last executing test programs:

33m18.610526769s ago: executing program 1 (id=132):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430c1", 0x10)
sendmmsg$alg(r1, &(0x7f0000004ac0)=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000800}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40080}], 0x2, 0x4000005)

33m17.569604717s ago: executing program 1 (id=133):
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0xaea3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x1104, 0x0, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, 0x0, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x1ff, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000440)={"db4c1421593cb4d3f8fe6094dc821bbbe06520701fc6de7b0349f34b0f8c556a9e9aff1355aab8d6da26d74608530f150f127f9e3f0a2f1fff0be9774c95d6c007c91903f78616596487bf50017c56b15385ab264cba5b168c62d971e67e6f3e73d60b5a8adbaaf2af8610c6a91c0a116f619adce4aa91d5a68faf8ee98693d32d8d8244381b5720ef596600e39491d216c22d0725904bab7d90fa8afb8fa04b707410aa300ef098609b4fa6dd77b1b7c321b1fc6356564ce3f90826be3a9a5be186ffc48eb13824e9dae77ed212a0f802074ff4f1725c4ad88cf5bbd36e3406bc59d96e82047631d8be9462ee7e54e5b2897c3fff38eabf67e1e160c2b5e18be06457844d89c9a606b7d25fbde713f4759da0bee1fabe3f71dcca63540f113a2b5edc4b327d1f9610377b97265d4aa875b4bc3c44bf8110d5df1beb1fe54794a0aa52dfc80df1caf7d812b4f1cdba1a6836b45ea2180d08439d411ce8e0755868cc839eaeac73e5d28f9f1990584038cf5fa6bee0c4095a27cc8c7b59519bf2a9bf1fedf54cc2dc6aea6c42c32de40c291e5f422f5c7792a08926af160fb379576dd81bac746232fb246817fc3248097914b75e83cc5eb518ce8fb643b34ca69c3b61f0d94e7db62dd480198d41e0862f1ec4429ab637569884a5ba446a0b09edfd986a2b3e15ee35bbd18610dad6271681ed240b0ffab9199b541013c0aadc36484da57511896c14776a41602aa1426edfbb828897d9c218b7936a0572840ebbc796e888a439b24e640324b511deb6ed0b2ce2f7567447826944b4f34101e492e8d20a2deda950e96e78f86d6d4c976f0c99041c94944309e6ce08d84a7c96677d570d9a57ec0506a4321d9e049b55be883ca3648c27772fc5dbaea5e6c2ded2ce72fb68989ae381fe1394cf6966ab04285d5ff8256bc2e85462b8d89aeeebd5432157c945b5dc1960d9282c6cc007fe029325d6078aef94d4954f956c71bcdf846f41392ebe0d3b289438d24ec4bc073617459a6b232445dd636a9f21140e14b162fd5ef1d626b0ff84884fd63d22cc1b05befb77ea937f3045cc15b125479b262c1e32fca75a5468423288c5776efee744b1fccb5e6d661d9d287cfa8582c96ea34a33c1bbc29c0035657da66a87150bbb885be5ee123e431fd793ea179a0fc77aaee66d874c0616cb32324826b36d0e27d14217ad1131cace3bae4ef82dfbc790e78de53a9bfbdb468bf0eb3ff134073b380858965de2d108862daf3fc6b49ad46f20832238aeaa5d010cf08e37938f0bb7bbeaa970c39ce9327a16fe07565708266ce9ef639bfa08538693b456228aa1c370d64ef9795b7cc208a2c528d381a042d149ed5c7f34ed26a7d5a4401b86434f054389e5dac7a4ee896e406d7b27240d925d478e0eb2202797832d3e2c74f4925ad58377b0d6ae9b97034f94"})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

33m12.092325471s ago: executing program 1 (id=142):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x0, 0xa, 0x0, 0x1, 0xb0}, @exit], &(0x7f00000000c0)='GPL\x00', 0x7}, 0x94)

33m11.611276092s ago: executing program 1 (id=144):
timer_settime(0x0, 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, 0x0, &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x7}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000100), 0x58)

33m11.258548725s ago: executing program 1 (id=146):
socket$inet6_mptcp(0xa, 0x1, 0x106)
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(0x3)
pipe(&(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r1, &(0x7f0000000240)="94", 0x1)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00')
fchdir(r3)
r4 = inotify_init()
inotify_add_watch(r4, &(0x7f0000000000)='./file0\x00', 0x84000584)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
tee(r0, r2, 0x8f5, 0x0)

