last executing test programs:

4m30.372766929s ago: executing program 0 (id=15):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_setup(0x2, &(0x7f0000000200)=<r1=>0x0)
io_pgetevents(r1, 0x7, 0x7, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])

4m29.688945333s ago: executing program 0 (id=18):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1c3040, 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6"], 0x0}, 0x94)
write$P9_RVERSION(r2, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4m29.321433505s ago: executing program 0 (id=20):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f000009f580), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20049041}, 0x40018)

4m29.074205082s ago: executing program 0 (id=23):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

4m28.740551389s ago: executing program 0 (id=26):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x40081, 0x0)
syz_pidfd_open(r0, 0x0)
setns(0xffffffffffffffff, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
bind$inet(r3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

4m27.678083103s ago: executing program 0 (id=30):
mknod$loop(&(0x7f0000000340)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x1)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000100)={0x3, 0x100, 0x94c0, 0x3e8685ed, 0x800, 0x6})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=@newtaction={0x144, 0x30, 0x871a15abc695f01b, 0x0, 0x0, {}, [{0x130, 0x1, [@m_simple={0x12c, 0x1b, 0x0, 0x0, {{0xb}, {0xc4, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x43fa, 0x101, 0x5, 0x58, 0xfb}}, @TCA_DEF_PARMS={0x18, 0x2, {0x3ff, 0xffffffc0, 0x1, 0x9, 0x983}}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x1, 0xffffffffffffffff, 0x0, 0x68ce}}, @TCA_DEF_PARMS={0x18, 0x2, {0xfffffffd, 0x3ff, 0x20000000, 0x3, 0x1}}, @TCA_DEF_PARMS={0x18, 0x2, {0xefd, 0xfffffff9, 0x1, 0x5, 0xc07}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x2, 0x0, 0x0, 0xf}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x2482, 0xffffffffefffffff, 0xc4cb, 0x5}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x200, 0xffffffffffffffff, 0xfffffc01, 0x7}}]}, {0x3f, 0x6, "12e6d5ac8d0aa9b508a4179716e307356ece9a999af2fd610ebad6b567ec117a0feb8fabf0086cfe3ef64e0b5be9ae7a42f87ba2c5552a44def63f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x144}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x80000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x502, 0x0)
read$rfkill(r1, &(0x7f0000000080), 0xffffff1c)

4m27.252586374s ago: executing program 32 (id=30):
mknod$loop(&(0x7f0000000340)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x1)
ioctl$HIDIOCGUCODE(0xffffffffffffffff, 0xc018480d, &(0x7f0000000100)={0x3, 0x100, 0x94c0, 0x3e8685ed, 0x800, 0x6})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000880)=@newtaction={0x144, 0x30, 0x871a15abc695f01b, 0x0, 0x0, {}, [{0x130, 0x1, [@m_simple={0x12c, 0x1b, 0x0, 0x0, {{0xb}, {0xc4, 0x2, 0x0, 0x1, [@TCA_DEF_PARMS={0x18, 0x2, {0x43fa, 0x101, 0x5, 0x58, 0xfb}}, @TCA_DEF_PARMS={0x18, 0x2, {0x3ff, 0xffffffc0, 0x1, 0x9, 0x983}}, @TCA_DEF_PARMS={0x18, 0x2, {0x0, 0x1, 0xffffffffffffffff, 0x0, 0x68ce}}, @TCA_DEF_PARMS={0x18, 0x2, {0xfffffffd, 0x3ff, 0x20000000, 0x3, 0x1}}, @TCA_DEF_PARMS={0x18, 0x2, {0xefd, 0xfffffff9, 0x1, 0x5, 0xc07}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x2, 0x0, 0x0, 0xf}}, @TCA_DEF_PARMS={0x18, 0x2, {0x6, 0x2482, 0xffffffffefffffff, 0xc4cb, 0x5}}, @TCA_DEF_PARMS={0x18, 0x2, {0x1, 0x200, 0xffffffffffffffff, 0xfffffc01, 0x7}}]}, {0x3f, 0x6, "12e6d5ac8d0aa9b508a4179716e307356ece9a999af2fd610ebad6b567ec117a0feb8fabf0086cfe3ef64e0b5be9ae7a42f87ba2c5552a44def63f"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x144}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x80000, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0), 0x502, 0x0)
read$rfkill(r1, &(0x7f0000000080), 0xffffff1c)

3m15.154275853s ago: executing program 1 (id=248):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, 0x0, {0x4, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x14963}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x40002)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$kcm(r3, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000200)="27030200000314000e00003c031500000000ff840000000000000002125ce882cbf490d908f1523f", 0x28}, {&(0x7f0000000640)="a652c4145f68", 0x6}], 0x2}, 0x4005)

3m9.654538017s ago: executing program 1 (id=263):
pipe(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80805659, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x101121)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x1c55, &(0x7f0000000300)={0x0, 0x4ac1, 0x10000, 0x2, 0x3f, 0x0, r1}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000140)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0})
io_uring_enter(r2, 0x2dec, 0x4800, 0x2, 0x0, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3m7.061153678s ago: executing program 1 (id=271):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x30001, 0x8, 0x1}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="01"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0}, 0xc)

3m6.806210429s ago: executing program 1 (id=272):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, 0xffffffffffffffff, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m6.625342489s ago: executing program 1 (id=273):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, r2, {0x4, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x14963}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x40002)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0xf, &(0x7f0000000600), 0x56)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$kcm(r3, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r5, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000200)="27030200000314000e00003c031500000000ff840000000000000002125ce882cbf490d908f1523f", 0x28}, {&(0x7f0000000640)="a652c4145f68", 0x6}], 0x2}, 0x4005)

3m1.090838102s ago: executing program 1 (id=287):
r0 = openat$qrtrtun(0xffffff9c, &(0x7f0000000000), 0x980)
write$qrtrtun(r0, &(0x7f0000000280)="ba7d3bf0baa94da1d3e736fa04c9f9e047638e9413b48a8b6b04091d407b65aac0fcc430b7faae18c16698576463744cd195846cbb934a90ce31f7107399a788255101e3d6e8034cdfbfc41d3564033a652cb441e547366a359e3df13ddcbca78459330724b97c787480262ab2345580c10cc43b04dd3c01428d0ec7084846f67e", 0x81)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x17)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x13)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000200)=0x3, 0x4)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)
fsopen(0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2m45.881081206s ago: executing program 33 (id=287):
r0 = openat$qrtrtun(0xffffff9c, &(0x7f0000000000), 0x980)
write$qrtrtun(r0, &(0x7f0000000280)="ba7d3bf0baa94da1d3e736fa04c9f9e047638e9413b48a8b6b04091d407b65aac0fcc430b7faae18c16698576463744cd195846cbb934a90ce31f7107399a788255101e3d6e8034cdfbfc41d3564033a652cb441e547366a359e3df13ddcbca78459330724b97c787480262ab2345580c10cc43b04dd3c01428d0ec7084846f67e", 0x81)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000080)=0x17)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000080)=0x13)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x3f, &(0x7f0000000200)=0x3, 0x4)
mlock(&(0x7f00007fe000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x19)
fsopen(0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

2m45.303672208s ago: executing program 2 (id=335):
r0 = syz_io_uring_setup(0x12b7, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100, 0x2, 0x16e}, &(0x7f0000000180)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000140)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r3}})
add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r0, 0x2def, 0x4000, 0x0, 0x0, 0x0)

2m45.102960302s ago: executing program 2 (id=340):
r0 = userfaultfd(0x80001)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00007d2000/0x800000)=nil, 0x800000, 0x8)
close(0x3)

2m44.660511792s ago: executing program 2 (id=343):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x2a840, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@t={0x81, 0x6, 0xe3, 0x3})

2m44.480453541s ago: executing program 2 (id=344):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000180)={0x0, 0x40c989, 0x0, 0xffffffdf, 0x175}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz0\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x3, 0x8, 0x81, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x101, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x6, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x3, 0x808, 0x2, 0x9, 0x1, 0x4, 0x2, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0xffffffff, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x29a, 0x5, 0x0, 0xfffffffa, 0x4, 0x2, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000000, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0x8001, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x10001, 0x379, 0x9, 0xe, 0x5, 0x7, 0x4, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x2003], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x8001, 0x2, 0x7, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x1, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x9b77, 0x9, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x2, 0x4, 0x1000, 0x7f, 0x5, 0x3fa8, 0x0, 0x0, 0x9, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x7, 0x800, 0xa80a, 0x65f413f9, 0x2, 0x8, 0x8a8, 0x2, 0x40, 0x3, 0x2, 0x84, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x0, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0x1, 0xf, 0xe, 0x2, 0xe, 0xf, 0x173, 0x6]}, 0x45c)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, 0x0, 0x0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
userfaultfd(0x80001)
ioctl$UI_DEV_CREATE(r3, 0x5501)

2m43.384970555s ago: executing program 2 (id=352):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000002240)="2d12376647d788ad2cdbd0e68c140c7f72d35ae5869c470a1f53ea73c32220190e02cb0b770bb154d1d5d1b343cb1feadca1752e4397955e1a151721f1b28b9e32b7966f9ddd7ad3822c5ff3dc03786c1c86c2a6f7c271710c573396ca95e95a524201b0bf0539042ae14072693f9734306f7a21f92421e8e0ea335d07d1f2839c4c195930cd35c65dfc527de84f2cab4f0c78474734d7c5cba0c70ee0fd10ad5ed3f4b70308c29000e8cd98d57c90c7d9298ee4a2c41b141614627880ace9cfde45a0ae5f6f5cf3eb31254454e92eacdab64eb048b144e4fcc16afe59e7d7dad7696df64aa223d14d69bbe8ee2f76e1d4a32477a7cf108fea86a7e085c1575f683857cff342574109f74cf05e3f63f328f46735ba0578d84b4978ce545621b1666ca7da451d40e961a037822eebcbba9bf9e92af7281442efcaa8e0d3ecd6111d8fc1c742d0e7efe8e51a1c5e6ea04fec02a986cba677d9dc642d110df6f55c786c73f7ce4ebf9415bdb2680d0ff4597006d96e3c164114a4effae84380e492822c002b2e96f160a0784fd0ebe448eddaa801921576287f61a15be332a94eea951c0826874d105173a6b3f2a6e420ed5ef00b1f699b74c524a1859cb7d6dfb7257b6f0b92e17ce21237da0ec892735601b29693dce455876447f76df303a8cb34bd9c9241da9904c1c17d416753c71aeed9cc07d26b4a438df4e302cf120cda73c04d5a1b7295f1cb7ff88084211adde5fdf991f97cb522b56c561ad1119a4675fbf566b77660dfd457467652d23c739cc9ba93bbd5b464c46e46187ce71d7aab533e670c861b227454d7c21f9f16000eee0c1772a152c26acd2744c5553ace622369f15d5354a3b5ac4bb9261a766830d351fa931558dee7ff30768b2e29025c3b115179ed6a12ea76a23db3626bc033f85a43c3c3f50b75b89a418277837ba571189e708f4aaaacc19537e7aa156b7058c200e8f9be1da8a63c7e878f3e733060a1cb24a2a09ea76413efdc4e0b1027a09c6830b4ca5ccd4695e2e0bb1610a21b0cc66012aab283b6c5dfbd20aef8d7ad04e4c618a065a588d05e3f780126eee290cf0f94fb4a2c5a8cb97f60d9e50301a4f01f3787ab052ef8782d6ef0f92385ab59015670a054dab1ab0400be74fdc4ac3d18fb5b5da13e55a05e29ad14dd0abf0435dea601ce80573548f3c8f21ecfcbe5361d1505a91c355d8477fe7e3866be005acae25cbab7bd8684294963c3c95924f7d62ca0ed2d7aa01048cbdcd4d7ae9717d4feb97e1e825f6156e9c5fc456509798d2f5adc9356752a8974894ff5bf9d14aab3ddf18fd4f9af23c66f7e4ef7e345e769260fd9d2a22ddd078dd7e44f904ea78dd3db5b0f4a8d7ce9ae7909cedde165b7458da24d576fc0e18d3c27cccaff21146ad51c1681c629a8f0b8a4ae213c88910c54de9af7890b0a4414e0d38c31d76a130b587b764260655f17f901f96b835a1fecb1f7438f5e18ff60720d37d19b1a9ae3e03dc10aa1c4f2abb918883d56ddd4e74b48a4aeadccf2329956ed18b2001d1e1e80bdf325449beda911916f802234f5b182264754cd3bb26b2ae658cc0ee185a19cba7f9e54e47c32f8b87d0fed97c911d28f971e70be5fb830109a57b600f734a4cc734cbb67a58e6a696ccb39c328c537fe467fd194183aad728f95b0a4afb4557615408a83785c0d313e666d1dab18d49a4feaf12993e73f5537998a1ed25b93f9bca346376129dee3a5a78675d30bd19a78b77f45ea8b5b48cb4c78a1bc30df00badb811585966b8f8ef42d89236f5e99f849a44d62d1431eb187333dcde91582a29e777b9cd6e1bc86eff512ba48d6030681d395bfb8c5259b0c22028400a1d3929a6e3fa0fcda3deb9cf8e7e079c21d7c20b1670eb880789ae809608bac2b05c45da5a3a0377d1d06b917a5a6ee7dbf35f54c327d7d7921266bcb4e8e816b02872139d03d575c491ee077140f7d1aca286f977869288bf90eedaf41727abcd79056936d830bf6480bf6b4573e4dd402f6206099716593a04813cd07437ffa80f10f72ef64e320e48fa59b5ac0e412d9ed14bfc2e9365c67fc21c327d5699f58c3984db4f3ec0c362b633a784c4dfba44187801a0f0fc0f6b7a4610594556b33f1617c7b8b4f95d5d6fba7553512a6098a2e64d10a45347f3a41d11e19f7690ebcbfb9239c59b489061aad4317a08c435fa92c4f5feb662f6413c3d06dca92647fef304d9f8e96a78b5251b0a4d15710937428ab676cc7da5f0006cd04f7fa884625116a0cbddabc012cf55e3f26a4b411cfa1ba8473c3aef570cd23fe2165bf1f9b54632c7e76e5a5818bb70086c5fa609f2199424b8f2de5387a5bf44d3f246bec62433182b0c950ecc2968dba1e6a845c48c506daf90ffb0c13d376be0ac8283abb4e4283f703206a47c2b9c6a642d4bf4a245b8ec978b09d8620fc5d9f917842f83bf5e2efd976e9b98c38a8f836773357ad6d23fca68ee26431acf0196ef0fcef25a979782dc2f1688acacc53b1b2c2f694b638c1256a869f56098b89bb4a14b2dc2d187773e6a75f7d37ed91b8f8aee84c0bdbaeec229139809eaa9948e7a5e18d783ece0cd7ea8996dc3e650b1cff351ad9fbd661f303f40de084d111ec1489ae42d2fc55ce8d892a3d6290f2d2eb72733b4fdc8c433569c34854a84653884b3d90652f499eeb83886bd4246b41f231141cf1a412f1c7840fb8a1595895cfdec1961d887ac9dd1f5ad4b66bbb451d5471fcb1fb4bb25a4c4d43b9c0e3c72a00e8fc83f700c812b1b9c2f37e40bd746c39cbbca41e6fecb8d64424c82e640d8f887cb7d8e75828b2969e1628c7000fba626381dcfdc7262b2b06f47f898d0aa0dab8636c089d4339a37e80f20f8f5196608a3d1ac1418ff9ac0ac54c45c124b15a77d61d50ca05e1603b1b6476cf09d79b138a7f7394a9cf35e6d64654504663db381712da505d0985cd9a4edbd067c0f09c393486b138f01deb4771566d987ac16a6ed0ac5c9b592a20878e5b4050e594f376523697a0aba321a6704db28b0f0fcdf0d8e2a6f1788064d49807f080d7aa29f795935d61bcf152fe39a45a713fd0a3b2982f65437828e110b2edcdbd7b462d5ef8e87ad0aa2352cf3fb1e05787602ed66efd77a7b88c73e76dd1b368e5845cc032ed719635b0db27b39ddc12d899b742a1499ffaa4b95c0a1f29cd85a7d2d30be5bd1fd384a6e4dd3b93b46352ece5144a2ce989bcb8e6255e04e6d5d0a6b4b2736715b116b06189491b4a4a9fd9e482413b2b8851b273b10820040b490de9414fcdee5126ddbedaaddcb8c844cc7e0264f65c4d3607dddf0dbd88a7f3d1ff35bea1bcb48eb576e7083fd8bf8d6a6a1567f77819c3bbe93ff92418632d30fa2b933b33fcf163b5a942d870f22d13ad6be938ddf61de391b35e68fc9ad71aeb7cddfb73e071162bfd1c7facd10e50e9f8046c7ee6f89830b70955a3908c18cc79138c335a5159adb3229e02576cbd1829b4c67504fbe785e3c2129d53cbc3b00a62b232e16a01e01b2dc159fea676ea8c0ad0d8f41ea1840092f4900d26f48b5c549211240a5c5ab663b4f9ac463df05c86af9a3f2e595d4f9981b108d44e9ee060fc8736d7ff71a609252fe6becd2aacb23b7ac66ad8a3dfca068fb7846b9588a0b027e45f96d73cdf6c2d9494c6c5c129a8f5a1e8c4f4e6a1adec722ba74e5a002b1c87793cfc5c689ac82881ac346c3e5be4f6570d3669f797916e2018a784d6a88671c6cd8035", 0xa6a, 0x4004085, 0x0, 0x0)

2m43.102030426s ago: executing program 2 (id=353):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x80085665, &(0x7f00000000c0)={0x8000000, 0x1fe, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video4linux(0x0, 0x3, 0x3cf281)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r2, 0xc0945662, &(0x7f00000003c0)={0x9, 0x0, '\x00', {0x0, @bt={0x8, 0x0, 0x0, 0x1, 0x7, 0x6, 0x1ff, 0x8, 0x80000000, 0xdb5, 0x7, 0x9, 0x2, 0x4, 0x12, 0x1, {0x3c, 0xff}, 0x7, 0x4}}})
getpid()
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)=ANY=[@ANYBLOB="4400000089060102000000000000000000000000aa675779ae278f25289cf40900e75473797a310000000005000100070000001c5669d748ea64f7d19966710938b9b360c7afaa5b54d44e9a0c588cc8c271a74ecccd2f34e5484a73dc52b821dbc649014c0bd72283dd8f6629fc711266a7245c55bbd4ac416dd1f9abe045"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r5 = socket(0x2b, 0x1, 0x1)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r6, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1400000000000000000000000200000006000000000000001400000000000000100100000a"], 0x30}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r5, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000280)={'filter\x00', 0x7, 0x4, 0x4f0, 0x2f8, 0x1e8, 0x0, 0x408, 0x408, 0x408, 0x8000000, 0x0, {[{{@arp={@multicast2, @dev={0xac, 0x14, 0x14, 0x12}, 0xff, 0x0, 0xe, 0x9, {@mac, {[0xff, 0xff, 0xff, 0xff]}}, {@mac=@broadcast, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xb856, 0xc3c9, 0xb, 0x2, 0x4, 0x6, 'ip6erspan0\x00', 'vcan0\x00', {}, {0xff}, 0x0, 0x82}, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0xc, 0xfff, 'system_u:object_r:urandom_device_t:s0\x00'}}}, {{@arp={@remote, @loopback, 0x0, 0xffffffff, 0x0, 0x6, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xe, 0xd735, 0x7f, 0x7f, 0x7fff, 0x3, 'bridge_slave_0\x00', 'macvtap0\x00', {0xff}, {0xff}, 0x0, 0x200}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @broadcast, 0x1, 0xffffffff}}}, {{@arp={@loopback, @local, 0xff000000, 0xffffffff, 0xd, 0xa, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, {[0xff, 0x0, 0xff]}}, {@mac=@remote, {[0x0, 0x0, 0xff]}}, 0x3, 0x0, 0xffff, 0x200, 0xd538, 0x4, 'bond_slave_1\x00', 'veth1_vlan\x00', {0xff}, {0xff}, 0x0, 0x4b}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x540)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c00000003060104000000000000000002000005050001000700000048ec23b7efaaecbf8e85c1cc4582df3cc404fa37db70e1ce8599b23da57ec8e9e2f6f0c6ded42816f5b0153a7a25c68faf17ef385a587d3d602b29d15cd15d3a9c531711812b42c6bb33ca1dff3ffaef66344fd1ae7e15cf2237d6c88649d64e59097e1558ba2c241e3761"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
sendmsg$nl_route(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2004c800}, 0x200440e5)

