_1: left allmulticast mode
[  634.618046][ T6446] bridge_slave_1: left promiscuous mode
[  634.618185][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.696520][ T6446] bridge_slave_0: left allmulticast mode
[  634.696552][ T6446] bridge_slave_0: left promiscuous mode
[  634.696796][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.115341][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  635.274253][ T9708] netlink: 20 bytes leftover after parsing attributes in process `syz.1.907'.
[  635.295972][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  635.949786][ T9708] netlink: 8 bytes leftover after parsing attributes in process `syz.1.907'.
[  635.949826][ T9708] netlink: 12 bytes leftover after parsing attributes in process `syz.1.907'.
[  636.293913][ T6446] bond0 (unregistering): Released all slaves
[  636.525353][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  636.608824][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  636.668727][ T6446] bond0 (unregistering): Released all slaves
[  637.871371][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.955574][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  638.002853][ T6446] bond0 (unregistering): Released all slaves
[  638.076342][ T9457] hsr_slave_0: entered promiscuous mode
[  638.078260][ T9457] hsr_slave_1: entered promiscuous mode
[  638.079173][ T9457] debugfs: 'hsr0' already exists in 'hsr'
[  638.079195][ T9457] Cannot create hsr debugfs directory
[  639.408095][ T9727] netlink: 'syz.1.913': attribute type 1 has an invalid length.
[  639.408140][ T9727] netlink: 224 bytes leftover after parsing attributes in process `syz.1.913'.
[  640.425945][ T6446] hsr_slave_0: left promiscuous mode
[  640.434771][ T6446] hsr_slave_1: left promiscuous mode
[  640.435674][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  640.461057][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  640.574699][ T6446] hsr_slave_0: left promiscuous mode
[  640.596190][ T6446] hsr_slave_1: left promiscuous mode
[  640.597699][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  640.625422][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  640.883881][ T6446] hsr_slave_0: left promiscuous mode
[  640.904665][ T6446] hsr_slave_1: left promiscuous mode
[  640.905172][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  640.943995][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  642.098304][ T9747] vivid-007: =================  START STATUS  =================
[  642.098389][ T9747] vivid-007: Enable Output Cropping: true
[  642.098549][ T9747] vivid-007: Enable Output Composing: true
[  642.098646][ T9747] vivid-007: Enable Output Scaler: true
[  642.098756][ T9747] vivid-007: Tx RGB Quantization Range: Automatic
[  642.098851][ T9747] vivid-007: Transmit Mode: HDMI
[  642.098952][ T9747] vivid-007: Hotplug Present: 0x00000000
[  642.099059][ T9747] vivid-007: RxSense Present: 0x00000000
[  642.099153][ T9747] vivid-007: EDID Present: 0x00000000
[  642.099287][ T9747] vivid-007: ==================  END STATUS  ==================
[  642.995491][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  643.105437][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  644.056626][ T9752] netlink: 'syz.1.922': attribute type 1 has an invalid length.
[  644.056673][ T9752] netlink: 224 bytes leftover after parsing attributes in process `syz.1.922'.
[  645.061830][ T5841] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  645.071869][ T5841] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  645.073534][ T5841] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  645.111364][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  645.112143][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  647.273749][ T5841] Bluetooth: hci3: command tx timeout
[  647.296074][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  647.446855][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  648.416516][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  648.535284][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  649.336185][ T5841] Bluetooth: hci3: command tx timeout
[  651.154181][ T9411] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  651.507237][ T5841] Bluetooth: hci3: command tx timeout
[  653.336120][ T9411] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  654.481655][ T5841] Bluetooth: hci3: command tx timeout
[  654.930441][ T9457] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  655.443468][ T9457] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  655.539920][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  655.542814][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  655.544107][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  655.546063][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  655.552572][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  656.961427][ T9457] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  657.038914][ T9457] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  658.105761][ T5853] Bluetooth: hci4: command tx timeout
[  659.003540][ T9753] chnl_net:caif_netlink_parms(): no params data found
[  659.366211][ T9835] fuse: Unknown parameter '00000000000000000000006'
[  660.114620][ T5853] Bluetooth: hci4: command tx timeout
[  661.194767][ T9860] netlink: 'syz.1.947': attribute type 1 has an invalid length.
[  661.194842][ T9860] netlink: 224 bytes leftover after parsing attributes in process `syz.1.947'.
[  662.339860][ T5853] Bluetooth: hci4: command tx timeout
[  662.463348][ T9753] bridge0: port 1(bridge_slave_0) entered blocking state
[  662.463486][ T9753] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.463674][ T9753] bridge_slave_0: entered allmulticast mode
[  662.492073][ T9753] bridge_slave_0: entered promiscuous mode
[  662.513757][ T9753] bridge0: port 2(bridge_slave_1) entered blocking state
[  662.513956][ T9753] bridge0: port 2(bridge_slave_1) entered disabled state
[  662.514143][ T9753] bridge_slave_1: entered allmulticast mode
[  662.518595][ T9753] bridge_slave_1: entered promiscuous mode
[  662.800114][ T9753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  662.816407][ T9753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.538301][ T5853] Bluetooth: hci4: command tx timeout
[  665.594352][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  665.740416][ T5841] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  665.742647][ T5841] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  665.743835][ T5841] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  665.772789][ T5841] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  666.025088][ T9753] team0: Port device team_slave_0 added
[  666.165213][ T9753] team0: Port device team_slave_1 added
[  666.683275][ T9893] netlink: 'syz.1.958': attribute type 1 has an invalid length.
[  666.683416][ T9893] netlink: 224 bytes leftover after parsing attributes in process `syz.1.958'.
[  667.886295][ T5853] Bluetooth: hci2: command tx timeout
[  668.150981][ T9753] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.150998][ T9753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.151023][ T9753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.960668][ T9753] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.960684][ T9753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.960710][ T9753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  670.254654][ T5853] Bluetooth: hci2: command tx timeout
[  670.446842][ T9933] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  671.816725][ T9753] hsr_slave_0: entered promiscuous mode
[  671.818043][ T9753] hsr_slave_1: entered promiscuous mode
[  671.818954][ T9753] debugfs: 'hsr0' already exists in 'hsr'
[  671.818976][ T9753] Cannot create hsr debugfs directory
[  672.274663][ T5853] Bluetooth: hci2: command tx timeout
[  672.320445][   T37] audit: type=1326 audit(2000000294.430:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9961 comm="syz.1.972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bc1feec9 code=0x7fc00000
[  673.193760][   T37] audit: type=1326 audit(2000000295.300:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9961 comm="syz.1.972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bc1feec9 code=0x7fc00000
[  674.362021][ T9982] ubi: mtd0 is already attached to ubi31
[  674.401105][ T5853] Bluetooth: hci2: command tx timeout
[  674.615958][ T9981] netlink: 28 bytes leftover after parsing attributes in process `syz.1.976'.
[  674.616122][ T9981] netlink: 28 bytes leftover after parsing attributes in process `syz.1.976'.
[  676.450052][ T9812] chnl_net:caif_netlink_parms(): no params data found
[  678.311044][   T37] audit: type=1326 audit(2000000300.420:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10028 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bc1feec9 code=0x7ffc0000
[  678.311324][   T37] audit: type=1326 audit(2000000300.420:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10028 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=324 compat=0 ip=0x7f62bc1feec9 code=0x7ffc0000
[  678.435649][   T37] audit: type=1326 audit(2000000300.550:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10028 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bc1feec9 code=0x7ffc0000
[  678.435710][   T37] audit: type=1326 audit(2000000300.550:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10028 comm="syz.1.985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62bc1feec9 code=0x7ffc0000
[  679.478486][T10040] netlink: 'syz.1.986': attribute type 1 has an invalid length.