33m10.87056156s ago: executing program 1 (id=149):
socket$kcm(0x29, 0x5, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={0x0, 0x0, 0x8}, 0x18)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000006580), 0x2, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r4, &(0x7f00000049c0)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xb, @empty, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@flowinfo={{0x14, 0x29, 0xb, 0x800c5}}, @flowinfo={{0x14, 0x29, 0xb, 0x80000000}}], 0x30}}], 0x1, 0x20004094)
ioctl$RTC_RD_TIME(r3, 0x80247009, &(0x7f00000065c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r5 = syz_open_dev$video4linux(&(0x7f0000001e00), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r5, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3013, 0x0, 0x0, 0x0, 0xffff})
syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r7, r6, &(0x7f0000002080)=0x3a, 0x23b)

32m54.491349835s ago: executing program 32 (id=149):
socket$kcm(0x29, 0x5, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@o_path={0x0, 0x0, 0x8}, 0x18)
ioctl$CEC_RECEIVE(0xffffffffffffffff, 0xc0386106, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000006580), 0x2, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r4, &(0x7f00000049c0)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0xb, @empty, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=[@flowinfo={{0x14, 0x29, 0xb, 0x800c5}}, @flowinfo={{0x14, 0x29, 0xb, 0x80000000}}], 0x30}}], 0x1, 0x20004094)
ioctl$RTC_RD_TIME(r3, 0x80247009, &(0x7f00000065c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
r5 = syz_open_dev$video4linux(&(0x7f0000001e00), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r5, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3013, 0x0, 0x0, 0x0, 0xffff})
syz_open_dev$usbfs(&(0x7f0000000100), 0x775, 0x8000)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r7, r6, &(0x7f0000002080)=0x3a, 0x23b)

32m32.577981254s ago: executing program 4 (id=220):
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe800000000000"], 0x0)
syz_emit_ethernet(0x52, &(0x7f00000007c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x1c, 0x2c, 0x0, @remote, @local, {[@routing={0x0, 0x0, 0x0, 0xe}], {{0x8000, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

32m32.229712745s ago: executing program 4 (id=222):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2000000000000001, 0x0, 0x2, 0x0)
r2 = creat(&(0x7f0000000380)='./file0\x00', 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000002c0)={'syztnl1\x00', 0x0})
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17f}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000003c0)=[0x45c], 0x0, 0x0, 0x100000, 0x1}}, 0x40)

32m26.907375652s ago: executing program 4 (id=229):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000324, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(r0, r0)

32m26.613859543s ago: executing program 4 (id=230):
socket$key(0xf, 0x3, 0x2)
r0 = socket$kcm(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_usb_connect(0x3, 0x34, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000092df5510ac05269289b201020301090222000100000000090400000103e900000907000000000000000705"], 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000580)="d8000000180081034e91f783db4cb9040a1d020006007409e8fc55a10a0015000400142603600e120800060000000401a8000800080002000000000004000461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb71b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad9e3bb9ad809d4e1cace81ed0bffece0b42a9ecbeeccd4e1ffffffffc1c9b6278754ca397c388b0dd6e4edef3d93000000000000004867edef090d82c399b3b549", 0xd8}], 0x1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
sendmsg$inet(r0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818)

32m22.828216503s ago: executing program 4 (id=239):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000324, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setpgid(r0, r0)

32m22.414609324s ago: executing program 4 (id=240):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
unshare(0x6a040000)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002280), 0x208400, 0x0)
mmap(&(0x7f00009a8000/0x4000)=nil, 0x4000, 0x1000000, 0x80010, r0, 0xbefbc000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
add_key$keyring(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x0}, 0x0, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000140), 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
keyctl$KEYCTL_MOVE(0x1e, r3, r3, r3, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
read$FUSE(r4, &(0x7f00000001c0)={0x2020}, 0x2020)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000002440)="ead64d512ece2b53233374ca5af378bb8a63dff07fac0829142aa25d626abc8564b7b8bd5fd05ede6875ffc156840aac291b6e2d30", 0x35, 0xfffffffffffffffd)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CURSOR2(r7, 0xc02464bb, &(0x7f0000000040)={0x3, 0x0, 0x5, 0x6576, 0x8, 0xff, 0x6, 0x67, 0x10001})
keyctl$dh_compute(0x17, &(0x7f0000000200)={r5, r5, r5}, &(0x7f00000022c0)=""/59, 0x3b, &(0x7f0000000000)={&(0x7f0000000280)={'wp384\x00'}})