2m27.048500025s ago: executing program 34 (id=353):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x48b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x80085665, &(0x7f00000000c0)={0x8000000, 0x1fe, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video4linux(0x0, 0x3, 0x3cf281)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r3)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r2, 0xc0945662, &(0x7f00000003c0)={0x9, 0x0, '\x00', {0x0, @bt={0x8, 0x0, 0x0, 0x1, 0x7, 0x6, 0x1ff, 0x8, 0x80000000, 0xdb5, 0x7, 0x9, 0x2, 0x4, 0x12, 0x1, {0x3c, 0xff}, 0x7, 0x4}}})
getpid()
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)=ANY=[@ANYBLOB="4400000089060102000000000000000000000000aa675779ae278f25289cf40900e75473797a310000000005000100070000001c5669d748ea64f7d19966710938b9b360c7afaa5b54d44e9a0c588cc8c271a74ecccd2f34e5484a73dc52b821dbc649014c0bd72283dd8f6629fc711266a7245c55bbd4ac416dd1f9abe045"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)
r5 = socket(0x2b, 0x1, 0x1)
r6 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r6, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1400000000000000000000000200000006000000000000001400000000000000100100000a"], 0x30}, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r5, 0x0, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000280)={'filter\x00', 0x7, 0x4, 0x4f0, 0x2f8, 0x1e8, 0x0, 0x408, 0x408, 0x408, 0x8000000, 0x0, {[{{@arp={@multicast2, @dev={0xac, 0x14, 0x14, 0x12}, 0xff, 0x0, 0xe, 0x9, {@mac, {[0xff, 0xff, 0xff, 0xff]}}, {@mac=@broadcast, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xb856, 0xc3c9, 0xb, 0x2, 0x4, 0x6, 'ip6erspan0\x00', 'vcan0\x00', {}, {0xff}, 0x0, 0x82}, 0xc0, 0x1e8}, @unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0xc, 0xfff, 'system_u:object_r:urandom_device_t:s0\x00'}}}, {{@arp={@remote, @loopback, 0x0, 0xffffffff, 0x0, 0x6, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xe, 0xd735, 0x7f, 0x7f, 0x7fff, 0x3, 'bridge_slave_0\x00', 'macvtap0\x00', {0xff}, {0xff}, 0x0, 0x200}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @remote, @broadcast, 0x1, 0xffffffff}}}, {{@arp={@loopback, @local, 0xff000000, 0xffffffff, 0xd, 0xa, {@mac=@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, {[0xff, 0x0, 0xff]}}, {@mac=@remote, {[0x0, 0x0, 0xff]}}, 0x3, 0x0, 0xffff, 0x200, 0xd538, 0x4, 'bond_slave_1\x00', 'veth1_vlan\x00', {0xff}, {0xff}, 0x0, 0x4b}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x540)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c00000003060104000000000000000002000005050001000700000048ec23b7efaaecbf8e85c1cc4582df3cc404fa37db70e1ce8599b23da57ec8e9e2f6f0c6ded42816f5b0153a7a25c68faf17ef385a587d3d602b29d15cd15d3a9c531711812b42c6bb33ca1dff3ffaef66344fd1ae7e15cf2237d6c88649d64e59097e1558ba2c241e3761"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
sendmsg$nl_route(r5, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2004c800}, 0x200440e5)

1m32.810125056s ago: executing program 6 (id=595):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0684113, &(0x7f0000000380)={0x1, 0x5, 0x0, 0x1003, 0x8000, 0x0, 0xff, 0x5, 0x0, 0x6, 0x800001})

1m32.615273896s ago: executing program 6 (id=596):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={0x0, 0x44}}, 0x0)

1m32.389841162s ago: executing program 6 (id=598):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000180)={0x0, 0x40c989, 0x0, 0xffffffdf, 0x175}, &(0x7f0000000000)=<r1=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r1, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000a00)={'syz0\x00', {0x6ec9, 0x7, 0x5, 0x5}, 0x3e, [0x9, 0x2, 0x8, 0x2, 0x5334, 0x400, 0x80000000, 0x3, 0x8, 0x81, 0x6, 0xf5, 0x9, 0x39, 0x747d5a13, 0x8, 0xfffffb9a, 0xfffffffc, 0x4, 0xfffffffb, 0x4, 0x3, 0x4, 0xf252, 0x4, 0x800, 0x300000, 0x7, 0xe, 0x101, 0x0, 0x0, 0x1ff, 0x8000, 0x3ff, 0x6, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x400008, 0xe, 0x4, 0x2, 0xde, 0x8, 0x9, 0x1, 0x3, 0x808, 0x2, 0x9, 0x1, 0x4, 0x2, 0x1000, 0x5, 0x40, 0x9, 0x7, 0x5], [0x6, 0x1e, 0x3, 0x8000, 0xfffffffe, 0x3, 0x0, 0x5, 0x7, 0xfffffffc, 0xffffffff, 0x7fff, 0x72c, 0x1c32, 0x3, 0x9, 0x10000, 0x400, 0x8001, 0x3, 0x1, 0x29a, 0x5, 0x0, 0xfffffffa, 0x4, 0x2, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000000, 0x10, 0xfffffff9, 0x0, 0x5, 0x1, 0x8001, 0x6, 0x5, 0x800, 0xffff, 0x6, 0x96, 0xfffffffd, 0x101, 0x0, 0x2, 0x401, 0xc, 0x10001, 0x379, 0x9, 0xe, 0x5, 0x7, 0x4, 0x2, 0x1, 0x1, 0x8, 0x6, 0x200, 0x2003], [0x401, 0xc584, 0xffff, 0xcd4, 0x7, 0x20, 0x7, 0x4, 0x8, 0x10, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0xffffffff, 0x1000, 0x2, 0x10, 0x1, 0xfffffff9, 0xe55, 0x10, 0x80000001, 0x4, 0x4, 0x5, 0x9, 0x2, 0x5, 0x80, 0x9, 0x9, 0x8001, 0x2, 0x7, 0x4, 0x3, 0x6d7e, 0x3, 0x8, 0x8001, 0xbf23, 0x6, 0x8, 0x95a, 0x1, 0x3ff, 0x3, 0x6, 0x100fffd, 0x2005, 0x7, 0x4, 0xea, 0x9, 0x9b77, 0x9, 0xd9, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0x7fff, 0x3, 0x3, 0x88, 0x2, 0x6, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x2, 0x4, 0x1000, 0x7f, 0x5, 0x3fa8, 0x0, 0x0, 0x9, 0x1e0, 0x4, 0xe47, 0x3, 0x3, 0x4, 0x200, 0x1000, 0x3b, 0x2, 0x7, 0x800, 0xa80a, 0x65f413f9, 0x2, 0x8, 0x8a8, 0x2, 0x40, 0x3, 0x2, 0x84, 0x4, 0x10, 0x0, 0x0, 0x7fff, 0x0, 0xfffffff8, 0x401, 0x1, 0x200, 0x7, 0x4edf, 0x1, 0xf, 0xe, 0x2, 0xe, 0xf, 0x173, 0x6]}, 0x45c)

1m32.086253753s ago: executing program 6 (id=600):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56741, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x6, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xfe, 0x5, 0x9, 0x7, 0xc, 0x2, 0x5, 0x2, 0xf, 0x4, 0xd, 0xb, 0x2, 0x6, 0x1], 0x3, [0x4, 0x101, 0x200, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0x7, 0x6, 0x800, 0x3, 0x5, 0x6, 0xd, 0xbd], [0xfff1, 0x5, 0x800, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x44, 0x0, 0x8, 0x1, 0x6]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$kcm(0x11, 0x3, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r8)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$kcm(r7, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r9, 0x42}, 0x80, &(0x7f00000001c0)}, 0x4005)

1m29.562398311s ago: executing program 6 (id=609):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x6, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00\x00@\x00'}, 0x28)
writev(r0, &(0x7f0000000740)=[{&(0x7f00000008c0)="581a17919cc7749e9438c65fb69e487bd1c16731510e7fc4ed9fb860505f1495ff92f16a38f8a13d58751d926def1f80b315bdc726cdd8b5d1a91f485854af8fc854b0da7a02522fe7b2c21db7a46c48473099d4a4654cfd97a67c9e79afc0d444", 0x61}], 0x1)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r0, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xff1}], 0x1)

1m29.066658488s ago: executing program 6 (id=613):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getpriority(0x1, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, 0x0, 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r2 = openat$qrtrtun(0xffffff9c, &(0x7f0000000240), 0x801)
mmap$qrtrtun(&(0x7f000085a000/0x4000)=nil, 0x4000, 0x1000000, 0x10, r2, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0, @ANYRESHEX], 0x48)
r3 = io_uring_setup(0x7f57, &(0x7f00000001c0)={0x0, 0x5623, 0x80, 0x3, 0x2ad})
syz_io_uring_setup(0x57b2, &(0x7f00000002c0)={0x0, 0x98d2, 0x800, 0x3, 0x321, 0x0, r3}, &(0x7f0000000000), &(0x7f0000000080))
unshare(0x6a040000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000002c0)=0x11)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCSCTTY(r4, 0x540e, 0xfffffffffffffffa)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0)

1m13.809929349s ago: executing program 35 (id=613):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getpriority(0x1, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, 0x0, 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r2 = openat$qrtrtun(0xffffff9c, &(0x7f0000000240), 0x801)
mmap$qrtrtun(&(0x7f000085a000/0x4000)=nil, 0x4000, 0x1000000, 0x10, r2, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYRES8=r0, @ANYRESHEX], 0x48)
r3 = io_uring_setup(0x7f57, &(0x7f00000001c0)={0x0, 0x5623, 0x80, 0x3, 0x2ad})
syz_io_uring_setup(0x57b2, &(0x7f00000002c0)={0x0, 0x98d2, 0x800, 0x3, 0x321, 0x0, r3}, &(0x7f0000000000), &(0x7f0000000080))
unshare(0x6a040000)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000002c0)=0x11)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCSCTTY(r4, 0x540e, 0xfffffffffffffffa)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0)

15.652804942s ago: executing program 4 (id=790):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0)
setrlimit(0x6, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x40}}, 0x0)

15.570934744s ago: executing program 4 (id=791):
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, 0x0, 0x0)
connect$netlink(r0, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x1d)

14.556578731s ago: executing program 3 (id=796):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
sendmsg$nl_route(r0, 0x0, 0x0)

14.39828848s ago: executing program 3 (id=797):
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

13.493839167s ago: executing program 3 (id=799):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
r3 = syz_pidfd_open(0x0, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
setns(r4, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
bind$inet(r2, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

7.824049634s ago: executing program 4 (id=810):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0)
setrlimit(0x6, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x58}}, 0x0)

7.623595948s ago: executing program 4 (id=811):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0xa0602, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, 0x0)
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x300)
clock_nanosleep(0xe3a30f1b640fe9a9, 0x1, 0x0, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x40)
openat$sndseq(0xffffff9c, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

6.518899519s ago: executing program 7 (id=813):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0x7ffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0xffffffff, 0x5, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x2, 0xa, 0xfffffffd, 0xffff2d37, 0x1dd2, 0x6, 0x2, 0xfffffffe, 0x80000001, 0x7, 0x3, 0x3, 0x3c5b, 0x1, 0x1, 0x6, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x8, 0x1000007, 0x3, 0x8001, 0x4c71, 0x8f00, 0x63f, 0x3, 0xa, 0x400, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x2b, 0x8, 0x0, 0x1, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x7, 0xf9, 0xd, 0x2bf, 0x6cd, 0x1ff, 0xfffffffe, 0x2, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0xfa0b, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x238, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0xb, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0xa5d4, 0x8, 0x3, 0x4, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x1000, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x0, 0x53cf697b, 0x5, 0x4, 0x54fe12da, 0xbf, 0x10, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xbad, 0x120003, 0x3, 0x4fa, 0xfffff1d1, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xfffffffc, 0x5, 0x938, 0x5, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x3, 0x7fff, 0x8fffe, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x3, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x2, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x1, 0x200, 0xfff, 0xfff]}, 0x45c)

6.517824343s ago: executing program 4 (id=814):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r3, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x6}, 0x66}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="af75355d1696"})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000740)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f0000000cc0)=[{&(0x7f00000002c0)="27030200dc0f24000e00003c0ff000000000ff840000000200000003125ce882cbf490d908f1523f000000002d9c2740e260a09c6911cda856d5141bffc6e29a5789796eec81944d7dff184d3319ce9dfb5c1fcd66e67b91a917a67ece64299573503cbc7e27133c4e5ed68c7a9b407a275bcff3432a487ebef21275b91d386164b443c1dfdf63831812e0471639a99b97a9923e4659cd5d1e3c", 0x9a}, {&(0x7f0000000440)="c91d588b87bd12b736780a766e3ebca34836bf87f46f8027511d29f92e1a4e8bd5fb5367cef57a6d8db59a972c54efc7ece9c07cb4a0921d4a2320d73ff2d3c54d7af0deecef81ce277562dde92e480b2cf42e52cc039c43fea94e730feb6f5cad427446e7357d255248ab48a0b733cc2c7541488d63b8f6d2c4f0e03ac8faecc74486b2cfb59a28d701271dc07ef9d82e0ce78bca83048caf47fedf4f4df5863a2f849b5fc6ef0b49bf7a6cb6faab2a777dde15", 0xb4}, {&(0x7f00000007c0)="1da19d23fdff85b98167af7726547120df65aece0cffbb361fd19ec08ddad9340531b1c05e106ea2b36a41070b0be2be119aa8c7d8444f4341cccd89faa6253e1ee49e9132d115fd9988c00b16b48669fd2863efe80b92787339069a0f79bc832754fc4c564bc7c61f70be9565f15584fd519f000000005d433935485cdc2ffa2be958749701504aefae9ac942fd1dfc86b59a3d1caf7923edfc844f870f12b651ec19cedc69367ba0093c404d4ac7409ae7f612cd45bc475f1f4b47ba45ec376c3a98a06da61124f2650b53b15c87c3e6ea7734e44835fcd6d23a0d7e", 0xdd}, {&(0x7f00000009c0)="a5ca8683d601768d343ca112b53e7aa9b7692478467c2525cc9ceb426e1c40e3b29380122d838019715ede6740900e4a5b9097b6713ba207b45f64e07e8d44f24c842b84e2c5c3d4175f2c59ef949b2cfb2b1722cf08388fed3e7ff321bda9f2a0744407b6a38593ab8ff05b41a7bc10f7424c9da00d3b2dea193936dbae3b28e7f3ab2ec79d512847fce7d00e40c1e127d871123a121c8c684d714b81314f94d74e8dd61d5bff0f7a86dc7452ce6fcdb767dc9953058022e5f082d4024350a9e1d65f80844770359a06b0554bd065b79ede8b2138a0eda7a68ba7fd4240630196a25d1f5f1e15a09f55d4794bcc7f6157b9376d046f30af1ac7464b32a655976a27d8baebcb440d211d60baa353b30fc2a967c9827f4fe99c20abfdbff7b2c090ece74acb8e286dc583d0b86fe35e", 0x12f}], 0x4}, 0x8bb3a321efc09a)

5.55417277s ago: executing program 7 (id=815):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x80800)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYBLOB="10100000000000000800200005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1, @ANYBLOB="4b76f3b6"], 0x40c}}, 0x4000000)