[  679.478531][T10040] netlink: 224 bytes leftover after parsing attributes in process `syz.1.986'.
[  682.668053][T10051] netlink: 28 bytes leftover after parsing attributes in process `syz.4.989'.
[  682.668084][T10051] netlink: 28 bytes leftover after parsing attributes in process `syz.4.989'.
[  685.682427][ T9812] bridge0: port 1(bridge_slave_0) entered blocking state
[  685.682610][ T9812] bridge0: port 1(bridge_slave_0) entered disabled state
[  685.682820][ T9812] bridge_slave_0: entered allmulticast mode
[  685.696574][ T9812] bridge_slave_0: entered promiscuous mode
[  685.798547][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  685.798591][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  685.808669][ T9812] bridge0: port 2(bridge_slave_1) entered blocking state
[  685.808816][ T9812] bridge0: port 2(bridge_slave_1) entered disabled state
[  685.808999][ T9812] bridge_slave_1: entered allmulticast mode
[  685.817696][ T9812] bridge_slave_1: entered promiscuous mode
[  686.537747][T10081] netlink: 'syz.1.995': attribute type 1 has an invalid length.
[  686.537767][T10081] netlink: 224 bytes leftover after parsing attributes in process `syz.1.995'.
[  688.598164][ T9812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  688.838989][ T9812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  689.268522][ T9878] chnl_net:caif_netlink_parms(): no params data found
[  691.455155][ T9812] team0: Port device team_slave_0 added
[  691.569364][ T9812] team0: Port device team_slave_1 added
[  692.790849][T10123] netlink: 'syz.1.1004': attribute type 1 has an invalid length.
[  692.790868][T10123] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1004'.
[  693.657213][T10126] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1006'.
[  693.657235][T10126] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1006'.
[  693.657260][T10126] netlink: 'syz.4.1006': attribute type 19 has an invalid length.
[  693.886113][ T9753] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  694.193367][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.193379][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.193393][ T9812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.270443][ T9753] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  694.451644][ T9812] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.451660][ T9812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.451685][ T9812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.706515][ T9753] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  695.817377][ T9753] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  697.136319][ T9878] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.136576][ T9878] bridge0: port 1(bridge_slave_0) entered disabled state
[  697.136780][ T9878] bridge_slave_0: entered allmulticast mode
[  697.139495][ T9878] bridge_slave_0: entered promiscuous mode
[  697.337643][ T9878] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.337793][ T9878] bridge0: port 2(bridge_slave_1) entered disabled state
[  697.337994][ T9878] bridge_slave_1: entered allmulticast mode
[  697.354675][ T9878] bridge_slave_1: entered promiscuous mode
[  697.972596][ T9812] hsr_slave_0: entered promiscuous mode
[  697.973954][ T9812] hsr_slave_1: entered promiscuous mode
[  697.975821][ T9812] debugfs: 'hsr0' already exists in 'hsr'
[  697.975843][ T9812] Cannot create hsr debugfs directory
[  698.062837][ T9878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  698.379498][ T9878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  698.691250][T10178] netlink: 'syz.1.1022': attribute type 1 has an invalid length.
[  698.691269][T10178] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1022'.
[  700.743129][ T9878] team0: Port device team_slave_0 added
[  700.830631][ T9878] team0: Port device team_slave_1 added
[  701.325156][ T9878] batman_adv: batadv0: Adding interface: batadv_slave_0
[  701.325173][ T9878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.325198][ T9878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  701.527275][ T9878] batman_adv: batadv0: Adding interface: batadv_slave_1
[  701.527290][ T9878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  701.527315][ T9878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  703.313396][ T6446] bridge_slave_1: left allmulticast mode
[  703.313428][ T6446] bridge_slave_1: left promiscuous mode
[  703.313679][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.435004][T10218] netlink: 1000 bytes leftover after parsing attributes in process `syz.1.1030'.
[  703.466040][ T6446] bridge_slave_0: left allmulticast mode
[  703.466068][ T6446] bridge_slave_0: left promiscuous mode
[  703.466343][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.611601][ T6446] bridge_slave_1: left allmulticast mode
[  703.611631][ T6446] bridge_slave_1: left promiscuous mode
[  703.611887][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.706682][ T6446] bridge_slave_0: left allmulticast mode
[  703.706700][ T6446] bridge_slave_0: left promiscuous mode
[  703.706866][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.890361][ T6446] bridge_slave_1: left allmulticast mode
[  703.890393][ T6446] bridge_slave_1: left promiscuous mode
[  703.891114][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.965321][ T6446] bridge_slave_0: left allmulticast mode
[  703.965340][ T6446] bridge_slave_0: left promiscuous mode
[  703.965483][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.595271][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.718714][T10228] tmpfs: Unknown parameter '˜ÀŸƒ›¯¸6m'
[  704.785285][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.851567][ T6446] bond0 (unregistering): Released all slaves
[  705.178093][T10233] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  705.183379][T10233] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  705.188983][T10233] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  705.192203][T10233] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  705.193427][T10233] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  705.405222][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  705.488126][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  705.571955][ T6446] bond0 (unregistering): Released all slaves
[  705.916160][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  706.037787][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  706.257417][ T6446] bond0 (unregistering): Released all slaves
[  707.153420][ T9878] hsr_slave_0: entered promiscuous mode
[  707.155971][ T9878] hsr_slave_1: entered promiscuous mode
[  707.156822][ T9878] debugfs: 'hsr0' already exists in 'hsr'
[  707.156843][ T9878] Cannot create hsr debugfs directory
[  707.244549][ T5853] Bluetooth: hci5: command tx timeout
[  707.598552][T10252] binder: BINDER_SET_CONTEXT_MGR already set
[  707.598568][T10252] binder: 10251:10252 ioctl 4018620d 2000000002c0 returned -16
[  709.584473][ T5853] Bluetooth: hci5: command tx timeout
[  710.417645][T10285] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1047'.
[  711.558044][ T6446] hsr_slave_0: left promiscuous mode
[  711.604887][ T6446] hsr_slave_1: left promiscuous mode
[  711.605787][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  711.634496][ T5853] Bluetooth: hci5: command tx timeout
[  711.657523][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  711.854697][ T6446] hsr_slave_0: left promiscuous mode
[  711.904520][ T6446] hsr_slave_1: left promiscuous mode
[  711.905430][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  711.938752][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  712.144676][ T6446] hsr_slave_0: left promiscuous mode
[  712.184788][ T6446] hsr_slave_1: left promiscuous mode
[  712.185676][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  712.243664][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  713.226807][   T37] audit: type=1800 audit(2000000335.330:193): pid=10322 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.1055" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  713.464760][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  713.709676][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  713.722073][ T5853] Bluetooth: hci5: command tx timeout
[  714.462313][T10333] binder: BINDER_SET_CONTEXT_MGR already set
[  714.462328][T10333] binder: 10332:10333 ioctl 4018620d 2000000002c0 returned -16
[  717.505158][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  717.929601][T10233] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  717.934148][T10233] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  717.955833][T10233] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  717.984599][T10233] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  717.985541][T10233] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  717.996612][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  720.034596][ T5853] Bluetooth: hci3: command tx timeout
[  720.665461][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  721.405629][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  721.518229][T10391] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1077'.
