last executing test programs:

4m44.489303949s ago: executing program 3 (id=464):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000100)='sys_exit\x00', r0}, 0x18)
fchmod(r0, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000b40)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fcdbdf253b00000008000300", @ANYRES32=r2, @ANYBLOB="3e00330050040800080211000000080211000000ffffffffffff3400000000000000000064000400000602020202020201000406fe076fd85600060200010000"], 0x5c}}, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
getsockopt$sock_int(r4, 0x1, 0x22, 0x0, &(0x7f0000000080))
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
futex(0x0, 0x109, 0x0, &(0x7f0000000200)={0x0, 0x3938700}, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000140)='./file1\x00')
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r6, 0xffffffff80000800, 0x0, &(0x7f0000000280)={0xf7dfffffffffff7f, 0x5, 0x0, 0xa27, 0x8000, 0x5, 0x80000000001, 0x1, 0x200ea1})
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f00000000c0)={'pcl816\x00', [0x4f27, 0x3, 0x3, 0x401, 0x80001, 0xc88, 0xfff, 0x5c952399, 0x5, 0x3ff, 0x40802, 0x1600, 0x7, 0x1, 0x9, 0xe1cb, 0x6, 0xfffffffd, 0x4, 0x395, 0x80000089, 0xfffffffd, 0x0, 0xfffffff5, 0xffffeadb, 0x3, 0x3c, 0x5, 0x4, 0x8000000, 0xdffffffd]})
r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)

4m44.473722544s ago: executing program 3 (id=465):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYRES32], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x1}, 0x10}, 0x94)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x2, 0x7fff7ffc}]})
setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6(0xa, 0xa, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2c, &(0x7f0000000180)={0x3, {{0xa, 0x4e20, 0x7, @mcast2, 0xbfd}}, {{0xa, 0x4e22, 0x20, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xfffffe01}}}, 0x104)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000000040)=0x200000000)
r5 = dup2(r4, r4)
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000000)=0x5)
read$FUSE(r5, &(0x7f0000004d80)={0x2020}, 0x2020)
write$vhost_msg_v2(r5, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000280)=""/128, 0x80, 0x0, 0x3, 0x2}}, 0x48)
sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="38000000010201040000000000000000050000090800054000000007080008400000000113000b006361646c66617264696e67000000000019383a72decd8e291b9b4eb3b24b595f2e83262a467acc90978432e1fcdc490e911a8839f70d2a4072eccf8a"], 0x38}, 0x1, 0x0, 0x0, 0x48050}, 0x4050)
getsockopt$inet6_buf(r3, 0x29, 0x30, &(0x7f0000000180)=""/214, &(0x7f0000000080)=0xd6)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e21, 0x3, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xf}, 0x1c)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r6, &(0x7f0000000100)={0x2, 0x4e22, @broadcast}, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$NBD_DO_IT(0xffffffffffffffff, 0xab03)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
getpgid(0x0)
close_range(r1, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000180000000000000030000001801000020696c2500000000002020207b1af8ff0000000007010000f8ffffffb702000008000000b70300000300000085000000060000009500"/88], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0xdf2a50c81ae7ba08, 0x20, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$packet(0x11, 0x3, 0x300)

4m44.407979306s ago: executing program 3 (id=466):
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000500), 0x1ff, 0x4500)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000100)={0x0, 0x0, r3})
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f00000000c0)={'filter\x00', 0x0, 0x0, 0x0, [0x6, 0x8, 0x1, 0xa, 0xffffffffffff8005, 0x3], 0x1, 0x0, 0x0, [{}]}, 0x88)
ioctl$USBDEVFS_REAPURB(r1, 0x4004550c, &(0x7f0000000540))
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x48, r5, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_OURS={0x1c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x8, 0x4, "f76f0722"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x20}, @ETHTOOL_A_BITSET_MASK={0x8, 0x5, "7180bbda"}]}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004844}, 0x0)
pipe(&(0x7f0000000100)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
open(&(0x7f0000000240)='./bus\x00', 0x14b37e, 0x40)
r9 = openat$vcs(0xffffff9c, &(0x7f0000001a40), 0x200001, 0x0)
fgetxattr(r9, &(0x7f0000001a80)=@random={'user.', '\xc2\x00'}, 0x0, 0x0)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r8, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, r9}}, 0x18)
pipe(&(0x7f00000000c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
read$FUSE(r11, &(0x7f0000000e40)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000840)={&(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0], &(0x7f00000007c0)=[0x0, 0x0, <r12=>0x0], &(0x7f0000000800)=[0x0, 0x0], 0x3, 0x3, 0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r10, 0xc05064a7, &(0x7f0000000880)={&(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[{}], &(0x7f0000000640)=[0x0], &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x1, 0x1, 0x7, 0x0, r12})
write$FUSE_INIT(r7, 0x0, 0x0)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
r14 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r13)
sendmsg$TIPC_NL_NET_SET(r13, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010028bd700a04000000000000000c0007800800020004000000"], 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x20, r14, 0x10, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0xc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x840)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r6, 0x89f8, &(0x7f0000000140)={'syztnl2\x00', &(0x7f0000000340)={'gre0\x00', <r15=>0x0, 0x1, 0x80, 0x7, 0x2002, {{0x6, 0x4, 0x3, 0x20, 0x18, 0x64, 0x0, 0x40, 0x29, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0xa}, {[@noop]}}}}})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="61123c000000000061134c0000000000bf1000000000000015000200071b60013d020100000000009500000000000000bc26000000000000bf67000000000000070300000fff07006702000003000000070600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586f9305ab24fede751b184bcf3a2da2873ad8cfdbaf16b96c57de9f771c0a3e92a1a595965c5106b49611bf32e3af18e578870c7cd59be5d4881f1280fc1103e421e93c5929cfcf841ae7a045b81ab18504a0409446fffea9a428c477fb4ab5c8c3b309f6585e7070db5048c0231d9519be44d8dcad428c60de7163450a6c2a131170267d2abc76189ccefea343fdeb77dc0af2b14748e05bdcfcf535b90d0ea8ce64d148bb2ab0650c346cb9492242d13ea3eac49e6c7c43beaa0"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', r15, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffff2}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

4m44.285713975s ago: executing program 3 (id=467):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x3)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c008, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1812c1, 0x0)
read$FUSE(r1, &(0x7f00000024c0)={0x2020, 0x0, 0x0, <r2=>0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
r5 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r5, 0x13)
tkill(r5, 0x12)
waitid(0x0, 0x0, 0x0, 0x8, &(0x7f0000000180))
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha384)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0)
r7 = accept4(r6, 0x0, 0x0, 0x0)
sendto$packet(r7, &(0x7f00000005c0)="ecb0a446c129191d29c25dd216e1bba81b82effe799decc55a8898c7a63fcdc1eedd2d22d0c2712f2261ab35bb83084ee59a5167d22df3a774344b593aca99a41c855320b98194f6dbe25ce6f3c33125be53e5dae4cc44cf757ccc143d3d72157f853104ad8da9c093ed8db759db5b3f26e2beedae140566f18eb3dbd703a3f8", 0x80, 0x40811, 0x0, 0x0)
fchownat(r1, &(0x7f0000000100)='./file1\x00', 0xee00, r3, 0x1000)
r8 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
quotactl_fd$Q_GETFMT(r1, 0xffffffff80000400, 0x0, &(0x7f0000000240))
r9 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$IPT_SO_GET_INFO(r9, 0x0, 0x40, &(0x7f0000002440)={'nat\x00', 0x0, [0x632, 0x9, 0x7fff, 0x80008000, 0x4]}, &(0x7f00000003c0)=0x54)
r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001000), 0x4)
r11 = getegid()
sendmmsg$unix(r1, &(0x7f0000001100)=[{{&(0x7f0000000340)=@file={0x1, './file1\x00'}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000640)="368f5294d282baf217f25e3594fc07a4eac3062e9ce3278468846b95bb07c3f3a52912e5905dc08e0a5195450d5d842c91ed7e5539af8d77b0ecb58ffd83912569a9bda0b91b72a2a5dfd3e188965e939f26fa114726b0", 0x57}, {&(0x7f00000006c0)="68ac65585a4ace07a19bd120c8aa8f2158408b29455f4fc00db7e141a9090c3f5aad10cbf6111f9d7b88feb296684aab4462419af6571fc43907cc7b8a4f2f7ad4bc16c80d5ce7b948e116ce3b50f1d1cf6e3b3a5789966f3dd18b4d805ccb7ebe3a28b6d8051210290d238b0bf9074abe1fefc30aee67e903b1121750103363236b1c2c3e82cd8c9a13104edb660e34c4a31b68ff49b15389032a22d3f2dabc6642a34b1d548932498ebd8c", 0xac}, {&(0x7f00000007c0)="2cefc8e9fcda17f6de5a6371fd7394fbe36e136b6a5f0a35d00b9d3699b6a153d1d548be84e4c557a39720fa7fa5362a94f1b1b75688ded016d4edc5c197af58b57afa3a55338a90adcdd9b91e90b3a977e4ca831ee689e8c8154149196e1a2bf92b87d8bb048cb239d903a470e56fc7239d7bce946a2587e642db2fe5adc8b7a7404fca0b91bc7481383b3911b7a753da24d410761f76dbc1339dc2060563277a8a2d95026b7cdec1297238ac945cde33125492556463fb0a536ed69f1239dec045690b4cf477ff421d8aa39cc0c65ca0a8582d4847d6e127c3afa1f5515a36130c11636ca0eca8859fb6d6d2b7058b19", 0xf1}], 0x3, &(0x7f0000000b00)=[@cred={{0x18, 0x1, 0x2, {0x0, r2, r3}}}, @rights={{0x10, 0x1, 0x1, [r7]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, r6, r7, r1, r6, r0, r7, r6, r0, 0xffffffffffffffff]}}, @cred={{0x18, 0x1, 0x2, {r4}}}, @cred={{0x18, 0x1, 0x2, {r5, r2, r3}}}, @cred={{0x18, 0x1, 0x2, {r5, 0x0, r3}}}, @rights={{0x1c, 0x1, 0x1, [r6, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0, 0x4800}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000bc0)="7c8e5f21039709f3bf55f0cd7b93f84b2759ed49bcf44d1b39a0373eb7dc7794cfc02955941b176a247ac16ea6fb2bf49be557c705057bf83536380434ae5f1d262136960ac668ad8beee728fbed893f95e5c55818157913bdf623297b5ed25adc05dce666eb4965ee1b9e5dd98c5e12791cb3cc22548f648127d4f3c428bb83936d0ebc55a233a4c5380367176922e81525648842a0ab5dd2d3431fa2e7cc3571380df380fcb45e96cdffe42b9fe676d7bf75e841a98b16c2ec65203749d1a5e85d1b455de7c8bd541080f0c355c009dd4c8fe9ba658ecb5b06fc5ed996ab32408eb31577086cb19b3a60ad18bc", 0xee}, {&(0x7f0000000cc0)="8c3f2f004186554db98487a08e23d260aeac711e411aa7319e3ad4", 0x1b}, {&(0x7f0000000d00)="58630aaac0ca5ab68ad9cd1f6ae94370ec4062a31a9faacdf96266016be7ae42a1ea722ea28767cf3149c24cb37e0b5b3fd4456487bf3206b17ea6ce145d46dcf21732bd3fca373231db32097af98387e917a9b37b7aa4837fbffc7e28e9af135f457fcedbb6e1698b2f9fc8c5ea1051d9917eb83fb75fe81542c549da19376a0571b08b", 0x84}], 0x3, 0x0, 0x0, 0x4000000}}, {{&(0x7f0000000e00)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000fc0)=[{&(0x7f0000000e80)="8d67bf05f5c5e0d7b929d7569825acf73009fe21ce141f5aef56643fb2a23b645cf209b0ba96a30f4438a1d57cde22c2", 0x30}, {&(0x7f0000000ec0)="e1701312e717eaef547a393c57b062f179d0c2a9d4d5b05ad168b6944f23153782a3d6014c10720047344ca7f8e04bbd559852b712ec867eaee6585b9132a1f40b730a9b193f0931cf5856c0b80488888518520dfe752ad43a55c5f1c927d8b2e72556902cc9552f369ea1997c0f116da395c72653420c89dcf332dfba3cd13459807653c0d7d42bf187ccff850df2ceaf4305f3706fc7bfbd1ff63b36056143e3206fd463f7ce4b8e06f10e6fc11605ecbee846bd4532571d4b7bca7e8878549127a747953c0e74af63c60cc368d197ec9d874eb4d37a839fd368a7", 0xdc}], 0x2, &(0x7f0000001040)=[@cred={{0x18, 0x1, 0x2, {r5, r2, r3}}}, @cred={{0x18, 0x1, 0x2, {r4, 0xffffffffffffffff, r3}}}, @rights={{0x24, 0x1, 0x1, [r9, r9, r8, r8, r8, r7]}}, @cred={{0x18, 0x1, 0x2, {r5, r2, r3}}}, @rights={{0x18, 0x1, 0x1, [r0, 0xffffffffffffffff, r10]}}, @cred={{0x18, 0x1, 0x2, {r5, r2, r3}}}, @cred={{0x18, 0x1, 0x2, {r5, r2, r11}}}], 0xb4, 0x1}}], 0x3, 0x40000)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000140)=0x2000)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
bpf$PROG_LOAD(0x2, &(0x7f00000004c0)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f0000000080)=0x9fe, 0x4)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/block/loop0', 0x606840, 0x0)

4m44.099731518s ago: executing program 3 (id=468):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r1 = ioctl$USERFAULTFD_IOC_NEW(0xffffffffffffffff, 0xaa00)
ioctl$UFFDIO_MOVE(r1, 0xc028aa05, &(0x7f0000000000)={&(0x7f0000ceb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x1000, 0x1})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

4m43.969003407s ago: executing program 3 (id=469):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xfffffffd, 0xb6}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432})
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b"], 0x14}}, 0x84)
recvmmsg(r4, &(0x7f0000003bc0), 0x0, 0x10000, 0x0)
recvmsg(r4, &(0x7f0000000780)={&(0x7f0000000300)=@isdn, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/150, 0x96}, {&(0x7f0000000440)=""/73, 0x49}, {&(0x7f0000000600)=""/220, 0xdc}, {&(0x7f0000000080)=""/27, 0x1b}, {&(0x7f0000000700)=""/113, 0x71}], 0x5, &(0x7f0000001500)=""/4096, 0x1000}, 0x40000022)
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

4m43.924595477s ago: executing program 32 (id=469):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0xfffffffd, 0xb6}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x47f6, 0x0, 0x4, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba9432})
readv(r3, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000002b"], 0x14}}, 0x84)
recvmmsg(r4, &(0x7f0000003bc0), 0x0, 0x10000, 0x0)
recvmsg(r4, &(0x7f0000000780)={&(0x7f0000000300)=@isdn, 0x80, &(0x7f0000000500)=[{&(0x7f0000000380)=""/150, 0x96}, {&(0x7f0000000440)=""/73, 0x49}, {&(0x7f0000000600)=""/220, 0xdc}, {&(0x7f0000000080)=""/27, 0x1b}, {&(0x7f0000000700)=""/113, 0x71}], 0x5, &(0x7f0000001500)=""/4096, 0x1000}, 0x40000022)
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})

1m13.789097133s ago: executing program 4 (id=1704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xde)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001b40)={0x4, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x20}, [@call={0x85, 0x0, 0x0, 0x30}, @call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCGKEY(r1, 0x80404518, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf20000000000000070000000f0000003d030100000000009500ffb1000000006926000000000000bf6700000000000036000b000fff52004507faff15300000d60600000ee60000bf050000000000003d63000000000000650700000200000007070000fbffffff1f75000000000000bf54000000000000070000000410f900bd430100000000009500000000000000050000000000000095000000000000001c15a3ce747c693a74b62fd0758b15f09429c09074bc4b2bd2dc480dd7a064b8673e2060162cc43bcba1060999eef9d60bb39d0af449deaa27ea949e8f9000d885deea2783835e29eba8546fc020c1966f8b5f32b095f566edf66b7751828da9dbd5b996b9e8d897e461c01c697671d100000000400036c17fb01dde179c1f26cac1c7b21bde7d1a55d6ebe700b3be005e47ef55e0dd81244b18590e000000000000356d82e43407a6d7fa94b21002f06cd247b126b6349ab62d7b07ba0a71a72145edade9941f49f300a8c8913e0e4ea9e4c77740ab3312edee62a4dc2fc85755d387d8a1bc8eb71fbe11b2216cc8d1f0160c237d929b49d828724b95555b459f4763c6222175c974be2f76fb5f330b015a68587a75c013000000000000000000000003000000000000d6ddc46e58eff8f4fbadfc6a3af8123b7f4240713a4c0cdc9d7820c4eb67cc0f8b5fe9258eeacb5776aebbab3d5c55020000006082778366dadfc36029633e0514cbcee1f3928970bde148c940434f33acd377cbad17673b2d30b6339255c98eba97efb4e9ac1f11be815dd6045592edcbee7f253ec74c7c1313505bd7ff8fd58b3a6569c91dbdef1df585aeaea7346a2a65caee5c85f9eddeeeee3c8a2e523c864ac430eb47cb4d0c8767b9d4125661b5a1a170c04b64da3a99ddb93bf14fae3ca2d1e882375b8dbac83978e136c34f90b33cc0eeb57debcfe26589efc08125d5d62a7e593c9738a50171adf051ea4f07e7e7e770c2016eeacbe8511afffffbea75759a1ea5404f5453c0b5c46c9700808c096cf8cf5223f341cbea3841b5cd224c1b381d56afebe9f99a00e3cd94dc0bb7af9e8709db487cc4d9b3b96723d69d512ddd57b0dee9b9f6ae80a502cce352098603e77f9ecced07fa25e99e9e415414c91f8bfd1c150570512f26c4ee34a64c131dce3800000000000000006c86287945bd8d258442870e000000000000000000000000f7e6a10de4bf7369b0d5b5373829b09bf5b7b34099b27ac7770fca449d4c4ca15f88b588b2429af2e1d1a4e1fa44cb80fcfae6e50d7e5b4675d7e0be706224f34e6eed553b40e2b897e73752fc7d1e4b0f4c5967eefd7448d5fde5841fa464a67267c631052bd7333769a4b8d19d4794357edce762e8136ab9d7ed34a72baffd849b90579b96b3"], &(0x7f0000000100)='GPL\x00'}, 0x48)
prlimit64(0x0, 0x8, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0xc9100120, 0x0, 0x0)
prctl$PR_MCE_KILL(0x21, 0x0, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m12.272208004s ago: executing program 4 (id=1709):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x34)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, 0x0, 0x0, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, 0x0)
ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40046201, &(0x7f0000000040)='/dev/dma_heap/system\x00')
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086201, &(0x7f0000000080)=0x20)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x108)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006340)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000280)={0x50, 0x0, r6, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0xa4901, 0x28)
write$tcp_congestion(r7, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r7, r5)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet(0x2, 0x4000000000000001, 0x0)
sendmsg$NFT_BATCH(r2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x14, r1, 0x901, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1m11.366235491s ago: executing program 4 (id=1713):
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) (async)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) (async)
r0 = socket(0x40000000015, 0x5, 0x0) (async)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0) (async)
r4 = openat$cdrom(0xffffff9c, &(0x7f0000000000), 0x80880, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r1, 0xc0389423, &(0x7f0000000040)={0xd, 0x48, [0x2, 0x5, 0x279f, 0x8000000000000000], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async, rerun: 32)
ioctl$CDROMPLAYMSF(r4, 0x5303, &(0x7f0000000140)={0x1, 0x5, 0x0, 0xe, 0xc, 0x8}) (async, rerun: 32)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4) (async)
syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10000}, &(0x7f0000002000)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x12001, 0x0, {0x2}}) (async)
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0) (async)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn']) (async)
r7 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/net\x00')
ioctl$NS_GET_NSTYPE(r7, 0xb703, 0x0)
chdir(&(0x7f00000000c0)='./file0\x00')
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x260)