32m6.838396952s ago: executing program 33 (id=240):
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
unshare(0x6a040000)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000002280), 0x208400, 0x0)
mmap(&(0x7f00009a8000/0x4000)=nil, 0x4000, 0x1000000, 0x80010, r0, 0xbefbc000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
add_key$keyring(&(0x7f0000002300), &(0x7f0000002340)={'syz', 0x0}, 0x0, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000140), 0x0, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18)
keyctl$KEYCTL_MOVE(0x1e, r3, r3, r3, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
read$FUSE(r4, &(0x7f00000001c0)={0x2020}, 0x2020)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000002440)="ead64d512ece2b53233374ca5af378bb8a63dff07fac0829142aa25d626abc8564b7b8bd5fd05ede6875ffc156840aac291b6e2d30", 0x35, 0xfffffffffffffffd)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_CURSOR2(r7, 0xc02464bb, &(0x7f0000000040)={0x3, 0x0, 0x5, 0x6576, 0x8, 0xff, 0x6, 0x67, 0x10001})
keyctl$dh_compute(0x17, &(0x7f0000000200)={r5, r5, r5}, &(0x7f00000022c0)=""/59, 0x3b, &(0x7f0000000000)={&(0x7f0000000280)={'wp384\x00'}})

1m32.207393849s ago: executing program 6 (id=4283):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a813", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

1m31.853427236s ago: executing program 6 (id=4287):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0xcad, &(0x7f00000002c0)={0x0, 0x0, 0x80, 0x1, 0x3a6}, &(0x7f00000001c0)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000040)=0xffff7c00, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SEND={0x1a, 0x20, 0x0, r0, 0x0, 0x0, 0x0, 0x2011})
io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

1m30.747906081s ago: executing program 6 (id=4290):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
r6 = socket$unix(0x1, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x703923, 0x80000, {0x0, 0x0, 0x0, r5, {0x0, 0x8}, {0x2, 0xb}, {0xb, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r9)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r9, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1m28.317298981s ago: executing program 6 (id=4297):
socket$nl_route(0x10, 0x3, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(xxhash64,cbc-twofish-3way)\x00'}, 0x58)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec29, 0x800, 0x1, 0x40000337}, &(0x7f0000000dc0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYBLOB="0200000000", @ANYRES32], 0x28}}, 0x48010)
syz_usb_connect(0x2, 0x36, 0x0, 0x0)

1m24.756141729s ago: executing program 6 (id=4309):
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0x12)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x20, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0}}, 0x10)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x1, 0x0)
write$vga_arbiter(r2, &(0x7f0000000580)=ANY=[@ANYBLOB='target '], 0x14)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0xfffffffb}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x218000, 0x1800, 0x3, 0x2}, 0x37)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7)
r4 = socket$inet6(0xa, 0x3, 0x87)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x11}, {0x0, 0x4, 0x1, 0xfffffffffffffffc, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in6=@remote, 0x1, 0x32}, 0xa, @in=@loopback, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe4)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x8)
write$cgroup_int(r5, &(0x7f0000000040)=0x1f00, 0x12)

1m23.302975318s ago: executing program 3 (id=4313):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$sock_int(r0, 0x1, 0x4a, 0x0, &(0x7f0000000080))

1m22.982412036s ago: executing program 3 (id=4315):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x34)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r2, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, 0x0, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0xe}, @val={0x8, 0x3, r1}, @val={0xc, 0x99, {0xb, 0x43}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x810)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20044040}, 0x24008004)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x50)
rt_sigqueueinfo(0x0, 0x21, &(0x7f0000002d00)={0x0, 0x0, 0xffffffff})
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000240), 0xa7c, r3}, 0x38)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_io_uring_setup(0x1249, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000005c0)={0xffffffffffffffff, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}})

1m22.917209221s ago: executing program 2 (id=4317):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = fanotify_init(0x200, 0x0)
fanotify_mark(r5, 0x41, 0x4800003e, r0, 0x0)
r6 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r6, 0x0, 0x0, 0x1000f4)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
preadv2(r7, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

1m20.852874473s ago: executing program 3 (id=4319):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$can_raw(0x1d, 0x3, 0x1)
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f00000000c0)=r0, 0x8)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000800)=@hci={0x1f, 0x0, 0x6}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000480)="d1", 0x1}], 0x1}, 0x4c081)