[  722.114735][ T5853] Bluetooth: hci3: command tx timeout
[  724.195196][ T5853] Bluetooth: hci3: command tx timeout
[  725.461612][T10233] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  725.473370][T10233] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  725.489716][T10233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  725.490789][T10233] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  725.491997][T10233] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  726.055757][T10230] chnl_net:caif_netlink_parms(): no params data found
[  726.274522][ T5853] Bluetooth: hci3: command tx timeout
[  727.507917][T10355] chnl_net:caif_netlink_parms(): no params data found
[  727.579536][ T5853] Bluetooth: hci4: command tx timeout
[  729.145391][    C1] vkms_vblank_simulate: vblank timer overrun
[  729.577134][    C1] vkms_vblank_simulate: vblank timer overrun
[  729.664450][ T5853] Bluetooth: hci4: command tx timeout
[  730.544558][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.434433][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.444756][T10230] bridge0: port 1(bridge_slave_0) entered blocking state
[  731.444920][T10230] bridge0: port 1(bridge_slave_0) entered disabled state
[  731.445168][T10230] bridge_slave_0: entered allmulticast mode
[  731.447894][T10230] bridge_slave_0: entered promiscuous mode
[  731.529205][T10230] bridge0: port 2(bridge_slave_1) entered blocking state
[  731.529313][T10230] bridge0: port 2(bridge_slave_1) entered disabled state
[  731.529498][T10230] bridge_slave_1: entered allmulticast mode
[  731.531953][T10230] bridge_slave_1: entered promiscuous mode
[  731.837484][    C1] vkms_vblank_simulate: vblank timer overrun
[  731.850235][ T5853] Bluetooth: hci4: command tx timeout
[  732.033443][    C1] vkms_vblank_simulate: vblank timer overrun
[  732.495142][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.014463][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.235498][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.458736][    C1] vkms_vblank_simulate: vblank timer overrun
[  733.874682][ T5853] Bluetooth: hci4: command tx timeout
[  734.126469][T10230] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  735.570159][T10230] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  735.570433][T10355] bridge0: port 1(bridge_slave_0) entered blocking state
[  735.570571][T10355] bridge0: port 1(bridge_slave_0) entered disabled state
[  735.570777][T10355] bridge_slave_0: entered allmulticast mode
[  735.573478][T10355] bridge_slave_0: entered promiscuous mode
[  735.846139][T10355] bridge0: port 2(bridge_slave_1) entered blocking state
[  735.846285][T10355] bridge0: port 2(bridge_slave_1) entered disabled state
[  735.846528][T10355] bridge_slave_1: entered allmulticast mode
[  735.849231][T10355] bridge_slave_1: entered promiscuous mode
[  736.037298][T10540] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1115'.
[  736.679406][T10550] exFAT-fs (loop1): unable to read boot sector
[  736.679475][T10550] exFAT-fs (loop1): failed to read boot sector
[  736.679508][T10550] exFAT-fs (loop1): failed to recognize exfat type
[  737.285986][T10230] team0: Port device team_slave_0 added
[  737.742238][T10230] team0: Port device team_slave_1 added
[  737.760522][T10355] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  738.785051][T10355] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  739.128529][T10230] batman_adv: batadv0: Adding interface: batadv_slave_0
[  739.128546][T10230] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  739.128569][T10230] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  739.361675][T10230] batman_adv: batadv0: Adding interface: batadv_slave_1
[  739.362958][T10230] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  739.362986][T10230] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  739.389218][T10355] team0: Port device team_slave_0 added
[  739.422813][T10355] team0: Port device team_slave_1 added
[  739.596553][T10457] chnl_net:caif_netlink_parms(): no params data found
[  740.455786][T10599] tmpfs: Unsupported parameter 'huge'
[  741.608770][T10355] batman_adv: batadv0: Adding interface: batadv_slave_0
[  741.608784][T10355] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  741.608805][T10355] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  743.978923][T10355] batman_adv: batadv0: Adding interface: batadv_slave_1
[  743.978939][T10355] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  743.978964][T10355] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  744.223150][T10230] hsr_slave_0: entered promiscuous mode
[  744.226441][T10230] hsr_slave_1: entered promiscuous mode
[  744.849775][T10636] binder: 10635:10636 ioctl 4018620d 0 returned -22
[  747.275373][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  747.275444][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  747.398487][T10355] hsr_slave_0: entered promiscuous mode
[  747.424960][T10355] hsr_slave_1: entered promiscuous mode
[  747.426075][T10355] debugfs: 'hsr0' already exists in 'hsr'
[  747.426098][T10355] Cannot create hsr debugfs directory
[  747.504755][T10457] bridge0: port 1(bridge_slave_0) entered blocking state
[  747.504897][T10457] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.505122][T10457] bridge_slave_0: entered allmulticast mode
[  747.515109][T10457] bridge_slave_0: entered promiscuous mode
[  747.569136][T10457] bridge0: port 2(bridge_slave_1) entered blocking state
[  747.569302][T10457] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.569492][T10457] bridge_slave_1: entered allmulticast mode
[  747.584023][T10457] bridge_slave_1: entered promiscuous mode
[  751.806573][T10457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  752.358098][T10457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  753.007013][T10457] team0: Port device team_slave_0 added
[  753.029969][T10457] team0: Port device team_slave_1 added
[  753.978956][T10457] batman_adv: batadv0: Adding interface: batadv_slave_0
[  753.980087][T10457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  753.980114][T10457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  754.900620][T10457] batman_adv: batadv0: Adding interface: batadv_slave_1
[  754.900637][T10457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  754.900663][T10457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  754.953109][T10706] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  754.953267][T10706] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  755.356638][T10706] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  755.362803][T10706] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  755.526140][T10706] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  755.526537][T10706] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  755.626182][T10706] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  755.648799][ T6446] bridge_slave_1: left allmulticast mode
[  755.648834][ T6446] bridge_slave_1: left promiscuous mode
[  755.649094][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.695721][T10706] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  755.711858][T10706] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  755.736318][ T6446] bridge_slave_0: left allmulticast mode
[  755.736347][ T6446] bridge_slave_0: left promiscuous mode
[  755.736690][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  755.798521][T10706] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  755.833653][ T6446] bridge_slave_1: left allmulticast mode
[  755.836205][ T6446] bridge_slave_1: left promiscuous mode
[  755.836626][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.915522][T10706] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  755.924915][T10706] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  755.947106][ T6446] bridge_slave_0: left allmulticast mode
[  755.947135][ T6446] bridge_slave_0: left promiscuous mode
[  755.947369][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  756.015933][T10706] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  756.049335][ T6446] bridge_slave_1: left allmulticast mode
[  756.049364][ T6446] bridge_slave_1: left promiscuous mode
[  756.050869][ T6446] bridge0: port 2(bridge_slave_1) entered disabled state
[  756.136179][ T6446] bridge_slave_0: left allmulticast mode
[  756.136209][ T6446] bridge_slave_0: left promiscuous mode
[  756.136468][ T6446] bridge0: port 1(bridge_slave_0) entered disabled state
[  756.818132][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  756.941293][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  756.986957][T10734] binder: BINDER_SET_CONTEXT_MGR already set
[  756.986971][T10734] binder: 10733:10734 ioctl 4018620d 2000000002c0 returned -16
[  757.014150][ T5853] Bluetooth: hci0: command 0x0406 tx timeout
[  757.051180][ T6446] bond0 (unregistering): Released all slaves