1m11.365892182s ago: executing program 4 (id=1714):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0xfffffffd, 0xfffffffffffffcd3, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, 0x1, 0x4, 0x201, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFULA_CFG_CMD={0x5, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8045}, 0x40000)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, r5, 0x25, 0x2, @void}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r6=>r0}, './file0/../file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, '\x00', 0x0, @fallback=0x1e, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, 0x0, 0x0)
sendmmsg$unix(r9, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r8, &(0x7f0000000100), 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
pivot_root(&(0x7f0000000440)='./file0\x00', &(0x7f0000000400)='./file0/../file0\x00')

1m10.526011463s ago: executing program 4 (id=1718):
syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2)
mknod$loop(&(0x7f0000000400)='./file0\x00', 0x10, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, 0x0, 0x10}, 0x8000)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=@newtaction={0x220, 0x30, 0x1, 0x0, 0x0, {}, [{0x20c, 0x1, [@m_ctinfo={0x118, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0xea, 0x6, "955bb0aac9d8ee66c75c0b81768d9856638c30489bf9a85807caecf960459a4f89f9cc5f820466a4e7c8e170e09071a38b936275b81aa52ada60cea2f2580da9c40e117c7cf041f8ed66c290b98b141c6a630f0c926d31863ddfb680a88a01a564306356856b9864137e9b4970d2c1afeae2808236c5b2232d06197267354249c6f7316c7a1d7e9c229adf0f4ddf95f0d286cab459fc70f7ca5c4d763a462a291bafcf83f1e428fe41c200d991a72253d6717e2ac53012e80f626065018bcb3b84223eb91f7735bf494f67001fa440dffffde834bef3d11af56df17ea0334c72a3dab4ac51f9"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ife={0xf0, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0xc6, 0x6, "3f236be2621afb1f488d4078b0d8c22c1b159363c9b5bc5f587798ba5bf9e912e3614ab77e3a9d19784806cae3d3268b7a76c111bf1ee74fc0e3c518acffd15a3a5c7734ef1e2fbac7ebcad32cc7d74a64564bc0bf564bb1f7c0486414b6a659ddafeb28872e1e1e16272c2fe4b2781ca43c9785763be8fad8ea4831eb1428db79464e6264f06189f9ee4b32397f2ce33999c2493c5476477d4713abdd36418d8446b4394ae4fcb2959344877686cbb08417ac03c2abc0a086c19b3e4bf8aa7c77a9"}, {0xc}, {0xc}}}]}]}, 0x220}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000000000000e20000008500000011000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @xdp=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000003dc0)=[{{&(0x7f0000000380)=@x25, 0x80, &(0x7f0000000700)=[{&(0x7f0000000480)=""/239, 0xef}, {&(0x7f0000000600)=""/169, 0xa9}, {&(0x7f0000000580)=""/21, 0x15}, {&(0x7f0000000780)=""/166, 0xa6}, {&(0x7f0000000840)=""/156, 0x9c}, {&(0x7f0000000b40)=""/253, 0xfd}, {&(0x7f00000006c0)=""/64, 0x40}, {&(0x7f0000000c40)=""/184, 0xb8}], 0x8, &(0x7f0000000d00)=""/223, 0xdf}}, {{&(0x7f0000000e00)=@nfc_llcp, 0x80, &(0x7f0000001e80)=[{&(0x7f0000000e80)=""/4096, 0x1000}], 0x1, &(0x7f0000001ec0)=""/129, 0x81}, 0xf}, {{&(0x7f0000001f80)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000002040)=[{&(0x7f0000002000)=""/6, 0x6}], 0x1, &(0x7f0000002080)=""/102, 0x66}, 0x9}, {{&(0x7f0000002100)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002180)=""/132, 0x84}, {&(0x7f0000002240)=""/54, 0x36}, {&(0x7f0000002280)=""/243, 0xf3}, {&(0x7f0000002380)=""/213, 0xd5}, {&(0x7f0000002480)=""/182, 0xb6}, {&(0x7f0000002540)=""/94, 0x5e}], 0x6, &(0x7f0000002600)=""/245, 0xf5}, 0x7}, {{&(0x7f0000002700)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000003c40)=[{&(0x7f0000002780)=""/81, 0x51}, {&(0x7f0000002800)=""/178, 0xb2}, {&(0x7f00000028c0)=""/117, 0x75}, {&(0x7f0000002940)=""/92, 0x5c}, {&(0x7f00000029c0)=""/184, 0xb8}, {&(0x7f0000002a80)=""/25, 0x19}, {&(0x7f0000002ac0)=""/4096, 0x1000}, {&(0x7f0000003ac0)=""/225, 0xe1}, {&(0x7f0000003e80)=""/98, 0x62}], 0x9, &(0x7f0000003cc0)=""/252, 0xfc}, 0x44}], 0x5, 0x0, 0x0)
r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40186f40, &(0x7f0000000440)=0x1f)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000000d0a010300000000000000000a0000012900020073797a31000000000900010073797a0000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
socket$inet6(0xa, 0x80002, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000340), 0xffffffffffffffff)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r5, 0x7a5, &(0x7f0000000180)={{@my=0x0}, 0x0, 0x1})
syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1}, &(0x7f0000000000), &(0x7f0000000100))

1m10.004439563s ago: executing program 4 (id=1721):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100}, 0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
membarrier(0x40, 0x0)

1m9.886054624s ago: executing program 33 (id=1721):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100}, 0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)
membarrier(0x40, 0x0)

1.480017393s ago: executing program 0 (id=2495):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000005740)={0x18, 0x40, 0x107, 0x70bd2b, 0x0, {0x3, 0x7c}, [@nested={0x4, 0x1c2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

1.450455751s ago: executing program 0 (id=2497):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)={0x30, 0x20, 0x301, 0x0, 0x0, "", [@nested={0x1f, 0x0, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64}, @generic='\x00\x00\x00\x00\x00\x00\x00', @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x30}], 0x1}, 0x0)

1.414485979s ago: executing program 0 (id=2499):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x38, r0, 0x1, 0x0, 0x25dfdbfd, {{0x2}, {@val={0x8, 0x3, r2}, @val={0xc, 0x99, {0xf4, 0x2f}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)

1.294769875s ago: executing program 0 (id=2502):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x44081}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
r5 = socket(0x10, 0x3, 0x0)
close(r4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x7, 0x6361, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x2b65, 0x267, 0x0, 0x25, 0x19dd, 0x9}}]}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x80000, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0x2, 0xb}, {0xffe0, 0xb}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1.153960909s ago: executing program 0 (id=2511):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x201, 0x0, 0x25dfdbff, {0xa, 0x0, 0x1}, [@NHA_ENCAP_TYPE={0x6, 0x7, 0x7}, @NHA_BLACKHOLE={0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000001}, 0x0)

1.096385104s ago: executing program 0 (id=2512):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001f40)={r2, r1, 0x25, 0x0, @val=@netkit={@void, @value=r2}}, 0x1c)
syz_emit_ethernet(0x1086, &(0x7f0000000e80)=ANY=[], 0x0)

446.167062ms ago: executing program 2 (id=2542):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

445.44534ms ago: executing program 2 (id=2544):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0a17000001"], 0x20)
accept4$llc(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'geneve0\x00', 0x4c02})
readv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/160, 0xa0}, {&(0x7f0000002140)=""/4096, 0x1000}], 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$TUNSETVNETHDRSZ(r1, 0x400454d8, &(0x7f0000000100)=0x730)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b7000000ff000000bfa30000000000000703000018feffff720aa9fff8ffffff71a400fe0000000072030200000000131d400500000000004704000001ed00006b030000000000001d440000000000007a0a00fe00ffffffc303000051000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7109000000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a1074649c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c0dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6acdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e50002a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de5c028d6112a0c2d21b2dc98814106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c53218294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb118888876b617398d00a7526103ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fed000000007baa5b6a686b50f0937f778af083e08b7ab6cd9c65ba55f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddc42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293d364b9effa9a9406ac2683e231d4774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479517dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a79e59e1712c8c546768e5722da19fcdb4c2890cda1f96b952511e3a49d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767987d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca485683252b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c32040098e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a0032f37ff559be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1be62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a3"], 0x0}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/19, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000004700)={'team0\x00', <r5=>0x0})
r6 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r6, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x44, 0x0, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0x9, 0x3}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x1)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000001500010000000000000000000100000008000100", @ANYRESOCT=r8], 0x1c}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f0000000500)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r4, @ANYBLOB="050424bd7000fedbdf250100000008000100", @ANYRES32=r5, @ANYBLOB="8400028040000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000100004006c6f616462616c616e6365"], 0xa0}, 0x1, 0x0, 0x0, 0x4040800}, 0x24040084)

266.516388ms ago: executing program 5 (id=2551):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, 0x0, 0x0)

255.349646ms ago: executing program 5 (id=2552):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000001}, 0x0)

251.997056ms ago: executing program 1 (id=2553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x34, 0x40, 0x107, 0x70bd2b, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x1c2}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x84;'}]}, @nested={0x10, 0x2, 0x0, 0x1, [@nested={0xc, 0x19, 0x0, 0x1, [@typed={0x6, 0x136, 0x0, 0x0, @str='\x84;'}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

242.356599ms ago: executing program 2 (id=2554):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

154.27394ms ago: executing program 1 (id=2555):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000210001002cbd7000f7dbdf2505"], 0x14}, 0x1, 0x0, 0x0, 0x408c0}, 0x8014)

153.80663ms ago: executing program 5 (id=2556):
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket(0x25, 0x5, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340))
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

153.136554ms ago: executing program 2 (id=2557):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="3400000010000104fcfffffffbdbdf2500000000cf1e78cce506f585ec9e87e82305e14f633e99e2bd782fd4b25cca0ce5b7da6e"], 0x34}, 0x1, 0x0, 0x0, 0x20000045}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000040)={@dev={0xac, 0x14, 0x14, 0x19}, @empty, 0x2, "4f6fb4d1af0f724e6118ecfbac0200843af29708e2355d0e7ea0c543011a00", 0xfffffffc, 0x4, 0x81, 0x2}, 0x3c)
r2 = socket$kcm(0x2d, 0x2, 0x0)
connect$qrtr(r2, &(0x7f0000000040)={0x2d, 0x3, 0xfffffffe}, 0xc)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x38, r1, 0x60b, 0x70bd2d, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0xe}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x38}}, 0x0)
close(0xffffffffffffffff)
socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="980000000001010400000000000000000a0000003c0001802c0001801400030000000000000000000000ffffac1414aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300ff02000000000000000000000000000114000400fe8000000000000000000000000000aa0c00028005000100000000000800b2599347f51ecb07400000000004000f80b4d98227b765983cb945cdc4e1427791abeadf051fc16f545d5dc70b9cd111936896953a0fa94fe267deec0fe936db7f56af75596f8101ccd6e03e02bcfc1eaa6d6dd6ea75b6a5c45754ab0e98c3f61de7180c7acc97eaa739dc8a67437373b970d8dee502ecbba591555f2a5ed5cb4ac28aa261908dff7fb23de9a4b6e31be2e31946d3c575b258e463ef0631cd7f967e7a7f2e1cb41b7666403650909f0ffd5e3f43c9d34a6ecd2867a558e9efde14ead7da6808a35df0c9e5f12f3dd687066191594a0b6b2696bb77ebd62a04f771d0a3bed158718e335f884c8c5b7227b947d3ba6a0befff68fa481443b643ce73aba24239843e639531725299182a1f2955aa900eb50ace5b3d37b48202d49d62801cf915b8b8dcdd1a8071f636f024f3965e19bd316ea2d11f6510aaf949837ea323005a77086e71f70d092ebd4ea353b01fe2"], 0x98}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104000000000000000000000200", @ANYRES32, @ANYBLOB="0000000002000100240012800b00010065"], 0x44}}, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="200000000914000225bd7000fcdbdf25080001000100000008000100c2020000d09092c241bf46a1d40f60952a3a42fcf9fe9bf57d3ddf5ca36c15c50167286cb89f79174bf9e8042ea9b129e486eddd4a0d8411"], 0x20}, 0x1, 0x0, 0x0, 0x24000090}, 0x4000000)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x6, 0x0, &(0x7f0000000180))
bind$unix(0xffffffffffffffff, &(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x15, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="85000000080000004e00000000000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000880)={0xe, 0x4, &(0x7f0000000500)=ANY=[@ANYRESOCT=r2, @ANYRESOCT=r5], &(0x7f0000000600)='syzkaller\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r5)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x1407, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x60}]}, 0x18}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
socket$inet_udp(0x2, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002027702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000838500000071000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'})

152.861059ms ago: executing program 1 (id=2558):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000910095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r1, r1, 0x2f, 0x0, @void}, 0x10)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f00000000c0)={r2, r0, 0x4, r0}, 0x10)

146.687441ms ago: executing program 5 (id=2559):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, 0x0, 0x0)

128.76536ms ago: executing program 2 (id=2560):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000000c0)='kfree\x00', r3, 0x0, 0xfffffffffffffffd}, 0x18)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x24, 0x2, [@TCA_CGROUP_EMATCHES={0x20, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x3, 0x0, 0x0, {{0x5e4, 0x8, 0x3d0}, {0x0, 0x4, 0x6}}}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

57.2078ms ago: executing program 1 (id=2561):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x38, r0, 0x1, 0x0, 0x25dfdbfd, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0xf4, 0x2f}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}]]}, 0x38}, 0x1, 0x0, 0x0, 0xd37697ff280d3c0e}, 0x0)

56.672229ms ago: executing program 5 (id=2562):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000b40)={'wpan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000e40)={0x38, r2, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_LEVEL={0x1c, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_DEV_OVERRIDE={0x5}, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x1}, @NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x2}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20008894}, 0x44010)

28.388585ms ago: executing program 1 (id=2563):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c01250000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

15.953018ms ago: executing program 5 (id=2564):
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

836.743µs ago: executing program 2 (id=2565):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000001}, 0x0)

0s ago: executing program 1 (id=2566):
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c00018006000600843b0000971b0280540217"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

kernel console output (not intermixed with test programs):