1m20.402868206s ago: executing program 3 (id=4320):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="03010000b5"], 0xc8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfffffffe, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xc6}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000180)={0xa, 0x4e22, 0x8, @loopback}, 0x1c)
listen(r3, 0x5)
accept4(r3, &(0x7f00000002c0)=@x25, 0x0, 0x800)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c)
sendto(r4, &(0x7f0000001400)="6923bf7afdad78526d73a67312e8bf8260adb9aefe9ee5cfaaf3b6b15a03a4a20ed5d72ab9511c6ef1d727f39a1209d5fa8754eb", 0xfffffffffffffe64, 0x40011, 0x0, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="0906c422e0243219ff7b440e76a1b51b82ba23599f81b52c9d4db4486cec105e4b9f0f859f8a43eef6352f1e46e3145089b6a22f618ca14e288029b613a329c422481c6b7aff6806bce699cea461ecf591d9018b2a1d84e389a8d3127fd35913fe69754435c2", 0xffffffffffffffbb, 0x40040011, 0x0, 0x0)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00'})
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
ioctl$MON_IOCX_GET(r5, 0x40189206, &(0x7f0000000140)={0x0, 0x0})

1m20.401990304s ago: executing program 0 (id=4330):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f00000000c0)=r0, 0x8)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000800)=@hci={0x1f, 0x0, 0x6}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000480)="d1", 0x1}], 0x1}, 0x4c081)

1m20.17603275s ago: executing program 0 (id=4321):
socket$nl_route(0x10, 0x3, 0x0)
openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000340)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(xxhash64,cbc-twofish-3way)\x00'}, 0x58)
r3 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec29, 0x800, 0x1, 0x40000337}, &(0x7f0000000dc0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYBLOB="0200000000", @ANYRES32], 0x28}}, 0x48010)
syz_usb_connect(0x2, 0x36, 0x0, 0x0)

1m20.038349666s ago: executing program 2 (id=4322):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a813", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

1m20.011930086s ago: executing program 6 (id=4323):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
ioctl$RTC_ALM_READ(r2, 0x40187013, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@deltfilter={0x34, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r6, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r7 = socket$inet6(0xa, 0x3, 0x6)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x208000})
ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x4b3c, 0x0)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r9 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r9, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)

1m18.597867132s ago: executing program 2 (id=4325):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
fspick(0xffffffffffffff9c, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

1m18.533922038s ago: executing program 5 (id=4326):
syz_io_uring_setup(0x3ac5, &(0x7f0000000240)={0x0, 0x2ac7, 0x10300, 0x0, 0x1e8}, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r3, 0x0, r1})

1m18.087291054s ago: executing program 5 (id=4327):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
mkdir(&(0x7f0000000000)='./cgroup/../file0/file0\x00', 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

1m18.086420456s ago: executing program 2 (id=4328):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$unix(0x1, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
r4 = socket$unix(0x1, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r8)
socket$unix(0x1, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

1m17.838758041s ago: executing program 5 (id=4329):
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000009000000bb00000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff000000000000000000000000060000000401"], 0xfc}}, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00)

1m17.638417265s ago: executing program 5 (id=4331):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
ioctl$RTC_ALM_READ(r2, 0x40187013, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@deltfilter={0x34, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r5, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000)

1m17.359544886s ago: executing program 3 (id=4332):
r0 = socket$kcm(0x11, 0x2, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r1, 0x107, 0x12, &(0x7f00000000c0)=r0, 0x8)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000800)=@hci={0x1f, 0x0, 0x6}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000480)="d1", 0x1}], 0x1}, 0x4c081)

1m16.987912065s ago: executing program 0 (id=4333):
r0 = syz_open_procfs(0x0, &(0x7f00000006c0)='pagemap\x00')
lseek(r0, 0x7ffffffd, 0x1)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x0, 0x0, 0x5e, 0x200000000000, 0x100000000000006})
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r3, @ANYBLOB="0000000000000000b70500000800eaff840000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x2}, 0x94)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "3f60eb8f2777c39a", "5985e81ad0d9585bc175cbecd3f55eb699e3070cc206f3ba527c85bde06fbf19", "bc5ec28f", "b200"}, 0x38)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x4, &(0x7f0000000100)=@ccm_128={{0x303}, "228481a9465c8fec", "38967a2445914c2e5ab898a7f56a364a", "e6a245cf", "bff5b80e1f6fd131"}, 0x6)
close_range(r1, 0xffffffffffffffff, 0x0)