[  757.394883][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  757.808096][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  757.808326][ T5853] Bluetooth: hci3: command 0x0c1a tx timeout
[  757.877076][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  757.954419][T10233] Bluetooth: hci4: command 0x0c1a tx timeout
[  758.140072][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  758.368850][ T6446] bond0 (unregistering): Released all slaves
[  759.074712][T10233] Bluetooth: hci0: command 0x0406 tx timeout
[  759.484583][T10233] Bluetooth: hci1: command 0x0406 tx timeout
[  759.825389][ T6446] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  759.882816][T10233] Bluetooth: hci3: command 0x0c1a tx timeout
[  759.882828][ T5853] Bluetooth: hci5: command 0x0c1a tx timeout
[  759.937687][T10755] binder: BINDER_SET_CONTEXT_MGR already set
[  759.937701][T10755] binder: 10754:10755 ioctl 4018620d 2000000002c0 returned -16
[  759.992241][ T6446] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  760.034913][T10233] Bluetooth: hci4: command 0x0c1a tx timeout
[  760.549268][ T6446] bond0 (unregistering): Released all slaves
[  760.768932][T10457] hsr_slave_0: entered promiscuous mode
[  760.795049][T10457] hsr_slave_1: entered promiscuous mode
[  760.795984][T10457] debugfs: 'hsr0' already exists in 'hsr'
[  760.796007][T10457] Cannot create hsr debugfs directory
[  761.984618][T10233] Bluetooth: hci5: command 0x0c1a tx timeout
[  762.289581][T10233] Bluetooth: hci3: command 0x0c1a tx timeout
[  762.289616][T10233] Bluetooth: hci4: command 0x0c1a tx timeout
[  762.558893][T10781] binder: 10778:10781 ioctl c0306201 0 returned -14
[  763.705261][T10797] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  763.826728][ T6446] hsr_slave_0: left promiscuous mode
[  763.845192][ T6446] hsr_slave_1: left promiscuous mode
[  763.845751][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  763.895359][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  764.005142][T10805] binder: 10804:10805 ioctl c0306201 0 returned -14
[  764.064647][ T6446] hsr_slave_0: left promiscuous mode
[  764.224784][ T6446] hsr_slave_1: left promiscuous mode
[  764.226443][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  764.252108][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  764.405119][ T6446] hsr_slave_0: left promiscuous mode
[  764.425096][ T6446] hsr_slave_1: left promiscuous mode
[  764.425949][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_0
[  764.450414][ T6446] batman_adv: batadv0: Removing interface: batadv_slave_1
[  765.155749][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  765.265229][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  766.516419][T10812] vivid-007: =================  START STATUS  =================
[  766.516440][T10812] vivid-007: Enable Output Cropping: true
[  766.516463][T10812] vivid-007: Enable Output Composing: true
[  766.516481][T10812] vivid-007: Enable Output Scaler: true
[  766.516499][T10812] vivid-007: Tx RGB Quantization Range: Automatic
[  766.516517][T10812] vivid-007: Transmit Mode: HDMI
[  766.516534][T10812] vivid-007: Hotplug Present: 0x00000000
[  766.516551][T10812] vivid-007: RxSense Present: 0x00000000
[  766.516568][T10812] vivid-007: EDID Present: 0x00000000
[  766.516594][T10812] vivid-007: ==================  END STATUS  ==================
[  766.675439][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  766.967391][T10233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  767.052390][T10233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  767.070471][T10233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  767.071928][T10233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  767.073533][T10233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  767.290088][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  768.217238][T10832] binder: 10831:10832 ioctl c0306201 0 returned -14
[  769.016474][ T6446] team0 (unregistering): Port device team_slave_1 removed
[  769.116592][ T6446] team0 (unregistering): Port device team_slave_0 removed
[  769.154606][T10233] Bluetooth: hci2: command tx timeout
[  771.099178][T10355] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  771.251823][T10233] Bluetooth: hci2: command tx timeout
[  771.342452][T10355] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  771.577555][T10355] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  771.794763][T10355] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  772.272783][    C0] vkms_vblank_simulate: vblank timer overrun
[  772.532165][T10858] binder: BINDER_SET_CONTEXT_MGR already set
[  772.532180][T10858] binder: 10855:10858 ioctl 4018620d 2000000002c0 returned -16
[  772.800651][    C0] vkms_vblank_simulate: vblank timer overrun
[  773.050098][    C0] vkms_vblank_simulate: vblank timer overrun
[  773.330010][T10233] Bluetooth: hci2: command tx timeout
[  774.061081][    C0] vkms_vblank_simulate: vblank timer overrun
[  774.781997][T10457] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  774.833942][T10816] chnl_net:caif_netlink_parms(): no params data found
[  774.904628][T10457] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  774.958802][T10881] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1221'.
[  775.071384][T10457] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  775.275482][T10457] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  775.901779][    C0] vkms_vblank_simulate: vblank timer overrun
[  775.911510][T10233] Bluetooth: hci2: command tx timeout
[  776.072788][T10907] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1227'.
[  776.076153][    C0] vkms_vblank_simulate: vblank timer overrun
[  776.954617][T10816] bridge0: port 1(bridge_slave_0) entered blocking state
[  776.954768][T10816] bridge0: port 1(bridge_slave_0) entered disabled state
[  776.954972][T10816] bridge_slave_0: entered allmulticast mode
[  776.957636][T10816] bridge_slave_0: entered promiscuous mode
[  776.960574][T10816] bridge0: port 2(bridge_slave_1) entered blocking state
[  776.960715][T10816] bridge0: port 2(bridge_slave_1) entered disabled state
[  776.960902][T10816] bridge_slave_1: entered allmulticast mode
[  776.963571][T10816] bridge_slave_1: entered promiscuous mode
[  782.487719][T10816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  782.499724][T10816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  784.286159][T10915] overlayfs: failed to clone upperpath
[  784.637162][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  784.648636][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  784.650356][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  784.652316][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  784.653530][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  785.575543][T10918] tty tty2: ldisc open failed (-12), clearing slot 1
[  786.126559][T10816] team0: Port device team_slave_0 added
[  786.174282][T10816] team0: Port device team_slave_1 added
[  786.696838][T10816] batman_adv: batadv0: Adding interface: batadv_slave_0
[  786.696854][T10816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  786.696879][T10816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  786.725432][T10816] batman_adv: batadv0: Adding interface: batadv_slave_1
[  786.725445][T10816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  786.725471][T10816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  787.298754][T10233] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  787.306978][T10233] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  787.314920][T10233] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  787.319817][T10233] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  787.321004][T10233] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  787.546937][T10816] hsr_slave_0: entered promiscuous mode
[  787.550175][T10816] hsr_slave_1: entered promiscuous mode
[  787.552538][T10816] debugfs: 'hsr0' already exists in 'hsr'
[  787.552562][T10816] Cannot create hsr debugfs directory
[  787.634589][ T5853] Bluetooth: hci3: command tx timeout
[  787.814091][T10942] vivid-007: =================  START STATUS  =================
[  787.814110][T10942] vivid-007: Enable Output Cropping: true
[  787.814133][T10942] vivid-007: Enable Output Composing: true
[  787.814151][T10942] vivid-007: Enable Output Scaler: true
[  787.814169][T10942] vivid-007: Tx RGB Quantization Range: Automatic
[  787.814187][T10942] vivid-007: Transmit Mode: HDMI
[  787.814203][T10942] vivid-007: Hotplug Present: 0x00000000
[  787.814221][T10942] vivid-007: RxSense Present: 0x00000000
[  787.814239][T10942] vivid-007: EDID Present: 0x00000000
[  787.814257][T10942] vivid-007: ==================  END STATUS  ==================
[  788.795156][T10947] No buffer was provided with the request
[  789.404633][ T5853] Bluetooth: hci4: command tx timeout
[  789.714670][ T5853] Bluetooth: hci3: command tx timeout
[  790.993682][T10946] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1238'.