======================
[   52.726235][ T6068] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   52.728359][ T6068] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.735740][ T6068] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   52.742975][ T6068] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   52.747169][ T6068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.754650][ T6068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   52.762960][ T6068] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   52.768435][ T6068] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.775092][ T6068] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   52.779510][ T6068] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   52.781947][ T6068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   52.789026][ T6068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   53.500209][ T6079] process 'syz.1.12' launched './file1' with NULL argv: empty string added
[   54.770014][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[   54.770062][ T5948] Bluetooth: hci2: command 0x0419 tx timeout
[   54.772296][ T5948] Bluetooth: hci0: command 0x0419 tx timeout
[   54.845029][ T5946] Bluetooth: hci3: command 0x0419 tx timeout
[   55.255881][ T6101] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   55.255881][ T6101]    program syz.1.17 not setting count and/or reply_len properly
[   55.944393][ T2294] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   56.012850][ T6114] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   56.016098][ T6114] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   56.019138][ T6114] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   56.022035][ T6114] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   56.147381][ T2294] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   56.151990][ T2294] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   56.157018][ T2294] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[   56.160865][ T2294] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   56.169219][ T2294] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   56.173522][ T2294] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   56.176647][ T2294] usb 7-1: Product: syz
[   56.178151][ T2294] usb 7-1: Manufacturer: syz
[   56.188675][ T2294] cdc_wdm 7-1:1.0: skipping garbage
[   56.190654][ T2294] cdc_wdm 7-1:1.0: skipping garbage
[   56.192532][ T2294] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[   56.314597][ T6123] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23'.
[   56.325152][ T6123] wireguard0: entered promiscuous mode
[   56.327117][ T6123] wireguard0: entered allmulticast mode
[   56.422949][ T6113] fuse: Bad value for 'fd'
[   56.477095][ T2294] usb 7-1: USB disconnect, device number 2
[   57.489805][ T6157] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   57.495080][ T6157] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   57.498510][ T6157] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   57.501963][ T6157] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   58.756953][ T6178] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.759706][ T6178] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.809200][ T6178] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   58.816315][ T6178] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   58.888379][ T6181] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.920714][  T224] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.924580][  T224] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.927910][  T224] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   58.930716][  T224] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   59.133617][ T6187] netlink: 'syz.0.36': attribute type 10 has an invalid length.
[   59.144268][ T6187] 8021q: adding VLAN 0 to HW filter on device batadv0
[   59.167784][ T6187] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   59.404290][ T5954] Bluetooth: hci0: command 0x0419 tx timeout
[   59.564240][ T5954] Bluetooth: hci3: command 0x0419 tx timeout
[   59.564302][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[   59.564423][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[   59.567411][ T6189] veth0: entered promiscuous mode
[   59.584450][ T6188] veth0: left promiscuous mode
[   59.929070][ T6199] syzkaller0: entered promiscuous mode
[   59.930908][ T6199] syzkaller0: entered allmulticast mode
[   60.307765][ T6205] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   60.316811][ T6205] CIFS: Unable to determine destination address
[   60.724370][ T6214] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   60.733396][ T6214] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   60.737233][ T6214] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   60.742559][ T6214] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   62.684399][ T5954] Bluetooth: hci0: command 0x0419 tx timeout
[   62.764236][ T5954] Bluetooth: hci3: command 0x0419 tx timeout
[   62.764320][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[   62.766318][ T5954] Bluetooth: hci2: command 0x0419 tx timeout
[   63.291549][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.53'.
[   64.774296][ T5954] Bluetooth: hci0: command 0x0419 tx timeout
[   64.844294][ T5954] Bluetooth: hci1: command 0x0419 tx timeout
[   64.844470][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[   64.854343][ T5948] Bluetooth: hci2: command 0x0419 tx timeout
[   66.924317][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[   67.287122][ T6296] ubi31: attaching mtd0
[   67.292431][ T6296] ubi31: scanning is finished
[   67.296985][ T6296] ubi31: empty MTD device detected
[   67.877938][ T6296] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[   67.880562][ T6296] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[   67.882937][ T6296] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[   67.894474][ T6296] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[   67.897728][ T6296] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[   67.898799][ T6295] netlink: 24 bytes leftover after parsing attributes in process `syz.3.63'.
[   67.900625][ T6296] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[   67.907598][ T6296] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2775926282
[   67.911832][ T6296] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[   67.916889][ T6306] ubi31: background thread "ubi_bgt31d" started, PID 6306
[   68.170356][ T6315] 9pnet_fd: Insufficient options for proto=fd
[   68.889614][ T6318] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.69'.
[   70.847667][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[   70.922931][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[   72.783892][ T6372] lo speed is unknown, defaulting to 1000
[   72.785858][ T6372] lo speed is unknown, defaulting to 1000
[   72.788758][ T6372] lo speed is unknown, defaulting to 1000
[   72.792587][ T6372] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   72.798698][ T6372] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[   72.812050][ T6372] lo speed is unknown, defaulting to 1000
[   72.814784][ T6372] lo speed is unknown, defaulting to 1000
[   72.817592][ T6372] lo speed is unknown, defaulting to 1000
[   72.820053][ T6372] lo speed is unknown, defaulting to 1000
[   73.456445][ T6399] overlay: filesystem on ./file0 is read-only
[   73.575140][ T6402] support for cryptoloop has been removed.  Use dm-crypt instead.
[   73.580041][ T6402] support for cryptoloop has been removed.  Use dm-crypt instead.
[   74.464934][ T6011] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   74.542790][ T6423] syz.2.97 uses obsolete (PF_INET,SOCK_PACKET)
[   74.634453][ T6011] usb 6-1: Using ep0 maxpacket: 8
[   75.137927][ T6011] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   75.142013][ T6011] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   75.194316][ T6011] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   75.197758][ T6011] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   75.201748][ T6011] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   75.306859][ T6425] batadv_slave_1: entered promiscuous mode
[   75.390569][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.630097][ T6011] usb 6-1: GET_CAPABILITIES returned 0
[   75.632188][ T6011] usbtmc 6-1:16.0: can't read capabilities
[   75.801383][ T6433] netlink: 124 bytes leftover after parsing attributes in process `syz.0.101'.
[   75.838947][ T6422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   75.846919][ T6422] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   75.856336][   T34] usb 6-1: USB disconnect, device number 2
[   76.140024][ T6424] batadv_slave_1: left promiscuous mode
[   76.244682][ T6439] siw: device registration error -23
[   76.958841][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.106'.
[   76.971265][ T6447] veth1_macvtap: left promiscuous mode
[   77.060914][ T6451] random: crng reseeded on system resumption
[   77.152985][   T40] audit: type=1326 audit(1761046914.251:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162164][   T40] audit: type=1326 audit(1761046914.251:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162213][   T40] audit: type=1326 audit(1761046914.251:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162251][   T40] audit: type=1326 audit(1761046914.251:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162314][   T40] audit: type=1326 audit(1761046914.251:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=446 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162354][   T40] audit: type=1326 audit(1761046914.261:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162391][   T40] audit: type=1326 audit(1761046914.261:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.162428][   T40] audit: type=1326 audit(1761046914.261:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.243777][   T40] audit: type=1326 audit(1761046914.341:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.255164][   T40] audit: type=1326 audit(1761046914.341:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6458 comm="syz.0.110" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[   77.266733][ T6462] mkiss: ax0: crc mode is auto.
[   78.331728][ T6536] netlink: 2 bytes leftover after parsing attributes in process `syz.1.116'.
[   78.372393][ T6540] bridge_slave_0: default FDB implementation only supports local addresses
[   78.376937][ T6540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.117'.
[   78.380386][ T6540] bridge_slave_0: default FDB implementation only supports local addresses
[   79.888435][ T6577] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   79.900006][ T6577] netlink: 4 bytes leftover after parsing attributes in process `syz.3.126'.
[   80.205505][ T6579] FAULT_INJECTION: forcing a failure.
[   80.205505][ T6579] name failslab, interval 1, probability 0, space 0, times 1
[   80.211128][ T6579] CPU: 0 UID: 0 PID: 6579 Comm: syz.3.127 Not tainted syzkaller #0 PREEMPT(full) 
[   80.211152][ T6579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.211163][ T6579] Call Trace:
[   80.211169][ T6579]  <TASK>
[   80.211176][ T6579]  dump_stack_lvl+0x16c/0x1f0
[   80.211230][ T6579]  should_fail_ex+0x512/0x640
[   80.211288][ T6579]  should_failslab+0xc2/0x120
[   80.211309][ T6579]  __kmalloc_noprof+0xdd/0x880
[   80.211332][ T6579]  ? aa_label_asxprint+0x75/0x140
[   80.211356][ T6579]  ? aa_label_asxprint+0x75/0x140
[   80.211374][ T6579]  aa_label_asxprint+0x75/0x140
[   80.211398][ T6579]  apparmor_lsmprop_to_secctx+0xb2/0x1a0
[   80.211434][ T6579]  security_lsmprop_to_secctx+0x146/0x1a0
[   80.211467][ T6579]  audit_log_subj_ctx+0x29b/0x460
[   80.211488][ T6579]  ? map_id_range_up+0x2ce/0x3b0
[   80.211512][ T6579]  ? __pfx_audit_log_subj_ctx+0x10/0x10
[   80.211533][ T6579]  ? audit_log_format+0xe8/0x130
[   80.211556][ T6579]  audit_log_task_context+0x85/0xb0
[   80.211576][ T6579]  ? __pfx_audit_log_task_context+0x10/0x10
[   80.211603][ T6579]  audit_log_task+0x1c2/0x3f0
[   80.211627][ T6579]  ? __pfx_audit_log_task+0x10/0x10
[   80.211657][ T6579]  audit_seccomp+0x79/0x1f0
[   80.211677][ T6579]  __seccomp_filter+0xa74/0x11c0
[   80.211698][ T6579]  ? __pfx___seccomp_filter+0x10/0x10
[   80.211722][ T6579]  ? find_get_task_by_vpid+0x19e/0x310
[   80.211749][ T6579]  __secure_computing+0x215/0x320
[   80.211769][ T6579]  syscall_trace_enter+0x89/0x240
[   80.211792][ T6579]  __do_fast_syscall_32+0x1c7/0x300
[   80.211818][ T6579]  do_fast_syscall_32+0x32/0x80
[   80.211841][ T6579]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   80.211863][ T6579] RIP: 0023:0xf701d579
[   80.211877][ T6579] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   80.211893][ T6579] RSP: 002b:00000000f540d590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[   80.211911][ T6579] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f540d620
[   80.211921][ T6579] RDX: 000000000000000f RSI: 00000000f73b5ff4 RDI: 0000000000000000
[   80.211930][ T6579] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[   80.211940][ T6579] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[   80.211949][ T6579] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   80.211973][ T6579]  </TASK>
[   81.251917][ T6589] netlink: 4 bytes leftover after parsing attributes in process `syz.3.130'.
[   81.258843][ T6589] veth1_macvtap: left promiscuous mode
[   81.306737][ T6590] random: crng reseeded on system resumption
[   81.505489][ T3242] cfg80211: failed to load regulatory.db
[   81.571346][ T6592] Bluetooth: hci4: Frame reassembly failed (-84)
[   81.576034][ T1182] Bluetooth: hci4: Frame reassembly failed (-84)
[   81.745880][ T6610] netlink: 24 bytes leftover after parsing attributes in process `syz.3.136'.
[   81.751691][   T24] IPVS: starting estimator thread 0...
[   81.815019][ T6614] netlink: 'syz.3.136': attribute type 1 has an invalid length.
[   81.818207][ T6614] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   81.821477][ T6614] IPv6: NLM_F_CREATE should be set when creating new route
[   81.824730][ T6614] IPv6: NLM_F_CREATE should be set when creating new route
[   81.847198][ T6611] IPVS: using max 23 ests per chain, 55200 per kthread
[   82.757071][ T6630] netlink: 4 bytes leftover after parsing attributes in process `syz.0.142'.
[   82.765812][ T6630] random: crng reseeded on system resumption
[   83.129978][ T6646] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   83.174509][ T6644] fuse: Unknown parameter '00000000000000000008���1O���V��ޡ/mŵ�|5e�I�l���O�L��%�宛)�����Q<���0?䘺���D��6��
[   83.174509][ T6644] :R:`;�-'
[   83.182820][ T6644] No control pipe specified
[   83.312050][ T6652] binder: 6649:6652 ioctl 0 80000040 returned -22
[   83.645019][ T5948] Bluetooth: hci4: Opcode 0x1003 failed: -110
[   83.645507][ T5954] Bluetooth: hci4: command 0x1003 tx timeout
[   84.289308][ T6660] batadv_slave_1: entered promiscuous mode
[   84.402265][ T6662] netlink: 4 bytes leftover after parsing attributes in process `syz.0.152'.
[   84.409022][ T6662] random: crng reseeded on system resumption
[   84.631912][ T6686] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[   84.633638][ T6685] FAULT_INJECTION: forcing a failure.
[   84.633638][ T6685] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   84.643489][ T6685] CPU: 2 UID: 0 PID: 6685 Comm: syz.0.160 Not tainted syzkaller #0 PREEMPT(full) 
[   84.643511][ T6685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   84.643521][ T6685] Call Trace:
[   84.643527][ T6685]  <TASK>
[   84.643548][ T6685]  dump_stack_lvl+0x16c/0x1f0
[   84.643575][ T6685]  should_fail_ex+0x512/0x640
[   84.643595][ T6685]  _copy_from_user+0x2e/0xd0
[   84.643613][ T6685]  move_addr_to_kernel+0x65/0x170
[   84.643648][ T6685]  __get_compat_msghdr+0x3f1/0x4d0
[   84.643667][ T6685]  get_compat_msghdr+0xd2/0x170
[   84.643684][ T6685]  ? __pfx_get_compat_msghdr+0x10/0x10
[   84.643703][ T6685]  ? __pfx__kstrtoull+0x10/0x10
[   84.643728][ T6685]  ___sys_sendmsg+0x1ae/0x1d0
[   84.643748][ T6685]  ? __pfx____sys_sendmsg+0x10/0x10
[   84.643764][ T6685]  ? __lock_acquire+0x622/0x1c90
[   84.643805][ T6685]  ? __pfx___might_resched+0x10/0x10
[   84.643833][ T6685]  __sys_sendmmsg+0x2f9/0x420
[   84.643854][ T6685]  ? __pfx___sys_sendmmsg+0x10/0x10
[   84.643881][ T6685]  ? bpf_trace_run2+0x26b/0x590
[   84.643911][ T6685]  ? __might_fault+0xe3/0x190
[   84.643932][ T6685]  ? __might_fault+0xe3/0x190
[   84.643952][ T6685]  ? __might_fault+0x13b/0x190
[   84.643979][ T6685]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[   84.643999][ T6685]  __do_fast_syscall_32+0x7c/0x300
[   84.644023][ T6685]  do_fast_syscall_32+0x32/0x80
[   84.644044][ T6685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   84.644065][ T6685] RIP: 0023:0xf7f65579
[   84.644078][ T6685] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   84.644093][ T6685] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000159
[   84.644110][ T6685] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001440
[   84.644136][ T6685] RDX: 0000000000000002 RSI: 0000000000040000 RDI: 0000000000000000
[   84.644146][ T6685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   84.644161][ T6685] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   84.644171][ T6685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   84.644194][ T6685]  </TASK>
[   84.723107][    C2] vkms_vblank_simulate: vblank timer overrun
[   84.736698][ T6688] warning: `syz.3.161' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   84.833165][ T6692] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'.
[   84.839144][ T6692] random: crng reseeded on system resumption
[   85.121150][ T6659] batadv_slave_1: left promiscuous mode
[   85.251921][   T40] kauditd_printk_skb: 17 callbacks suppressed
[   85.251937][   T40] audit: type=1400 audit(1761046922.351:28): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3A30206B420A4C617A79467265653A202020202020202020202020202030206B420A416E6F6E4875676550616765733A20202020202020202030206B420A53686D656D506D644D61707065643A202020202020202030206B420A46696C65506D644D61707065643A20202020202020202030206B420A5368617265645F48756765746C623A202020202020202030206B420A507269766174 pid=6714 comm="syz.3.171"
[   85.457536][ T6717] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   85.460519][ T6717] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   85.463325][ T6717] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   85.467034][ T6717] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   85.827404][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.175'.
[   85.833135][ T6726] random: crng reseeded on system resumption
[   86.100795][ T6745] netlink: 'syz.0.179': attribute type 46 has an invalid length.
[   86.405656][ T6763] netlink: 4 bytes leftover after parsing attributes in process `syz.2.186'.
[   86.460904][ T6764] random: crng reseeded on system resumption
[   86.726897][ T6780] fuse: Bad value for 'fd'
[   86.755808][ T6772] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   86.757926][ T6772] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   86.760088][ T6772] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   86.762925][ T6772] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   87.754610][ T6794] ebtables: wrong size: *len 80, entries_size 48, replsz 48
[   87.892271][ T6799] netlink: 4 bytes leftover after parsing attributes in process `syz.3.198'.
[   87.899285][ T6799] random: crng reseeded on system resumption
[   88.012893][ T6802] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[   88.063351][ T6802] netlink: 'syz.2.195': attribute type 1 has an invalid length.
[   88.066417][ T6802] netlink: 244 bytes leftover after parsing attributes in process `syz.2.195'.
[   88.694883][ T5948] Bluetooth: hci0: command 0x0419 tx timeout
[   88.774283][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[   88.774415][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[   88.779305][ T5954] Bluetooth: hci2: command 0x0419 tx timeout
[   90.057496][ T6841] 9p: Unknown Cache mode or invalid value fscach