5.282308311s ago: executing program 7 (id=816):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$kcm(0x11, 0x3, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xa30e, 0x1, 0xfffffffa}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8004000}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b80)=@newtfilter={0x87c, 0x2c, 0xd3f, 0x30bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x6, 0x3, 0x5, 0xfffffffb, 0x6, 0x6, 0x2, 0x9, 0x6, 0xb04a, 0x3, 0x7, 0x9, 0xca2, 0x3, 0x9, 0x9, 0x3, 0xaeb2, 0x6, 0x81, 0x2, 0x8, 0x1000, 0x2, 0x6, 0x2, 0x7, 0x0, 0x9, 0x8, 0x46, 0x1000, 0xd47, 0xc98, 0x4, 0x4, 0x8, 0x0, 0x2, 0x80000000, 0x80000000, 0x10, 0x0, 0x1, 0x80000000, 0x0, 0x6, 0x9, 0x3, 0x8, 0x4, 0x23a2, 0x200080, 0x1, 0x4, 0xffffff80, 0x5, 0x6, 0x6, 0x6, 0x4, 0x6, 0x8, 0x372e, 0x9, 0x1, 0x0, 0x2, 0x1, 0x5a, 0x5, 0x80040001, 0x4, 0xb6, 0x7, 0x99fc, 0x8, 0x5, 0x3, 0xffffffff, 0x4, 0x3ff, 0x400, 0x0, 0x9, 0x4, 0x720, 0x2, 0x118, 0x6, 0x101, 0x3, 0x1, 0x6444, 0x28, 0x10001, 0x1, 0x87, 0x23, 0x1, 0x200, 0x8, 0x2, 0x7, 0x10000, 0x2, 0x8, 0x200, 0x100, 0x9, 0x1, 0x1, 0x9, 0x8, 0x3, 0x100, 0x1, 0x7, 0x8, 0x34, 0x9, 0x7, 0x30529d92, 0xea0, 0xfd, 0x0, 0x400, 0x8, 0x8d1, 0x3, 0x7fffffff, 0xdaba, 0x9, 0x5, 0x5, 0x3, 0x81, 0x8, 0x4, 0x8, 0x2, 0x5, 0x5, 0x80000001, 0x3, 0x8, 0xe0eb, 0x461, 0x9, 0x2, 0xffff73b1, 0x23f7, 0x40, 0x7, 0x9, 0x7b3, 0x5, 0x1ff, 0x7, 0x80, 0x8, 0x4, 0x400, 0xdb61, 0x6, 0x4, 0x7, 0xd4, 0xffff6a88, 0xe901, 0x5, 0xe, 0x1, 0x5, 0x9, 0x1372, 0x800, 0x72, 0x8, 0xe, 0x7f5, 0x2b, 0x25, 0x6, 0x6, 0x6, 0x100, 0x71, 0xe, 0xfffffffd, 0x60, 0xc, 0x5, 0x2b, 0x6, 0x2, 0x3, 0x7, 0x3, 0x9, 0x3, 0x4, 0xfffffc00, 0xfffffeac, 0x6, 0x3ff, 0x101, 0x5, 0x7f, 0x3, 0x1, 0x1, 0x400, 0x7, 0x0, 0xdd6, 0x4, 0x3, 0x35, 0x9, 0x7, 0x3, 0x1b9, 0x2, 0xc572, 0x33, 0x7, 0xb6, 0xf1, 0x188b, 0x4, 0x5, 0x5, 0x3, 0x80, 0x3, 0x2, 0x0, 0x3, 0x6, 0x7fff, 0x7b, 0x5, 0x9, 0x3, 0x942, 0x4, 0x3, 0x7, 0x7, 0xa8, 0xfff, 0x6, 0x1000, 0x9]}, @TCA_POLICE_TBF={0x3c, 0x1, {0xfff, 0x8, 0x5, 0xff, 0x73, {0xf, 0x1, 0x436, 0x8, 0xff81, 0x4}, {0x3, 0x2, 0x9, 0x6, 0x3, 0xc11}, 0x5, 0x8, 0x7d80}}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0xcb6d, 0xca, 0x351, 0x122e4b0e, 0xfffffff1, 0xb, 0xffffc33a, 0x4, 0x79, 0x0, 0x9, 0x0, 0x8, 0x1, 0x29b01c17, 0x4, 0xfff, 0x4, 0x6895c422, 0x2e7, 0x3, 0x5697, 0x0, 0xffffff13, 0x400, 0x1f, 0x9, 0x7, 0x7d, 0x7, 0x7, 0x1, 0x8, 0x2975, 0xc5, 0xf, 0x1, 0xb09d, 0x1ff, 0x101, 0x7, 0x18fc3c8b, 0x5, 0x6, 0x5, 0x2, 0x1, 0x2, 0x0, 0xfffffff7, 0x9, 0x9, 0x9, 0x3, 0x1, 0x6, 0x449, 0x2, 0xf, 0x0, 0x3, 0x5, 0x4, 0xff, 0x80, 0x8906, 0xd, 0x8000, 0x7, 0x5, 0xffffffff, 0x9, 0x5, 0x8, 0x7, 0xffffffff, 0x7, 0x0, 0xcf28, 0x9, 0xd, 0x5, 0x7fffffff, 0x28, 0x3ff, 0x40, 0xff, 0x8, 0x6, 0x5, 0x28786a93, 0x9, 0xfffffffb, 0x5, 0x7fff, 0x5, 0x4cf, 0x81, 0x2, 0x9, 0x9, 0x6, 0x4, 0x1, 0x0, 0x1, 0x0, 0x9, 0x2, 0x3, 0x9, 0x3, 0x4, 0x8, 0x1, 0x6, 0x7fffffff, 0x9, 0x5, 0x9, 0x4, 0x5, 0xfffffff9, 0x0, 0x400, 0x1dd0, 0x200, 0x2, 0x2, 0x7, 0xff, 0x8, 0x0, 0xffffff80, 0x6, 0x4, 0x1, 0xfffffffa, 0x5, 0x7fffffff, 0x2, 0x9, 0x1, 0xd, 0x8, 0x6, 0x10001, 0x3, 0x529a, 0x40, 0x8001, 0x8, 0x5, 0xe, 0x5, 0x2, 0x0, 0x1740000, 0xe153, 0x234e, 0x2, 0x401, 0x96, 0x5, 0x2, 0x3ff, 0x8, 0x5, 0x6, 0x5, 0x80000001, 0x9, 0x2, 0x8, 0x5, 0x653, 0xe3, 0x0, 0x1753, 0x6a7, 0x9, 0x3, 0xbc, 0x8000, 0x2, 0x7, 0x7, 0x0, 0x3, 0x6be7, 0x2418fe41, 0x0, 0x39, 0xb, 0x0, 0x4, 0x10000, 0x293, 0x10001, 0x3, 0x5, 0x3, 0x5, 0x9, 0x1, 0x8, 0x6, 0xd, 0x8, 0x4, 0x69a, 0x1, 0x0, 0xfffffff8, 0xb, 0x5b453d30, 0x6, 0x0, 0x3, 0xbfa, 0x7ff, 0x7, 0x80000000, 0x0, 0x9, 0x3, 0x32, 0x0, 0x0, 0x3, 0x0, 0xffffff1b, 0x7, 0x2, 0xff, 0x5, 0xc558, 0x10000, 0x81, 0x2, 0x3, 0x2, 0x6, 0x5, 0x9, 0x2, 0x8597, 0xa, 0x9, 0x9, 0xc834, 0xf15, 0x0, 0x3, 0xffffffff, 0x8001]}]}]}}]}, 0x87c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
setsockopt$sock_attach_bpf(r1, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r8, 0x28}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb0000008000008276000000000000", 0x25}, {&(0x7f0000000780)="f058050000007f8f", 0x8}], 0x2}, 0x5)

4.830137468s ago: executing program 3 (id=817):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x38130d1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f0000001ff0)={0x1d, r4}, 0x10)
sendmsg$can_raw(r3, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0)

3.867157532s ago: executing program 3 (id=818):
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff250000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

3.800481294s ago: executing program 3 (id=819):
r0 = socket(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r0, 0x0, 0x0)
connect$netlink(r0, &(0x7f00000005c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x21, &(0x7f0000b4bffc)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
write$bt_hci(r0, &(0x7f0000000040)=ANY=[], 0x1d)

2.789575393s ago: executing program 5 (id=820):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bind$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e20, 0xfffffffd, @loopback}, 0x1c)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0)
setrlimit(0x6, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)={0x58, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}, @CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, 0x58}}, 0x0)

2.638317431s ago: executing program 4 (id=821):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000600), 0x6828, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000240)=[0x100040, 0x5])

2.609424811s ago: executing program 7 (id=822):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1d91a4574758ecefbe1d7a46df6d558ecf1820f", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb0", 0x49}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a", 0x2e}], 0x3}], 0x1, 0x20040885)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000540)=""/14, 0xe}, {&(0x7f00000006c0)=""/123, 0x7b}], 0x2}, 0x0)
recvmsg$can_bcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000001c0)=""/116, 0x74}], 0x1}, 0x40000022)

2.490811764s ago: executing program 5 (id=823):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, 0x0, 0x0)
bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0)

2.350169976s ago: executing program 7 (id=824):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf01b}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x1})
io_uring_enter(0xffffffffffffffff, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0x7ffa}, 0x3d, [0x6, 0xc95a, 0xfffffff3, 0x8, 0x80, 0xffffffff, 0x5, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x2, 0xa, 0xfffffffd, 0xffff2d37, 0x1dd2, 0x6, 0x2, 0xfffffffe, 0x80000001, 0x7, 0x3, 0x3, 0x3c5b, 0x1, 0x1, 0x6, 0xfffffffe, 0x1f461e2c, 0x3, 0xe661, 0x8, 0x1000007, 0x3, 0x8001, 0x4c71, 0x8f00, 0x63f, 0x3, 0xa, 0x400, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3d, 0x8f, 0x6, 0x1, 0x4, 0x5, 0x4, 0x5, 0x0, 0x80, 0x0, 0x5, 0x2b, 0x8, 0x0, 0x1, 0x40], [0x10000007, 0x10002, 0x12b, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0x7, 0xf9, 0xd, 0x2bf, 0x6cd, 0x1ff, 0xfffffffe, 0x2, 0x0, 0x7, 0x10000005, 0x2f, 0xe, 0x313, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x80, 0x5, 0xfa0b, 0x1, 0x6, 0x400001, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xffffffff, 0x238, 0x1000004, 0x9, 0x4, 0x9, 0x8, 0x9, 0xb, 0x5, 0x0, 0x3, 0x8000, 0xffff, 0x2, 0x7f, 0xa5d4, 0x8, 0x3, 0x4, 0x1, 0x7, 0x6, 0x9, 0x48c93690, 0x2, 0xff], [0x7, 0x1, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x1000, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x40002, 0xf, 0x8, 0x84, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x0, 0x53cf697b, 0x5, 0x4, 0x54fe12da, 0xbf, 0x10, 0x3, 0x400000, 0xfffffff9, 0x0, 0x1, 0x5, 0x0, 0x6, 0xbad, 0x120003, 0x3, 0x4fa, 0xfffff1d1, 0x4, 0x3], [0x9, 0xbb31, 0x3, 0xfffffffc, 0x5, 0x938, 0x5, 0x6, 0x51bf, 0x5, 0xce7, 0x1ff, 0x6, 0x7, 0x5, 0x3, 0x104, 0x80000000, 0x3, 0x7fff, 0x8fffe, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x8000014c, 0x60a7, 0x6, 0x2, 0xffffffff, 0x80000003, 0x5, 0x8, 0xff, 0x3, 0x3, 0xffff, 0x3, 0x8, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x2, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c0b, 0x0, 0x2, 0x5, 0xb1c, 0x1, 0x200, 0xfff, 0xfff]}, 0x45c)

1.991874317s ago: executing program 5 (id=825):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
accept4(r0, 0x0, 0x0, 0x80800)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYBLOB="10100000000000000800200005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r1, @ANYBLOB="4b76f3b6"], 0x40c}}, 0x4000000)

1.241874772s ago: executing program 7 (id=826):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
fsopen(0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_pidfd_open(r0, 0x0)
r5 = pidfd_getfd(r4, r4, 0x0)
setns(r5, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0)
bind$inet(r3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

1.226903441s ago: executing program 5 (id=827):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x38130d1, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f0000001ff0)={0x1d, r4}, 0x10)
sendmsg$can_raw(r3, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0)

177.709754ms ago: executing program 5 (id=828):
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r0 = socket(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000340000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff250000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}}, 0x4084)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)