[  791.474546][ T5853] Bluetooth: hci4: command tx timeout
[  791.794574][ T5853] Bluetooth: hci3: command tx timeout
[  793.564517][ T5853] Bluetooth: hci4: command tx timeout
[  793.874546][ T5853] Bluetooth: hci3: command tx timeout
[  795.666030][ T5853] Bluetooth: hci4: command tx timeout
[  796.000530][T10919] chnl_net:caif_netlink_parms(): no params data found
[  797.069375][T10919] bridge0: port 1(bridge_slave_0) entered blocking state
[  797.069518][T10919] bridge0: port 1(bridge_slave_0) entered disabled state
[  797.069700][T10919] bridge_slave_0: entered allmulticast mode
[  797.072591][T10919] bridge_slave_0: entered promiscuous mode
[  797.140800][T10919] bridge0: port 2(bridge_slave_1) entered blocking state
[  797.153541][T10919] bridge0: port 2(bridge_slave_1) entered disabled state
[  797.153733][T10919] bridge_slave_1: entered allmulticast mode
[  797.177199][T10919] bridge_slave_1: entered promiscuous mode
[  797.193148][T10930] chnl_net:caif_netlink_parms(): no params data found
[  797.204537][T10816] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  797.919668][T10816] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  797.991497][T10990] capability: warning: `syz.4.1249' uses 32-bit capabilities (legacy support in use)
[  799.295535][T10816] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  799.379922][T10919] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  800.582084][T10816] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  800.662369][T10919] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  801.909922][T10919] team0: Port device team_slave_0 added
[  802.376032][T10919] team0: Port device team_slave_1 added
[  802.619996][T10930] bridge0: port 1(bridge_slave_0) entered blocking state
[  802.620138][T10930] bridge0: port 1(bridge_slave_0) entered disabled state
[  802.620733][T10930] bridge_slave_0: entered allmulticast mode
[  802.623881][T10930] bridge_slave_0: entered promiscuous mode
[  802.798961][T10930] bridge0: port 2(bridge_slave_1) entered blocking state
[  802.799166][T10930] bridge0: port 2(bridge_slave_1) entered disabled state
[  802.799401][T10930] bridge_slave_1: entered allmulticast mode
[  802.802134][T10930] bridge_slave_1: entered promiscuous mode
[  802.877277][T10919] batman_adv: batadv0: Adding interface: batadv_slave_0
[  802.877293][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  802.877318][T10919] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  803.041095][T10919] batman_adv: batadv0: Adding interface: batadv_slave_1
[  803.041111][T10919] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  803.041136][T10919] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  803.331881][T10930] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  803.360739][T10930] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  806.554247][T10930] team0: Port device team_slave_0 added
[  806.868957][T10919] hsr_slave_0: entered promiscuous mode
[  806.871962][T10919] hsr_slave_1: entered promiscuous mode
[  806.873522][T10919] debugfs: 'hsr0' already exists in 'hsr'
[  806.873546][T10919] Cannot create hsr debugfs directory
[  806.901430][T10930] team0: Port device team_slave_1 added
[  807.596456][ T5983] bridge_slave_1: left allmulticast mode
[  807.596483][ T5983] bridge_slave_1: left promiscuous mode
[  807.596681][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.756487][ T5983] bridge_slave_0: left allmulticast mode
[  807.756519][ T5983] bridge_slave_0: left promiscuous mode
[  807.756779][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state
[  807.886572][ T5983] bridge_slave_1: left allmulticast mode
[  807.886604][ T5983] bridge_slave_1: left promiscuous mode
[  807.886848][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state
[  807.961222][ T5983] bridge_slave_0: left allmulticast mode
[  807.961253][ T5983] bridge_slave_0: left promiscuous mode
[  807.969364][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.037530][ T5983] bridge_slave_1: left allmulticast mode
[  808.037561][ T5983] bridge_slave_1: left promiscuous mode
[  808.037807][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state
[  808.123000][ T5983] bridge_slave_0: left allmulticast mode
[  808.123032][ T5983] bridge_slave_0: left promiscuous mode
[  808.123318][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state
[  808.855341][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  808.856817][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  811.387260][ T5983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  811.489962][ T5983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  811.522581][ T5983] bond0 (unregistering): Released all slaves
[  811.905331][ T5983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  811.967579][ T5983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  812.012887][ T5983] bond0 (unregistering): Released all slaves
[  812.255396][ T5983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  812.345043][ T5983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  812.388144][ T5983] bond0 (unregistering): Released all slaves
[  812.506241][T10930] batman_adv: batadv0: Adding interface: batadv_slave_0
[  812.506257][T10930] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.506282][T10930] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  812.565197][T10930] batman_adv: batadv0: Adding interface: batadv_slave_1
[  812.565212][T10930] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  812.565238][T10930] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  814.779209][T11090] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1274'.
[  816.479460][T10930] hsr_slave_0: entered promiscuous mode
[  816.480748][T10930] hsr_slave_1: entered promiscuous mode
[  816.481630][T10930] debugfs: 'hsr0' already exists in 'hsr'
[  816.481651][T10930] Cannot create hsr debugfs directory
[  818.197332][T11106] tmpfs: Unknown parameter 'uslqu'
[  818.867939][ T5983] hsr_slave_0: left promiscuous mode
[  818.894453][ T5983] hsr_slave_1: left promiscuous mode
[  818.895322][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_0
[  818.952589][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_1
[  819.267725][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.351894][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.384867][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.511650][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.600662][    C0] vkms_vblank_simulate: vblank timer overrun
[  819.628959][ T5983] hsr_slave_0: left promiscuous mode
[  819.671867][ T5983] hsr_slave_1: left promiscuous mode
[  819.672768][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_0
[  819.717985][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_1
[  819.752157][T11119] ptrace attach of "./syz-executor exec"[5836] was attempted by "./syz-executor exec"[11119]
[  819.964534][ T5983] hsr_slave_0: left promiscuous mode
[  820.020579][ T5983] hsr_slave_1: left promiscuous mode
[  820.021488][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_0
[  820.083197][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_1
[  821.268005][    C0] vkms_vblank_simulate: vblank timer overrun
[  822.854593][    C0] vkms_vblank_simulate: vblank timer overrun
[  823.259576][T11136] afs: Unknown parameter 'fl'
[  823.263522][    C0] vkms_vblank_simulate: vblank timer overrun
[  823.411533][T11139] overlayfs: failed to clone upperpath
[  823.413645][    C0] vkms_vblank_simulate: vblank timer overrun
[  823.530632][    C0] vkms_vblank_simulate: vblank timer overrun
[  824.119900][T11141] program syz.1.1287 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  824.225137][ T5983] team0 (unregistering): Port device team_slave_1 removed
[  824.372603][ T5983] team0 (unregistering): Port device team_slave_0 removed
[  824.434722][ T1199] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  824.678238][ T1199] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  824.697842][ T1199] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  824.697871][ T1199] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  824.697890][ T1199] usb 2-1: Product: syz
[  824.697904][ T1199] usb 2-1: Manufacturer: syz
[  824.697918][ T1199] usb 2-1: SerialNumber: syz
[  824.709369][ T1199] usb 2-1: config 0 descriptor??