[   90.114769][ T6011] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   90.157013][ T6844] netlink: 4 bytes leftover after parsing attributes in process `syz.3.211'.
[   90.164457][ T6844] random: crng reseeded on system resumption
[   90.250193][ T6011] usb 6-1: device descriptor read/64, error -71
[   90.955707][ T6011] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   91.277325][ T6011] usb 6-1: device descriptor read/64, error -71
[   91.381640][ T6879] netlink: 4 bytes leftover after parsing attributes in process `syz.3.221'.
[   91.402243][ T6011] usb usb6-port1: attempt power cycle
[   91.451887][ T6873] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   91.454682][ T6873] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   91.458043][ T6873] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   91.460196][ T6873] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   91.744316][ T6011] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   91.764698][ T6011] usb 6-1: device descriptor read/8, error -71
[   92.864223][ T6011] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   93.065084][ T6011] usb 6-1: device descriptor read/8, error -71
[   93.174398][ T6011] usb usb6-port1: unable to enumerate USB device
[   93.324214][   T24] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[   93.414319][ T5954] Bluetooth: hci0: command 0x0419 tx timeout
[   93.475548][   T24] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   93.478383][   T24] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   93.481820][   T24] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   93.484350][ T5954] Bluetooth: hci3: command 0x0419 tx timeout
[   93.484461][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[   93.484507][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[   93.485540][   T24] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.496029][   T24] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   93.498864][   T24] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   93.501375][   T24] usb 8-1: Product: syz
[   93.502708][   T24] usb 8-1: Manufacturer: syz
[   93.513603][   T24] cdc_wdm 8-1:1.0: skipping garbage
[   93.516372][   T24] cdc_wdm 8-1:1.0: skipping garbage
[   93.518519][   T24] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[   94.936874][ T6947] netlink: 40 bytes leftover after parsing attributes in process `syz.1.240'.
[   94.993548][ T6948] netlink: 112 bytes leftover after parsing attributes in process `syz.1.240'.
[   95.002229][ T6947] FAULT_INJECTION: forcing a failure.
[   95.002229][ T6947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   95.006632][ T6950] can-isotp: isotp_sendmsg: can_send_ret -ENETDOWN
[   95.008402][ T6947] CPU: 3 UID: 0 PID: 6947 Comm: syz.1.240 Not tainted syzkaller #0 PREEMPT(full) 
[   95.008425][ T6947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   95.008435][ T6947] Call Trace:
[   95.008440][ T6947]  <TASK>
[   95.008444][ T6947]  dump_stack_lvl+0x16c/0x1f0
[   95.008462][ T6947]  should_fail_ex+0x512/0x640
[   95.008475][ T6947]  _copy_from_user+0x2e/0xd0
[   95.008488][ T6947]  get_compat_msghdr+0xa7/0x170
[   95.008500][ T6947]  ? __pfx_get_compat_msghdr+0x10/0x10
[   95.008516][ T6947]  ___sys_sendmsg+0x1ae/0x1d0
[   95.008530][ T6947]  ? __pfx____sys_sendmsg+0x10/0x10
[   95.008548][ T6947]  ? find_held_lock+0x2b/0x80
[   95.008573][ T6947]  __sys_sendmsg+0x16d/0x220
[   95.008584][ T6947]  ? __pfx___sys_sendmsg+0x10/0x10
[   95.008603][ T6947]  ? rcu_is_watching+0x12/0xc0
[   95.008621][ T6947]  __do_fast_syscall_32+0x7c/0x300
[   95.008637][ T6947]  do_fast_syscall_32+0x32/0x80
[   95.008651][ T6947]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   95.008665][ T6947] RIP: 0023:0xf7fb1579
[   95.008674][ T6947] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   95.008684][ T6947] RSP: 002b:00000000f54a655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   95.008695][ T6947] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000080000200
[   95.008702][ T6947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   95.008708][ T6947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   95.008713][ T6947] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   95.008720][ T6947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   95.008733][ T6947]  </TASK>
[   96.163779][ T3242] usb 8-1: USB disconnect, device number 2
[   96.276808][ T6986] FAULT_INJECTION: forcing a failure.
[   96.276808][ T6986] name failslab, interval 1, probability 0, space 0, times 0
[   96.280911][ T6986] CPU: 0 UID: 0 PID: 6986 Comm: syz.2.252 Not tainted syzkaller #0 PREEMPT(full) 
[   96.280926][ T6986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   96.280932][ T6986] Call Trace:
[   96.280936][ T6986]  <TASK>
[   96.280941][ T6986]  dump_stack_lvl+0x16c/0x1f0
[   96.280958][ T6986]  should_fail_ex+0x512/0x640
[   96.280969][ T6986]  ? __kmalloc_cache_noprof+0x5f/0x780
[   96.280986][ T6986]  should_failslab+0xc2/0x120
[   96.280997][ T6986]  __kmalloc_cache_noprof+0x72/0x780
[   96.281011][ T6986]  ? lockdep_init_map_type+0x5c/0x280
[   96.281023][ T6986]  ? tcf_block_get_ext+0x15c/0x1800
[   96.281044][ T6986]  ? tcf_block_get_ext+0x15c/0x1800
[   96.281056][ T6986]  tcf_block_get_ext+0x15c/0x1800
[   96.281069][ T6986]  ? qdisc_alloc+0x900/0xc50
[   96.281079][ T6986]  ? netlink_rcv_skb+0x158/0x420
[   96.281092][ T6986]  ? netlink_unicast+0x5aa/0x870
[   96.281106][ T6986]  tcf_block_get+0xa8/0x100
[   96.281118][ T6986]  ? __pfx_tcf_block_get+0x10/0x10
[   96.281130][ T6986]  ? __pfx_tcf_chain_head_change_dflt+0x10/0x10
[   96.281150][ T6986]  ? __pfx_multiq_init+0x10/0x10
[   96.281164][ T6986]  multiq_init+0x70/0x2b0
[   96.281176][ T6986]  ? __pfx_multiq_init+0x10/0x10
[   96.281191][ T6986]  qdisc_create+0x457/0xfc0
[   96.281208][ T6986]  tc_modify_qdisc+0x11d8/0x2170
[   96.281225][ T6986]  ? rcu_is_watching+0x12/0xc0
[   96.281243][ T6986]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   96.281270][ T6986]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   96.281286][ T6986]  rtnetlink_rcv_msg+0x3c9/0xe90
[   96.281301][ T6986]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   96.281317][ T6986]  ? __lock_acquire+0x622/0x1c90
[   96.281331][ T6986]  netlink_rcv_skb+0x158/0x420
[   96.281344][ T6986]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   96.281358][ T6986]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   96.281376][ T6986]  ? netlink_deliver_tap+0x1ae/0xd30
[   96.281391][ T6986]  netlink_unicast+0x5aa/0x870
[   96.281406][ T6986]  ? __pfx_netlink_unicast+0x10/0x10
[   96.281424][ T6986]  netlink_sendmsg+0x8c8/0xdd0
[   96.281439][ T6986]  ? __pfx_netlink_sendmsg+0x10/0x10
[   96.281454][ T6986]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[   96.281469][ T6986]  ____sys_sendmsg+0xa98/0xc70
[   96.281486][ T6986]  ? __pfx_____sys_sendmsg+0x10/0x10
[   96.281501][ T6986]  ? get_compat_msghdr+0x11a/0x170
[   96.281519][ T6986]  ___sys_sendmsg+0x134/0x1d0
[   96.281532][ T6986]  ? __pfx____sys_sendmsg+0x10/0x10
[   96.281550][ T6986]  ? find_held_lock+0x2b/0x80
[   96.281574][ T6986]  __sys_sendmsg+0x16d/0x220
[   96.281586][ T6986]  ? __pfx___sys_sendmsg+0x10/0x10
[   96.281605][ T6986]  ? rcu_is_watching+0x12/0xc0
[   96.281622][ T6986]  __do_fast_syscall_32+0x7c/0x300
[   96.281638][ T6986]  do_fast_syscall_32+0x32/0x80
[   96.281653][ T6986]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[   96.281667][ T6986] RIP: 0023:0xf700d579
[   96.281676][ T6986] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[   96.281686][ T6986] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[   96.281697][ T6986] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000800012c0
[   96.281703][ T6986] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[   96.281709][ T6986] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   96.281715][ T6986] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[   96.281721][ T6986] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[   96.281735][ T6986]  </TASK>
[   96.695293][ T6998] comedi comedi4: bad chanlist[1]=0xfffffffd chan=65533 range length=2
[   97.284336][   T34] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   97.695877][   T34] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   97.698584][   T34] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.701687][   T34] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[   97.704875][   T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.710163][   T34] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   97.712940][   T34] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   97.715829][   T34] usb 7-1: Product: syz
[   97.717139][   T34] usb 7-1: Manufacturer: syz
[   97.722433][   T34] cdc_wdm 7-1:1.0: skipping garbage
[   97.724077][   T34] cdc_wdm 7-1:1.0: skipping garbage
[   97.726025][   T34] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[   98.135282][ T7017] netlink: 4 bytes leftover after parsing attributes in process `syz.3.261'.
[   98.141413][ T7017] random: crng reseeded on system resumption
[   99.239399][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.0.267'.
[   99.251190][ T7040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.267'.
[   99.281411][ T1462] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[   99.484344][ T1462] usb 6-1: Using ep0 maxpacket: 32
[   99.494459][ T1462] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[   99.499143][ T1462] usb 6-1: config 0 has no interface number 0
[   99.509838][ T1462] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[   99.514927][ T1462] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.519400][ T1462] usb 6-1: Product: syz
[   99.522320][ T1462] usb 6-1: Manufacturer: syz
[   99.525499][ T1462] usb 6-1: SerialNumber: syz
[   99.532035][ T1462] usb 6-1: config 0 descriptor??
[   99.540022][ T1462] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[   99.547053][ T1462] usb 6-1: selecting invalid altsetting 1
[   99.551747][ T1462] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[   99.564460][ T1462] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[   99.572349][ T1462] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[   99.579870][ T1462] usb 6-1: media controller created
[   99.615135][ T1462] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[   99.743584][ T1462] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[   99.754248][ T1462] zl10353_read_register: readreg error (reg=127, ret==-71)
[   99.760519][ T1462] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[   99.799284][ T1462] usb 6-1: USB disconnect, device number 7
[  100.154846][ T3242] usb 7-1: USB disconnect, device number 3
[  100.651394][ T7073] lo speed is unknown, defaulting to 1000
[  100.707800][ T7073] netlink: 'syz.1.274': attribute type 8 has an invalid length.
[  101.351401][ T7093] netlink: 12 bytes leftover after parsing attributes in process `syz.2.278'.
[  101.397638][ T7093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.278'.
[  101.805677][ T5988] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  101.954356][ T5988] usb 6-1: Using ep0 maxpacket: 32
[  101.957480][ T5988] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  101.960017][ T5988] usb 6-1: config 0 has no interface number 0
[  101.963926][ T5988] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  101.967443][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.970269][ T5988] usb 6-1: Product: syz
[  101.971694][ T5988] usb 6-1: Manufacturer: syz
[  101.973288][ T5988] usb 6-1: SerialNumber: syz
[  101.976976][ T5988] usb 6-1: config 0 descriptor??
[  101.981790][ T5988] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  101.984859][ T5988] usb 6-1: selecting invalid altsetting 1
[  101.986957][ T5988] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  101.992015][ T5988] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  101.995828][ T5988] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  101.998974][ T5988] usb 6-1: media controller created
[  102.008765][ T5988] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  103.085200][ T5988] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  103.088859][ T5988] zl10353_read_register: readreg error (reg=127, ret==-110)
[  103.091899][ T5988] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  103.111352][ T5988] usb 6-1: USB disconnect, device number 8
[  103.797979][ T7130] netlink: 4 bytes leftover after parsing attributes in process `syz.1.289'.
[  103.801005][ T7130] bridge_slave_1: left allmulticast mode
[  103.802775][ T7130] bridge_slave_1: left promiscuous mode
[  103.806128][ T7130] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.818332][ T7130] bridge_slave_0: left allmulticast mode
[  103.820741][ T7130] bridge_slave_0: left promiscuous mode
[  103.823267][ T7130] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.236291][ T7131] /dev/sr0: Can't open blockdev
[  104.856591][ T7151] Bluetooth: MGMT ver 1.23
[  105.794225][  T841] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  105.944265][  T841] usb 6-1: Using ep0 maxpacket: 32
[  105.963773][  T841] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  105.967654][  T841] usb 6-1: config 0 has no interface number 0
[  105.973849][  T841] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  105.977955][  T841] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.981153][  T841] usb 6-1: Product: syz
[  105.982897][  T841] usb 6-1: Manufacturer: syz
[  105.985315][  T841] usb 6-1: SerialNumber: syz
[  105.988169][  T841] usb 6-1: config 0 descriptor??
[  105.991746][  T841] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  105.994612][  T841] usb 6-1: selecting invalid altsetting 1
[  105.996694][  T841] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  106.002584][  T841] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  106.006895][  T841] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  106.010358][  T841] usb 6-1: media controller created
[  106.025914][  T841] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  106.508434][ T7178] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  106.671430][ T7178] /dev/sr0: Can't open blockdev
[  106.736835][ T7185] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  106.915395][ T7185] /dev/sr0: Can't open blockdev
[  106.963049][ T7191] IPVS: sync thread started: state = MASTER, mcast_ifn = team_slave_1, syncid = 1, id = 0
[  106.971359][ T7189] lo speed is unknown, defaulting to 1000
[  107.094353][  T841] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  107.096537][  T841] zl10353_read_register: readreg error (reg=127, ret==-110)
[  107.100939][  T841] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  107.115509][  T841] usb 6-1: USB disconnect, device number 9
[  107.547535][ T7204] netlink: 4 bytes leftover after parsing attributes in process `syz.2.310'.
[  107.556534][ T7204] random: crng reseeded on system resumption
[  107.788992][ T7217] syz.0.315: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  107.795554][ T7217] CPU: 3 UID: 0 PID: 7217 Comm: syz.0.315 Not tainted syzkaller #0 PREEMPT(full) 
[  107.795577][ T7217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  107.795588][ T7217] Call Trace:
[  107.795611][ T7217]  <TASK>
[  107.795620][ T7217]  dump_stack_lvl+0x16c/0x1f0
[  107.795646][ T7217]  warn_alloc+0x248/0x3a0
[  107.795670][ T7217]  ? __pfx_warn_alloc+0x10/0x10
[  107.795700][ T7217]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  107.795715][ T7217]  ? __vmalloc_node_noprof+0xad/0xf0
[  107.795731][ T7217]  __vmalloc_node_range_noprof+0xfe2/0x1480
[  107.795748][ T7217]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  107.795762][ T7217]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  107.795779][ T7217]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  107.795790][ T7217]  vmalloc_user_noprof+0x9e/0xe0
[  107.795802][ T7217]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  107.795813][ T7217]  vb2_vmalloc_alloc+0x135/0x3f0
[  107.795824][ T7217]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  107.795835][ T7217]  __vb2_queue_alloc+0x8c9/0x1280
[  107.795860][ T7217]  vb2_core_reqbufs+0xa90/0xfe0
[  107.795878][ T7217]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  107.795895][ T7217]  ? rcu_is_watching+0x12/0xc0
[  107.795920][ T7217]  ? __mutex_lock+0x1c5/0x1060
[  107.795947][ T7217]  vb2_reqbufs+0x1a3/0x1f0
[  107.795971][ T7217]  ? __pfx_vb2_reqbufs+0x10/0x10
[  107.795996][ T7217]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  107.796020][ T7217]  v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0
[  107.796046][ T7217]  v4l_reqbufs+0x142/0x1d0
[  107.796066][ T7217]  __video_do_ioctl+0xb77/0xf00
[  107.796091][ T7217]  ? __might_fault+0xe3/0x190
[  107.796113][ T7217]  ? __pfx___video_do_ioctl+0x10/0x10
[  107.796143][ T7217]  video_usercopy+0x47f/0x1450
[  107.796168][ T7217]  ? __pfx___video_do_ioctl+0x10/0x10
[  107.796190][ T7217]  ? __pfx_video_usercopy+0x10/0x10
[  107.796219][ T7217]  ? hook_file_ioctl_common+0x145/0x410
[  107.796256][ T7217]  v4l2_ioctl+0x1bd/0x250
[  107.796280][ T7217]  v4l2_compat_ioctl32+0x217/0x2c0
[  107.796300][ T7217]  ? __pfx_v4l2_compat_ioctl32+0x10/0x10
[  107.796321][ T7217]  __ia32_compat_sys_ioctl+0x242/0x370
[  107.796345][ T7217]  __do_fast_syscall_32+0x7c/0x300
[  107.796370][ T7217]  do_fast_syscall_32+0x32/0x80
[  107.796392][ T7217]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  107.796413][ T7217] RIP: 0023:0xf7f65579
[  107.796427][ T7217] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  107.796442][ T7217] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  107.796458][ T7217] RAX: ffffffffffffffda RBX: 0000000000000028 RCX: 00000000c0145608
[  107.796470][ T7217] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  107.796480][ T7217] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  107.796490][ T7217] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  107.796499][ T7217] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  107.796523][ T7217]  </TASK>
[  107.799918][ T7217] Mem-Info:
[  107.908423][ T7217] active_anon:8788 inactive_anon:1 isolated_anon:0
[  107.908423][ T7217]  active_file:4247 inactive_file:35939 isolated_file:0
[  107.908423][ T7217]  unevictable:1768 dirty:547 writeback:0
[  107.908423][ T7217]  slab_reclaimable:10098 slab_unreclaimable:51579
[  107.908423][ T7217]  mapped:26393 shmem:4721 pagetables:1206
[  107.908423][ T7217]  sec_pagetables:313 bounce:0
[  107.908423][ T7217]  kernel_misc_reclaimable:0
[  107.908423][ T7217]  free:60324 free_pcp:8298 free_cma:0
[  107.927211][ T7217] Node 0 active_anon:3416kB inactive_anon:0kB active_file:428kB inactive_file:36kB unevictable:3536kB isolated(anon):76kB isolated(file):0kB mapped:3264kB dirty:76kB writeback:0kB shmem:6616kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:9252kB pagetables:1688kB sec_pagetables:1164kB all_unreclaimable? yes Balloon:0kB
[  107.937395][ T7217] Node 1 active_anon:32684kB inactive_anon:4kB active_file:16560kB inactive_file:143720kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:103408kB dirty:2112kB writeback:0kB shmem:13368kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:4508kB pagetables:3136kB sec_pagetables:88kB all_unreclaimable? no Balloon:0kB
[  107.947654][ T7217] Node 0 DMA free:2104kB boost:0kB min:760kB low:948kB high:1136kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:432kB local_pcp:56kB free_cma:0kB
[  107.958100][ T7217] lowmem_reserve[]: 0 292 292 292 292
[  107.960038][ T7217] Node 0 DMA32 free:14264kB boost:0kB min:13448kB low:16808kB high:20168kB reserved_highatomic:0KB free_highatomic:0KB active_anon:3416kB inactive_anon:0kB active_file:428kB inactive_file:36kB unevictable:3536kB writepending:76kB zspages:0kB present:1032196kB managed:299556kB mlocked:0kB bounce:0kB free_pcp:8684kB local_pcp:2764kB free_cma:0kB
[  107.970665][ T7217] lowmem_reserve[]: 0 0 0 0 0
[  107.972239][ T7217] Node 1 DMA32 free:215332kB boost:0kB min:47144kB low:58928kB high:70712kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33184kB inactive_anon:4kB active_file:16560kB inactive_file:143720kB unevictable:3536kB writepending:2112kB zspages:1844kB present:1048432kB managed:948220kB mlocked:0kB bounce:0kB free_pcp:31968kB local_pcp:896kB free_cma:0kB