0s ago: executing program 5 (id=829):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, r3, {0x4, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x14963}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0x40002)
close(r1)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r4 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r4, 0x107, 0xf, &(0x7f0000000600), 0x56)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$kcm(r4, &(0x7f0000000280)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r6, 0x42}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000200)="27030200000314000e00003c031500000000ff840000000000000002125ce882cbf490d908f1523f", 0x28}, {&(0x7f0000000640)="a652c4145f68", 0x6}], 0x2}, 0x4005)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.26' (ED25519) to the list of known hosts.
[   72.964678][ T5827] cgroup: Unknown subsys name 'net'
[   73.095271][ T5827] cgroup: Unknown subsys name 'cpuset'
[   73.104458][ T5827] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.699606][ T5827] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.047106][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.047262][ T5857] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.054806][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   77.071310][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   77.075240][ T5857] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.080044][ T5859] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   77.087063][ T5858] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.099619][ T5859] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   77.108617][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   77.111477][ T5859] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.123482][ T5857] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   77.124903][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.135623][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   77.143170][ T5859] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   77.153180][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   77.153363][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   77.168465][ T5858] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.169583][ T5860] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.180136][ T5858] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.190300][ T5860] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   77.198571][ T5860] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   77.208547][ T5164] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.226425][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   77.233737][ T5859] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   77.252191][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.875408][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   78.041870][ T5844] chnl_net:caif_netlink_parms(): no params data found
[   78.130123][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   78.200019][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.207485][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.215092][ T5842] bridge_slave_0: entered allmulticast mode
[   78.223233][ T5842] bridge_slave_0: entered promiscuous mode
[   78.323875][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.331362][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.338626][ T5842] bridge_slave_1: entered allmulticast mode
[   78.349242][ T5842] bridge_slave_1: entered promiscuous mode
[   78.384810][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.392189][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.399403][ T5844] bridge_slave_0: entered allmulticast mode
[   78.408384][ T5844] bridge_slave_0: entered promiscuous mode
[   78.446838][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.454300][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.461822][ T5844] bridge_slave_1: entered allmulticast mode
[   78.469498][ T5844] bridge_slave_1: entered promiscuous mode
[   78.491583][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   78.504649][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   78.569082][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.598127][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.605683][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.613036][ T5841] bridge_slave_0: entered allmulticast mode
[   78.621001][ T5841] bridge_slave_0: entered promiscuous mode
[   78.646006][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.686849][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.694347][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.701959][ T5841] bridge_slave_1: entered allmulticast mode
[   78.709700][ T5841] bridge_slave_1: entered promiscuous mode
[   78.721260][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.780871][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.850192][ T5842] team0: Port device team_slave_0 added
[   78.881200][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.906074][ T5842] team0: Port device team_slave_1 added
[   78.935617][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.947603][ T5844] team0: Port device team_slave_0 added
[   78.957283][ T5844] team0: Port device team_slave_1 added
[   78.989264][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.996787][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.004149][ T5843] bridge_slave_0: entered allmulticast mode
[   79.012078][ T5843] bridge_slave_0: entered promiscuous mode
[   79.076296][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.084645][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.092056][ T5843] bridge_slave_1: entered allmulticast mode
[   79.100026][ T5843] bridge_slave_1: entered promiscuous mode
[   79.134299][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.141333][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.167537][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.179588][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.187009][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.194596][ T5845] bridge_slave_0: entered allmulticast mode
[   79.202603][ T5845] bridge_slave_0: entered promiscuous mode
[   79.226431][ T5841] team0: Port device team_slave_0 added
[   79.233882][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.240834][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.266838][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.273613][ T5859] Bluetooth: hci2: command tx timeout
[   79.283561][ T5849] Bluetooth: hci0: command tx timeout
[   79.288015][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.296332][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.322601][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.333879][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.341635][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.348888][ T5845] bridge_slave_1: entered allmulticast mode
[   79.354935][ T5859] Bluetooth: hci3: command tx timeout
[   79.355305][ T5859] Bluetooth: hci4: command tx timeout
[   79.366286][ T5845] bridge_slave_1: entered promiscuous mode
[   79.367797][ T5849] Bluetooth: hci1: command tx timeout
[   79.394319][ T5841] team0: Port device team_slave_1 added
[   79.401565][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.408563][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.435050][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.474265][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.524228][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.549926][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.556949][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.583090][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.597460][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.604540][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.630681][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.646550][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.707884][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.765535][ T5844] hsr_slave_0: entered promiscuous mode
[   79.773055][ T5844] hsr_slave_1: entered promiscuous mode
[   79.796250][ T5843] team0: Port device team_slave_0 added
[   79.808377][ T5842] hsr_slave_0: entered promiscuous mode
[   79.815596][ T5842] hsr_slave_1: entered promiscuous mode
[   79.822619][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   79.828450][ T5842] Cannot create hsr debugfs directory
[   79.867022][ T5843] team0: Port device team_slave_1 added
[   79.918945][ T5845] team0: Port device team_slave_0 added
[   79.928829][ T5845] team0: Port device team_slave_1 added
[   79.949283][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.956302][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   79.982256][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.006977][ T5841] hsr_slave_0: entered promiscuous mode
[   80.014328][ T5841] hsr_slave_1: entered promiscuous mode
[   80.020977][ T5841] debugfs: 'hsr0' already exists in 'hsr'
[   80.027027][ T5841] Cannot create hsr debugfs directory
[   80.068641][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.080121][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.106100][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.196321][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   80.203351][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.229629][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   80.243247][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   80.250226][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   80.277129][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   80.478407][ T5843] hsr_slave_0: entered promiscuous mode
[   80.486709][ T5843] hsr_slave_1: entered promiscuous mode
[   80.497305][ T5843] debugfs: 'hsr0' already exists in 'hsr'
[   80.503323][ T5843] Cannot create hsr debugfs directory
[   80.582443][ T5845] hsr_slave_0: entered promiscuous mode
[   80.589394][ T5845] hsr_slave_1: entered promiscuous mode
[   80.596242][ T5845] debugfs: 'hsr0' already exists in 'hsr'
[   80.602045][ T5845] Cannot create hsr debugfs directory
[   81.065864][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   81.087814][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   81.100477][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   81.134515][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   81.212632][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   81.229510][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   81.245893][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   81.274995][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   81.352361][ T5859] Bluetooth: hci2: command tx timeout
[   81.352376][ T5849] Bluetooth: hci0: command tx timeout
[   81.372240][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   81.387744][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   81.410169][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   81.425357][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   81.432909][ T5849] Bluetooth: hci4: command tx timeout
[   81.433397][ T5859] Bluetooth: hci1: command tx timeout
[   81.438358][ T5858] Bluetooth: hci3: command tx timeout
[   81.573320][ T5843] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   81.587817][ T5843] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   81.612940][ T5843] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   81.635965][ T5843] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   81.707580][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.795249][ T5845] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   81.808915][ T5845] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   81.823271][ T5845] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   81.847998][ T5845] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   81.876965][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[   81.927061][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.949030][ T1323] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.956547][ T1323] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.996177][ T1323] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.003406][ T1323] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.029296][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.075245][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   82.109126][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.116385][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.141224][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   82.168197][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.176086][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.210240][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.217463][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.249736][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.256956][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.373126][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.568638][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   82.609124][  T168] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.616376][  T168] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.673296][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.680523][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   82.731909][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   82.798270][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.850863][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   82.886753][   T63] bridge0: port 1(bridge_slave_0) entered blocking state
[   82.894034][   T63] bridge0: port 1(bridge_slave_0) entered forwarding state
[   82.925195][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.936446][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[   82.943692][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[   83.110630][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.178609][ T5845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   83.208544][ T5844] veth0_vlan: entered promiscuous mode
[   83.259183][ T5842] veth0_vlan: entered promiscuous mode
[   83.296320][ T5844] veth1_vlan: entered promiscuous mode
[   83.334850][ T5842] veth1_vlan: entered promiscuous mode
[   83.413258][ T5841] veth0_vlan: entered promiscuous mode
[   83.430774][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.437699][ T5859] Bluetooth: hci0: command tx timeout
[   83.445380][ T5859] Bluetooth: hci2: command tx timeout
[   83.511470][ T5859] Bluetooth: hci4: command tx timeout
[   83.511499][ T5858] Bluetooth: hci1: command tx timeout
[   83.522586][ T5849] Bluetooth: hci3: command tx timeout
[   83.535406][ T5841] veth1_vlan: entered promiscuous mode
[   83.609974][ T5844] veth0_macvtap: entered promiscuous mode
[   83.623870][ T5842] veth0_macvtap: entered promiscuous mode
[   83.659398][ T5842] veth1_macvtap: entered promiscuous mode
[   83.687951][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   83.702986][ T5844] veth1_macvtap: entered promiscuous mode
[   83.816204][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.828312][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.866161][ T5841] veth0_macvtap: entered promiscuous mode
[   83.884628][ T5841] veth1_macvtap: entered promiscuous mode
[   83.899247][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.911350][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.956403][   T36] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.967212][   T36] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.995209][   T36] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.004836][   T36] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.036827][   T36] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.045801][   T36] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.055501][   T36] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.067602][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   84.095591][   T36] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.110925][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   84.210261][ T5845] veth0_vlan: entered promiscuous mode
[   84.218294][ T1323] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   84.240688][ T1323] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   84.249999][ T1323] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   84.293942][ T1323] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   84.315440][ T5843] veth0_vlan: entered promiscuous mode
[   84.323779][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.334757][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.338088][ T5845] veth1_vlan: entered promiscuous mode
[   84.435468][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.440116][ T5843] veth1_vlan: entered promiscuous mode
[   84.449042][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.507740][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.524111][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.587995][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.597687][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.639323][ T5842] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   84.677719][ T5845] veth0_macvtap: entered promiscuous mode
[   84.696559][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.709993][ T5845] veth1_macvtap: entered promiscuous mode
[   84.730582][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.864651][ T5843] veth0_macvtap: entered promiscuous mode
[   84.879911][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.905439][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.917967][ T5843] veth1_macvtap: entered promiscuous mode
[   84.968354][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.030212][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.094697][   T63] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.128044][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   85.147973][   T63] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.188996][   T63] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.222552][   T63] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.270857][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   85.332164][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   85.344125][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   85.455193][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   85.490474][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   85.511855][ T5849] Bluetooth: hci2: command tx timeout
[   85.516814][ T5858] Bluetooth: hci0: command tx timeout
[   85.591219][ T5858] Bluetooth: hci3: command tx timeout
[   85.596268][ T5859] Bluetooth: hci4: command tx timeout
[   85.602350][ T5849] Bluetooth: hci1: command tx timeout
[   85.615795][ T5903] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   85.658959][ T5978] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8'.
[   85.801903][  T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   85.830723][  T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   85.851902][   T30] audit: type=1804 audit(1773802848.149:2): pid=5984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.9" name="/newroot/2/file0" dev="tmpfs" ino=28 res=1 errno=0
[   85.882500][ T5903] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   85.894739][ T5903] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.918014][ T5903] usb 2-1: Product: syz
[   85.922884][ T5903] usb 2-1: Manufacturer: syz
[   85.927894][ T5903] usb 2-1: SerialNumber: syz
[   85.975396][ T5903] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   86.045223][   T24] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   86.200804][ T5992] Zero length message leads to an empty skb
[   86.226754][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   86.245437][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   86.303851][ T5975] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   86.347901][ T5975] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   86.444407][ T5975] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   86.487497][ T5975] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   86.494488][ T5975] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   86.520945][ T5975] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   86.566083][ T5975] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   86.590196][ T5975] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   86.635275][ T5975] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   86.668125][ T5975] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   86.682118][ T5975] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   86.696840][ T5975] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   87.003522][ T5975] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[   87.010230][ T5975] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   87.197390][   T24] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[   87.426453][   T24] ath9k_htc: Failed to initialize the device
[   87.670343][ T5859] Bluetooth: hci0: command 0x0c1a tx timeout
[   87.814979][   T24] usb 2-1: ath9k_htc: USB layer deinitialized
[   88.009286][ T5975] Bluetooth: hci4: Opcode 0x0406 failed: -4
[   88.143412][   T29] usb 2-1: USB disconnect, device number 2
[   88.562262][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[   88.632850][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[   88.723263][ T5859] Bluetooth: hci3: command 0x0c1a tx timeout
[   88.982384][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.007067][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.031339][ T5859] Bluetooth: hci4: command 0x0c1a tx timeout
[   89.246838][ T1323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   89.277629][   T30] audit: type=1804 audit(1773802851.579:3): pid=6028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.18" name="/newroot/9/file0" dev="tmpfs" ino=64 res=1 errno=0
[   89.311604][ T1323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   89.647080][ T6034] netlink: 8 bytes leftover after parsing attributes in process `syz.2.21'.
[   89.679913][ T6034] netlink: 12 bytes leftover after parsing attributes in process `syz.2.21'.
[   89.723682][ T6039] overlayfs: missing 'workdir'
[   89.752630][ T5859] Bluetooth: hci0: command 0x0c1a tx timeout
[   89.933060][  T167] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   89.972268][  T167] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   90.056037][   T12] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   90.161870][  T167] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   90.746560][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[   90.755262][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[   90.791277][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[   91.111180][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[   91.126528][   T30] audit: type=1804 audit(1773802853.429:4): pid=6061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.29" name="/newroot/1/file0" dev="tmpfs" ino=23 res=1 errno=0
[   91.155635][ T5903] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   91.202254][  T168] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.331555][ T5903] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[   91.346095][ T5903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.355466][ T5903] usb 4-1: Product: syz
[   91.359735][ T5903] usb 4-1: Manufacturer: syz
[   91.365826][ T5903] usb 4-1: SerialNumber: syz
[   91.381997][ T5903] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[   91.397165][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[   91.416941][  T168] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.633977][  T168] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.726045][ T6056] random: crng reseeded on system resumption
[   91.794103][   T10] usb 4-1: USB disconnect, device number 2
[   91.845061][ T5859] Bluetooth: hci0: command 0x0c1a tx timeout
[   91.856441][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   91.869755][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   91.877402][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   91.887397][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   91.897049][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   91.910085][  T994] cfg80211: failed to load regulatory.db
[   92.485659][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[   92.514591][   T24] ath9k_htc: Failed to initialize the device
[   92.735329][ T6082] netlink: 8 bytes leftover after parsing attributes in process `syz.2.38'.
[   92.762453][ T6082] netlink: 12 bytes leftover after parsing attributes in process `syz.2.38'.
[   92.792881][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[   92.864588][   T10] usb 4-1: ath9k_htc: USB layer deinitialized
[   92.873629][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[   92.909731][  T168] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.191207][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[   94.161168][ T5849] Bluetooth: hci2: command tx timeout
[   95.836596][  T168] bridge_slave_1: left allmulticast mode
[   96.231731][ T5849] Bluetooth: hci2: command tx timeout
[   96.281215][   T30] audit: type=1804 audit(1773802858.579:5): pid=6107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.43" name="/newroot/8/file0" dev="tmpfs" ino=58 res=1 errno=0
[   96.359808][  T168] bridge_slave_1: left promiscuous mode
[   96.366626][  T168] bridge0: port 2(bridge_slave_1) entered disabled state
[   96.412452][  T168] bridge_slave_0: left allmulticast mode
[   96.433300][  T168] bridge_slave_0: left promiscuous mode
[   96.440398][  T168] bridge0: port 1(bridge_slave_0) entered disabled state
[   96.569820][ T6118] random: crng reseeded on system resumption
[   96.884137][  T168] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   96.897841][  T168] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   96.914850][  T168] bond0 (unregistering): Released all slaves
[   97.910582][ T6131] netlink: 8 bytes leftover after parsing attributes in process `syz.1.50'.
[   97.962638][ T6131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.50'.