[  826.544534][   T10] usb 2-1: USB disconnect, device number 18
[  826.945267][ T5983] team0 (unregistering): Port device team_slave_1 removed
[  827.155586][ T5983] team0 (unregistering): Port device team_slave_0 removed
[  828.264254][T11166] fuse: Bad value for 'fd'
[  829.430361][T10233] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  829.433385][T10233] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  829.436571][T10233] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  829.445648][T10233] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  829.447366][T10233] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  829.923210][T11177] overlayfs: failed to clone upperpath
[  831.535281][ T5983] team0 (unregistering): Port device team_slave_1 removed
[  831.568010][ T5853] Bluetooth: hci5: command tx timeout
[  831.719239][ T5983] team0 (unregistering): Port device team_slave_0 removed
[  833.748875][ T5853] Bluetooth: hci5: command tx timeout
[  835.794711][ T5853] Bluetooth: hci5: command tx timeout
[  836.056108][T11209] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  836.056133][T11209] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  836.056143][T11209] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  837.282799][T11169] chnl_net:caif_netlink_parms(): no params data found
[  837.874681][ T5853] Bluetooth: hci5: command tx timeout
[  838.734500][T11169] bridge0: port 1(bridge_slave_0) entered blocking state
[  838.734663][T11169] bridge0: port 1(bridge_slave_0) entered disabled state
[  838.734882][T11169] bridge_slave_0: entered allmulticast mode
[  838.737573][T11169] bridge_slave_0: entered promiscuous mode
[  838.773844][T11169] bridge0: port 2(bridge_slave_1) entered blocking state
[  838.784173][T11169] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.791988][T11169] bridge_slave_1: entered allmulticast mode
[  838.804788][T11169] bridge_slave_1: entered promiscuous mode
[  839.252811][T11169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  839.302067][T11169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  839.811229][T10233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  839.823030][T10233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  839.837300][T10233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  839.839280][T10233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  839.840531][T10233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  839.955402][T11169] team0: Port device team_slave_0 added
[  840.252145][T11169] team0: Port device team_slave_1 added
[  840.905357][T11169] batman_adv: batadv0: Adding interface: batadv_slave_0
[  840.905373][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.905399][T11169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  840.986950][T11169] batman_adv: batadv0: Adding interface: batadv_slave_1
[  840.986965][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  840.986991][T11169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  841.582866][T11169] hsr_slave_0: entered promiscuous mode
[  841.584172][T11169] hsr_slave_1: entered promiscuous mode
[  841.954490][T10233] Bluetooth: hci2: command tx timeout
[  843.409164][T11255] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  844.061550][T10233] Bluetooth: hci2: command tx timeout
[  845.637405][T10930] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  846.124501][T10233] Bluetooth: hci2: command tx timeout
[  846.602967][T11273] exFAT-fs (loop1): unable to read boot sector
[  846.603007][T11273] exFAT-fs (loop1): failed to read boot sector
[  846.603038][T11273] exFAT-fs (loop1): failed to recognize exfat type
[  847.384443][T10930] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  848.194535][T10233] Bluetooth: hci2: command tx timeout
[  849.753673][ T5853] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  849.779953][ T5853] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  849.783103][ T5853] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  849.841379][ T5853] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  849.842366][ T5853] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  850.069389][T11309] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1327'.
[  850.069437][T11309] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1327'.
[  850.146922][T11235] chnl_net:caif_netlink_parms(): no params data found
[  850.265817][T11312] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1328'.
[  851.964472][T10233] Bluetooth: hci3: command tx timeout
[  852.053873][ T5983] bridge_slave_1: left allmulticast mode
[  852.053907][ T5983] bridge_slave_1: left promiscuous mode
[  852.054188][ T5983] bridge0: port 2(bridge_slave_1) entered disabled state
[  852.276273][ T5983] bridge_slave_0: left allmulticast mode
[  852.276308][ T5983] bridge_slave_0: left promiscuous mode
[  852.276636][ T5983] bridge0: port 1(bridge_slave_0) entered disabled state
[  854.138071][T10233] Bluetooth: hci3: command tx timeout
[  854.542422][ T5983] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  854.685068][ T5983] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  854.729408][T11362] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1337'.
[  854.828249][ T5983] bond0 (unregistering): Released all slaves
[  855.085806][T11235] bridge0: port 1(bridge_slave_0) entered blocking state
[  855.085883][T11235] bridge0: port 1(bridge_slave_0) entered disabled state
[  855.086150][T11235] bridge_slave_0: entered allmulticast mode
[  855.104861][T11235] bridge_slave_0: entered promiscuous mode
[  855.219833][T11369] overlayfs: missing 'lowerdir'
[  855.575289][T11370] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  856.204514][T10233] Bluetooth: hci3: command tx timeout
[  856.294791][T11235] bridge0: port 2(bridge_slave_1) entered blocking state
[  856.294930][T11235] bridge0: port 2(bridge_slave_1) entered disabled state
[  856.295171][T11235] bridge_slave_1: entered allmulticast mode
[  856.299269][T11235] bridge_slave_1: entered promiscuous mode
[  856.684466][T10233] Bluetooth: hci0: command 0x0406 tx timeout
[  858.351511][T10233] Bluetooth: hci3: command tx timeout
[  858.924625][ T5983] hsr_slave_0: left promiscuous mode
[  858.997566][ T5983] hsr_slave_1: left promiscuous mode
[  859.005417][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_0
[  859.062372][ T5983] batman_adv: batadv0: Removing interface: batadv_slave_1
[  859.980538][T11408] exFAT-fs (loop1): unable to read boot sector
[  859.980554][T11408] exFAT-fs (loop1): failed to read boot sector
[  859.980563][T11408] exFAT-fs (loop1): failed to recognize exfat type
[  860.386563][T11411] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1346'.
[  860.696397][T11415] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1347'.
[  864.934975][ T5983] team0 (unregistering): Port device team_slave_1 removed
[  865.019018][T11439] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1354'.
[  865.415434][ T5983] team0 (unregistering): Port device team_slave_0 removed
[  870.088380][T11472] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1363'.
[  870.163682][ T1320] ieee802154 phy0 wpan0: encryption failed: -22
[  870.163757][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  870.360361][T11235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  870.443063][T11235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  872.516882][T11235] team0: Port device team_slave_0 added
[  873.765712][T11235] team0: Port device team_slave_1 added
[  874.259109][T11235] batman_adv: batadv0: Adding interface: batadv_slave_0
[  874.259125][T11235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  874.259150][T11235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  874.705122][T11235] batman_adv: batadv0: Adding interface: batadv_slave_1
[  874.705134][T11235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  874.705149][T11235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  874.705857][T11303] chnl_net:caif_netlink_parms(): no params data found
[  876.714355][T10396] IPVS: starting estimator thread 0...
[  876.804581][T11539] IPVS: using max 7 ests per chain, 16800 per kthread
[  877.965163][T11235] hsr_slave_0: entered promiscuous mode
[  877.966781][T11235] hsr_slave_1: entered promiscuous mode
[  877.967694][T11235] debugfs: 'hsr0' already exists in 'hsr'
[  877.967715][T11235] Cannot create hsr debugfs directory
[  878.528337][T11563] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.1378'.
[  880.799222][T11303] bridge0: port 1(bridge_slave_0) entered blocking state
[  880.799364][T11303] bridge0: port 1(bridge_slave_0) entered disabled state
[  880.799582][T11303] bridge_slave_0: entered allmulticast mode
[  881.604612][T11303] bridge_slave_0: entered promiscuous mode
[  881.791360][T11303] bridge0: port 2(bridge_slave_1) entered blocking state
[  881.791500][T11303] bridge0: port 2(bridge_slave_1) entered disabled state
[  881.791732][T11303] bridge_slave_1: entered allmulticast mode
[  881.834620][T11303] bridge_slave_1: entered promiscuous mode
[  881.849749][T11169] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  882.501328][T11169] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  883.469564][T11605] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1388'.
[  883.469585][T11605] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1388'.