[  107.982821][ T7217] lowmem_reserve[]: 0 0 0 0 0
[  107.985146][ T7217] Node 0 DMA: 28*4kB (U) 1*8kB (U) 2*16kB (UM) 7*32kB (UM) 1*64kB (U) 1*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2104kB
[  107.989814][ T7217] Node 0 DMA32: 47*4kB (UM) 33*8kB (UM) 20*16kB (UME) 67*32kB (UME) 38*64kB (UM) 23*128kB (UM) 12*256kB (UM) 2*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 15460kB
[  107.995220][ T7217] Node 1 DMA32: 372*4kB (UME) 120*8kB (UE) 139*16kB (UE) 292*32kB (UE) 67*64kB (UME) 56*128kB (UME) 19*256kB (M) 15*512kB (UM) 3*1024kB (UE) 13*2048kB (UME) 36*4096kB (UM) = 215168kB
[  108.001390][ T7217] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  108.005463][ T7217] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  108.008599][ T7217] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  108.011879][ T7217] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  108.014936][ T7217] 45636 total pagecache pages
[  108.016445][ T7217] 343 pages in swap cache
[  108.017824][ T7217] Free swap  = 121084kB
[  108.019157][ T7217] Total swap = 124996kB
[  108.020532][ T7217] 524155 pages RAM
[  108.021722][ T7217] 0 pages HighMem/MovableOnly
[  108.023223][ T7217] 208371 pages reserved
[  108.024640][ T7217] 0 pages cma reserved
[  108.102989][ T7228] netlink: 'syz.1.312': attribute type 1 has an invalid length.
[  108.116031][ T7228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'.
[  108.121982][ T7228] netlink: 48 bytes leftover after parsing attributes in process `syz.1.312'.
[  108.127977][ T7228] netlink: 'syz.1.312': attribute type 10 has an invalid length.
[  108.131736][ T7228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.312'.
[  108.192705][ T7232] siw: device registration error -23
[  108.536886][ T5988] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  108.580469][ T7242] netlink: 4 bytes leftover after parsing attributes in process `syz.1.322'.
[  108.584989][ T7242] veth1_macvtap: left promiscuous mode
[  108.635294][ T7243] random: crng reseeded on system resumption
[  108.684316][ T5988] usb 7-1: Using ep0 maxpacket: 32
[  108.687613][ T5988] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  108.690725][ T5988] usb 7-1: config 0 has no interface number 0
[  108.695690][ T5988] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  108.699145][ T5988] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.702221][ T5988] usb 7-1: Product: syz
[  108.703878][ T5988] usb 7-1: Manufacturer: syz
[  108.705834][ T5988] usb 7-1: SerialNumber: syz
[  108.712648][ T5988] usb 7-1: config 0 descriptor??
[  108.717229][ T5988] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  108.720770][ T5988] usb 7-1: selecting invalid altsetting 1
[  108.722912][ T5988] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  108.727379][ T5988] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  108.732024][ T5988] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  108.735387][ T5988] usb 7-1: media controller created
[  108.747076][ T5988] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  109.507647][ T7254] mkiss: ax0: crc mode is auto.
[  109.807613][ T5988] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  109.914571][ T5988] zl10353_read_register: readreg error (reg=127, ret==-110)
[  109.925027][ T5988] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  109.946177][ T5988] usb 7-1: USB disconnect, device number 4
[  110.466239][ T7262] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.468785][ T7262] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.536195][ T7262] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  110.543301][ T7262] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  110.605735][ T6537] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.609315][ T6537] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.613088][ T6537] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.617020][ T6537] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  110.788784][ T7270] ubi: mtd0 is already attached to ubi31
[  110.791047][ T7270] netlink: 24 bytes leftover after parsing attributes in process `syz.3.330'.
[  112.119092][ T7288] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  112.135685][ T7288] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  112.138458][ T7288] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  113.213626][ T7314] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  113.239835][ T7314] netlink: 24 bytes leftover after parsing attributes in process `syz.1.344'.
[  114.124297][ T5954] Bluetooth: hci1: command 0x0419 tx timeout
[  114.205967][ T5954] Bluetooth: hci2: command 0x0419 tx timeout
[  114.205995][ T5948] Bluetooth: hci3: command 0x0419 tx timeout
[  115.394217][ T1462] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  115.433669][ T7362] mkiss: ax0: crc mode is auto.
[  115.534254][ T1462] usb 8-1: device descriptor read/64, error -71
[  115.774242][ T1462] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  115.904246][ T1462] usb 8-1: device descriptor read/64, error -71
[  116.024502][ T1462] usb usb8-port1: attempt power cycle
[  116.364286][ T1462] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  116.384676][ T1462] usb 8-1: device descriptor read/8, error -71
[  116.644317][ T1462] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  116.665009][ T1462] usb 8-1: device descriptor read/8, error -71
[  116.775191][ T1462] usb usb8-port1: unable to enumerate USB device
[  117.427221][   T40] audit: type=1326 audit(1761046954.531:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.435946][   T40] audit: type=1326 audit(1761046954.531:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.445014][   T40] audit: type=1326 audit(1761046954.541:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.452094][   T40] audit: type=1326 audit(1761046954.541:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.464360][   T40] audit: type=1326 audit(1761046954.541:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.472227][   T40] audit: type=1326 audit(1761046954.541:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.480739][   T40] audit: type=1326 audit(1761046954.541:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  117.488519][   T40] audit: type=1326 audit(1761046954.541:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7391 comm="syz.0.366" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  119.145661][ T7416] xt_nat: multiple ranges no longer supported
[  119.667896][ T7431] block device autoloading is deprecated and will be removed.
[  120.304750][   T34] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  120.454264][   T34] usb 8-1: Using ep0 maxpacket: 32
[  120.458159][   T34] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  120.461494][   T34] usb 8-1: config 0 has no interface number 0
[  120.466336][   T34] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  120.470151][   T34] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.473420][   T34] usb 8-1: Product: syz
[  120.475596][   T34] usb 8-1: Manufacturer: syz
[  120.477574][   T34] usb 8-1: SerialNumber: syz
[  120.481892][   T34] usb 8-1: config 0 descriptor??
[  120.488732][   T34] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  120.492411][   T34] usb 8-1: selecting invalid altsetting 1
[  120.494931][   T34] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  120.500236][   T34] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  120.504888][   T34] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  120.509305][   T34] usb 8-1: media controller created
[  120.525166][   T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  120.690921][   T34] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  120.694088][   T34] zl10353_read_register: readreg error (reg=127, ret==-71)
[  120.698923][   T34] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  120.728917][   T34] usb 8-1: USB disconnect, device number 7
[  122.250501][ T7479] netlink: 24 bytes leftover after parsing attributes in process `syz.1.391'.
[  122.804504][ T3242] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  122.850559][ T7489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.395'.
[  122.857982][ T7489] random: crng reseeded on system resumption
[  122.919901][ T7493] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  122.984251][ T3242] usb 8-1: Using ep0 maxpacket: 32
[  122.990368][ T3242] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  122.993365][ T3242] usb 8-1: config 0 has no interface number 0
[  123.000900][ T3242] usb 8-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  123.004747][ T3242] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.007466][ T3242] usb 8-1: Product: syz
[  123.008826][ T3242] usb 8-1: Manufacturer: syz
[  123.010365][ T3242] usb 8-1: SerialNumber: syz
[  123.014642][ T3242] usb 8-1: config 0 descriptor??
[  123.019533][ T3242] usb 8-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  123.022360][ T3242] usb 8-1: selecting invalid altsetting 1
[  123.025489][ T3242] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  123.029613][ T3242] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  123.033436][ T3242] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  123.037652][ T3242] usb 8-1: media controller created
[  123.047211][ T3242] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  123.221866][ T3242] usb 8-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  123.224203][ T3242] zl10353_read_register: readreg error (reg=127, ret==-71)
[  123.228207][ T3242] usb 8-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  123.242626][ T3242] usb 8-1: USB disconnect, device number 8
[  123.607036][ T7510] /dev/sr0: Can't open blockdev
[  123.706980][ T7509] /dev/sr0: Can't open blockdev
[  124.596070][ T7523] lo speed is unknown, defaulting to 1000
[  124.604066][ T7520] netlink: 4 bytes leftover after parsing attributes in process `syz.3.404'.
[  124.651624][ T7520] random: crng reseeded on system resumption
[  124.771532][ T7543] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  126.106701][ T7564] ubi: mtd0 is already attached to ubi31
[  126.109736][ T7564] netlink: 24 bytes leftover after parsing attributes in process `syz.0.417'.
[  126.857700][ T7585] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  127.110810][ T7594] mkiss: ax0: crc mode is auto.
[  127.337626][ T7570] ubi: mtd0 is already attached to ubi31
[  127.349167][ T7570] netlink: 24 bytes leftover after parsing attributes in process `syz.1.419'.
[  127.945537][ T7597] ubi: mtd0 is already attached to ubi31
[  127.948975][ T7597] netlink: 24 bytes leftover after parsing attributes in process `syz.1.426'.
[  128.149102][ T7602] ubi: mtd0 is already attached to ubi31
[  128.151317][ T7602] netlink: 24 bytes leftover after parsing attributes in process `syz.0.428'.
[  128.204665][ T6011] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  128.355522][ T6011] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  128.358244][ T6011] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  128.370728][ T6011] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  128.373931][ T6011] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.378697][ T6011] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  128.382051][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  128.387124][ T6011] usb 7-1: Product: syz
[  128.389467][ T6011] usb 7-1: Manufacturer: syz
[  128.399204][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  128.400867][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  128.402800][ T6011] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  128.541642][ T7625] IPVS: sync thread started: state = MASTER, mcast_ifn = bridge_slave_0, syncid = 1, id = 0
[  129.686109][ T7642] netlink: 4 bytes leftover after parsing attributes in process `syz.0.437'.
[  129.692081][ T7642] random: crng reseeded on system resumption
[  129.876894][ T7644] ubi: mtd0 is already attached to ubi31
[  129.879743][ T7644] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'.
[  130.145441][ T7676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.447'.
[  130.153781][ T7671] random: crng reseeded on system resumption
[  131.420454][ T7687] netlink: 'syz.3.450': attribute type 1 has an invalid length.
[  131.484760][ T7687] bond1: (slave geneve2): making interface the new active one
[  131.488027][ T7687] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  131.491549][ T6516] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  131.494994][ T6516] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  131.508351][ T6516] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  131.516873][ T3242] usb 7-1: USB disconnect, device number 5
[  131.566099][ T6516] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  132.296558][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  132.299116][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  132.856210][ T7721] /dev/sr0: Can't open blockdev
[  132.974277][   T34] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  133.003136][ T7724] ubi: mtd0 is already attached to ubi31
[  133.006034][ T7724] netlink: 24 bytes leftover after parsing attributes in process `syz.3.460'.
[  133.126001][   T34] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  133.128900][   T34] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.132175][   T34] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  133.135809][   T34] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.140643][   T34] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  133.143646][   T34] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  133.146571][   T34] usb 7-1: Product: syz
[  133.147995][   T34] usb 7-1: Manufacturer: syz
[  133.157290][   T34] cdc_wdm 7-1:1.0: skipping garbage
[  133.159080][   T34] cdc_wdm 7-1:1.0: skipping garbage
[  133.161359][   T34] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  133.257323][ T7734] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  133.771310][ T6520] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.869591][ T6520] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.003963][ T6520] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.034787][ T5954] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  134.038650][ T5954] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  134.041820][ T5954] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  134.046433][ T5954] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  134.049768][ T5954] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  134.083823][ T6520] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.100600][ T7753] lo speed is unknown, defaulting to 1000
[  134.256566][ T7753] chnl_net:caif_netlink_parms(): no params data found
[  134.265948][ T6520] bridge_slave_1: left allmulticast mode
[  134.268946][ T6520] bridge_slave_1: left promiscuous mode
[  134.271650][ T6520] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.277751][ T6520] bridge_slave_0: left allmulticast mode
[  134.280102][ T6520] bridge_slave_0: left promiscuous mode
[  134.282477][ T6520] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.342065][ T7761] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  134.403713][ T6520] bond1 (unregistering): (slave geneve2): Releasing active interface
[  134.547815][ T6520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  134.552824][ T6520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  134.556572][ T6520] bond0 (unregistering): Released all slaves
[  134.563164][ T6520] bond1 (unregistering): Released all slaves
[  134.666423][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.668788][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.671100][ T7753] bridge_slave_0: entered allmulticast mode
[  134.673796][ T7753] bridge_slave_0: entered promiscuous mode
[  134.678197][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.680672][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.683101][ T7753] bridge_slave_1: entered allmulticast mode
[  134.686912][ T7753] bridge_slave_1: entered promiscuous mode
[  134.759322][ T7753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  134.767678][ T7753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  134.879022][ T7753] team0: Port device team_slave_0 added
[  134.882385][ T7753] team0: Port device team_slave_1 added
[  134.955208][ T7753] batman_adv: batadv0: Adding interface: batadv_slave_0
[  134.958227][ T7753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  134.966940][ T7753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  134.971270][ T7753] batman_adv: batadv0: Adding interface: batadv_slave_1
[  134.973472][ T7753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  134.983808][ T7753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  135.016014][ T6520] hsr_slave_0: left promiscuous mode
[  135.018281][ T6520] hsr_slave_1: left promiscuous mode
[  135.020292][ T6520] batman_adv: batadv0: Removing interface: batadv_slave_0
[  135.023200][ T6520] batman_adv: batadv0: Removing interface: batadv_slave_1
[  135.569444][ T6520] team0 (unregistering): Port device team_slave_1 removed
[  135.622634][ T6520] team0 (unregistering): Port device team_slave_0 removed
[  135.842971][ T6011] usb 7-1: USB disconnect, device number 6
[  136.124355][ T5948] Bluetooth: hci0: command tx timeout
[  136.159202][ T7753] hsr_slave_0: entered promiscuous mode
[  136.161589][ T7753] hsr_slave_1: entered promiscuous mode
[  136.164258][ T7753] debugfs: 'hsr0' already exists in 'hsr'
[  136.166470][ T7753] Cannot create hsr debugfs directory
[  136.391286][ T7753] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  136.397865][ T7753] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  136.417082][ T7753] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  136.427241][ T7753] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  136.482254][ T6520] IPVS: stop unused estimator thread 0...
[  136.544848][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0
[  136.561073][ T7753] 8021q: adding VLAN 0 to HW filter on device team0
[  136.568695][ T6518] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.571215][ T6518] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.580594][ T6518] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.582687][ T6518] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.705374][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.958463][ T7753] veth0_vlan: entered promiscuous mode
[  136.978191][ T7753] veth1_vlan: entered promiscuous mode
[  137.001130][ T7753] veth0_macvtap: entered promiscuous mode
[  137.007806][ T7753] veth1_macvtap: entered promiscuous mode
[  137.023110][ T7753] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.033098][ T7753] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.046970][ T6518] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  137.050999][ T6518] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  137.058925][ T6518] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  137.062714][ T6518] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  137.128292][ T1182] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.131644][ T1182] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.189282][ T6537] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.192359][ T6537] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.673137][ T7848] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  137.675645][ T7848] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  137.678447][ T7848] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  137.680787][ T7848] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  137.682870][ T7848] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  137.686382][ T7848] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  138.426334][ T7867] ubi: mtd0 is already attached to ubi31
[  138.428735][ T7867] netlink: 24 bytes leftover after parsing attributes in process `syz.1.485'.