1m16.546506312s ago: executing program 3 (id=4334):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x41, 0x4800003e, r0, 0x0)
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r5, 0x0, 0x0, 0x1000f4)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
preadv2(r6, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

1m16.432789243s ago: executing program 2 (id=4335):
openat$nullb(0xffffff9c, &(0x7f0000000000), 0x187001, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0xfff7, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, &(0x7f0000000380))
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x42, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x1, 0x0, r4, 0x0}])
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
sendmsg$can_j1939(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x20, [0x6, 0x8, 0xfffffff3, 0x9, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x3, 0x40000000, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0xffff, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x3ff, 0x2, 0x24, 0x3, 0x3, 0x43, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x9, 0x80071, 0x5, 0xfffff000, 0x103, 0x0, 0x5, 0x803c, 0x4, 0x1, 0x3, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000007, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xfffffff8, 0x400, 0x101, 0x0, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x0, 0xffff, 0x2000002, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0xfffffff9, 0x4, 0xffffffff, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0xf, 0x88, 0x0, 0x5, 0x5, 0x3b, 0xda6, 0x5, 0x80, 0x3, 0xfffffffe, 0x202, 0x0, 0xa2, 0x7, 0x53cf697b, 0x1, 0x3, 0x54fe12d2, 0xbf, 0x200, 0x0, 0x400002, 0x8, 0x4, 0x5, 0xf23, 0x0, 0x6, 0xfffffffb, 0x9, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7fff, 0x8ffff, 0x6, 0x100002, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400007, 0xffffff9f, 0x5, 0x9, 0x8, 0x4, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x10000, 0xfffffffe, 0x8, 0x2b94, 0xa23, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c)
unshare(0x22020400)
r7 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4622, @empty}, 0x10)
sendmmsg$inet(r7, &(0x7f0000005240), 0x4000095, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a01040000000000000000010000001400048010000180090001006d6173710000000008000b40000000000900010073797a3000"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

1m16.30801343s ago: executing program 0 (id=4336):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x39}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a813", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3a00, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

1m15.437584997s ago: executing program 0 (id=4337):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x10)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
preadv(0xffffffffffffffff, &(0x7f0000000440)=[{0x0}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/130, 0x82}], 0x3, 0x5, 0x8000)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000a1800010000000009000000b7080000000000007baa00fe000000"], 0x0, 0x9}, 0x94)

1m15.30173284s ago: executing program 0 (id=4338):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8040)
r2 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000380))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000})
sendfile(r0, r0, 0x0, 0x24002de8)

1m15.158649011s ago: executing program 5 (id=4339):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x2, 0x3c, 0x0, 0x0, 0x2, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0xc2, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x4, 0xd}, @timestamp={0x8, 0xa, 0x3, 0x5}]}}}}}}}, 0x0)

1m13.968988366s ago: executing program 2 (id=4340):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
fspick(0xffffffffffffff9c, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

1m13.670864891s ago: executing program 5 (id=4341):
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000009000000bb00000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff000000000000000000000000060000000401"], 0xfc}}, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00)

49.9863945s ago: executing program 34 (id=4323):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x200, 0x0)
ioctl$RTC_ALM_READ(r2, 0x40187013, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {0xffff, 0xffff}, {0xfff0, 0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20048845}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001300)=@deltfilter={0x34, 0x2d, 0x5, 0x70bd2a, 0x25dfdbf9, {0x0, 0x0, 0x0, r6, {0xfff3, 0x9}, {0x2, 0xf}, {0x1, 0xfff2}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r7 = socket$inet6(0xa, 0x3, 0x6)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x208000})
ioctl$TIOCL_GETKMSGREDIRECT(r8, 0x4b3c, 0x0)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
socket(0x10, 0x80003, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r9 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r9, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)

30.980896892s ago: executing program 35 (id=4338):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8040)
r2 = gettid()
timer_create(0x0, &(0x7f00000003c0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000000380))
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000000)={0x2000, 0x19c000})
sendfile(r0, r0, 0x0, 0x24002de8)

19.456758902s ago: executing program 36 (id=4341):
socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x7}, 0x1c)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000009000000bb00000000000000000a000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f400002000000000000080000000000000000010000000000000044000500ac1414aa000000000000000000000000000000003c00000002000000ffffffff000000000000000000000000060000000401"], 0xfc}}, 0x0)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x20, 0x4001c00)