[  883.656816][T11169] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  883.876413][T11303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  883.883634][T11169] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  883.974252][T11303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  884.880264][T11303] team0: Port device team_slave_0 added
[  886.664244][T11303] team0: Port device team_slave_1 added
[  887.060400][T11303] batman_adv: batadv0: Adding interface: batadv_slave_0
[  887.060416][T11303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  887.060441][T11303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  887.145286][T11303] batman_adv: batadv0: Adding interface: batadv_slave_1
[  887.145302][T11303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  887.145327][T11303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  887.809680][T10233] ==================================================================
[  887.809701][T10233] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x6e4/0x1040
[  887.809731][T10233] Read of size 8 at addr ff[  887.809731][T10233] Read of size 8 at addr ffff88806fbbc500 by task kworker/u9:0/10233
[  887.809748][T10233] 
[  887.809760][T10233] CPU: 0 UID: 0 PID: 10233 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  887.809809][T10233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  887.809822][T10233] Workqueue: hci0 hci_rx_work
[  887.809847][T10233] Call Trace:
[  887.809854][T10233]  <TASK>
[  887.809864][T10233]  dump_stack_lvl+0x189/0x250
[  887.809890][T10233]  ? __kasan_check_byte+0x12/0x40
[  887.809913][T10233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  887.809936][T10233]  ? lock_release+0x4b/0x3e0
[  887.809957][T10233]  ? __virt_addr_valid+0x4a5/0x5c0
[  887.809972][T10233]  print_report+0xca/0x240
[  887.809990][T10233]  ? l2cap_connect_cfm+0x6e4/0x1040
[  887.810004][T10233]  kasan_report+0x118/0x150
[  887.810024][T10233]  ? l2cap_connect_cfm+0x6e4/0x1040
[  887.810040][T10233]  l2cap_connect_cfm+0x6e4/0x1040
[  887.810057][T10233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  887.810071][T10233]  ? mutex_lock_nested+0x154/0x1d0
[  887.810089][T10233]  ? hci_connect_cfm+0x2c/0x140
[  887.810108][T10233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  887.810122][T10233]  hci_connect_cfm+0x95/0x140
[  887.810141][T10233]  le_conn_complete_evt+0xfb8/0x1500
[  887.810167][T10233]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  887.810187][T10233]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  887.810209][T10233]  ? lockdep_hardirqs_on+0x9c/0x150
[  887.810231][T10233]  ? skb_pull_data+0xfb/0x200
[  887.810250][T10233]  hci_le_conn_complete_evt+0x187/0x450
[  887.810274][T10233]  hci_event_packet+0x78f/0x1200
[  887.810292][T10233]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  887.810312][T10233]  ? __pfx_hci_event_packet+0x10/0x10
[  887.810328][T10233]  ? __pfx_migrate_enable+0x10/0x10
[  887.810349][T10233]  ? hci_send_to_monitor+0xe2/0x570
[  887.810371][T10233]  hci_rx_work+0x46a/0xe80
[  887.810390][T10233]  ? process_scheduled_works+0x9ef/0x17b0
[  887.810409][T10233]  process_scheduled_works+0xae1/0x17b0
[  887.810436][T10233]  ? __pfx_process_scheduled_works+0x10/0x10
[  887.810460][T10233]  worker_thread+0x8a0/0xda0
[  887.810478][T10233]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  887.810503][T10233]  ? __kthread_parkme+0x7b/0x200
[  887.810526][T10233]  kthread+0x711/0x8a0
[  887.810547][T10233]  ? __pfx_worker_thread+0x10/0x10
[  887.810565][T10233]  ? __pfx_kthread+0x10/0x10
[  887.810586][T10233]  ? __pfx_kthread+0x10/0x10
[  887.810607][T10233]  ret_from_fork+0x436/0x7d0
[  887.810626][T10233]  ? __pfx_ret_from_fork+0x10/0x10
[  887.810646][T10233]  ? __switch_to_asm+0x39/0x70
[  887.810659][T10233]  ? __switch_to_asm+0x33/0x70
[  887.810672][T10233]  ? __pfx_kthread+0x10/0x10
[  887.810693][T10233]  ret_from_fork_asm+0x1a/0x30
[  887.810712][T10233]  </TASK>
[  887.810718][T10233] 
[  887.810721][T10233] Allocated by task 10233:
[  887.810729][T10233]  kasan_save_track+0x3e/0x80
[  887.810745][T10233]  __kasan_kmalloc+0x93/0xb0
[  887.810761][T10233]  __kmalloc_cache_noprof+0x1a8/0x320
[  887.810788][T10233]  l2cap_chan_create+0x50/0x780
[  887.810802][T10233]  l2cap_sock_new_connection_cb+0x182/0x2b0
[  887.810817][T10233]  l2cap_connect_cfm+0x377/0x1040
[  887.810829][T10233]  hci_connect_cfm+0x95/0x140
[  887.810846][T10233]  le_conn_complete_evt+0xfb8/0x1500
[  887.810866][T10233]  hci_le_conn_complete_evt+0x187/0x450
[  887.810884][T10233]  hci_event_packet+0x78f/0x1200
[  887.810899][T10233]  hci_rx_work+0x46a/0xe80
[  887.810915][T10233]  process_scheduled_works+0xae1/0x17b0
[  887.810931][T10233]  worker_thread+0x8a0/0xda0
[  887.810947][T10233]  kthread+0x711/0x8a0
[  887.810966][T10233]  ret_from_fork+0x436/0x7d0
[  887.810983][T10233]  ret_from_fork_asm+0x1a/0x30
[  887.810996][T10233] 
[  887.810999][T10233] Freed by task 11657:
[  887.811006][T10233]  kasan_save_track+0x3e/0x80
[  887.811021][T10233]  kasan_save_free_info+0x46/0x50
[  887.811033][T10233]  __kasan_slab_free+0x5b/0x80
[  887.811048][T10233]  kfree+0x195/0x550
[  887.811063][T10233]  l2cap_sock_cleanup_listen+0xea/0x3e0
[  887.811077][T10233]  l2cap_sock_release+0x6a/0x230
[  887.811089][T10233]  sock_close+0xc3/0x240
[  887.811104][T10233]  __fput+0x45b/0xa80
[  887.811116][T10233]  task_work_run+0x1d1/0x260
[  887.811128][T10233]  do_exit+0x6b5/0x2300
[  887.811139][T10233]  do_group_exit+0x21c/0x2d0
[  887.811151][T10233]  get_signal+0x125e/0x1310
[  887.811166][T10233]  arch_do_signal_or_restart+0x9a/0x750
[  887.811182][T10233]  exit_to_user_mode_loop+0x75/0x110
[  887.811199][T10233]  do_syscall_64+0x2bd/0x3b0
[  887.811212][T10233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  887.811226][T10233] 
[  887.811229][T10233] The buggy address belongs to the object at ffff88806fbbc000
[  887.811229][T10233]  which belongs to the cache kmalloc-2k of size 2048
[  887.811242][T10233] The buggy address is located 1280 bytes inside of
[  887.811242][T10233]  freed 2048-byte region [ffff88806fbbc000, ffff88806fbbc800)
[  887.811258][T10233] 
[  887.811262][T10233] The buggy address belongs to the physical page:
[  887.811278][T10233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6fbb8
[  887.811297][T10233] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  887.811310][T10233] flags: 0x80000000000040(head|node=0|zone=1)
[  887.811324][T10233] page_type: f5(slab)
[  887.811339][T10233] raw: 0080000000000040 ffff888019842000 ffffea0001799c00 dead000000000002