[  138.594326][   T34] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  138.754298][   T34] usb 7-1: Using ep0 maxpacket: 32
[  138.758671][   T34] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  138.762162][   T34] usb 7-1: config 0 has no interface number 0
[  138.767783][   T34] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  138.771612][   T34] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.775562][   T34] usb 7-1: Product: syz
[  138.777440][   T34] usb 7-1: Manufacturer: syz
[  138.779540][   T34] usb 7-1: SerialNumber: syz
[  138.784746][   T34] usb 7-1: config 0 descriptor??
[  138.790553][   T34] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  138.794324][   T34] usb 7-1: selecting invalid altsetting 1
[  138.796725][   T34] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  138.805920][   T34] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  138.810438][   T34] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  138.813904][   T34] usb 7-1: media controller created
[  138.831897][   T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  138.993795][   T34] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  138.996134][   T34] zl10353_read_register: readreg error (reg=127, ret==-71)
[  138.998701][   T34] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  139.022485][   T34] usb 7-1: USB disconnect, device number 7
[  139.654319][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[  139.724417][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  139.726124][ T5954] Bluetooth: hci3: command 0x0419 tx timeout
[  139.726390][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[  140.284811][ T7904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.496'.
[  140.311689][ T7904] random: crng reseeded on system resumption
[  140.913248][ T7915] /dev/sr0: Can't open blockdev
[  141.140239][ T7923] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  141.537364][ T7935] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  141.814278][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  142.055262][ T6011] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  142.227585][ T6011] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  142.230617][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.233417][ T6011] usb 6-1: Product: syz
[  142.235797][ T6011] usb 6-1: Manufacturer: syz
[  142.237762][ T6011] usb 6-1: SerialNumber: syz
[  142.505713][ T6011] rtl8150 6-1:1.0: couldn't reset the device
[  142.507800][ T6011] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  142.523746][ T6011] usb 6-1: USB disconnect, device number 10
[  142.557688][ T7956] /dev/sr0: Can't open blockdev
[  143.728524][ T8010] netlink: 512 bytes leftover after parsing attributes in process `syz.4.529'.
[  143.816451][ T8012] netlink: 'syz.1.526': attribute type 1 has an invalid length.
[  143.818967][ T8012] netlink: 244 bytes leftover after parsing attributes in process `syz.1.526'.
[  143.884356][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  143.994258][ T6011] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  144.145606][ T6011] usb 9-1: config index 0 descriptor too short (expected 6951, got 27)
[  144.148463][ T6011] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  144.151838][ T6011] usb 9-1: config 0 interface 0 has no altsetting 0
[  144.155888][ T6011] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  144.158801][ T6011] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  144.161377][ T6011] usb 9-1: Product: syz
[  144.162923][ T6011] usb 9-1: Manufacturer: syz
[  144.164624][ T6011] usb 9-1: SerialNumber: syz
[  144.168210][ T6011] usb 9-1: config 0 descriptor??
[  144.173670][ T6011] hub 9-1:0.0: bad descriptor, ignoring hub
[  144.175870][ T6011] hub 9-1:0.0: probe with driver hub failed with error -5
[  144.180808][ T6011] usb 9-1: selecting invalid altsetting 0
[  144.834370][ T8030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  144.848026][ T8030] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  145.009431][ T8032] ubi: mtd0 is already attached to ubi31
[  145.012502][ T8032] netlink: 24 bytes leftover after parsing attributes in process `syz.1.535'.
[  145.249753][ T6011] usb 9-1: USB disconnect, device number 2
[  145.796692][ T8082] netlink: 4 bytes leftover after parsing attributes in process `syz.4.548'.
[  145.804682][ T8082] veth1_macvtap: left promiscuous mode
[  145.853481][ T8083] random: crng reseeded on system resumption
[  145.969999][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  146.063456][ T8086] netlink: 'syz.4.549': attribute type 10 has an invalid length.
[  146.099334][ T8086] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  146.835805][ T8084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  147.539169][ T8118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.557'.
[  147.546327][ T8118] random: crng reseeded on system resumption
[  147.588665][ T8107] /dev/sr0: Can't open blockdev
[  148.042667][ T8140] program syz.0.560 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  148.157677][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  148.280959][ T8142] lo speed is unknown, defaulting to 1000
[  150.222557][ T8180] ubi: mtd0 is already attached to ubi31
[  150.225103][ T8180] netlink: 24 bytes leftover after parsing attributes in process `syz.1.569'.
[  152.561887][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.2.584'.
[  152.565714][ T8232] netlink: 24 bytes leftover after parsing attributes in process `syz.2.584'.
[  153.115697][ T8241] /dev/sr0: Can't open blockdev
[  153.604495][  T841] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  153.661453][ T8253] Bluetooth: MGMT ver 1.23
[  153.662909][ T8253] Bluetooth: hci0: service_discovery: too big uuid_count value 29743
[  153.744217][  T841] usb 6-1: device descriptor read/64, error -71
[  153.984214][  T841] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  154.083860][ T8263] ubi: mtd0 is already attached to ubi31
[  154.086347][ T8263] netlink: 24 bytes leftover after parsing attributes in process `syz.0.594'.
[  154.114230][  T841] usb 6-1: device descriptor read/64, error -71
[  154.199544][ T8272] Bluetooth: MGMT ver 1.23
[  154.224580][  T841] usb usb6-port1: attempt power cycle
[  154.250502][ T8276] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  154.252662][ T8276] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  154.257785][ T8276] vhci_hcd vhci_hcd.0: Device attached
[  154.260855][ T8277] vhci_hcd: connection closed
[  154.261789][ T1182] vhci_hcd: stop threads
[  154.265033][ T1182] vhci_hcd: release socket
[  154.266594][ T1182] vhci_hcd: disconnect device
[  154.564273][  T841] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  154.585100][  T841] usb 6-1: device descriptor read/8, error -71
[  154.600306][ T8288] netlink: 56 bytes leftover after parsing attributes in process `syz.0.599'.
[  154.620055][ T8288] fuse: Unknown parameter 'fd0x0000000000000005'
[  154.623308][ T8288] No control pipe specified
[  154.834304][  T841] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  154.855021][  T841] usb 6-1: device descriptor read/8, error -71
[  154.964486][  T841] usb usb6-port1: unable to enumerate USB device
[  156.296585][ T8305] ubi: mtd0 is already attached to ubi31
[  156.299259][ T8305] netlink: 24 bytes leftover after parsing attributes in process `syz.2.605'.
[  156.936371][ T8325] /dev/sr0: Can't open blockdev
[  157.494236][ T6011] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  157.645884][ T6011] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  157.649294][ T6011] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  157.653177][ T6011] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  157.656913][ T6011] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.661777][ T6011] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  157.665373][ T6011] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  157.668438][ T6011] usb 7-1: Product: syz
[  157.670088][ T6011] usb 7-1: Manufacturer: syz
[  157.676025][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  157.678089][ T6011] cdc_wdm 7-1:1.0: skipping garbage
[  157.680204][ T6011] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  158.425110][ T8361] netlink: 8 bytes leftover after parsing attributes in process `syz.0.620'.
[  159.264284][  T841] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  159.426347][  T841] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  159.430063][  T841] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  159.433766][  T841] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  159.437337][  T841] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.445057][  T841] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  159.448924][  T841] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  159.452142][  T841] usb 9-1: Product: syz
[  159.454053][  T841] usb 9-1: Manufacturer: syz
[  159.479767][  T841] cdc_wdm 9-1:1.0: skipping garbage
[  159.481762][  T841] cdc_wdm 9-1:1.0: skipping garbage
[  159.483823][  T841] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  160.377941][ T3242] usb 7-1: USB disconnect, device number 8
[  160.381176][  T841] usb 9-1: USB disconnect, device number 3
[  160.635423][ T8391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.627'.
[  161.069317][ T8397] ubi: mtd0 is already attached to ubi31
[  161.696320][ T8409] /dev/sr0: Can't open blockdev
[  161.964409][ T6011] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  162.116553][ T6011] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  162.119269][ T6011] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  162.123363][ T6011] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  162.127070][ T6011] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.132546][ T6011] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  162.136598][ T6011] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  162.140016][ T6011] usb 6-1: Product: syz
[  162.141784][ T6011] usb 6-1: Manufacturer: syz
[  162.148943][ T6011] cdc_wdm 6-1:1.0: skipping garbage
[  162.151239][ T6011] cdc_wdm 6-1:1.0: skipping garbage
[  162.153528][ T6011] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  162.587972][ T8432] ubi: mtd0 is already attached to ubi31
[  162.738284][ T8443] TCP: TCP_TX_DELAY enabled
[  163.761411][ T8457] ubi: mtd0 is already attached to ubi31
[  164.825128][ T5364] usb 6-1: USB disconnect, device number 15
[  164.859542][ T8476] ubi: mtd0 is already attached to ubi31
[  165.456423][ T8489] ubi: mtd0 is already attached to ubi31
[  166.382961][ T8518] ubi: mtd0 is already attached to ubi31
[  168.148600][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.0.674'.
[  168.152913][ T8554] netlink: 12 bytes leftover after parsing attributes in process `syz.0.674'.
[  168.616748][ T8559] ubi: mtd0 is already attached to ubi31
[  171.511989][ T8630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.695'.
[  172.025389][ T8639] netlink: 24 bytes leftover after parsing attributes in process `syz.1.697'.
[  172.064471][ T8648] capability: warning: `syz.4.698' uses deprecated v2 capabilities in a way that may be insecure
[  172.318425][ T8656] netlink: 4 bytes leftover after parsing attributes in process `syz.1.703'.
[  172.324017][ T8656] random: crng reseeded on system resumption
[  172.795715][ T8664] /dev/sr0: Can't open blockdev
[  174.435528][ T8701] netlink: 'syz.1.716': attribute type 2 has an invalid length.
[  176.385188][ T8738] /dev/sr0: Can't open blockdev
[  176.725535][ T5948] Bluetooth: hci1: unexpected event for opcode 0x0401
[  176.841543][ T8771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.730'.
[  176.845641][ T8771] netlink: 24 bytes leftover after parsing attributes in process `syz.4.730'.
[  178.402041][ T8799] /dev/sr0: Can't open blockdev
[  179.036290][ T8808] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  179.039192][ T8808] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  179.042299][ T8808] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  179.044898][ T8808] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  180.344331][ T5946] Bluetooth: hci3: unexpected event for opcode 0x0000
[  181.004200][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[  181.084388][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[  181.094246][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[  181.286066][ T8849] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  181.288178][ T8849] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  181.291242][ T8849] vhci_hcd vhci_hcd.0: Device attached
[  181.339117][ T8849] netlink: 'syz.0.748': attribute type 10 has an invalid length.
[  181.341918][ T8849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  181.357495][ T8849] batman_adv: batadv0: Removing interface: batadv_slave_0
[  181.389511][ T8849] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link
[  181.414253][ T7114] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  181.565211][ T1462] usb 38-1: SetAddress Request (2) to port 0
[  181.577572][ T1462] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  181.797838][ T8851] vhci_hcd: connection reset by peer
[  181.801583][ T6518] vhci_hcd: stop threads
[  181.803056][ T6518] vhci_hcd: release socket
[  181.805765][ T6518] vhci_hcd: disconnect device
[  182.326189][ T8863] /dev/sr0: Can't open blockdev
[  182.611595][ T8871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.755'.
[  182.615731][ T8871] tunl0: entered promiscuous mode
[  183.173630][ T8877] netlink: 48 bytes leftover after parsing attributes in process `syz.2.757'.
[  184.367134][ T5946] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  184.371651][ T5946] Bluetooth: hci3: Injecting HCI hardware error event
[  184.376926][ T5946] Bluetooth: hci3: hardware error 0x00
[  184.420617][ T8900] netlink: 24 bytes leftover after parsing attributes in process `syz.2.762'.
[  185.372989][ T8933] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  185.375254][ T8933] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  185.377943][ T8933] vhci_hcd vhci_hcd.0: Device attached
[  185.381737][ T8934] vhci_hcd: cannot find a urb of seqnum 8 max seqnum 0
[  185.384498][ T6518] vhci_hcd: stop threads
[  185.386089][ T6518] vhci_hcd: release socket
[  185.387544][ T6518] vhci_hcd: disconnect device
[  185.558433][ T8936] /dev/sr0: Can't open blockdev
[  186.454229][ T5946] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  186.604878][ T1462] usb 38-1: device descriptor read/8, error -110
[  187.006810][ T1462] usb usb38-port1: attempt power cycle
[  187.172776][ T8976] ubi: mtd0 is already attached to ubi31
[  187.175665][ T8976] netlink: 24 bytes leftover after parsing attributes in process `syz.2.779'.
[  187.303403][ T8980] comedi comedi3: pcl816: I/O port conflict (0x4f27,16)
[  187.575316][ T1462] usb usb38-port1: unable to enumerate USB device
[  187.955815][ T8988] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  187.965172][ T8988] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  187.970970][ T8988] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  188.338856][   T40] audit: type=1326 audit(1761047025.441:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348795][   T40] audit: type=1326 audit(1761047025.441:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348838][   T40] audit: type=1326 audit(1761047025.441:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348876][   T40] audit: type=1326 audit(1761047025.441:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348911][   T40] audit: type=1326 audit(1761047025.441:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348946][   T40] audit: type=1326 audit(1761047025.441:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.348986][   T40] audit: type=1326 audit(1761047025.441:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.349025][   T40] audit: type=1326 audit(1761047025.441:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.349062][   T40] audit: type=1326 audit(1761047025.441:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.349098][   T40] audit: type=1326 audit(1761047025.441:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8999 comm="syz.0.787" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  188.484335][ T3242] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  188.635983][ T3242] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  188.639719][ T3242] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  188.644000][ T3242] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  188.647915][ T3242] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.654012][ T3242] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  188.658058][ T3242] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  188.661433][ T3242] usb 9-1: Product: syz
[  188.663233][ T3242] usb 9-1: Manufacturer: syz
[  188.671081][ T3242] cdc_wdm 9-1:1.0: skipping garbage
[  188.673334][ T3242] cdc_wdm 9-1:1.0: skipping garbage
[  188.675754][ T3242] cdc_wdm 9-1:1.0: probe with driver cdc_wdm failed with error -22
[  188.908591][ T9007] ubi: mtd0 is already attached to ubi31
[  188.911500][ T9007] netlink: 24 bytes leftover after parsing attributes in process `syz.2.789'.
[  189.199038][ T9011] ubi: mtd0 is already attached to ubi31
[  189.202491][ T9011] netlink: 24 bytes leftover after parsing attributes in process `syz.2.790'.
[  189.538687][ T9022] capability: warning: `syz.0.794' uses 32-bit capabilities (legacy support in use)
[  190.044305][ T5948] Bluetooth: hci2: command 0x0419 tx timeout
[  190.044367][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[  190.046608][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[  190.797322][ T9036] ubi: mtd0 is already attached to ubi31
[  190.809013][ T9036] netlink: 24 bytes leftover after parsing attributes in process `syz.0.797'.
[  191.089634][ T9038] ubi: mtd0 is already attached to ubi31
[  191.092081][ T9038] netlink: 24 bytes leftover after parsing attributes in process `syz.1.798'.
[  191.096524][ T9042] netlink: 148 bytes leftover after parsing attributes in process `syz.0.799'.
[  191.525393][ T3242] usb 9-1: USB disconnect, device number 5
[  191.767411][ T9058] netlink: 4 bytes leftover after parsing attributes in process `syz.1.804'.
[  191.778027][ T9058] random: crng reseeded on system resumption
[  191.867362][ T9062] kvm: kvm [9061]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0x7fff00000101
[  192.104733][ T3242] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  192.249288][ T9071] Illegal XDP return value 4294967294 on prog  (id 186) dev N/A, expect packet loss!
[  192.384263][ T3242] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  192.386853][ T3242] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  192.389991][ T3242] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  192.392805][ T3242] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.401053][ T3242] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  192.415521][ T3242] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  192.417743][ T3242] usb 6-1: Product: syz
[  192.418966][ T3242] usb 6-1: Manufacturer: syz
[  192.434456][ T3242] cdc_wdm 6-1:1.0: skipping garbage
[  192.436957][ T3242] cdc_wdm 6-1:1.0: skipping garbage
[  192.439450][ T3242] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  192.779458][ T9079] /dev/sr0: Can't open blockdev
[  193.728312][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  193.730891][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  193.886285][ T9091] netlink: 16 bytes leftover after parsing attributes in process `syz.2.813'.
[  194.993294][ T3242] usb 6-1: USB disconnect, device number 16
[  195.945232][ T9125] kvm: emulating exchange as write
[  196.545078][   T34] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  196.697294][   T34] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  196.700279][   T34] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  196.703580][   T34] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  196.706847][   T34] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.711416][   T34] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  196.714517][   T34] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  196.717181][   T34] usb 6-1: Product: syz