[   98.064901][   T49] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   98.107665][   T49] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   98.128038][   T49] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   98.311194][ T5849] Bluetooth: hci2: command tx timeout
[   98.368203][   T49] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  100.631117][ T5849] Bluetooth: hci2: command tx timeout
[  101.231943][   T30] audit: type=1804 audit(1773802863.529:6): pid=6159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.57" name="/newroot/10/file0" dev="tmpfs" ino=68 res=1 errno=0
[  101.406307][  T168] hsr_slave_0: left promiscuous mode
[  101.442297][  T168] hsr_slave_1: left promiscuous mode
[  101.464436][  T168] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.504832][  T168] batman_adv: batadv0: Removing interface: batadv_slave_0
[  101.543786][  T168] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  101.571286][  T168] batman_adv: batadv0: Removing interface: batadv_slave_1
[  101.600295][ T6172] random: crng reseeded on system resumption
[  101.627672][  T168] veth1_macvtap: left promiscuous mode
[  101.644618][  T168] veth0_macvtap: left promiscuous mode
[  101.657082][  T168] veth1_vlan: left promiscuous mode
[  101.669317][  T168] veth0_vlan: left promiscuous mode
[  106.118097][  T168] team0 (unregistering): Port device team_slave_1 removed
[  106.587619][  T168] team0 (unregistering): Port device team_slave_0 removed
[  106.873081][ T6217] netlink: 8 bytes leftover after parsing attributes in process `syz.4.70'.
[  107.259988][ T6070] chnl_net:caif_netlink_parms(): no params data found
[  107.490593][ T6229] random: crng reseeded on system resumption
[  108.587319][ T6070] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.606508][ T6070] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.619166][ T6245] fuse: Unknown parameter 'group_i00000000000000000000'
[  108.625235][ T6070] bridge_slave_0: entered allmulticast mode
[  108.650160][ T6070] bridge_slave_0: entered promiscuous mode
[  108.715367][ T6070] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.741480][ T6070] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.761308][ T6070] bridge_slave_1: entered allmulticast mode
[  108.787077][ T6070] bridge_slave_1: entered promiscuous mode
[  109.144081][ T6256] syzkaller0: entered promiscuous mode
[  109.155654][ T6256] syzkaller0: entered allmulticast mode
[  109.190957][ T6070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.239813][ T6070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.405313][ T6272] overlay: filesystem on ./bus not supported as upperdir
[  114.540387][ T6285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.83'.
[  115.121781][ T6070] team0: Port device team_slave_0 added
[  115.136480][ T6070] team0: Port device team_slave_1 added
[  115.221154][ T6070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.228170][ T6070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  115.258747][ T6070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.274602][ T6070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.281949][ T6070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  115.309659][ T6070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.338864][ T6283] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  115.345378][ T6283] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  115.361858][ T6283] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  115.371328][ T6283] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  115.385656][ T6283] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  115.393483][ T6283] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  115.406403][ T6283] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  115.451517][ T6070] hsr_slave_0: entered promiscuous mode
[  115.458964][ T6070] hsr_slave_1: entered promiscuous mode
[  115.870900][ T6309] netlink: 136 bytes leftover after parsing attributes in process `syz.4.89'.
[  116.672173][ T6314] overlay: filesystem on ./bus not supported as upperdir
[  116.749187][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'.
[  116.783264][ T6318] netlink: 12 bytes leftover after parsing attributes in process `syz.2.91'.
[  116.991347][ T5903] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  117.111524][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout
[  117.152952][ T6331] input: syz0 as /devices/virtual/input/input5
[  117.166391][ T6327] syzkaller0: entered promiscuous mode
[  117.174102][ T5903] usb 5-1: Using ep0 maxpacket: 16
[  117.193509][ T6327] syzkaller0: entered allmulticast mode
[  117.203359][ T5903] usb 5-1: config index 0 descriptor too short (expected 65, got 36)
[  117.228783][ T5903] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  117.262030][ T6070] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  117.277639][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 55, changing to 9
[  117.308124][ T5903] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 8496, setting to 1024
[  117.345677][ T5903] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  117.358629][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  117.392646][ T5903] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  117.420400][ T6070] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  117.427318][ T5903] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.447686][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout
[  117.448018][ T5859] Bluetooth: hci4: command 0x0c1a tx timeout
[  117.456161][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout
[  117.474772][ T5903] usb 5-1: config 0 descriptor??
[  117.530109][ T6070] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  117.558838][ T6070] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  117.591975][ T5903] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input6
[  117.806222][ T5903] usb 5-1: USB disconnect, device number 2
[  117.806444][    C0] pxrc 5-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19
[  117.830680][ T6352] netlink: 12 bytes leftover after parsing attributes in process `syz.2.98'.
[  118.024005][ T6338] syzkaller0: entered promiscuous mode
[  118.029721][ T6338] syzkaller0: entered allmulticast mode
[  118.514599][ T6345] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  118.557177][ T6345] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  118.571598][ T6345] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  118.577931][ T6345] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  118.590876][ T6345] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  118.866622][  T994] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  119.572098][  T994] usb 5-1: Using ep0 maxpacket: 8
[  119.598880][  T994] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  119.621084][  T994] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  119.630940][  T994] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  119.665768][  T994] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  119.710260][  T994] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  119.748689][  T994] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.815808][  T994] usbtmc 5-1:16.0: bulk endpoints not found
[  119.837339][ T6365] random: crng reseeded on system resumption
[  120.151222][ T5858] Bluetooth: hci0: command 0x0c1a tx timeout
[  120.573400][ T6371] overlay: filesystem on ./bus not supported as upperdir
[  120.636589][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout
[  120.642866][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  120.642889][ T5859] Bluetooth: hci3: command 0x0c1a tx timeout
[  120.648920][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  120.702773][ T6373] fuse: Bad value for 'fd'
[  121.424175][ T5903] usb 5-1: USB disconnect, device number 3
[  121.509600][ T6070] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.643994][ T6382] netlink: 136 bytes leftover after parsing attributes in process `syz.4.106'.
[  121.685373][ T6070] 8021q: adding VLAN 0 to HW filter on device team0
[  121.717730][ T6384] syzkaller0: entered promiscuous mode
[  121.732902][ T6384] syzkaller0: entered allmulticast mode
[  121.759583][ T6200] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.766876][ T6200] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.907775][   T63] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.913836][ T6000] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  121.915320][   T63] bridge0: port 2(bridge_slave_1) entered forwarding state
[  122.082110][ T6000] usb 4-1: Using ep0 maxpacket: 16
[  122.112483][ T6000] usb 4-1: config index 0 descriptor too short (expected 65, got 36)
[  122.146803][ T6000] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  122.277577][ T6401] netlink: 156 bytes leftover after parsing attributes in process `syz.1.111'.
[  122.711561][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout
[  123.124903][ T6000] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 55, changing to 9
[  123.136052][ T6000] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 8496, setting to 1024
[  123.147355][ T6000] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  123.161112][ T6000] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  123.170215][ T6000] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.182847][ T6000] usb 4-1: config 0 descriptor??
[  123.204274][ T6000] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7
[  123.315839][ T6407] random: crng reseeded on system resumption
[  123.457190][ T6000] usb 4-1: USB disconnect, device number 3
[  123.463205][    C0] pxrc 4-1:0.0: pxrc_usb_irq - usb_submit_urb failed with result: -19
[  123.520311][ T5198] pxrc 4-1:0.0: pxrc_open - usb_submit_urb failed, error: -19
[  123.656550][ T6070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.738878][ T6419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.114'.
[  124.102553][ T6000] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  124.169081][ T6434] fuse: Bad value for 'fd'
[  124.230344][ T6432] syzkaller0: entered promiscuous mode
[  124.245071][ T6432] syzkaller0: entered allmulticast mode
[  124.298835][ T6000] usb 2-1: Using ep0 maxpacket: 8
[  124.311143][ T6000] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  124.345464][ T6000] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  124.366325][ T6000] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  124.401838][ T6000] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  124.442711][ T6000] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  124.472613][ T6000] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.508266][ T6000] usbtmc 2-1:16.0: bulk endpoints not found
[  126.601313][ T6467] netlink: 156 bytes leftover after parsing attributes in process `syz.4.122'.
[  127.354929][ T3113] usb 2-1: USB disconnect, device number 3
[  127.407650][ T6070] veth0_vlan: entered promiscuous mode
[  127.425545][ T6070] veth1_vlan: entered promiscuous mode
[  127.497105][ T6471] overlay: filesystem on ./bus not supported as upperdir
[  127.580160][ T6070] veth0_macvtap: entered promiscuous mode
[  127.644223][ T6070] veth1_macvtap: entered promiscuous mode
[  127.687482][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.3.124'.
[  127.749451][ T6481] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  127.827018][ T6083] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  127.838566][ T6484] fuse: Bad value for 'fd'
[  127.845345][ T6083] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  127.873486][ T6070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  127.894843][ T6083] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  127.907337][ T6083] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  127.924738][   T24] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  127.949217][ T6070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  127.987767][ T6083] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.005549][ T6200] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.023648][ T6200] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.059790][ T6200] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  128.108100][   T24] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  128.145086][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.170407][   T24] usb 2-1: Product: syz
[  128.175954][   T24] usb 2-1: Manufacturer: syz
[  128.195016][   T24] usb 2-1: SerialNumber: syz
[  128.227995][   T24] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  128.257584][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.279820][ T5903] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  128.295245][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.430943][ T6493] syzkaller0: entered promiscuous mode
[  128.436670][ T6493] syzkaller0: entered allmulticast mode
[  128.502838][ T6200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  128.511900][ T6200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  128.772574][ T6479] random: crng reseeded on system resumption
[  129.098502][   T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  129.512410][  T994] usb 2-1: USB disconnect, device number 4
[  129.525783][ T5903] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  129.542851][ T5903] ath9k_htc: Failed to initialize the device
[  129.563213][  T994] usb 2-1: ath9k_htc: USB layer deinitialized
[  129.621142][   T24] usb 5-1: Using ep0 maxpacket: 8
[  129.663669][ T6506] netlink: 156 bytes leftover after parsing attributes in process `syz.2.135'.
[  130.064401][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  130.076564][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  130.087856][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  130.098864][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  130.109710][   T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  130.122867][   T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  130.132192][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.150244][   T24] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  130.166643][ T6509] overlay: filesystem on ./bus not supported as upperdir
[  130.449351][ T6517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.139'.
[  131.742616][ T6527] fuse: Bad value for 'fd'
[  132.057078][   T24] usb 5-1: USB disconnect, device number 4
[  133.025383][   T30] audit: type=1326 audit(1773802894.949:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.5.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b379c799 code=0x7ffc0000
[  133.036864][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  133.062307][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  133.746134][   T30] audit: type=1326 audit(1773802894.949:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.5.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b379c799 code=0x7ffc0000
[  133.771115][   T30] audit: type=1326 audit(1773802895.059:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.5.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fe6b379c799 code=0x7ffc0000
[  133.914698][   T30] audit: type=1326 audit(1773802895.059:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.5.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b379c799 code=0x7ffc0000
[  133.939463][   T30] audit: type=1326 audit(1773802895.059:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6528 comm="syz.5.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6b379c799 code=0x7ffc0000
[  134.024566][ T6546] overlayfs: failed to resolve './file1': -2
[  134.041553][ T3113] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  134.055854][ T6550] netlink: 156 bytes leftover after parsing attributes in process `syz.4.146'.
[  134.404683][ T3113] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  134.458909][ T3113] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.467172][ T3113] usb 3-1: Product: syz
[  134.471458][ T3113] usb 3-1: Manufacturer: syz
[  134.476138][ T3113] usb 3-1: SerialNumber: syz
[  134.493062][ T3113] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  134.525210][ T6000] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  134.981134][ T6542] random: crng reseeded on system resumption
[  135.155652][ T5917] usb 3-1: USB disconnect, device number 2
[  135.215572][ T6579] fuse: Invalid rootmode
[  135.266453][ T6568] syzkaller0: entered promiscuous mode
[  135.275325][ T6568] syzkaller0: entered allmulticast mode
[  135.383097][ T3113] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  135.753088][   T30] audit: type=1326 audit(1773802897.999:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6580 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c5559c799 code=0x7ffc0000
[  136.151699][ T6000] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  136.161294][ T6000] ath9k_htc: Failed to initialize the device
[  136.169199][ T5917] usb 3-1: ath9k_htc: USB layer deinitialized
[  136.175465][ T3113] usb 5-1: Using ep0 maxpacket: 8
[  136.180620][   T30] audit: type=1326 audit(1773802897.999:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6580 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c5559c799 code=0x7ffc0000
[  136.195678][ T3113] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  136.215331][   T30] audit: type=1326 audit(1773802897.999:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6580 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f3c5559c799 code=0x7ffc0000
[  136.238702][   T30] audit: type=1326 audit(1773802897.999:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6580 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c5559c799 code=0x7ffc0000
[  136.284676][ T3113] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  136.300645][ T3113] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  136.312993][   T30] audit: type=1326 audit(1773802897.999:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6580 comm="syz.1.158" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3c5559c799 code=0x7ffc0000
[  136.353857][ T3113] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  136.364041][ T3113] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  136.377249][ T3113] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  136.395093][ T3113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.442613][ T3113] usbtmc 5-1:16.0: probe with driver usbtmc failed with error -22
[  137.274078][ T6598] netlink: 'syz.3.161': attribute type 10 has an invalid length.
[  137.503927][ T6600] overlayfs: failed to resolve './file1': -2
[  137.809885][ T6605] netlink: 156 bytes leftover after parsing attributes in process `syz.2.164'.
[  138.134876][ T6000] usb 5-1: USB disconnect, device number 5
[  138.739539][ T6598] 8021q: adding VLAN 0 to HW filter on device team0
[  138.751368][ T6598] bond0: (slave team0): Enslaving as an active interface with an up link
[  138.842461][ T6617] fuse: Invalid rootmode
[  138.852891][   T29] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  139.028050][   T29] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  139.046275][   T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.061101][   T29] usb 3-1: Product: syz
[  139.075909][   T29] usb 3-1: Manufacturer: syz
[  139.095870][   T29] usb 3-1: SerialNumber: syz
[  139.133719][   T29] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  139.159104][   T24] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  139.593717][ T6615] random: crng reseeded on system resumption
[  140.012798][ T3113] usb 3-1: USB disconnect, device number 3
[  140.231455][   T24] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  140.240311][   T24] ath9k_htc: Failed to initialize the device
[  140.251213][ T3113] usb 3-1: ath9k_htc: USB layer deinitialized
[  140.397329][ T6647] netlink: 156 bytes leftover after parsing attributes in process `syz.1.176'.
[  140.721443][   T29] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  141.682162][   T29] usb 4-1: Using ep0 maxpacket: 8
[  141.733796][   T29] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  141.784316][   T29] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  141.827721][   T29] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  141.874657][   T29] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  141.913232][   T29] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  141.964612][   T29] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  141.994654][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.064539][   T29] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  142.121567][ T6668] syzkaller0: entered promiscuous mode
[  142.127985][ T6668] syzkaller0: entered allmulticast mode
[  142.412212][ T6673] fuse: Invalid rootmode
[  144.343584][  T994] usb 4-1: USB disconnect, device number 4
[  144.520752][ T6707] netlink: 156 bytes leftover after parsing attributes in process `syz.2.191'.
[  144.712228][ T6000] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  144.887368][ T6000] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  144.910941][ T6000] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.960978][ T6000] usb 2-1: Product: syz
[  144.970681][ T6000] usb 2-1: Manufacturer: syz
[  144.984960][ T6000] usb 2-1: SerialNumber: syz
[  145.026013][ T6000] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  145.046691][ T3113] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  146.261681][   T29] usb 2-1: USB disconnect, device number 5
[  146.361116][    T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!!
[  146.388529][ T3113] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  146.400459][ T3113] ath9k_htc: Failed to initialize the device
[  146.907378][   T29] usb 2-1: ath9k_htc: USB layer deinitialized
[  148.132056][ T6729] fuse: Bad value for 'rootmode'
[  149.096629][ T6739] netlink: 156 bytes leftover after parsing attributes in process `syz.2.204'.
[  152.872632][  T994] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  153.094415][  T994] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  153.144827][  T994] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.197288][  T994] usb 3-1: Product: syz
[  153.244259][  T994] usb 3-1: Manufacturer: syz
[  153.281321][  T994] usb 3-1: SerialNumber: syz
[  153.333654][  T994] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  153.395441][   T29] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  153.405101][ T6775] fuse: Bad value for 'rootmode'
[  153.502974][ T6778] netlink: 156 bytes leftover after parsing attributes in process `syz.1.215'.
[  153.835076][ T6000] usb 3-1: USB disconnect, device number 4
[  153.897214][ T6783] syzkaller0: entered promiscuous mode
[  153.910610][ T6783] syzkaller0: entered allmulticast mode
[  154.486275][   T29] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  154.518187][   T29] ath9k_htc: Failed to initialize the device
[  154.532538][ T6000] usb 3-1: ath9k_htc: USB layer deinitialized
[  156.924500][ T6811] netlink: 156 bytes leftover after parsing attributes in process `syz.5.226'.
[  159.186848][ T6844] netlink: 156 bytes leftover after parsing attributes in process `syz.4.239'.
[  163.993547][ T6873] syzkaller0: entered promiscuous mode
[  164.010509][ T6873] syzkaller0: entered allmulticast mode
[  164.823066][ T6883] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  164.844879][ T6883] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  164.871340][ T6883] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  164.908952][ T6883] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  164.939778][ T6883] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  165.690714][ T6896] fuse: Unknown parameter 'use00000000000000000000'
[  166.151310][ T5849] Bluetooth: hci0: command 0x0c1a tx timeout
[  166.888943][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  166.888968][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[  166.952797][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.952808][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  172.389057][ T6960] fuse: Invalid rootmode
[  172.725541][ T6956] syzkaller0: entered promiscuous mode
[  172.739088][ T6956] syzkaller0: entered allmulticast mode
[  173.232518][ T6969] random: crng reseeded on system resumption
[  174.236033][ T6977] vivid-000: =================  START STATUS  =================
[  174.245052][ T6977] vivid-000: Generate PTS: true
[  174.250233][ T6977] vivid-000: Generate SCR: true
[  174.255807][ T6977] tpg source WxH: 320x240 (Y'CbCr)
[  174.261032][ T6977] tpg field: 1
[  174.264471][ T6977] tpg crop: (0,0)/320x240
[  174.268860][ T6977] tpg compose: (0,0)/320x240
[  174.273548][ T6977] tpg colorspace: 8
[  174.277411][ T6977] tpg transfer function: 0/0
[  174.282133][ T6977] tpg Y'CbCr encoding: 0/0
[  174.286625][ T6977] tpg quantization: 0/0
[  174.290846][ T6977] tpg RGB range: 0/2
[  174.294852][ T6977] vivid-000: ==================  END STATUS  ==================
[  176.235860][ T6988] overlayfs: missing 'lowerdir'
[  176.913319][ T7003] fuse: Unknown parameter 'user_i00000000000000000000'
[  176.974426][ T7005] fuse: Invalid rootmode
[  178.074934][ T7024] overlayfs: missing 'lowerdir'
[  181.454641][ T7043] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  182.226032][ T7060] fuse: Bad value for 'fd'
[  182.454205][ T5859] Bluetooth: unknown link type 128
[  182.464618][ T7063] netlink: 8 bytes leftover after parsing attributes in process `syz.2.303'.
[  182.748377][ T7050] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  182.786789][ T7050] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  182.822338][ T7050] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  182.831534][ T7050] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  182.892285][ T7050] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  184.071115][ T5859] Bluetooth: hci0: command 0x0c1a tx timeout
[  184.411378][ T3113] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  184.839502][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[  184.872234][ T5859] Bluetooth: hci4: command 0x0c1a tx timeout
[  184.878316][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  184.885076][ T3113] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  184.896150][ T3113] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  184.906371][ T3113] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  184.934347][ T3113] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.951239][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[  184.974009][ T3113] usb 5-1: config 0 descriptor??