430.453781ms ago: executing program 37 (id=4340):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
fspick(0xffffffffffffff9c, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)

0s ago: executing program 38 (id=4334):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x41, 0x4800003e, r0, 0x0)
r5 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
fallocate(r5, 0x0, 0x0, 0x1000f4)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x147842, 0x49)
preadv2(r6, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

73'.
[ 1647.286322][T18344] team4: entered promiscuous mode
[ 1647.286340][T18344] team4: entered allmulticast mode
[ 1649.037956][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1649.997252][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1650.945203][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1650.977022][T18382] capability: warning: `syz.6.3382' uses 32-bit capabilities (legacy support in use)
[ 1652.248245][T18400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3385'.
[ 1652.297746][T18400] team3: entered promiscuous mode
[ 1652.297774][T18400] team3: entered allmulticast mode
[ 1653.066390][T15042] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1653.282621][T15042] usb 4-1: config 0 has no interfaces?
[ 1653.307331][T15042] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1653.307348][T15042] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1653.307358][T15042] usb 4-1: Product: syz
[ 1653.307365][T15042] usb 4-1: Manufacturer: syz
[ 1653.307372][T15042] usb 4-1: SerialNumber: syz
[ 1653.349909][T15042] usb 4-1: config 0 descriptor??
[ 1653.392372][  T989] usb 6-1: new low-speed USB device number 41 using dummy_hcd
[ 1653.596860][T18409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1653.601206][T18409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1653.695629][  T989] usb 6-1: No LPM exit latency info found, disabling LPM.
[ 1654.273229][  T989] usb 6-1: string descriptor 0 read error: -22
[ 1654.273391][  T989] usb 6-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1654.273413][  T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1654.292517][  T989] usb 6-1: config 0 descriptor??
[ 1654.450137][T18415] netlink: 'syz.6.3389': attribute type 21 has an invalid length.
[ 1656.993395][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1658.405223][T15042] usb 4-1: USB disconnect, device number 79
[ 1659.229498][  T989] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1659.231604][  T989] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1659.231635][  T989] dib0700: firmware download failed at 7 with -22
[ 1659.338372][  T989] usb 6-1: USB disconnect, device number 41
[ 1662.768118][T18477] vcan0: tx drop: invalid sa for name 0x0000000000000004
[ 1664.197452][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1664.391712][T18486] netlink: 'syz.5.3404': attribute type 21 has an invalid length.
[ 1664.821097][T18491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3402'.
[ 1664.821467][T18491] IPVS: Error joining to the multicast group
[ 1665.049400][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1665.993287][  T989] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1666.148583][  T989] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1666.148609][  T989] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1666.148628][  T989] usb 1-1: Product: syz
[ 1666.148640][  T989] usb 1-1: Manufacturer: syz
[ 1666.148653][  T989] usb 1-1: SerialNumber: syz
[ 1666.261793][  T989] usb 1-1: config 0 descriptor??
[ 1666.903795][  T989] usb 1-1: Firmware version (0.0) predates our first public release.
[ 1666.903811][  T989] usb 1-1: Please update to version 0.2 or newer
[ 1667.632964][  T989] usb 1-1: USB disconnect, device number 78
[ 1668.802601][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.802671][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1671.234298][T18556] netlink: 'syz.2.3427': attribute type 21 has an invalid length.
[ 1672.241759][T18568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3424'.
[ 1672.242102][T18568] IPVS: Error joining to the multicast group
[ 1672.378825][T18569] fuse: Bad value for 'group_id'
[ 1672.378838][T18569] fuse: Bad value for 'group_id'
[ 1673.218365][T18574] Invalid logical block size (7)
[ 1678.400422][T18617] netlink: 'syz.3.3441': attribute type 21 has an invalid length.
[ 1680.314608][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1680.334938][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1680.349943][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1680.360241][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1680.361627][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1682.224795][T18640] chnl_net:caif_netlink_parms(): no params data found
[ 1682.485454][ T5155] Bluetooth: hci2: command tx timeout
[ 1683.663031][   T31] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1684.462771][   T31] usb 3-1: Using ep0 maxpacket: 32
[ 1684.472736][   T31] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1684.472760][   T31] usb 3-1: config 0 has no interface number 0
[ 1684.591967][T18640] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1684.592392][T18640] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1684.593020][T18640] bridge_slave_0: entered allmulticast mode
[ 1684.595458][T18640] bridge_slave_0: entered promiscuous mode
[ 1684.597477][ T5155] Bluetooth: hci2: command tx timeout
[ 1684.598606][T18640] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1684.599074][T18640] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1684.599250][T18640] bridge_slave_1: entered allmulticast mode