[  196.718606][   T34] usb 6-1: Manufacturer: syz
[  196.723641][   T34] cdc_wdm 6-1:1.0: skipping garbage
[  196.725515][   T34] cdc_wdm 6-1:1.0: skipping garbage
[  196.727399][   T34] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  197.363851][ T9168] Bluetooth: hci0: service_discovery: too big uuid_count value 29743
[  197.858108][ T9186] usb 1-1: USB disconnect, device number 2
[  197.866443][   T40] kauditd_printk_skb: 11 callbacks suppressed
[  197.866459][   T40] audit: type=1326 audit(1761047034.971:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9174 comm="syz.4.836" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f17579 code=0x0
[  197.914057][ T9186] hub 1-0:1.0: USB hub found
[  197.916930][ T9186] hub 1-0:1.0: 6 ports detected
[  198.084244][ T6011] usb 1-1: new high-speed USB device number 3 using ehci-pci
[  198.296103][ T6011] usb 1-1: New USB device found, idVendor=0627, idProduct=0001, bcdDevice= 0.00
[  198.299262][ T6011] usb 1-1: New USB device strings: Mfr=1, Product=3, SerialNumber=10
[  198.302312][ T6011] usb 1-1: Product: QEMU USB Tablet
[  198.303978][ T6011] usb 1-1: Manufacturer: QEMU
[  198.305695][ T6011] usb 1-1: SerialNumber: 28754-0000:00:1d.7-1
[  198.332632][ T6011] input: QEMU QEMU USB Tablet as /devices/pci0000:00/0000:00:1d.7/usb1/1-1/1-1:1.0/0003:0627:0001.0002/input/input17
[  198.410261][ T6011] hid-generic 0003:0627:0001.0002: input,hidraw0: USB HID v0.01 Mouse [QEMU QEMU USB Tablet] on usb-0000:00:1d.7-1/input0
[  199.167289][ T9220] Bluetooth: hci0: service_discovery: too big uuid_count value 29743
[  199.346463][ T9223] /dev/sr0: Can't open blockdev
[  199.426308][  T841] usb 6-1: USB disconnect, device number 17
[  199.457671][ T9225] /dev/sr0: Can't open blockdev
[  199.783043][   T40] audit: type=1326 audit(1761047036.881:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.792159][   T40] audit: type=1326 audit(1761047036.891:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.802707][   T40] audit: type=1326 audit(1761047036.891:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.819325][   T40] audit: type=1326 audit(1761047036.891:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.839764][   T40] audit: type=1326 audit(1761047036.891:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=52 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.853269][   T40] audit: type=1326 audit(1761047036.901:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.862342][   T40] audit: type=1326 audit(1761047036.901:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.869601][   T40] audit: type=1326 audit(1761047036.901:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=446 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  199.882548][   T40] audit: type=1326 audit(1761047036.901:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9230 comm="syz.1.852" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7ffc0000
[  200.122027][ T9240] input: syz1 as /devices/virtual/input/input18
[  200.132222][ T9240] input: failed to attach handler leds to device input18, error: -6
[  200.140603][ T9240] FAULT_INJECTION: forcing a failure.
[  200.140603][ T9240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.145620][ T9240] CPU: 0 UID: 0 PID: 9240 Comm: syz.4.855 Not tainted syzkaller #0 PREEMPT(full) 
[  200.145634][ T9240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.145641][ T9240] Call Trace:
[  200.145645][ T9240]  <TASK>
[  200.145649][ T9240]  dump_stack_lvl+0x16c/0x1f0
[  200.145668][ T9240]  should_fail_ex+0x512/0x640
[  200.145682][ T9240]  _copy_from_user+0x2e/0xd0
[  200.145694][ T9240]  input_event_from_user+0x137/0x290
[  200.145710][ T9240]  ? __pfx_input_event_from_user+0x10/0x10
[  200.145725][ T9240]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  200.145738][ T9240]  ? input_event+0xb6/0xd0
[  200.145752][ T9240]  uinput_write+0xbe7/0xff0
[  200.145772][ T9240]  ? __pfx_uinput_write+0x10/0x10
[  200.145788][ T9240]  ? common_file_perm+0x1a9/0x340
[  200.145804][ T9240]  ? bpf_lsm_file_permission+0x9/0x10
[  200.145821][ T9240]  ? security_file_permission+0x71/0x210
[  200.145838][ T9240]  ? rw_verify_area+0xcf/0x6c0
[  200.145854][ T9240]  ? __pfx_uinput_write+0x10/0x10
[  200.145869][ T9240]  vfs_write+0x2a0/0x11d0
[  200.145888][ T9240]  ? __pfx_vfs_write+0x10/0x10
[  200.145903][ T9240]  ? find_held_lock+0x2b/0x80
[  200.145919][ T9240]  ? __fget_files+0x204/0x3c0
[  200.145936][ T9240]  ? __fget_files+0x20e/0x3c0
[  200.145950][ T9240]  ? handle_mm_fault+0x240/0xd10
[  200.145968][ T9240]  ksys_write+0x1f8/0x250
[  200.145983][ T9240]  ? __pfx_ksys_write+0x10/0x10
[  200.146001][ T9240]  ? rcu_is_watching+0x12/0xc0
[  200.146019][ T9240]  __do_fast_syscall_32+0x7c/0x300
[  200.146035][ T9240]  do_fast_syscall_32+0x32/0x80
[  200.146050][ T9240]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  200.146073][ T9240] RIP: 0023:0xf7f17579
[  200.146083][ T9240] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  200.146093][ T9240] RSP: 002b:00000000f540655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[  200.146104][ T9240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  200.146111][ T9240] RDX: 00000000ffffffe7 RSI: 0000000000000000 RDI: 0000000000000000
[  200.146117][ T9240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  200.146123][ T9240] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  200.146129][ T9240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  200.146162][ T9240]  </TASK>
[  200.155423][ T9242] FAULT_INJECTION: forcing a failure.
[  200.155423][ T9242] name failslab, interval 1, probability 0, space 0, times 0
[  200.234723][ T9242] CPU: 3 UID: 0 PID: 9242 Comm: syz.0.856 Not tainted syzkaller #0 PREEMPT(full) 
[  200.234749][ T9242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.234760][ T9242] Call Trace:
[  200.234766][ T9242]  <TASK>
[  200.234771][ T9242]  dump_stack_lvl+0x16c/0x1f0
[  200.234812][ T9242]  should_fail_ex+0x512/0x640
[  200.234830][ T9242]  ? __kmalloc_cache_noprof+0x5f/0x780
[  200.234855][ T9242]  should_failslab+0xc2/0x120
[  200.234872][ T9242]  __kmalloc_cache_noprof+0x72/0x780
[  200.234892][ T9242]  ? audit_log_d_path+0xed/0x200
[  200.234916][ T9242]  ? audit_log_d_path+0xed/0x200
[  200.234935][ T9242]  audit_log_d_path+0xed/0x200
[  200.234956][ T9242]  audit_log_d_path_exe+0x46/0x70
[  200.234976][ T9242]  audit_log_task+0x31d/0x3f0
[  200.234996][ T9242]  ? __pfx_audit_log_task+0x10/0x10
[  200.235021][ T9242]  ? ksys_write+0x190/0x250
[  200.235047][ T9242]  audit_seccomp+0x79/0x1f0
[  200.235066][ T9242]  __seccomp_filter+0xa74/0x11c0
[  200.235087][ T9242]  ? __pfx___seccomp_filter+0x10/0x10
[  200.235103][ T9242]  ? handle_mm_fault+0x240/0xd10
[  200.235125][ T9242]  ? fput+0x9b/0xd0
[  200.235142][ T9242]  ? ksys_write+0x1ac/0x250
[  200.235168][ T9242]  __secure_computing+0x215/0x320
[  200.235187][ T9242]  syscall_trace_enter+0x89/0x240
[  200.235211][ T9242]  __do_fast_syscall_32+0x1c7/0x300
[  200.235235][ T9242]  do_fast_syscall_32+0x32/0x80
[  200.235254][ T9242]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  200.235275][ T9242] RIP: 0023:0xf7f65579
[  200.235288][ T9242] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  200.235310][ T9242] RSP: 002b:00000000f545655c EFLAGS: 00000296 ORIG_RAX: 000000000000009c
[  200.235328][ T9242] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000001
[  200.235339][ T9242] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[  200.235349][ T9242] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  200.235358][ T9242] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  200.235366][ T9242] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  200.235389][ T9242]  </TASK>
[  200.403564][ T9253] ubi: mtd0 is already attached to ubi31
[  200.956798][ T9262] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  200.959124][ T9262] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  200.961277][ T9262] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  201.598592][ T9283] mkiss: ax0: crc mode is auto.
[  201.885715][ T9285] /dev/sr0: Can't open blockdev
[  201.923481][ T9297] netlink: 32 bytes leftover after parsing attributes in process `syz.4.870'.
[  201.982657][ T9300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.871'.
[  201.986596][ T9300] netlink: 24 bytes leftover after parsing attributes in process `syz.4.871'.
[  202.131683][ T9302] FAULT_INJECTION: forcing a failure.
[  202.131683][ T9302] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.137555][ T9302] CPU: 3 UID: 0 PID: 9302 Comm: syz.4.873 Not tainted syzkaller #0 PREEMPT(full) 
[  202.137580][ T9302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  202.137590][ T9302] Call Trace:
[  202.137597][ T9302]  <TASK>
[  202.137604][ T9302]  dump_stack_lvl+0x16c/0x1f0
[  202.137632][ T9302]  should_fail_ex+0x512/0x640
[  202.137654][ T9302]  _copy_to_user+0x32/0xd0
[  202.137675][ T9302]  simple_read_from_buffer+0xcb/0x170
[  202.137700][ T9302]  proc_fail_nth_read+0x197/0x240
[  202.137725][ T9302]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.137752][ T9302]  ? rw_verify_area+0xcf/0x6c0
[  202.137774][ T9302]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  202.137798][ T9302]  vfs_read+0x1e4/0xcf0
[  202.137828][ T9302]  ? __pfx_vfs_read+0x10/0x10
[  202.137850][ T9302]  ? find_held_lock+0x2b/0x80
[  202.137881][ T9302]  ? __fget_files+0x20e/0x3c0
[  202.137912][ T9302]  ksys_read+0x12a/0x250
[  202.137936][ T9302]  ? __pfx_ksys_read+0x10/0x10
[  202.137962][ T9302]  ? rcu_is_watching+0x12/0xc0
[  202.137990][ T9302]  __do_fast_syscall_32+0x7c/0x300
[  202.138016][ T9302]  do_fast_syscall_32+0x32/0x80
[  202.138039][ T9302]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  202.138061][ T9302] RIP: 0023:0xf7f17579
[  202.138074][ T9302] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  202.138091][ T9302] RSP: 002b:00000000f5406590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  202.138108][ T9302] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5406620
[  202.138143][ T9302] RDX: 000000000000000f RSI: 00000000f73a5ff4 RDI: 0000000000000000
[  202.138153][ T9302] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  202.138163][ T9302] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  202.138174][ T9302] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.138199][ T9302]  </TASK>
[  202.645850][ T9304] ubi: mtd0 is already attached to ubi31
[  202.649091][ T9304] netlink: 24 bytes leftover after parsing attributes in process `syz.4.874'.
[  202.934244][ T5954] Bluetooth: hci1: command 0x0419 tx timeout
[  203.004305][ T5954] Bluetooth: hci0: command 0x040f tx timeout
[  203.004381][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[  203.492118][ T9331] program syz.2.881 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  203.917925][ T9339] /dev/sr0: Can't open blockdev
[  204.506795][ T9358] netlink: 'syz.1.889': attribute type 29 has an invalid length.
[  204.587932][ T9362] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[  204.591479][ T9362] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  205.587135][ T9381] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.735080][ T9381] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.832720][ T9381] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.923121][ T9383] ubi: mtd0 is already attached to ubi31
[  205.926883][ T9383] netlink: 24 bytes leftover after parsing attributes in process `syz.0.895'.
[  205.929343][ T9381] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.020373][ T6512] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  206.057653][ T6520] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  206.061878][ T6520] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  206.075481][ T6520] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  206.829072][ T9402] ubi: mtd0 is already attached to ubi31
[  206.831275][ T9402] netlink: 24 bytes leftover after parsing attributes in process `syz.0.899'.
[  206.964237][ T6011] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  207.115523][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.118868][ T6011] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.122139][ T6011] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  207.126386][ T6011] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  207.129276][ T6011] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.133376][ T6011] usb 6-1: config 0 descriptor??
[  207.550727][ T6011] usbhid 6-1:0.0: can't add hid device: -71
[  207.552731][ T6011] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  207.557445][ T6011] usb 6-1: USB disconnect, device number 18
[  207.931954][ T6011] IPVS: starting estimator thread 0...
[  208.014357][ T9415] IPVS: using max 21 ests per chain, 50400 per kthread
[  208.523184][ T9422] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  209.143873][ T9424] ubi: mtd0 is already attached to ubi31
[  209.146971][ T9424] netlink: 24 bytes leftover after parsing attributes in process `syz.4.906'.
[  209.307690][ T9438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.910'.
[  209.328156][ T9438] random: crng reseeded on system resumption
[  209.497975][ T9445] netlink: 20 bytes leftover after parsing attributes in process `syz.4.913'.
[  209.520014][ T9445] netlink: 20 bytes leftover after parsing attributes in process `syz.4.913'.
[  209.522816][ T9445] nbd: nbd64 already in use
[  209.538396][ T7692] block nbd64: NBD_DISCONNECT
[  209.541956][ T9447] ubi: mtd0 is already attached to ubi31
[  209.547652][ T9447] netlink: 24 bytes leftover after parsing attributes in process `syz.2.909'.
[  209.714314][ T5988] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  209.784402][ T6011] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  209.877446][ T5988] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  209.881228][ T5988] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  209.885512][ T5988] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  209.889183][ T5988] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  209.897921][ T5988] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  209.900922][ T5988] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  209.903586][ T5988] usb 6-1: Product: syz
[  209.905126][ T5988] usb 6-1: Manufacturer: syz
[  209.911058][ T5988] cdc_wdm 6-1:1.0: skipping garbage
[  209.912808][ T5988] cdc_wdm 6-1:1.0: skipping garbage
[  209.914756][ T6011] usb 9-1: device descriptor read/64, error -71
[  209.916925][ T5988] cdc_wdm 6-1:1.0: probe with driver cdc_wdm failed with error -22
[  210.164258][ T6011] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  210.304286][ T6011] usb 9-1: device descriptor read/64, error -71
[  210.418091][ T6011] usb usb9-port1: attempt power cycle
[  210.764315][ T6011] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  210.787042][ T6011] usb 9-1: device descriptor read/8, error -71
[  211.024241][ T6011] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  211.045482][ T6011] usb 9-1: device descriptor read/8, error -71
[  211.155256][ T6011] usb usb9-port1: unable to enumerate USB device
[  211.440709][ T9470] netlink: 'syz.2.919': attribute type 1 has an invalid length.
[  211.443857][ T9470] netlink: 36 bytes leftover after parsing attributes in process `syz.2.919'.
[  211.520049][ T9472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.920'.
[  211.529499][ T9472] random: crng reseeded on system resumption
[  212.635483][ T8095] usb 6-1: USB disconnect, device number 19
[  212.723413][ T9503] netlink: 'syz.2.929': attribute type 4 has an invalid length.
[  212.905159][ T9507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.930'.
[  212.969421][ T9507] netfs: Couldn't get user pages (rc=-14)
[  214.501677][ T9535] FAULT_INJECTION: forcing a failure.
[  214.501677][ T9535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.506404][ T9535] CPU: 2 UID: 0 PID: 9535 Comm: syz.1.936 Not tainted syzkaller #0 PREEMPT(full) 
[  214.506421][ T9535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  214.506428][ T9535] Call Trace:
[  214.506432][ T9535]  <TASK>
[  214.506437][ T9535]  dump_stack_lvl+0x16c/0x1f0
[  214.506457][ T9535]  should_fail_ex+0x512/0x640
[  214.506485][ T9535]  _copy_from_user+0x2e/0xd0
[  214.506497][ T9535]  move_addr_to_kernel+0x65/0x170
[  214.506516][ T9535]  __sys_bind+0x11b/0x260
[  214.506534][ T9535]  ? __pfx___sys_bind+0x10/0x10
[  214.506550][ T9535]  ? __fget_files+0x20e/0x3c0
[  214.506580][ T9535]  ? __pfx_ksys_write+0x10/0x10
[  214.506605][ T9535]  __ia32_sys_bind+0x71/0xb0
[  214.506628][ T9535]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  214.506646][ T9535]  __do_fast_syscall_32+0x7c/0x300
[  214.506663][ T9535]  do_fast_syscall_32+0x32/0x80
[  214.506679][ T9535]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.506694][ T9535] RIP: 0023:0xf7fb1579
[  214.506704][ T9535] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  214.506715][ T9535] RSP: 002b:00000000f548555c EFLAGS: 00000296 ORIG_RAX: 0000000000000169
[  214.506726][ T9535] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080000080
[  214.506733][ T9535] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000000000000
[  214.506740][ T9535] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.506746][ T9535] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  214.506753][ T9535] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.506784][ T9535]  </TASK>
[  215.294263][ T8095] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  215.400617][ T9548] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  215.437381][ T9546] ubi: mtd0 is already attached to ubi31
[  215.440310][ T9546] netlink: 24 bytes leftover after parsing attributes in process `syz.4.937'.
[  215.458328][ T9555] netlink: 4 bytes leftover after parsing attributes in process `syz.1.941'.
[  215.467613][ T8095] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  215.474421][ T8095] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  215.479458][ T8095] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  215.483699][ T9551] random: crng reseeded on system resumption
[  215.489346][ T8095] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.496129][ T8095] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  215.504580][ T8095] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  215.509913][ T8095] usb 7-1: Product: syz
[  215.516086][ T8095] usb 7-1: Manufacturer: syz
[  215.540449][ T8095] cdc_wdm 7-1:1.0: skipping garbage
[  215.542691][ T8095] cdc_wdm 7-1:1.0: skipping garbage
[  215.545389][ T8095] cdc_wdm 7-1:1.0: probe with driver cdc_wdm failed with error -22
[  216.485025][ T9568] /dev/sr0: Can't open blockdev
[  217.539542][ T9587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.950'.
[  217.545554][ T9587] random: crng reseeded on system resumption
[  218.185036][   T60] usb 7-1: USB disconnect, device number 9
[  218.569164][ T9612] fuse: Bad value for 'fd'
[  220.124247][ T9592] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  220.124253][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[  220.594217][ T9592] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  220.597125][ T9592] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  221.057091][ T9633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  221.068190][ T9633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  221.072844][ T9633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  221.080864][ T9633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.958'.
[  221.187982][ T9631] ubi: mtd0 is already attached to ubi31
[  221.191645][ T9631] netlink: 24 bytes leftover after parsing attributes in process `syz.4.959'.
[  222.036592][ T9643] ubi: mtd0 is already attached to ubi31
[  222.041586][ T9643] netlink: 24 bytes leftover after parsing attributes in process `syz.2.961'.
[  222.204238][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[  222.614302][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[  222.626391][ T5946] Bluetooth: unknown link type 161