[  185.422476][ T3113] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0
[  185.449764][ T3113] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0
[  185.517423][ T3113] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0001/input/input10
[  185.661871][ T3113] cm6533_jd 0003:0D8C:0022.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  185.733247][ T3113] usb 5-1: USB disconnect, device number 6
[  185.824764][ T5859] Bluetooth: hci0: hardware error 0x07
[  185.952157][ T7090] fido_id[7090]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  186.549029][ T7096] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.557333][ T7096] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.905311][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  186.919022][ T7110] fuse: Bad value for 'rootmode'
[  186.942323][ T7096] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  187.282585][   T36] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  187.315336][   T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.346336][   T36] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  187.374822][   T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.404558][   T36] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  187.428906][   T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.453338][   T36] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  187.474982][   T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  187.968336][ T5859] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  189.427908][ T7116] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  189.512016][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.532838][ T7116] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  189.560887][ T7116] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  189.563925][ T7116] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  189.815908][ T7129] overlayfs: missing 'lowerdir'
[  190.370556][ T7142] syzkaller0: entered promiscuous mode
[  190.395329][ T7142] syzkaller0: entered allmulticast mode
[  190.876144][ T7144] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.883967][ T7144] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.048181][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.078876][ T7144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.181122][   T29] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  191.601120][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout
[  191.607551][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  191.613980][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  191.653719][   T29] usb 4-1: Using ep0 maxpacket: 8
[  191.731986][   T29] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  192.173138][   T29] usb 4-1: config 179 has no interface number 0
[  192.195022][   T29] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  192.229160][   T29] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  192.264005][   T29] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  192.288105][   T29] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  192.354703][   T29] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  192.405353][   T29] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  192.435709][   T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.480799][ T7148] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  192.916448][   T29] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input11
[  192.978330][ T5903] usb 4-1: USB disconnect, device number 5
[  192.978398][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  192.978449][    C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  193.383426][   T36] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.410319][   T36] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.447459][   T36] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.476651][   T36] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  193.603458][ T7157] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  193.616181][ T7157] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  193.634306][ T7157] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  193.656851][ T7157] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  193.701470][ T5849] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  193.711783][ T5849] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  193.724034][ T5849] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  193.735793][ T5849] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  193.743992][ T5849] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  193.845317][ T7181] netlink: 116 bytes leftover after parsing attributes in process `syz.3.338'.
[  193.856383][ T7180] process 'syz.4.339' launched '/dev/fd/6' with NULL argv: empty string added
[  194.244681][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  194.255998][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  194.636057][ T7161] chnl_net:caif_netlink_parms(): no params data found
[  194.951136][ T5859] Bluetooth: hci1: command 0x0c1a tx timeout
[  194.991695][ T7196] input: syz0 as /devices/virtual/input/input12
[  195.065619][ T7161] bridge0: port 1(bridge_slave_0) entered blocking state
[  195.090066][ T7161] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.121576][ T7161] bridge_slave_0: entered allmulticast mode
[  195.146412][ T7161] bridge_slave_0: entered promiscuous mode
[  195.189902][ T7161] bridge0: port 2(bridge_slave_1) entered blocking state
[  195.217949][ T7161] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.237501][ T7161] bridge_slave_1: entered allmulticast mode
[  195.259693][ T7161] bridge_slave_1: entered promiscuous mode
[  195.671400][ T5859] Bluetooth: hci2: command 0x0c1a tx timeout
[  195.677557][ T5849] Bluetooth: hci4: command 0x0c1a tx timeout
[  195.677575][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout
[  195.730899][ T7161] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  195.788559][ T7161] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  195.831181][ T5858] Bluetooth: hci5: command tx timeout
[  195.977729][ T7161] team0: Port device team_slave_0 added
[  195.989764][ T7215] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  196.010061][ T7215] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  196.012236][ T7161] team0: Port device team_slave_1 added
[  196.024029][ T7215] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  196.047819][ T7215] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  196.075421][ T7215] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  196.092757][ T7215] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  196.138944][ T7161] batman_adv: batadv0: Adding interface: batadv_slave_0
[  196.150874][ T7215] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  196.160622][ T7161] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.241191][ T7161] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  196.264221][ T7161] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.296759][ T7161] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.337921][ T7161] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  197.271468][ T5858] Bluetooth: hci1: command 0x0c1a tx timeout
[  198.071170][ T5858] Bluetooth: hci2: command 0x0c1a tx timeout
[  198.077987][ T5858] Bluetooth: hci4: command 0x0c1a tx timeout
[  198.085363][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout
[  198.152340][ T5849] Bluetooth: hci5: command 0x040f tx timeout
[  199.147745][ T7243] loop2: detected capacity change from 0 to 7
[  199.191719][ T6472]  loop2:
[  199.204266][ T6472] loop2: partition table partially beyond EOD, truncated
[  199.246098][ T7243]  loop2:
[  199.264177][ T7243] loop2: partition table partially beyond EOD, truncated
[  199.289800][ T7161] hsr_slave_0: entered promiscuous mode
[  199.326615][ T7161] hsr_slave_1: entered promiscuous mode
[  199.346507][ T7161] debugfs: 'hsr0' already exists in 'hsr'
[  199.367899][ T7161] Cannot create hsr debugfs directory
[  199.810812][ T7161] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  199.828628][ T7161] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  199.841836][ T7161] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  199.857128][ T7161] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  200.031964][ T7161] 8021q: adding VLAN 0 to HW filter on device bond0
[  200.074206][ T7161] 8021q: adding VLAN 0 to HW filter on device team0
[  200.094463][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  200.101687][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.118965][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.126241][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.321722][ T7263] syzkaller0: entered promiscuous mode
[  200.335862][ T7263] syzkaller0: entered allmulticast mode
[  200.552282][ T5849] Bluetooth: hci5: command 0x040f tx timeout
[  200.610117][ T7161] 8021q: adding VLAN 0 to HW filter on device batadv0
[  200.923512][ T7161] veth0_vlan: entered promiscuous mode
[  200.941867][ T7161] veth1_vlan: entered promiscuous mode
[  201.016026][ T7161] veth0_macvtap: entered promiscuous mode
[  201.030567][ T7161] veth1_macvtap: entered promiscuous mode
[  201.219311][ T7161] batman_adv: batadv0: Interface activated: batadv_slave_0
[  201.251634][ T7269] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  201.260691][ T7161] batman_adv: batadv0: Interface activated: batadv_slave_1
[  201.269113][ T7269] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  201.280876][ T7269] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  201.290153][ T7269] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  201.537198][ T7269] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  201.629074][ T6200] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.728397][ T6200] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.155005][ T6200] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.251649][ T6200] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.551347][ T5849] Bluetooth: hci1: command 0x0c1a tx timeout
[  202.667561][ T6200] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.718848][ T6200] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.908363][ T6200] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.942074][ T6200] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  204.155618][ T5849] Bluetooth: hci2: command 0x0c1a tx timeout
[  204.161785][ T5858] Bluetooth: hci4: command 0x0c1a tx timeout
[  204.167858][ T5849] Bluetooth: hci3: command 0x0c1a tx timeout
[  204.173994][ T5858] Bluetooth: hci5: command 0x040f tx timeout
[  204.618607][ T7306] overlayfs: missing 'lowerdir'
[  206.512916][ T5859] Bluetooth: hci5: command 0x040f tx timeout
[  208.152325][ T7324] input: syz0 as /devices/virtual/input/input14
[  208.947917][ T5859] Bluetooth: hci5: command 0x040f tx timeout
[  209.092954][   T30] audit: type=1326 audit(1773802971.399:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  209.169194][   T30] audit: type=1326 audit(1773802971.419:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  209.203128][   T30] audit: type=1326 audit(1773802971.419:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=43 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  209.294248][   T30] audit: type=1326 audit(1773802971.419:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  209.377843][   T30] audit: type=1326 audit(1773802971.419:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7332 comm="syz.4.383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  211.820036][ T7366] netlink: zone id is out of range
[  211.827396][ T7366] netlink: zone id is out of range
[  211.841444][ T7366] netlink: zone id is out of range
[  211.853737][ T7366] netlink: zone id is out of range
[  211.865954][ T7368] input: syz0 as /devices/virtual/input/input15
[  211.879261][ T7366] netlink: zone id is out of range
[  211.892453][ T7366] netlink: zone id is out of range
[  211.916791][ T7366] netlink: zone id is out of range
[  211.929341][ T7366] netlink: zone id is out of range
[  211.944081][ T7366] netlink: zone id is out of range
[  211.949372][ T7366] netlink: zone id is out of range
[  212.008381][ T5858] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  212.018342][ T5858] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  212.027186][ T5858] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  212.040913][ T5858] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  212.054127][ T5858] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  212.414936][ T7379] netlink: 136 bytes leftover after parsing attributes in process `syz.6.398'.
[  213.045711][ T7370] chnl_net:caif_netlink_parms(): no params data found
[  214.511164][ T5858] Bluetooth: hci6: command tx timeout
[  214.661360][    T0] NOHZ tick-stop error: local softirq work is pending, handler #1c2!!!
[  215.071034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!!
[  215.569054][ T7370] bridge0: port 1(bridge_slave_0) entered blocking state
[  215.579465][ T7417] input: syz0 as /devices/virtual/input/input17
[  215.604445][ T7370] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.633870][ T7370] bridge_slave_0: entered allmulticast mode
[  215.679907][ T7370] bridge_slave_0: entered promiscuous mode
[  215.720266][ T7370] bridge0: port 2(bridge_slave_1) entered blocking state
[  215.747488][ T7370] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.771346][ T7370] bridge_slave_1: entered allmulticast mode
[  215.820495][ T7370] bridge_slave_1: entered promiscuous mode
[  215.999233][ T7370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  216.047463][ T7370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  216.215891][ T7370] team0: Port device team_slave_0 added
[  216.253971][ T7370] team0: Port device team_slave_1 added
[  216.552610][ T5858] Bluetooth: hci6: command tx timeout
[  216.594571][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  216.635822][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  216.717460][ T7434] binder: 7432:7434 ioctl c0306201 0 returned -14
[  216.765284][ T7370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  216.845015][   T30] audit: type=1326 audit(1773802979.149:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7432 comm="syz.4.411" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5245b9c799 code=0x0
[  216.874297][ T7370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  216.887044][ T7370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  216.926460][ T7370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.157252][ T7370] hsr_slave_0: entered promiscuous mode
[  217.180697][ T7370] hsr_slave_1: entered promiscuous mode
[  217.198456][ T7370] debugfs: 'hsr0' already exists in 'hsr'
[  217.218461][ T7370] Cannot create hsr debugfs directory
[  217.883979][ T7423] can0: slcan on ttyS3.
[  218.053149][ T7437] can0 (unregistered): slcan off ttyS3.
[  218.633448][ T5858] Bluetooth: hci6: command tx timeout
[  219.630580][ T7471] fuse: Bad value for 'fd'
[  220.038031][ T5858] Bluetooth: hci5: unexpected event for opcode 0x1005
[  220.039571][ T7370] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  220.250037][ T7370] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  220.316456][ T7370] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  220.363380][ T7370] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  220.711525][ T5858] Bluetooth: hci6: command tx timeout
[  220.882132][ T7504] syzkaller0: entered promiscuous mode
[  220.926231][ T7370] 8021q: adding VLAN 0 to HW filter on device bond0
[  220.933057][ T5910] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  221.045842][ T7370] 8021q: adding VLAN 0 to HW filter on device team0
[  221.105889][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  221.160584][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  221.206552][ T5910] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  221.230460][  T168] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.237696][  T168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.253017][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  221.275702][ T5910] usb 4-1: config 0 descriptor??
[  221.300073][  T168] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.307354][  T168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.882308][ T5910] usbhid 4-1:0.0: can't add hid device: -71
[  222.478989][ T5910] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  222.493381][ T5910] usb 4-1: USB disconnect, device number 6
[  222.999461][ T7529] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  223.064748][ T7534] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  223.403465][ T7537] can0: slcan on ttyS3.
[  223.624408][ T7539] can0 (unregistered): slcan off ttyS3.
[  224.748779][ T7547] syzkaller0: entered promiscuous mode
[  224.767322][ T7370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  224.781890][ T5910] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  224.974184][ T5910] usb 6-1: Using ep0 maxpacket: 16
[  224.993215][ T5910] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  225.010283][ T5910] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  225.036957][ T5910] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  225.051124][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.063640][ T5910] usb 6-1: Product: syz
[  225.071164][ T5910] usb 6-1: Manufacturer: syz
[  225.079218][ T5910] usb 6-1: SerialNumber: syz
[  225.341094][ T5910] usb 6-1: USB disconnect, device number 2
[  225.401647][ T5933] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  225.575294][ T5933] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.586566][ T5933] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.606831][ T5933] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  225.616359][ T5933] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.646535][ T5933] usb 7-1: config 0 descriptor??
[  226.087745][ T5933] usbhid 7-1:0.0: can't add hid device: -71
[  226.100174][ T5933] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  226.144429][ T5933] usb 7-1: USB disconnect, device number 2
[  226.961802][   T10] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  227.093073][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  227.159487][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  227.190029][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  227.238894][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  227.269122][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  227.334034][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  227.366804][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  227.412203][ T5910] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  227.429895][   T10] usb 6-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9
[  227.439764][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.457776][   T10] usb 6-1: Product: syz
[  227.464579][   T10] usb 6-1: Manufacturer: syz
[  227.482260][   T10] usb 6-1: SerialNumber: syz
[  227.501261][   T10] usb 6-1: config 0 descriptor??
[  227.527426][   T10] ti_usb_3410_5052 6-1:0.0: TI USB 5052 2 port adapter converter detected
[  227.549845][   T10] ti_usb_3410_5052 6-1:0.0: missing endpoints
[  227.603038][ T5910] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  227.626339][ T5910] usb 7-1: config 1 has no interface number 0
[  227.645619][ T5910] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  227.667034][ T5910] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  227.689780][ T5910] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  227.710304][ T5910] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  227.728158][ T5910] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 65535, setting to 64
[  227.744193][ T5910] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  227.754086][ T5910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.762230][ T5910] usb 7-1: Product: syz
[  227.774900][ T5910] usb 7-1: Manufacturer: syz
[  227.779616][ T5910] usb 7-1: SerialNumber: syz
[  227.803363][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  227.855419][ T7576] netlink: 28 bytes leftover after parsing attributes in process `syz.5.444'.
[  228.050657][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  228.067251][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  228.302578][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  228.591104][ T5933] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  228.747534][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  228.759055][ T5933] usb 5-1: Using ep0 maxpacket: 8
[  228.776107][ T7583] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  228.793629][ T5933] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  228.820672][ T5933] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  228.839640][ T5910] cdc_ncm 7-1:1.1: bind() failure
[  228.848243][ T7370] veth0_vlan: entered promiscuous mode
[  228.855360][ T5933] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  228.893092][ T5933] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  228.934653][ T5933] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  228.950521][ T7370] veth1_vlan: entered promiscuous mode
[  228.987727][ T5933] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  229.015639][ T5933] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.051369][ T5903] usb 7-1: USB disconnect, device number 3
[  229.193085][ T7370] veth0_macvtap: entered promiscuous mode
[  229.248281][ T7370] veth1_macvtap: entered promiscuous mode
[  229.269681][ T5933] usb 5-1: GET_CAPABILITIES returned 0
[  229.280861][ T5933] usbtmc 5-1:16.0: can't read capabilities
[  229.349508][ T7370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  229.409496][ T7370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.490011][   T63] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.533814][   T63] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.555209][   T63] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.568003][   T63] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.837115][  T168] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.866943][  T168] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.978015][  T167] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.006817][  T167] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.067783][ T5903] usb 5-1: USB disconnect, device number 7
[  230.179549][   T30] audit: type=1326 audit(1773802992.479:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7601 comm=2321202E2F6367726F75700A exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdbfb9c799 code=0x7ffc0000
[  230.241778][ T6000] usb 6-1: USB disconnect, device number 3
[  230.278033][   T30] audit: type=1326 audit(1773802992.509:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7601 comm=2321202E2F6367726F75700A exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdbfb9c799 code=0x7ffc0000
[  230.386007][   T30] audit: type=1326 audit(1773802992.509:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7601 comm=2321202E2F6367726F75700A exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fcdbfb9c799 code=0x7ffc0000
[  230.493655][   T30] audit: type=1326 audit(1773802992.509:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7601 comm=2321202E2F6367726F75700A exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdbfb9c799 code=0x7ffc0000
[  230.720796][   T30] audit: type=1326 audit(1773802992.509:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7601 comm=2321202E2F6367726F75700A exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcdbfb9c799 code=0x7ffc0000
[  231.002884][ T7620] syzkaller0: entered promiscuous mode
[  233.714268][ T7656] syzkaller0: entered promiscuous mode
[  235.961366][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  236.748541][ T7688] fuse: Bad value for 'fd'
[  237.178938][ T7697] syzkaller0: entered promiscuous mode
[  237.391533][ T6000] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  237.573553][ T6000] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[  237.591417][ T6000] usb 7-1: config 1 has no interface number 0
[  237.609296][ T6000] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  237.633041][ T6000] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  237.647858][ T6000] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  237.659469][ T6000] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  237.676922][ T6000] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 65535, setting to 64
[  237.709251][ T6000] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  237.729754][ T6000] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.747970][ T6000] usb 7-1: Product: syz
[  237.759061][ T6000] usb 7-1: Manufacturer: syz
[  237.772008][ T6000] usb 7-1: SerialNumber: syz
[  237.813731][ T7698] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  238.409073][ T7698] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  238.549419][ T7698] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  238.871873][ T7721] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  240.271487][ T6000] cdc_ncm 7-1:1.1: bind() failure
[  240.302613][ T6000] usb 7-1: USB disconnect, device number 4
[  242.357356][ T7759] netlink: 'syz.3.506': attribute type 10 has an invalid length.
[  242.471409][ T5933] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  242.652003][ T5933] usb 7-1: Using ep0 maxpacket: 16
[  242.689006][ T5933] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 128, changing to 7
[  242.785228][ T5933] usb 7-1: New USB device found, idVendor=0582, idProduct=00a3, bcdDevice= 0.40
[  242.836657][ T5933] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.886498][ T5933] usb 7-1: Product: syz
[  242.914118][ T5933] usb 7-1: Manufacturer: syz
[  242.947146][ T5933] usb 7-1: SerialNumber: syz
[  243.641262][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  244.008263][ T7777] syz.5.512 uses obsolete (PF_INET,SOCK_PACKET)