[  887.811353][T10233] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  887.811368][T10233] head: 0080000000000040 ffff888019842000 ffffea0001799c00 dead000000000002
[  887.811382][T10233] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000
[  887.811396][T10233] head: 0080000000000003 ffffea0001beee01 00000000ffffffff 00000000ffffffff
[  887.811409][T10233] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  887.811417][T10233] page dumped because: kasan: bad access detected
[  887.811428][T10233] page_owner tracks the page as allocated
[  887.811434][T10233] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8946, tgid 8946 (syz-executor), ts 547208587755, free_ts 547136007841
[  887.811464][T10233]  post_alloc_hook+0x240/0x2a0
[  887.811483][T10233]  get_page_from_freelist+0x2119/0x21b0
[  887.811497][T10233]  __alloc_frozen_pages_noprof+0x181/0x370
[  887.811511][T10233]  alloc_pages_mpol+0xd1/0x380
[  887.811529][T10233]  allocate_slab+0x8a/0x370
[  887.811542][T10233]  ___slab_alloc+0x8d1/0xdc0
[  887.811554][T10233]  __kmalloc_node_track_caller_noprof+0x14c/0x450
[  887.811574][T10233]  kmalloc_reserve+0x136/0x290
[  887.811592][T10233]  pskb_expand_head+0x18e/0x1150
[  887.811606][T10233]  netlink_trim+0x1d5/0x2e0
[  887.811623][T10233]  netlink_broadcast_filtered+0xd6/0x12c0
[  887.811639][T10233]  nlmsg_notify+0xf0/0x1a0
[  887.811656][T10233]  rtnetlink_event+0x224/0x270
[  887.811674][T10233]  notifier_call_chain+0x1b6/0x3e0
[  887.811690][T10233]  netdev_lower_state_changed+0xc6/0x140
[  887.811710][T10233]  __team_port_change_send+0x1cc/0x4f0
[  887.811726][T10233] page last free pid 8946 tgid 8946 stack trace:
[  887.811734][T10233]  __free_frozen_pages+0xb59/0xce0
[  887.811753][T10233]  __put_partials+0x159/0x1a0
[  887.811770][T10233]  __slab_free+0x2b3/0x390
[  887.811783][T10233]  qlist_free_all+0x97/0x140
[  887.811798][T10233]  kasan_quarantine_reduce+0x148/0x160
[  887.811813][T10233]  __kasan_slab_alloc+0x22/0x80
[  887.811830][T10233]  __kmalloc_cache_noprof+0x143/0x320
[  887.811848][T10233]  kobject_uevent_env+0x27f/0x8c0
[  887.811864][T10233]  __kobject_del+0xd2/0x300
[  887.811877][T10233]  kobject_put+0x243/0x480
[  887.811890][T10233]  net_rx_queue_update_kobjects+0x695/0x740
[  887.811904][T10233]  netif_set_real_num_rx_queues+0x217/0x360
[  887.811918][T10233]  veth_newlink+0x859/0xa50
[  887.811934][T10233]  rtnl_newlink_create+0x310/0xb00
[  887.811954][T10233]  rtnl_newlink+0x16d6/0x1c70
[  887.811971][T10233]  rtnetlink_rcv_msg+0x7cf/0xb70
[  887.811989][T10233] 
[  887.811992][T10233] Memory state around the buggy address:
[  887.812000][T10233]  ffff88806fbbc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  887.812010][T10233]  ffff88806fbbc480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  887.812021][T10233] >ffff88806fbbc500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  887.812028][T10233]                    ^
[  887.812036][T10233]  ffff88806fbbc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  887.812046][T10233]  ffff88806fbbc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  887.812054][T10233] ==================================================================
[  887.834543][T10233] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  887.834564][T10233] CPU: 0 UID: 0 PID: 10233 Comm: kworker/u9:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  887.834589][T10233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  887.834602][T10233] Workqueue: hci0 hci_rx_work
[  887.834628][T10233] Call Trace:
[  887.834636][T10233]  <TASK>
[  887.834644][T10233]  dump_stack_lvl+0x99/0x250
[  887.834674][T10233]  ? __asan_memcpy+0x40/0x70
[  887.834696][T10233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  887.834722][T10233]  ? __pfx__printk+0x10/0x10
[  887.834748][T10233]  vpanic+0x281/0x750
[  887.834782][T10233]  ? preempt_schedule+0xae/0xc0
[  887.834810][T10233]  ? __pfx_vpanic+0x10/0x10
[  887.834835][T10233]  ? preempt_schedule_common+0x83/0xd0
[  887.834863][T10233]  ? preempt_schedule+0xae/0xc0
[  887.834890][T10233]  ? __pfx_preempt_schedule+0x10/0x10
[  887.834919][T10233]  panic+0xb9/0xc0
[  887.834945][T10233]  ? __pfx_panic+0x10/0x10
[  887.834974][T10233]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  887.835006][T10233]  ? l2cap_connect_cfm+0x6e4/0x1040
[  887.835022][T10233]  check_panic_on_warn+0x89/0xb0
[  887.835042][T10233]  ? l2cap_connect_cfm+0x6e4/0x1040
[  887.835059][T10233]  end_report+0x78/0x160
[  887.835083][T10233]  kasan_report+0x129/0x150
[  887.835109][T10233]  ? l2cap_connect_cfm+0x6e4/0x1040
[  887.835130][T10233]  l2cap_connect_cfm+0x6e4/0x1040
[  887.835150][T10233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  887.835169][T10233]  ? mutex_lock_nested+0x154/0x1d0
[  887.835191][T10233]  ? hci_connect_cfm+0x2c/0x140
[  887.835214][T10233]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  887.835232][T10233]  hci_connect_cfm+0x95/0x140
[  887.835258][T10233]  le_conn_complete_evt+0xfb8/0x1500
[  887.835291][T10233]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  887.835319][T10233]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  887.835347][T10233]  ? lockdep_hardirqs_on+0x9c/0x150
[  887.835377][T10233]  ? skb_pull_data+0xfb/0x200
[  887.835400][T10233]  hci_le_conn_complete_evt+0x187/0x450
[  887.835430][T10233]  hci_event_packet+0x78f/0x1200
[  887.835454][T10233]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  887.835478][T10233]  ? __pfx_hci_event_packet+0x10/0x10
[  887.835498][T10233]  ? __pfx_migrate_enable+0x10/0x10
[  887.835523][T10233]  ? hci_send_to_monitor+0xe2/0x570
[  887.835552][T10233]  hci_rx_work+0x46a/0xe80
[  887.835575][T10233]  ? process_scheduled_works+0x9ef/0x17b0
[  887.835600][T10233]  process_scheduled_works+0xae1/0x17b0
[  887.835634][T10233]  ? __pfx_process_scheduled_works+0x10/0x10
[  887.835665][T10233]  worker_thread+0x8a0/0xda0
[  887.835689][T10233]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  887.835722][T10233]  ? __kthread_parkme+0x7b/0x200
[  887.835752][T10233]  kthread+0x711/0x8a0
[  887.835789][T10233]  ? __pfx_worker_thread+0x10/0x10
[  887.835813][T10233]  ? __pfx_kthread+0x10/0x10
[  887.835844][T10233]  ? __pfx_kthread+0x10/0x10
[  887.835871][T10233]  ret_from_fork+0x436/0x7d0
[  887.835897][T10233]  ? __pfx_ret_from_fork+0x10/0x10
[  887.835925][T10233]  ? __switch_to_asm+0x39/0x70
[  887.835943][T10233]  ? __switch_to_asm+0x33/0x70
[  887.835960][T10233]  ? __pfx_kthread+0x10/0x10
[  887.835988][T10233]  ret_from_fork_asm+0x1a/0x30
[  887.836013][T10233]  </TASK>
[  887.836269][T10233] Kernel Offset: disabled