[  222.628111][ T5946] Bluetooth: hci0: connection err: -111
[  223.461405][ T9676] netlink: 8 bytes leftover after parsing attributes in process `syz.4.969'.
[  223.464935][ T9676] netlink: 4 bytes leftover after parsing attributes in process `syz.4.969'.
[  223.465709][ T9665] ubi: mtd0 is already attached to ubi31
[  223.491327][ T9665] netlink: 24 bytes leftover after parsing attributes in process `syz.1.968'.
[  225.780240][ T9719] ubi: mtd0 is already attached to ubi31
[  225.783263][ T9719] netlink: 24 bytes leftover after parsing attributes in process `syz.0.980'.
[  225.989981][ T9730] 9pnet_fd: Insufficient options for proto=fd
[  226.121540][ T9735] openvswitch: netlink: Key type 51 is out of range max 32
[  226.823125][   T60] kernel read not supported for file /dsp (pid: 60 comm: kworker/2:1)
[  227.190106][ T9752] FAULT_INJECTION: forcing a failure.
[  227.190106][ T9752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  227.194440][ T9752] CPU: 0 UID: 0 PID: 9752 Comm: syz.4.990 Not tainted syzkaller #0 PREEMPT(full) 
[  227.194455][ T9752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  227.194463][ T9752] Call Trace:
[  227.194467][ T9752]  <TASK>
[  227.194472][ T9752]  dump_stack_lvl+0x16c/0x1f0
[  227.194491][ T9752]  should_fail_ex+0x512/0x640
[  227.194504][ T9752]  _copy_to_user+0x32/0xd0
[  227.194517][ T9752]  simple_read_from_buffer+0xcb/0x170
[  227.194533][ T9752]  proc_fail_nth_read+0x197/0x240
[  227.194550][ T9752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.194567][ T9752]  ? rw_verify_area+0xcf/0x6c0
[  227.194582][ T9752]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  227.194598][ T9752]  vfs_read+0x1e4/0xcf0
[  227.194617][ T9752]  ? __pfx_vfs_read+0x10/0x10
[  227.194631][ T9752]  ? find_held_lock+0x2b/0x80
[  227.194651][ T9752]  ? __fget_files+0x20e/0x3c0
[  227.194665][ T9752]  ? __fget_files+0x130/0x3c0
[  227.194683][ T9752]  ksys_read+0x12a/0x250
[  227.194699][ T9752]  ? __pfx_ksys_read+0x10/0x10
[  227.194716][ T9752]  ? rcu_is_watching+0x12/0xc0
[  227.194734][ T9752]  __do_fast_syscall_32+0x7c/0x300
[  227.194751][ T9752]  do_fast_syscall_32+0x32/0x80
[  227.194765][ T9752]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  227.194780][ T9752] RIP: 0023:0xf7f17579
[  227.194789][ T9752] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  227.194800][ T9752] RSP: 002b:00000000f5406590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  227.194810][ T9752] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5406620
[  227.194817][ T9752] RDX: 000000000000000f RSI: 00000000f73a5ff4 RDI: 0000000000000000
[  227.194824][ T9752] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  227.194830][ T9752] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  227.194836][ T9752] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.194850][ T9752]  </TASK>
[  227.350935][ T9759] __nla_validate_parse: 1 callbacks suppressed
[  227.350950][ T9759] netlink: 64 bytes leftover after parsing attributes in process `syz.4.992'.
[  228.071990][ T9771] lo speed is unknown, defaulting to 1000
[  228.322666][ T9785] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1001'.
[  228.476767][ T9799] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1004'.
[  228.785979][ T9805] ubi: mtd0 is already attached to ubi31
[  228.789034][ T9805] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1009'.
[  228.911847][ T9809] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1010'.
[  229.251969][ T9818] netlink: 160 bytes leftover after parsing attributes in process `syz.1.1012'.
[  229.261602][ T9818] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1012'.
[  229.515098][ T9831] Sensor A: =================  START STATUS  =================
[  229.517357][ T9831] Sensor A: Test Pattern: 75% Colorbar
[  229.519177][ T9831] Sensor A: Show Information: All
[  229.520641][ T9831] Sensor A: Vertical Flip: false
[  229.522097][ T9831] Sensor A: Horizontal Flip: false
[  229.525011][ T9831] Sensor A: Brightness: 128
[  229.533787][ T9831] Sensor A: Contrast: 128
[  229.535878][ T9831] Sensor A: Hue: 0
[  229.537318][ T9831] Sensor A: Saturation: 128
[  229.538685][ T9831] Sensor A: ==================  END STATUS  ==================
[  229.635349][   T60] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  229.774267][   T60] usb 9-1: device descriptor read/64, error -71
[  230.024358][   T60] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  230.154381][   T60] usb 9-1: device descriptor read/64, error -71
[  230.272532][   T60] usb usb9-port1: attempt power cycle
[  230.533644][ T9844] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1020'.
[  230.614409][   T60] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  230.653971][   T60] usb 9-1: device descriptor read/8, error -71
[  230.663597][ T9852] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1022'.
[  230.671674][ T9848] random: crng reseeded on system resumption
[  230.729590][ T9858] vivid-000: disconnect
[  231.196229][   T60] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  231.214948][   T60] usb 9-1: device descriptor read/8, error -71
[  231.334581][   T60] usb usb9-port1: unable to enumerate USB device
[  231.499160][ T9853] vivid-000: reconnect
[  234.955875][ T9902] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  234.957944][ T9902] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  234.960000][ T9902] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  234.962322][ T9900] /dev/sr0: Can't open blockdev
[  235.212169][ T9915] Invalid logical block size (9)
[  235.275927][ T9917] 9pnet: Could not find request transport: virti�o
[  236.854251][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[  237.017554][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[  237.017631][ T5954] Bluetooth: hci2: command 0x0419 tx timeout
[  238.105263][ T9962] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1052'.
[  239.151664][ T9973] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1055'.
[  239.271025][ T9978] netlink: 'syz.4.1057': attribute type 1 has an invalid length.
[  239.953868][ T9997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1062'.
[  240.027285][ T9994] netfs: Couldn't get user pages (rc=-14)
[  240.643461][T10013] macvtap1: entered promiscuous mode
[  240.646009][T10013] macvtap1: entered allmulticast mode
[  240.648899][T10013] dummy0: entered promiscuous mode
[  240.651390][T10013] dummy0: entered allmulticast mode
[  240.656169][T10013] team0: Device macvtap1 failed to register rx_handler
[  240.660071][T10013] dummy0: left allmulticast mode
[  240.662732][T10013] dummy0: left promiscuous mode
[  240.714837][T10014] overlay: Unknown parameter '/'
[  241.235583][T10020] fuse: Unknown parameter 'root'
[  241.245651][T10020] --map-set only usable from mangle table
[  241.434307][T10028] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1072'.
[  242.959294][T10039] 9pnet_fd: Insufficient options for proto=fd
[  243.017909][T10040] netlink: 'syz.0.1076': attribute type 4 has an invalid length.
[  243.029098][   T60] lo speed is unknown, defaulting to 1000
[  243.033487][   T60] syz2: Port: 1 Link DOWN
[  243.036398][T10040] netlink: 'syz.0.1076': attribute type 4 has an invalid length.
[  243.041286][   T60] lo speed is unknown, defaulting to 1000
[  243.043281][   T60] syz2: Port: 1 Link ACTIVE
[  243.910907][T10052] netlink: 3 bytes leftover after parsing attributes in process `syz.4.1077'.
[  243.938159][T10052] batadv1: entered allmulticast mode
[  244.244973][T10057] ubi: mtd0 is already attached to ubi31
[  244.254617][T10057] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1082'.
[  245.819808][   T40] kauditd_printk_skb: 52 callbacks suppressed
[  245.819915][   T40] audit: type=1326 audit(1761047082.921:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10095 comm="syz.4.1093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7fc00000
[  245.830448][   T40] audit: type=1326 audit(1761047082.921:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10095 comm="syz.4.1093" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf7f17579 code=0x7fc00000
[  245.951509][T10106] mkiss: ax0: crc mode is auto.
[  245.951534][T10107] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1095'.
[  245.959246][T10106] fuse: Unknown parameter '00000000000000000010'
[  247.590379][T10135] ubi: mtd0 is already attached to ubi31
[  247.593752][T10135] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1102'.
[  248.031168][T10141] lo speed is unknown, defaulting to 1000
[  248.502873][T10149] wireguard0: entered promiscuous mode
[  248.505354][T10149] wireguard0: entered allmulticast mode
[  248.878000][T10159] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1107'.
[  248.912056][T10154] netfs: Couldn't get user pages (rc=-14)
[  249.115001][T10166] syz_tun: entered allmulticast mode
[  249.143686][T10165] syz_tun: left allmulticast mode
[  249.193832][   T40] audit: type=1326 audit(1761047086.291:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.202450][   T40] audit: type=1326 audit(1761047086.291:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.213210][   T40] audit: type=1326 audit(1761047086.291:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.222169][   T40] audit: type=1326 audit(1761047086.291:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.229933][   T40] audit: type=1326 audit(1761047086.291:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.238368][   T40] audit: type=1326 audit(1761047086.291:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.247393][   T40] audit: type=1326 audit(1761047086.291:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.256527][   T40] audit: type=1326 audit(1761047086.291:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10171 comm="syz.0.1113" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f65579 code=0x7ffc0000
[  249.537530][T10174] ubi: mtd0 is already attached to ubi31
[  249.541349][T10174] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1114'.
[  250.384792][T10199] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  250.387021][T10199] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  250.389246][T10199] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  250.768140][T10211] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1122'.
[  251.795462][T10229] /dev/sr0: Can't open blockdev
[  251.819283][T10225] ubi: mtd0 is already attached to ubi31
[  251.836725][T10225] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1126'.
[  252.444614][ T5954] Bluetooth: hci0: command 0x040f tx timeout
[  252.444694][ T5948] Bluetooth: hci1: command 0x0419 tx timeout
[  252.448736][ T5946] Bluetooth: hci2: command 0x0419 tx timeout
[  253.461094][T10265] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  253.720084][T10278] ieee802154 phy0 wpan0: encryption failed: -22
[  253.835627][T10267] /dev/sr0: Can't open blockdev
[  253.837787][T10280] netlink: 'syz.0.1142': attribute type 21 has an invalid length.
[  253.841176][T10280] netlink: 'syz.0.1142': attribute type 1 has an invalid length.
[  253.889255][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  253.889271][   T40] audit: type=1800 audit(1761047090.991:139): pid=10280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1142" name="bus" dev="overlay" ino=1590 res=0 errno=0
[  254.941226][T10291] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  254.943826][T10291] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  254.946631][T10291] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  255.178901][ T1415] ieee802154 phy0 wpan0: encryption failed: -22
[  255.181459][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  255.767971][T10321] macvlan2: entered allmulticast mode
[  255.769769][T10321] veth1_vlan: entered allmulticast mode
[  255.772725][T10321] veth1_vlan: left allmulticast mode
[  255.820560][T10323] wlan0 speed is unknown, defaulting to 1000
[  255.822653][T10323] wlan0 speed is unknown, defaulting to 1000
[  255.829572][T10323] wlan0 speed is unknown, defaulting to 1000
[  255.860800][T10323] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  256.029747][T10323] wlan0 speed is unknown, defaulting to 1000
[  256.044821][T10323] wlan0 speed is unknown, defaulting to 1000
[  256.051721][T10323] wlan0 speed is unknown, defaulting to 1000
[  256.154972][T10323] wlan0 speed is unknown, defaulting to 1000
[  257.004799][ T5946] Bluetooth: hci1: command 0x0419 tx timeout
[  257.005075][ T5948] Bluetooth: hci0: command 0x040f tx timeout
[  257.005127][ T5954] Bluetooth: hci2: command 0x0419 tx timeout
[  259.069116][T10354] ubi: mtd0 is already attached to ubi31
[  259.071532][T10354] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1163'.
[  261.205384][T10415] /dev/sr0: Can't open blockdev
[  261.363682][T10424] fuse: Unknown parameter 'u00000000000000000000'
�
syzkaller
syzkaller login: [  417.767878][ T6520] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  417.770884][ T6520] CPU: 2 UID: 0 PID: 6520 Comm: kworker/u32:21 Not tainted syzkaller #0 PREEMPT(full) 
[  417.776947][ T6520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  417.781342][ T6520] Workqueue: netns cleanup_net
[  417.783328][ T6520] Call Trace:
[  417.784768][ T6520]  <TASK>
[  417.786015][ T6520]  dump_stack_lvl+0x3d/0x1f0
[  417.787960][ T6520]  vpanic+0x640/0x6f0
[  417.789664][ T6520]  ? xfrm_state_fini+0x289/0x310
[  417.791989][ T6520]  panic+0xca/0xd0
[  417.793627][ T6520]  ? __pfx_panic+0x10/0x10
[  417.795482][ T6520]  ? check_panic_on_warn+0x1f/0xb0
[  417.797621][ T6520]  check_panic_on_warn+0xab/0xb0
[  417.799868][ T6520]  __warn+0xf6/0x3c0
[  417.801696][ T6520]  ? xfrm_state_fini+0x289/0x310
[  417.804014][ T6520]  report_bug+0x3c3/0x580
[  417.806016][ T6520]  ? xfrm_state_fini+0x289/0x310
[  417.808418][ T6520]  handle_bug+0x184/0x210
[  417.810135][ T6520]  exc_invalid_op+0x17/0x50
[  417.812001][ T6520]  asm_exc_invalid_op+0x1a/0x20
[  417.814004][ T6520] RIP: 0010:xfrm_state_fini+0x289/0x310
[  417.816230][ T6520] Code: bc f7 90 0f 0b 90 e9 e7 fe ff ff e8 b1 fb bc f7 90 0f 0b 90 e9 39 ff ff ff e8 a3 fb bc f7 90 0f 0b 90 eb 8a e8 98 fb bc f7 90 <0f> 0b 90 e9 d5 fd ff ff e8 2a 92 24 f8 e9 f8 fd ff ff e8 50 92 24
[  417.823732][ T6520] RSP: 0018:ffffc900047bfa90 EFLAGS: 00010293
[  417.826482][ T6520] RAX: 0000000000000000 RBX: ffff88804db12480 RCX: fffff520008f7f23
[  417.829878][ T6520] RDX: ffff88806c0fa480 RSI: ffffffff89ffbe68 RDI: ffff88806c0fa904
[  417.833065][ T6520] RBP: ffff88804db13940 R08: 0000000000000001 R09: 0000000000000000
[  417.836276][ T6520] R10: 0000000000000001 R11: 0000000000000001 R12: ffffc900047bfbd8
[  417.839445][ T6520] R13: dffffc0000000000 R14: fffffbfff2058390 R15: ffffffff902c1c60
[  417.842596][ T6520]  ? xfrm_state_fini+0x288/0x310
[  417.844611][ T6520]  ? __pfx_xfrm_net_exit+0x10/0x10
[  417.846908][ T6520]  xfrm_net_exit+0x2d/0x70
[  417.848672][ T6520]  ops_undo_list+0x2ee/0xab0
[  417.850548][ T6520]  ? __pfx_ops_undo_list+0x10/0x10
[  417.852611][ T6520]  ? cleanup_net+0x347/0x8b0
[  417.854483][ T6520]  ? idr_destroy+0x62/0x2e0
[  417.856383][ T6520]  cleanup_net+0x41b/0x8b0
[  417.858312][ T6520]  ? __pfx_cleanup_net+0x10/0x10
[  417.860571][ T6520]  ? rcu_is_watching+0x12/0xc0
[  417.862648][ T6520]  process_one_work+0x9cf/0x1b70
[  417.864674][ T6520]  ? __pfx_process_one_work+0x10/0x10
[  417.866904][ T6520]  ? assign_work+0x1a0/0x250
[  417.868815][ T6520]  worker_thread+0x6c8/0xf10
[  417.870692][ T6520]  ? __pfx_worker_thread+0x10/0x10
[  417.872712][ T6520]  kthread+0x3c5/0x780
[  417.874332][ T6520]  ? __pfx_kthread+0x10/0x10
[  417.876205][ T6520]  ? rcu_is_watching+0x12/0xc0
[  417.878210][ T6520]  ? __pfx_kthread+0x10/0x10
[  417.880178][ T6520]  ret_from_fork+0x675/0x7d0
[  417.882114][ T6520]  ? __pfx_kthread+0x10/0x10
[  417.884068][ T6520]  ret_from_fork_asm+0x1a/0x30
[  417.886552][ T6520]  </TASK>
[  417.888882][ T6520] Kernel Offset: disabled
[  417.890880][ T6520] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:47:35  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffffc900040dfee0 RCX=ffffc900040e0001 RDX=ffffc900040dfee8
RSI=ffffc900040dfeb0 RDI=ffffc900040df938 RBP=0000000000000001 RSP=ffffc900040df8b0
R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000000 R11=0000000000082c37
R12=ffffc900040df978 R13=ffffc900040df928 R14=ffffc900040dfee0 R15=ffffc900040df95c
RIP=ffffffff8b64c766 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880977d8000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002d41fffc CR3=000000006c508000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000003800000000 0000000100000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000011904 RBX=0000000000000001 RCX=0000000000035726 RDX=0000000000011905
RSI=00000000000a68a9 RDI=ffffffff91d75cf0 RBP=ffffc90003ddf870 RSP=ffffc90003ddf7b8
R8 =0000000000000000 R9 =0000000000000000 R10=0000000000000000 R11=0000000000011904
R12=ffffc90003ddf878 R13=ffffc90003ddf828 R14=ffffc90003ddf85d R15=ffffffff8219040f
RIP=ffffffff816c175d RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880978d8000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f73f6288 CR3=000000006f9ec000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000ff00000000 007061747663616d
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000064 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff852e2365 RDI=ffffffff9adfaec0 RBP=ffffffff9adfae80 RSP=ffffc900047bf2d8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000001
R12=0000000000000000 R13=0000000000000064 R14=ffffffff9adfae80 R15=ffffffff852e2300
RIP=ffffffff852e238f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880979d8000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f1e4c194 CR3=000000006f9ec000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000fcffc200 Opmask01=000000000000ffff Opmask02=00000000ffffffff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000001 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000001a4
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0003d80300080003 d0030fffffffff04 03c00300080003b8 0300080003b00300
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 01ffffffffffffff ffdf0803e0030008
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff0404a003 0008000498030108 0004900300080004 8803000800048003
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0004d80300080004 d0030fffffffff04 04c00300080004b8 0300080004b0030f
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0001200800018002 2208000601029800 100001a003000800 0198030100000208
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0601900300687375 6c665f626c7401ff ffffffffffffffeb 0800030004018003
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 02a008000380020a 0800060202cc0008 0005a00300080005 9803000800059003
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0fffffffff040580 030fffffffff0404 f00300080004e803 00080004e0030008
ZMM25=5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7 5ba72fe75ba72fe7
ZMM26=7606124576061245 7606124576061245 7606124576061245 7606124576061245 7606124576061245 7606124576061245 7606124576061245 7606124576061245
ZMM27=f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623 f50d5623f50d5623
ZMM28=000000100000000f 0000000e0000000d 0000000c0000000b 0000000a00000009 0000000800000007 0000000600000005 0000000400000003 0000000200000001
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000 f91b0000f91b0000
info registers vcpu 3

CPU#3
RAX=ffffffff822fea70 RBX=0000000000000005 RCX=0000000000000002 RDX=000000000000001a
RSI=ffff88802777b050 RDI=000000000000001a RBP=ffff88802777a480 RSP=ffffc9000465f760
R8 =0000000000000000 R9 =0000000000000000 R10=00000000000000c8 R11=0000000000000001
R12=ffff88802777afb0 R13=ffff88802777b078 R14=0000000000000000 R15=ffffffff8e3c4220
RIP=ffffffff81989006 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff888097ad8000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000000c5a9647 CR3=00000000693a6000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000008
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000028800000000 0000000800000000
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000