[  244.199204][   T30] audit: type=1326 audit(1773803006.489:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.304421][   T30] audit: type=1326 audit(1773803006.499:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.403119][   T30] audit: type=1326 audit(1773803006.549:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5245b5cfce code=0x7ffc0000
[  244.531681][   T30] audit: type=1326 audit(1773803006.559:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5245b5cfce code=0x7ffc0000
[  244.586682][ T7784] loop2: detected capacity change from 0 to 7
[  244.607622][ T7784] Dev loop2: unable to read RDB block 7
[  244.619786][   T30] audit: type=1326 audit(1773803006.559:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.646754][ T7784]  loop2: unable to read partition table
[  244.657241][ T7784] loop2: partition table beyond EOD, truncated
[  244.677725][ T7784] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑච) failed (rc=-5)
[  244.700515][   T30] audit: type=1326 audit(1773803006.559:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.827885][   T30] audit: type=1326 audit(1773803006.559:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.900673][   T30] audit: type=1326 audit(1773803006.559:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5245b9c799 code=0x7ffc0000
[  244.974972][ T7790] netlink: 'syz.7.518': attribute type 10 has an invalid length.
[  245.021617][ T7790] 8021q: adding VLAN 0 to HW filter on device team0
[  245.045005][ T7790] bond0: (slave team0): Enslaving as an active interface with an up link
[  246.586166][ T7800] fuse: Unknown parameter 'fd0x0000000000000003'
[  246.648506][ T5933] usb 7-1: USB disconnect, device number 5
[  246.743323][ T6472] udevd[6472]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  246.891859][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.7.524'.
[  246.920739][ T7812] bond0: option resend_igmp: invalid value (52140)
[  246.940680][ T7812] bond0: option resend_igmp: allowed values 0 - 255
[  247.023292][ T5933] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  247.203640][ T5933] usb 7-1: Using ep0 maxpacket: 16
[  247.227433][ T5933] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  247.257072][ T5933] usb 7-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  247.304712][ T5933] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  247.323347][ T5933] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.358929][ T5933] usb 7-1: Product: syz
[  247.392947][ T5933] usb 7-1: Manufacturer: syz
[  247.421805][ T5933] usb 7-1: SerialNumber: syz
[  247.721521][ T5933] usb 7-1: USB disconnect, device number 6
[  247.802406][ T7823] netlink: 8 bytes leftover after parsing attributes in process `syz.4.528'.
[  248.330610][ T7828] netlink: 24 bytes leftover after parsing attributes in process `syz.3.530'.
[  249.833223][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  249.939972][ T7852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.539'.
[  250.976040][ T7860] netlink: 24 bytes leftover after parsing attributes in process `syz.3.543'.
[  252.680333][ T7882] xt_hashlimit: size too large, truncated to 1048576
[  253.078872][ T7890] netlink: 8 bytes leftover after parsing attributes in process `syz.7.550'.
[  253.327326][ T7898] netlink: 24 bytes leftover after parsing attributes in process `syz.7.554'.
[  253.366436][ T7899] netlink: 8 bytes leftover after parsing attributes in process `syz.4.553'.
[  254.580802][ T7921] capability: warning: `syz.7.561' uses deprecated v2 capabilities in a way that may be insecure
[  254.973567][ T7914] syzkaller0: entered promiscuous mode
[  255.002954][ T7914] syzkaller0: entered allmulticast mode
[  255.196837][ T7932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.565'.
[  255.422948][ T6000] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  255.629139][ T6000] usb 8-1: Using ep0 maxpacket: 8
[  255.659221][ T6000] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  255.677008][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  255.691071][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  255.695242][ T6000] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  255.733288][ T6000] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  255.772850][ T6000] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  255.818396][ T6000] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.942217][ T6000] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  255.971753][ T6000] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.042778][ T7941] binder: 7940:7941 ioctl c0306201 0 returned -14
[  256.266570][ T6000] usb 8-1: GET_CAPABILITIES returned 0
[  256.276037][ T6000] usbtmc 8-1:16.0: can't read capabilities
[  257.056763][ T5917] usb 8-1: USB disconnect, device number 2
[  258.727075][ T7975] netlink: 24 bytes leftover after parsing attributes in process `syz.4.577'.
[  260.611363][ T7986] binder: 7985:7986 ioctl c0306201 0 returned -14
[  262.955189][ T5910] IPVS: starting estimator thread 0...
[  263.101242][ T8008] IPVS: using max 31 ests per chain, 74400 per kthread
[  263.426519][ T8015] netlink: 'syz.7.589': attribute type 5 has an invalid length.
[  266.778153][ T8049] netlink: 'syz.3.602': attribute type 10 has an invalid length.
[  266.789598][ T8045] syzkaller0: entered promiscuous mode
[  266.796417][ T8048] netlink: 1004 bytes leftover after parsing attributes in process `syz.7.601'.
[  266.817644][ T8045] syzkaller0: entered allmulticast mode
[  269.311354][ T8068] netlink: 24 bytes leftover after parsing attributes in process `syz.4.608'.
[  269.931454][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  270.219762][ T8084] netlink: 'syz.3.615': attribute type 10 has an invalid length.
[  270.266120][ T8088] netlink: 1004 bytes leftover after parsing attributes in process `syz.7.616'.
[  270.848906][ T8098] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  271.801553][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  271.854081][ T8098] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  271.874750][ T8095] syzkaller0: entered promiscuous mode
[  271.912699][ T8095] syzkaller0: entered allmulticast mode
[  272.503570][ T8105] netlink: 24 bytes leftover after parsing attributes in process `syz.5.622'.
[  273.113884][ T8121] netlink: 'syz.5.628': attribute type 10 has an invalid length.
[  273.152823][ T8121] 8021q: adding VLAN 0 to HW filter on device team0
[  273.168063][ T8122] binder: 8118:8122 ioctl c0306201 0 returned -14
[  273.189317][ T8121] bond0: (slave team0): Enslaving as an active interface with an up link
[  273.279120][   T30] audit: type=1326 audit(1773803035.579:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8118 comm="syz.4.625" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5245b9c799 code=0x0
[  277.620503][ T8165] syzkaller0: entered promiscuous mode
[  277.634341][ T8165] syzkaller0: entered allmulticast mode
[  278.602696][ T8178] x_tables: duplicate underflow at hook 3
[  286.720432][ T5859] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  286.734152][ T5859] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  286.743107][ T5859] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  286.966889][ T5859] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  286.981478][ T5859] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  289.041140][ T5859] Bluetooth: hci7: command tx timeout
[  291.111048][ T5859] Bluetooth: hci7: command tx timeout
[  291.397144][ T6089] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.523033][ T8280] loop2: detected capacity change from 0 to 7
[  291.534475][ T8101] Dev loop2: unable to read RDB block 7
[  291.540191][ T8101]  loop2: AHDI p1 p2 p3
[  291.544802][ T8101] loop2: partition table partially beyond EOD, truncated
[  291.552871][ T8101] loop2: p1 start 1818582900 is beyond EOD, truncated
[  291.580045][ T8101] loop2: p3 start 335544320 is beyond EOD, truncated
[  291.617756][ T8280] Dev loop2: unable to read RDB block 7
[  291.646830][ T8280]  loop2: AHDI p1 p2 p3
[  291.663658][ T8280] loop2: partition table partially beyond EOD, truncated
[  291.706022][ T8280] loop2: p1 start 1818582900 is beyond EOD, truncated
[  291.851076][ T8280] loop2: p3 start 335544320 is beyond EOD, truncated
[  291.861183][ T6089] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.292324][ T6089] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.380237][ T8236] chnl_net:caif_netlink_parms(): no params data found
[  292.506319][ T6089] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.213486][ T5859] Bluetooth: hci7: command tx timeout
[  293.511335][ T8317] netlink: 24 bytes leftover after parsing attributes in process `syz.3.680'.
[  293.854822][ T8298] syzkaller0: entered promiscuous mode
[  295.284688][ T5859] Bluetooth: hci7: command tx timeout
[  295.668435][ T8332] netlink: 148 bytes leftover after parsing attributes in process `syz.3.681'.
[  295.771267][ T8314] syzkaller0: entered promiscuous mode
[  295.776967][ T8314] syzkaller0: entered allmulticast mode
[  295.918885][ T8319] syzkaller0: entered promiscuous mode
[  295.924632][ T8319] syzkaller0: entered allmulticast mode
[  297.953675][ T8370] netlink: 24 bytes leftover after parsing attributes in process `syz.3.690'.
[  300.864926][ T8372] netlink: 148 bytes leftover after parsing attributes in process `syz.3.691'.
[  300.921077][ T8236] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.949958][ T8236] bridge0: port 1(bridge_slave_0) entered disabled state
[  300.971462][ T8236] bridge_slave_0: entered allmulticast mode
[  300.983838][ T8236] bridge_slave_0: entered promiscuous mode
[  301.009297][ T8236] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.031331][ T8236] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.050617][ T8236] bridge_slave_1: entered allmulticast mode
[  301.060186][ T8236] bridge_slave_1: entered promiscuous mode
[  301.206315][ T8236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.226016][ T8236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.343502][ T8236] team0: Port device team_slave_0 added
[  301.391718][ T8236] team0: Port device team_slave_1 added
[  301.399305][ T6089] bridge_slave_1: left allmulticast mode
[  301.406108][ T6089] bridge_slave_1: left promiscuous mode
[  301.413866][ T6089] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.462541][ T6089] bridge_slave_0: left allmulticast mode
[  301.484635][ T6089] bridge_slave_0: left promiscuous mode
[  301.500679][ T6089] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.889610][ T8401] netlink: 24 bytes leftover after parsing attributes in process `syz.4.700'.
[  303.064434][ T6089] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  303.105946][ T6089] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  303.166800][ T6089] bond0 (unregistering): Released all slaves
[  303.278724][ T8405] netlink: 148 bytes leftover after parsing attributes in process `syz.5.701'.
[  303.663842][ T8236] batman_adv: batadv0: Adding interface: batadv_slave_0
[  303.690640][ T8236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  303.742217][ T8236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  303.998527][ T8432] syzkaller0: entered promiscuous mode
[  304.038250][ T8236] batman_adv: batadv0: Adding interface: batadv_slave_1
[  304.055393][ T8236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  304.104528][ T8236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.340642][ T8478] netlink: 148 bytes leftover after parsing attributes in process `syz.3.715'.
[  308.732417][ T6089] hsr_slave_0: left promiscuous mode
[  308.746883][ T6089] hsr_slave_1: left promiscuous mode
[  308.762911][ T6089] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.784551][ T6089] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.807894][ T6089] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.815761][ T6089] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.864105][ T6089] veth1_macvtap: left promiscuous mode
[  308.887503][ T6089] veth0_macvtap: left promiscuous mode
[  308.905793][ T6089] veth1_vlan: left promiscuous mode
[  308.916233][ T8500] netlink: 36 bytes leftover after parsing attributes in process `syz.7.720'.
[  308.931445][ T6089] veth0_vlan: left promiscuous mode
[  309.640611][ T6089] team0 (unregistering): Port device team_slave_1 removed
[  309.687775][ T6089] team0 (unregistering): Port device team_slave_0 removed
[  309.927831][ T8236] hsr_slave_0: entered promiscuous mode
[  309.945684][ T8236] hsr_slave_1: entered promiscuous mode
[  309.952951][ T8236] debugfs: 'hsr0' already exists in 'hsr'
[  309.958719][ T8236] Cannot create hsr debugfs directory
[  310.695766][ T8545] syzkaller0: entered promiscuous mode
[  312.626126][ T8549] syzkaller0: entered promiscuous mode
[  312.647123][ T8549] syzkaller0: entered allmulticast mode
[  315.922964][ T8571] netlink: 148 bytes leftover after parsing attributes in process `syz.4.733'.
[  316.280813][ T8590] syzkaller0: entered promiscuous mode
[  316.299558][ T8590] syzkaller0: entered allmulticast mode
[  317.116825][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  317.125590][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  318.442573][ T8236] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  318.485532][ T8236] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  318.527611][ T8236] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  318.595134][ T8236] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  318.759905][ T8612] syzkaller0: entered promiscuous mode
[  318.779466][ T8619] netlink: 24 bytes leftover after parsing attributes in process `syz.4.744'.
[  320.479330][ T8631] netlink: 140 bytes leftover after parsing attributes in process `syz.4.745'.
[  321.010445][ T8639] syzkaller0: entered promiscuous mode
[  321.027120][ T8639] syzkaller0: entered allmulticast mode
[  323.771189][ T8687] netlink: 24 bytes leftover after parsing attributes in process `syz.3.754'.
[  323.873083][ T8679] syzkaller0: entered promiscuous mode
[  323.878749][ T8679] syzkaller0: entered allmulticast mode
[  326.917160][ T8695] netlink: 140 bytes leftover after parsing attributes in process `syz.4.757'.
[  326.946912][ T8696] syzkaller0: entered promiscuous mode
[  327.966353][ T8236] 8021q: adding VLAN 0 to HW filter on device bond0
[  328.239530][ T8236] 8021q: adding VLAN 0 to HW filter on device team0
[  329.717999][ T8731] netlink: 24 bytes leftover after parsing attributes in process `syz.5.765'.
[  329.766859][ T8721] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.774666][ T8721] bridge0: port 1(bridge_slave_0) entered disabled state
[  330.167552][ T8721] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  330.217572][ T8721] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  331.154273][ T6696] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.161625][ T6696] bridge0: port 1(bridge_slave_0) entered forwarding state
[  331.297166][ T8734] syzkaller0: entered promiscuous mode
[  331.312962][ T8734] syzkaller0: entered allmulticast mode
[  331.436931][ T7876] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  331.454370][ T7876] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  333.415779][ T6696] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  333.425085][ T6696] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  333.439503][ T8766] netlink: 140 bytes leftover after parsing attributes in process `syz.5.768'.
[  333.466186][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.473438][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  333.845128][ T8784] syzkaller0: entered promiscuous mode
[  333.887076][ T8784] net_ratelimit: 18 callbacks suppressed
[  333.887095][ T8784] 0: reclassify loop, rule prio 0, protocol 800
[  333.936363][ T5933] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  334.632304][ T5858] Bluetooth: hci6: command 0x0406 tx timeout
[  334.852976][ T5933] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  334.869277][ T5933] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  334.897049][ T5933] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  334.913534][ T5933] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.933494][ T5933] usb 8-1: config 0 descriptor??
[  334.953492][ T5933] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  334.964458][ T8802] netlink: 24 bytes leftover after parsing attributes in process `syz.4.775'.
[  336.296291][ T8236] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.534439][ T8824] syzkaller0: entered promiscuous mode
[  336.540170][ T8824] syzkaller0: entered allmulticast mode
[  337.037680][ T5910] usb 8-1: USB disconnect, device number 3
[  339.337298][ T8849] netlink: 148 bytes leftover after parsing attributes in process `syz.5.782'.
[  340.439349][ T8236] veth0_vlan: entered promiscuous mode
[  340.655029][ T8870] netlink: 24 bytes leftover after parsing attributes in process `syz.5.786'.
[  340.787808][ T8857] syzkaller0: entered promiscuous mode
[  341.691037][ T6014] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  341.883018][ T6014] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  341.901998][ T6014] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  341.931212][ T6014] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  341.951811][ T6014] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.979074][ T6014] usb 6-1: config 0 descriptor??
[  342.003770][ T6014] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  343.682547][ T8236] veth1_vlan: entered promiscuous mode
[  343.774097][ T8236] veth0_macvtap: entered promiscuous mode
[  343.802763][ T8236] veth1_macvtap: entered promiscuous mode
[  343.867914][ T8894] netlink: 148 bytes leftover after parsing attributes in process `syz.7.793'.
[  343.925141][ T8236] batman_adv: batadv0: Interface activated: batadv_slave_0
[  343.986478][ T8236] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.039085][ T5917] usb 6-1: USB disconnect, device number 4
[  344.062900][ T6089] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.097842][ T6200] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.135626][ T6200] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.392718][ T8914] netlink: 24 bytes leftover after parsing attributes in process `syz.3.797'.
[  344.517909][ T6200] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  346.453951][ T5858] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  346.471199][ T5858] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  346.486286][ T5858] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  346.498370][ T5858] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  346.507578][ T5858] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  347.560883][ T8950] syzkaller0: entered promiscuous mode
[  348.156038][ T8957] netlink: 148 bytes leftover after parsing attributes in process `syz.7.804'.
[  348.551836][ T5858] Bluetooth: hci5: command tx timeout
[  348.592927][ T6696] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.611131][   T29] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  348.740480][ T8968] syzkaller0: entered promiscuous mode
[  348.762736][ T8968] syzkaller0: entered allmulticast mode
[  348.781010][   T29] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.817961][   T29] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  348.865170][   T29] usb 8-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  348.886694][   T29] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.902340][ T6696] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.917579][   T29] usb 8-1: config 0 descriptor??
[  348.949355][   T29] usbhid 8-1:0.0: couldn't find an input interrupt endpoint
[  349.045450][ T8935] chnl_net:caif_netlink_parms(): no params data found
[  349.177147][ T6696] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.279668][ T6696] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  350.338184][ T8993] netlink: 24 bytes leftover after parsing attributes in process `syz.5.808'.
[  350.505882][ T8935] bridge0: port 1(bridge_slave_0) entered blocking state
[  350.517834][ T8935] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.525641][ T8935] bridge_slave_0: entered allmulticast mode
[  350.540790][ T8935] bridge_slave_0: entered promiscuous mode
[  350.583556][ T8935] bridge0: port 2(bridge_slave_1) entered blocking state
[  350.594000][ T8935] bridge0: port 2(bridge_slave_1) entered disabled state
[  350.602434][ T8935] bridge_slave_1: entered allmulticast mode
[  350.612178][ T8935] bridge_slave_1: entered promiscuous mode
[  350.631459][ T5858] Bluetooth: hci5: command tx timeout
[  350.834478][ T8999] syzkaller0: entered promiscuous mode
[  350.846890][ T8999] syzkaller0: entered allmulticast mode
[  352.019068][   T10] usb 8-1: USB disconnect, device number 4
[  352.711263][ T5858] Bluetooth: hci5: command tx timeout
[  354.802078][ T5858] Bluetooth: hci5: command tx timeout
[  354.852926][ T9052] netlink: 24 bytes leftover after parsing attributes in process `syz.3.818'.
[  355.809194][ T8935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.909138][ T8935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  356.100098][ T8935] team0: Port device team_slave_0 added
[  356.174499][ T8935] team0: Port device team_slave_1 added
[  356.206906][ T6696] bridge_slave_1: left allmulticast mode
[  356.222369][ T6696] bridge_slave_1: left promiscuous mode
[  356.233302][ T6696] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.267501][ T6696] bridge_slave_0: left allmulticast mode
[  356.273909][ T6696] bridge_slave_0: left promiscuous mode
[  356.284243][ T6696] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.341051][ T5917] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  356.831392][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  357.281859][ T5917] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  357.294943][ T5917] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  357.304928][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.319716][ T5917] usb 5-1: config 0 descriptor??
[  357.328839][ T5917] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  358.644813][ T9096] netlink: 24 bytes leftover after parsing attributes in process `syz.5.828'.
[  358.695308][ T6696] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  358.876505][ T6696] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  358.968884][ T6696] bond0 (unregistering): Released all slaves
[  359.336219][ T8935] batman_adv: batadv0: Adding interface: batadv_slave_0
[  359.356327][   T31] INFO: task syz.1.287:7011 blocked for more than 143 seconds.
[  359.384669][ T8935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  359.432839][   T31]       Not tainted syzkaller #0
[  359.462950][   T31]       Blocked by coredump.
[  359.489406][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  359.550027][   T31] task:syz.1.287       state:D stack:25760 pid:7011  tgid:7011  ppid:5842   task_flags:0x40044c flags:0x00080002
[  359.620140][ T8935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.678926][ T6014] usb 5-1: USB disconnect, device number 8
[  359.719021][   T31] Call Trace:
[  359.767294][   T31]  <TASK>
[  359.813736][   T31]  __schedule+0x1665/0x5590
[  359.857286][   T31]  ? __pfx___schedule+0x10/0x10
[  359.901957][   T31]  ? schedule+0x90/0x360
[  359.929957][   T31]  schedule+0x164/0x360
[  359.951559][   T31]  schedule_preempt_disabled+0x13/0x30
[  359.970298][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  359.984844][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  360.002265][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  360.011900][   T31]  ? do_futex+0x395/0x420
[  360.021220][   T31]  down_read+0x99/0x2e0
[  360.031331][   T31]  ? exit_mm+0x64/0x250
[  360.042322][   T31]  exit_mm+0x73/0x250
[  360.052092][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  360.061153][   T31]  do_exit+0x8b9/0x2490
[  360.072092][   T31]  ? rwsem_down_write_slowpath+0x4a3/0x1080
[  360.091020][   T31]  ? __pfx_do_exit+0x10/0x10
[  360.095737][   T31]  do_group_exit+0x21b/0x2d0
[  360.111189][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  360.117365][   T31]  get_signal+0x1284/0x1330
[  360.131259][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  360.138339][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  360.154804][   T31]  ? vm_mmap_pgoff+0x294/0x4f0
[  360.171052][   T31]  exit_to_user_mode_loop+0x86/0x480
[  360.177887][   T31]  ? rcu_is_watching+0x15/0xb0
[  360.191957][   T31]  do_syscall_64+0x32d/0xf80
[  360.201169][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.217036][   T31]  ? clear_bhb_loop+0x40/0x90
[  360.224973][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.240997][   T31] RIP: 0033:0x7f3c5559c502
[  360.251521][   T31] RSP: 002b:00007ffd10a4e568 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  360.272179][   T31] RAX: fffffffffffffffc RBX: 0000000000000000 RCX: 00007f3c5559c502
[  360.291012][   T31] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000
[  360.302685][   T31] RBP: 0000000000020022 R08: 00000000ffffffff R09: 0000000000000000
[  360.326436][   T31] R10: 0000000000020022 R11: 0000000000000246 R12: 00007ffd10a4e6d0
[  360.350978][   T31] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000
[  360.359051][   T31]  </TASK>
[  360.377630][   T31] INFO: task syz.1.287:7012 blocked for more than 144 seconds.
[  360.403168][   T31]       Not tainted syzkaller #0
[  360.420974][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  360.452417][   T31] task:syz.1.287       state:D stack:25544 pid:7012  tgid:7011  ppid:5842   task_flags:0x400040 flags:0x00080002
[  360.501797][   T31] Call Trace:
[  360.509493][   T31]  <TASK>
[  360.518858][   T31]  __schedule+0x1665/0x5590
[  360.543315][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  360.574110][   T31]  ? __blk_flush_plug+0x416/0x4d0
[  360.592840][   T31]  ? __pfx___schedule+0x10/0x10
[  360.621385][   T31]  ? schedule+0x90/0x360
[  360.637874][   T31]  schedule+0x164/0x360
[  360.655718][   T31]  schedule_preempt_disabled+0x13/0x30
[  360.679775][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  360.702471][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  360.722527][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  360.741060][   T31]  down_read+0x99/0x2e0
[  360.750998][   T31]  ? madvise_collapse+0x21d/0x820
[  360.772422][   T31]  madvise_collapse+0x227/0x820
[  360.791138][   T31]  madvise_vma_behavior+0x1094/0x4460
[  360.800987][   T31]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  360.811030][   T31]  ? do_raw_spin_lock+0x12b/0x2f0
[  360.821006][   T31]  ? do_raw_spin_unlock+0xf5/0x210
[  360.830948][   T31]  ? timerqueue_linked_add+0x287/0x2e0
[  360.851047][   T31]  ? finish_task_switch+0x41f/0xbe0
[  360.856341][   T31]  ? lockdep_hardirqs_on+0x7a/0x110
[  360.876501][   T31]  ? finish_task_switch+0x41f/0xbe0
[  360.882139][   T31]  ? rcu_is_watching+0x15/0xb0
[  360.890952][   T31]  ? trace_sched_exit_tp+0x3a/0x150
[  360.900966][   T31]  ? __schedule+0x167b/0x5590
[  360.910994][   T31]  ? mas_prev_slot+0xb7b/0xbf0
[  360.930988][   T31]  ? find_vma_prev+0x123/0x1b0
[  360.935905][   T31]  ? __pfx_find_vma_prev+0x10/0x10
[  360.941472][   T31]  ? futex_unqueue+0x22/0x240
[  360.946193][   T31]  ? __futex_wait+0x371/0x420
[  360.950882][   T31]  madvise_walk_vmas+0x573/0xae0
[  360.955982][   T31]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  360.961604][   T31]  ? blk_start_plug+0x6e/0x1b0
[  360.966435][   T31]  madvise_do_behavior+0x386/0x540
[  360.971627][   T31]  ? __pfx_madvise_do_behavior+0x10/0x10
[  360.977305][   T31]  ? down_read+0x270/0x2e0
[  360.981889][   T31]  ? madvise_lock+0x146/0x2e0
[  360.986604][   T31]  do_madvise+0x1fa/0x2e0
[  360.991783][   T31]  ? __pfx_do_madvise+0x10/0x10
[  360.997387][   T31]  ? __se_sys_futex+0x3a8/0x450
[  361.002348][   T31]  ? rcu_is_watching+0x15/0xb0
[  361.007151][   T31]  __x64_sys_madvise+0xa6/0xc0
[  361.012025][   T31]  do_syscall_64+0x14d/0xf80
[  361.016649][   T31]  ? trace_irq_disable+0x3b/0x150
[  361.021810][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.027911][   T31]  ? clear_bhb_loop+0x40/0x90
[  361.032717][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.038641][   T31] RIP: 0033:0x7f3c5559c799
[  361.043136][   T31] RSP: 002b:00007f3c564a2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  361.051728][   T31] RAX: ffffffffffffffda RBX: 00007f3c55815fa0 RCX: 00007f3c5559c799
[  361.059736][   T31] RDX: 0000000000000019 RSI: 0000000000800000 RDI: 0000200000800000
[  361.067779][   T31] RBP: 00007f3c55632c99 R08: 0000000000000000 R09: 0000000000000000
[  361.075962][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  361.084029][   T31] R13: 00007f3c55816038 R14: 00007f3c55815fa0 R15: 00007ffd10a4e5d8
[  361.092090][   T31]  </TASK>
[  361.155970][   T31] INFO: task syz.2.353:7224 blocked for more than 145 seconds.
[  361.178038][   T31]       Not tainted syzkaller #0
[  361.183242][   T31]       Blocked by coredump.
[  361.187877][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  361.198763][   T31] task:syz.2.353       state:D stack:27496 pid:7224  tgid:7223  ppid:5845   task_flags:0x40044c flags:0x00080002
[  361.211000][   T31] Call Trace:
[  361.214340][   T31]  <TASK>
[  361.217317][   T31]  __schedule+0x1665/0x5590
[  361.222001][   T31]  ? __pfx___schedule+0x10/0x10
[  361.226902][   T31]  ? schedule+0x90/0x360
[  361.231303][   T31]  schedule+0x164/0x360
[  361.235528][   T31]  schedule_preempt_disabled+0x13/0x30
[  361.241131][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  361.246760][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  361.252640][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  361.258785][   T31]  ? do_futex+0x395/0x420
[  361.263226][   T31]  down_read+0x99/0x2e0
[  361.267422][   T31]  ? exit_mm+0x64/0x250
[  361.272578][   T31]  exit_mm+0x73/0x250
[  361.276664][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  361.282400][   T31]  do_exit+0x8b9/0x2490
[  361.286865][   T31]  ? __pfx_do_exit+0x10/0x10
[  361.291872][   T31]  do_group_exit+0x21b/0x2d0
[  361.297233][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  361.303839][   T31]  get_signal+0x1284/0x1330
[  361.308431][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  361.314143][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  361.320390][   T31]  exit_to_user_mode_loop+0x86/0x480
[  361.325781][   T31]  ? rcu_is_watching+0x15/0xb0
[  361.330604][   T31]  do_syscall_64+0x32d/0xf80
[  361.335359][   T31]  ? trace_irq_disable+0x3b/0x150
[  361.340448][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.346665][   T31]  ? clear_bhb_loop+0x40/0x90
[  361.352094][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.358052][   T31] RIP: 0033:0x7f280559c799
[  361.364510][   T31] RSP: 002b:00007f2806377028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  361.373242][   T31] RAX: 000000000000000b RBX: 00007f2805815fa0 RCX: 00007f280559c799
[  361.381448][   T31] RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 0000000000000004
[  361.389475][   T31] RBP: 00007f2805632c99 R08: 0000000000000000 R09: 0000000000000000
[  361.397759][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  361.412742][   T31] R13: 00007f2805816038 R14: 00007f2805815fa0 R15: 00007fff6c2d68b8
[  361.431027][   T31]  </TASK>
[  361.438618][   T31] INFO: task syz.2.353:7225 blocked for more than 145 seconds.
[  361.459268][   T31]       Not tainted syzkaller #0
[  361.471130][   T31]       Blocked by coredump.
[  361.480964][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  361.501020][   T31] task:syz.2.353       state:D stack:25392 pid:7225  tgid:7223  ppid:5845   task_flags:0x40044c flags:0x00080002
[  361.531024][   T31] Call Trace:
[  361.534460][   T31]  <TASK>
[  361.537424][   T31]  __schedule+0x1665/0x5590
[  361.542056][   T31]  ? __pfx___schedule+0x10/0x10
[  361.546953][   T31]  ? schedule+0x90/0x360
[  361.551336][   T31]  schedule+0x164/0x360
[  361.555529][   T31]  schedule_preempt_disabled+0x13/0x30
[  361.561095][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  361.566684][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  361.572500][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  361.578610][   T31]  ? do_futex+0x395/0x420
[  361.583526][   T31]  down_read+0x99/0x2e0
[  361.587757][   T31]  ? exit_mm+0x64/0x250
[  361.595739][   T31]  exit_mm+0x73/0x250
[  361.599797][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  361.607134][   T31]  do_exit+0x8b9/0x2490
[  361.611564][   T31]  ? __pfx_do_exit+0x10/0x10
[  361.616230][   T31]  do_group_exit+0x21b/0x2d0
[  361.620833][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  361.626101][   T31]  get_signal+0x1284/0x1330
[  361.630663][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  361.636381][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  361.642640][   T31]  ? __x64_sys_recvmmsg+0x198/0x250
[  361.647885][   T31]  exit_to_user_mode_loop+0x86/0x480
[  361.653241][   T31]  ? rcu_is_watching+0x15/0xb0
[  361.658033][   T31]  do_syscall_64+0x32d/0xf80
[  361.662695][   T31]  ? trace_irq_disable+0x3b/0x150
[  361.667754][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.673952][   T31]  ? clear_bhb_loop+0x40/0x90
[  361.678802][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.684774][   T31] RIP: 0033:0x7f280559c799
[  361.689220][   T31] RSP: 002b:00007f28037f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  361.697810][   T31] RAX: 000000000000117d RBX: 00007f2805816090 RCX: 00007f280559c799
[  361.706766][   T31] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  361.715525][   T31] RBP: 00007f2805632c99 R08: 0000000000000000 R09: 0000000000000000
[  361.723605][   T31] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  361.731691][   T31] R13: 00007f2805816128 R14: 00007f2805816090 R15: 00007fff6c2d68b8
[  361.739687][   T31]  </TASK>
[  361.742902][   T31] INFO: task syz.2.353:7226 blocked for more than 145 seconds.
[  361.753164][   T31]       Not tainted syzkaller #0
[  361.758179][   T31]       Blocked by coredump.
[  361.762838][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  361.771567][   T31] task:syz.2.353       state:D stack:26576 pid:7226  tgid:7223  ppid:5845   task_flags:0x40054c flags:0x00080002
[  361.783565][   T31] Call Trace:
[  361.786879][   T31]  <TASK>
[  361.789817][   T31]  __schedule+0x1665/0x5590
[  361.794427][   T31]  ? __pfx___schedule+0x10/0x10
[  361.799318][   T31]  ? schedule+0x90/0x360
[  361.803689][   T31]  schedule+0x164/0x360
[  361.807886][   T31]  schedule_preempt_disabled+0x13/0x30
[  361.814373][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  361.819990][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  361.825804][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  361.832067][   T31]  ? do_futex+0x395/0x420
[  361.836496][   T31]  down_read+0x99/0x2e0
[  361.840677][   T31]  ? exit_mm+0x64/0x250
[  361.844907][   T31]  exit_mm+0x73/0x250
[  361.848939][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  361.854752][   T31]  do_exit+0x8b9/0x2490
[  361.858971][   T31]  ? lockdep_hardirqs_on+0x7a/0x110
[  361.864253][   T31]  ? __pfx_do_exit+0x10/0x10
[  361.868883][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  361.874325][   T31]  ? preempt_schedule_common+0x82/0xd0
[  361.879822][   T31]  do_group_exit+0x21b/0x2d0
[  361.884515][   T31]  get_signal+0x1284/0x1330
[  361.889074][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  361.894694][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  361.900878][   T31]  ? kmem_cache_free+0x454/0x640
[  361.905902][   T31]  ? fput_close_sync+0x11f/0x240
[  361.910859][   T31]  exit_to_user_mode_loop+0x86/0x480
[  361.921276][   T31]  ? rcu_is_watching+0x15/0xb0
[  361.926199][   T31]  do_syscall_64+0x32d/0xf80
[  361.930818][   T31]  ? trace_irq_disable+0x3b/0x150
[  361.935957][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.942107][   T31]  ? clear_bhb_loop+0x40/0x90
[  361.946821][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.952879][   T31] RIP: 0033:0x7f280559c799
[  361.957358][   T31] RSP: 002b:00007f28037d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  361.965929][   T31] RAX: 0000000000000000 RBX: 00007f2805816180 RCX: 00007f280559c799
[  361.974017][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  361.982045][   T31] RBP: 00007f2805632c99 R08: 0000000000000000 R09: 0000000000000000
[  361.990044][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  361.998078][   T31] R13: 00007f2805816218 R14: 00007f2805816180 R15: 00007fff6c2d68b8
[  362.006128][   T31]  </TASK>
[  362.009194][   T31] INFO: task syz.2.353:7227 blocked for more than 146 seconds.
[  362.017594][   T31]       Not tainted syzkaller #0
[  362.022634][   T31]       Blocked by coredump.
[  362.027243][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  362.035998][   T31] task:syz.2.353       state:D stack:26224 pid:7227  tgid:7223  ppid:5845   task_flags:0x40044c flags:0x00080002
[  362.054863][   T31] Call Trace:
[  362.060084][   T31]  <TASK>
[  362.063145][   T31]  __schedule+0x1665/0x5590
[  362.067691][   T31]  ? __rcu_read_unlock+0x83/0xe0
[  362.072806][   T31]  ? __pfx___schedule+0x10/0x10
[  362.077709][   T31]  ? schedule+0x90/0x360
[  362.082055][   T31]  schedule+0x164/0x360
[  362.086265][   T31]  schedule_preempt_disabled+0x13/0x30
[  362.092558][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  362.098147][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  362.104757][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  362.110888][   T31]  ? do_futex+0x395/0x420
[  362.115326][   T31]  down_read+0x99/0x2e0
[  362.120218][   T31]  ? exit_mm+0x64/0x250
[  362.124508][   T31]  exit_mm+0x73/0x250
[  362.128525][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  362.134241][   T31]  do_exit+0x8b9/0x2490
[  362.138435][   T31]  ? __pfx_do_exit+0x10/0x10
[  362.143124][   T31]  do_group_exit+0x21b/0x2d0
[  362.147743][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  362.153099][   T31]  get_signal+0x1284/0x1330
[  362.157664][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  362.163302][   T31]  ? __pfx___schedule+0x10/0x10
[  362.168198][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  362.174431][   T31]  ? do_sys_openat2+0x14c/0x200
[  362.179384][   T31]  ? schedule+0x16e/0x360
[  362.183925][   T31]  exit_to_user_mode_loop+0x86/0x480
[  362.189280][   T31]  ? rcu_is_watching+0x15/0xb0
[  362.194135][   T31]  do_syscall_64+0x32d/0xf80
[  362.198780][   T31]  ? trace_irq_disable+0x3b/0x150
[  362.203965][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.210074][   T31]  ? clear_bhb_loop+0x40/0x90
[  362.214875][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.221539][   T31] RIP: 0033:0x7f280559c799
[  362.226029][   T31] RSP: 002b:00007f28033b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  362.234895][   T31] RAX: fffffffffffffff5 RBX: 00007f2805816270 RCX: 00007f280559c799
[  362.242987][   T31] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  362.251031][   T31] RBP: 00007f2805632c99 R08: 0000000000000000 R09: 0000000000000000
[  362.259118][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  362.267153][   T31] R13: 00007f2805816308 R14: 00007f2805816270 R15: 00007fff6c2d68b8
[  362.275187][   T31]  </TASK>
[  362.278245][   T31] INFO: task syz.2.353:7233 blocked for more than 146 seconds.
[  362.285930][   T31]       Not tainted syzkaller #0
[  362.291019][   T31]       Blocked by coredump.
[  362.295655][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  362.306365][   T31] task:syz.2.353       state:D stack:28800 pid:7233  tgid:7223  ppid:5845   task_flags:0x40044c flags:0x00080002
[  362.318717][   T31] Call Trace:
[  362.323033][   T31]  <TASK>
[  362.326211][   T31]  __schedule+0x1665/0x5590
[  362.330791][   T31]  ? __pfx___schedule+0x10/0x10
[  362.335733][   T31]  ? schedule+0x90/0x360
[  362.340183][   T31]  schedule+0x164/0x360
[  362.344447][   T31]  schedule_preempt_disabled+0x13/0x30
[  362.349940][   T31]  rwsem_down_read_slowpath+0x6d9/0x940
[  362.355709][   T31]  ? rwsem_down_read_slowpath+0x596/0x940
[  362.361552][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  362.367749][   T31]  ? do_futex+0x395/0x420
[  362.372177][   T31]  down_read+0x99/0x2e0
[  362.376465][   T31]  ? exit_mm+0x64/0x250
[  362.380654][   T31]  exit_mm+0x73/0x250
[  362.384684][   T31]  ? unwind_deferred_task_exit+0x67/0xa0
[  362.390469][   T31]  do_exit+0x8b9/0x2490
[  362.394860][   T31]  ? futex_hash+0x40/0x2d0
[  362.399349][   T31]  ? __pfx_do_exit+0x10/0x10
[  362.404202][   T31]  do_group_exit+0x21b/0x2d0
[  362.408840][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  362.414169][   T31]  get_signal+0x1284/0x1330
[  362.418840][   T31]  arch_do_signal_or_restart+0xbc/0x830
[  362.425170][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  362.431571][   T31]  ? fd_install+0x94/0x3d0
[  362.436086][   T31]  exit_to_user_mode_loop+0x86/0x480
[  362.441432][   T31]  ? rcu_is_watching+0x15/0xb0
[  362.446378][   T31]  do_syscall_64+0x32d/0xf80
[  362.451073][   T31]  ? trace_irq_disable+0x3b/0x150
[  362.456224][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.462358][   T31]  ? clear_bhb_loop+0x40/0x90
[  362.467165][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.473161][   T31] RIP: 0033:0x7f280559c799
[  362.477630][   T31] RSP: 002b:00007f2802b6c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  362.486268][   T31] RAX: fffffffffffffe00 RBX: 00007f2805816458 RCX: 00007f280559c799
[  362.494311][   T31] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2805816458
[  362.502421][   T31] RBP: 00007f2805816450 R08: 0000000000000000 R09: 0000000000000000
[  362.510419][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  362.518682][   T31] R13: 00007f28058164e8 R14: 00007fff6c2d67d0 R15: 00007fff6c2d68b8
[  362.527399][   T31]  </TASK>
[  362.530594][   T31] 
[  362.530594][   T31] Showing all locks held in the system:
[  362.549282][   T31] 1 lock held by pool_workqueue_/3:
[  362.556497][   T31]  #0: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  362.567808][   T31] 2 locks held by kworker/0:1/10:
[  362.573063][   T31]  #0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150
[  362.583061][   T31]  #1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  362.592185][   T31] 1 lock held by khungtaskd/31:
[  362.597061][   T31]  #0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  362.607085][   T31] 2 locks held by kworker/u8:4/63:
[  362.612461][   T31]  #0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150
[  362.622597][   T31]  #1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  362.632530][   T31] 3 locks held by kworker/u8:6/167:
[  362.637790][   T31]  #0: ffff88801b0ac140 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x894/0x1780
[  362.649038][   T31]  #1: ffffc900015f7c40 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1780
[  362.659497][   T31]  #2: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  362.668742][   T31] 3 locks held by kworker/u8:8/1323:
[  362.674142][   T31]  #0: ffff8880b863ade0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150
[  362.684152][   T31]  #1: ffff8880b8624588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880
[  362.693126][   T31]  #2: ffff8880b8626118 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  362.702197][   T31] 2 locks held by dhcpcd/5508:
[  362.706975][   T31]  #0: ffff8880364076e8 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0
[  362.717431][   T31]  #1: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  362.726523][   T31] 2 locks held by getty/5598:
[  362.732114][   T31]  #0: ffff888037a0f0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  362.742020][   T31]  #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0
[  362.752243][   T31] 1 lock held by syz-executor/5843:
[  362.757475][   T31]  #0: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  362.766542][   T31] 5 locks held by kworker/u8:12/6696:
[  362.771992][   T31]  #0: ffff88801c2b6140 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x894/0x1780
[  362.782390][   T31]  #1: ffffc900024dfc40 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x8bb/0x1780
[  362.792683][   T31]  #2: ffffffff8fbc6d68 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf4/0x800
[  362.802122][   T31]  #3: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xe5/0xa00
[  362.812252][   T31]  #4: ffffffff8e7638e8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x38d/0x770
[  362.823389][   T31] 1 lock held by syz.1.287/7011:
[  362.828370][   T31]  #0: ffff88807d994e38 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.837904][   T31] 1 lock held by syz.1.287/7012:
[  362.843024][   T31]  #0: ffff88807d994e38 (&mm->mmap_lock){++++}-{4:4}, at: madvise_collapse+0x227/0x820
[  362.852778][   T31] 1 lock held by syz.2.353/7224:
[  362.857722][   T31]  #0: ffff88802ce0c1b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.866578][   T31] 1 lock held by syz.2.353/7225:
[  362.871593][   T31]  #0: ffff88802ce0c1b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.880454][   T31] 1 lock held by syz.2.353/7226:
[  362.885475][   T31]  #0: ffff88802ce0c1b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.894360][   T31] 1 lock held by syz.2.353/7227:
[  362.899325][   T31]  #0: ffff88802ce0c1b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.908234][   T31] 1 lock held by syz.2.353/7233:
[  362.913283][   T31]  #0: ffff88802ce0c1b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250
[  362.922166][   T31] 1 lock held by syz-executor/8935:
[  362.927379][   T31]  #0: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  362.937135][   T31] 1 lock held by syz.3.819/9054:
[  362.942129][   T31]  #0: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  362.955099][   T31] 1 lock held by syz.7.826/9097:
[  362.960082][   T31]  #0: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0
[  362.969113][   T31] 1 lock held by syz.5.829/9099:
[  362.974123][   T31]  #0: ffffffff8e7637b8 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x580
[  362.984127][   T31] 1 lock held by syz.5.829/9107:
[  362.989080][   T31]  #0: ffffffff8fbd5d80 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x7a4/0x1150
[  362.997991][   T31] 
[  363.000437][   T31] =============================================
[  363.000437][   T31] 
[  363.008930][   T31] NMI backtrace for cpu 1
[  363.008961][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  363.008980][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.008991][   T31] Call Trace:
[  363.008998][   T31]  <TASK>
[  363.009005][   T31]  dump_stack_lvl+0xe8/0x150
[  363.009036][   T31]  nmi_cpu_backtrace+0x274/0x2d0
[  363.009063][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  363.009092][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  363.009120][   T31]  sys_info+0x135/0x170
[  363.009143][   T31]  watchdog+0x1002/0x1060
[  363.009170][   T31]  ? watchdog+0x1da/0x1060
[  363.009195][   T31]  kthread+0x388/0x470
[  363.009217][   T31]  ? __pfx_watchdog+0x10/0x10
[  363.009235][   T31]  ? __pfx_kthread+0x10/0x10
[  363.009256][   T31]  ret_from_fork+0x51e/0xb90
[  363.009284][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  363.009307][   T31]  ? __switch_to+0xc7d/0x1450
[  363.009332][   T31]  ? __pfx_kthread+0x10/0x10
[  363.009353][   T31]  ret_from_fork_asm+0x1a/0x30
[  363.009383][   T31]  </TASK>
[  363.009390][   T31] Sending NMI from CPU 1 to CPUs 0:
[  363.121098][    C0] NMI backtrace for cpu 0
[  363.121115][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  363.121134][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.121145][    C0] RIP: 0010:kasan_addr_to_slab+0x45/0x70
[  363.121174][    C0] Code: 89 df e8 9e 27 49 ff 48 c1 e8 06 48 83 e0 c0 49 8d 0c 06 49 8b 44 06 08 89 c2 83 e2 01 48 ff ca 48 09 c2 48 21 ca 0f b6 4a 33 <c1> e1 18 31 c0 81 f9 00 00 00 f5 48 0f 44 c2 eb 02 31 c0 5b 41 5e
[  363.121189][    C0] RSP: 0018:ffffc90000007b80 EFLAGS: 00000086
[  363.121205][    C0] RAX: fffffffffffffe01 RBX: ffff88807a8c9770 RCX: 00000000000000f5
[  363.121217][    C0] RDX: ffffea0001ea3200 RSI: 0000000000000000 RDI: 0000000000000000
[  363.121228][    C0] RBP: 0000000000000002 R08: ffffffff81791e18 R09: ffffffff8e75d760
[  363.121239][    C0] R10: dffffc0000000000 R11: fffffbfff34ab4a2 R12: ffff88807a8c9770
[  363.121252][    C0] R13: 1ffff11006586402 R14: ffffea0000000000 R15: ffff888032c32068
[  363.121265][    C0] FS:  0000000000000000(0000) GS:ffff888125435000(0000) knlGS:0000000000000000
[  363.121278][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  363.121289][    C0] CR2: 0000560307f77000 CR3: 000000007c0e4000 CR4: 00000000003526f0
[  363.121304][    C0] Call Trace:
[  363.121310][    C0]  <IRQ>
[  363.121317][    C0]  kasan_record_aux_stack+0xf/0xd0
[  363.121340][    C0]  insert_work+0x3d/0x330
[  363.121365][    C0]  __queue_work+0xbe1/0x1020
[  363.121384][    C0]  ? __queue_work+0x1a1/0x1020
[  363.121401][    C0]  call_timer_fn+0x192/0x640
[  363.121423][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  363.121439][    C0]  ? call_timer_fn+0xd4/0x640
[  363.121453][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  363.121473][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[  363.121493][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  363.121511][    C0]  __run_timer_base+0x67e/0x8b0
[  363.121541][    C0]  ? __pfx___run_timer_base+0x10/0x10
[  363.121572][    C0]  run_timer_softirq+0xb7/0x170
[  363.121595][    C0]  handle_softirqs+0x22a/0x870
[  363.121622][    C0]  ? __irq_exit_rcu+0xca/0x220
[  363.121640][    C0]  __irq_exit_rcu+0xca/0x220
[  363.121655][    C0]  irq_exit_rcu+0x9/0x30
[  363.121668][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  363.121688][    C0]  </IRQ>
[  363.121693][    C0]  <TASK>
[  363.121699][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  363.121718][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  363.121736][    C0] Code: ed 6a 02 e9 d3 f1 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d b3 e1 14 00 fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90
[  363.121750][    C0] RSP: 0018:ffffffff8e407dc0 EFLAGS: 00000242
[  363.121780][    C0] RAX: 00000000002fdc23 RBX: ffffffff819b946a RCX: 0000000080000001
[  363.121792][    C0] RDX: 0000000000000001 RSI: ffffffff8df3af0d RDI: ffffffff8c284e00
[  363.121804][    C0] RBP: ffffffff8e407eb0 R08: ffff8880b863399b R09: 1ffff110170c6733
[  363.121816][    C0] R10: dffffc0000000000 R11: ffffed10170c6734 R12: 0000000000000000
[  363.121828][    C0] R13: 1ffffffff1c925d8 R14: 0000000000000000 R15: 1ffffffff1c925d8
[  363.121842][    C0]  ? do_idle+0x36a/0x5f0
[  363.121864][    C0]  default_idle+0x9/0x20
[  363.121885][    C0]  default_idle_call+0x72/0xb0
[  363.121909][    C0]  do_idle+0x36a/0x5f0
[  363.121923][    C0]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  363.121944][    C0]  ? __pfx_do_idle+0x10/0x10
[  363.121965][    C0]  cpu_startup_entry+0x43/0x60
[  363.121981][    C0]  rest_init+0x2de/0x300
[  363.122006][    C0]  start_kernel+0x38f/0x3e0
[  363.122130][    C0]  x86_64_start_reservations+0x24/0x30
[  363.122156][    C0]  x86_64_start_kernel+0x143/0x1c0
[  363.122182][    C0]  common_startup_64+0x13e/0x147
[  363.122210][    C0]  </TASK>
[  363.493767][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  363.500662][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  363.509800][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  363.519879][   T31] Call Trace:
[  363.523179][   T31]  <TASK>
[  363.526131][   T31]  vpanic+0x56c/0xa60
[  363.530136][   T31]  ? __pfx___schedule+0x10/0x10
[  363.535009][   T31]  ? __pfx_vpanic+0x10/0x10
[  363.539531][   T31]  ? nmi_trigger_cpumask_backtrace+0x1f4/0x300
[  363.545728][   T31]  panic+0xc5/0xd0
[  363.549468][   T31]  ? __pfx_panic+0x10/0x10
[  363.554043][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  363.559460][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  363.565641][   T31]  watchdog+0x105b/0x1060
[  363.569993][   T31]  ? watchdog+0x1da/0x1060
[  363.574435][   T31]  kthread+0x388/0x470
[  363.578522][   T31]  ? __pfx_watchdog+0x10/0x10
[  363.583218][   T31]  ? __pfx_kthread+0x10/0x10
[  363.587826][   T31]  ret_from_fork+0x51e/0xb90
[  363.592463][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  363.597609][   T31]  ? __switch_to+0xc7d/0x1450
[  363.602325][   T31]  ? __pfx_kthread+0x10/0x10
[  363.606941][   T31]  ret_from_fork_asm+0x1a/0x30
[  363.611757][   T31]  </TASK>
[  363.615685][   T31] Kernel Offset: disabled
[  363.620027][   T31] Rebooting in 86400 seconds..