[ 1684.661893][   T31] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1684.661914][   T31] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1684.661923][   T31] usb 3-1: Product: syz
[ 1684.661930][   T31] usb 3-1: Manufacturer: syz
[ 1684.661937][   T31] usb 3-1: SerialNumber: syz
[ 1684.703309][   T31] usb 3-1: config 0 descriptor??
[ 1684.706603][   T31] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1684.706617][   T31] usb 3-1: selecting invalid altsetting 1
[ 1684.706625][   T31] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1684.715234][T18640] bridge_slave_1: entered promiscuous mode
[ 1684.750755][   T31] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1684.751053][   T31] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1684.751084][   T31] usb 3-1: media controller created
[ 1684.802079][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1684.927276][T18673] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3450'.
[ 1684.967904][   T31] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1684.967958][   T31] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1684.968578][   T31] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1685.075180][T18673] IPVS: Error joining to the multicast group
[ 1685.144976][   T31] usb 3-1: USB disconnect, device number 75
[ 1685.395901][T18640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1685.398553][T18640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1685.752151][T18640] team0: Port device team_slave_0 added
[ 1685.778769][T18640] team0: Port device team_slave_1 added
[ 1686.322008][T18640] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1686.322024][T18640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1686.322049][T18640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1686.331311][T18640] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1686.331327][T18640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1686.331349][T18640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1686.633483][ T5155] Bluetooth: hci2: command tx timeout
[ 1686.730915][T18640] hsr_slave_0: entered promiscuous mode
[ 1686.740651][T18640] hsr_slave_1: entered promiscuous mode
[ 1686.741796][T18640] debugfs: 'hsr0' already exists in 'hsr'
[ 1686.741826][T18640] Cannot create hsr debugfs directory
[ 1688.549678][T18640] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1688.712430][ T5155] Bluetooth: hci2: command tx timeout
[ 1689.512431][T10274] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1689.772460][T10274] usb 4-1: Using ep0 maxpacket: 32
[ 1689.774597][T10274] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1689.774611][T10274] usb 4-1: config 0 has no interface number 0
[ 1689.776561][T10274] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1689.776575][T10274] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1689.776585][T10274] usb 4-1: Product: syz
[ 1689.776591][T10274] usb 4-1: Manufacturer: syz
[ 1689.776598][T10274] usb 4-1: SerialNumber: syz
[ 1689.779749][T10274] usb 4-1: config 0 descriptor??
[ 1690.751175][T10274] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1690.751192][T10274] usb 4-1: selecting invalid altsetting 1
[ 1690.751200][T10274] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1690.793669][T18640] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1690.900031][T10274] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1690.900454][T10274] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1690.900502][T10274] usb 4-1: media controller created
[ 1690.960822][T10274] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1691.013158][T10274] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1691.013211][T10274] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1691.013671][T10274] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1691.136261][T10274] usb 4-1: USB disconnect, device number 80
[ 1691.641621][T18640] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1692.143778][T18735] binder: 18734:18735 ioctl c0306201 200000000040 returned -14
[ 1692.144194][T18735] binder: 18734:18735 ioctl 40044591 0 returned -22
[ 1692.160089][T18640] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1692.939164][T18640] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1693.067961][T18640] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1693.407644][T18640] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1693.457735][T18640] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1694.063289][T18640] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1694.769802][T18640] 8021q: adding VLAN 0 to HW filter on device team0
[ 1694.999219][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1694.999372][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1695.001499][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1695.001581][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1695.372393][T15042] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 1695.522415][T15042] usb 1-1: Using ep0 maxpacket: 32
[ 1695.525375][T15042] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1695.525397][T15042] usb 1-1: config 0 has no interface number 0
[ 1695.530517][T15042] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1695.530533][T15042] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1695.530542][T15042] usb 1-1: Product: syz
[ 1695.530549][T15042] usb 1-1: Manufacturer: syz
[ 1695.530556][T15042] usb 1-1: SerialNumber: syz
[ 1695.584789][T15042] usb 1-1: config 0 descriptor??
[ 1695.624730][T15042] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1695.624753][T15042] usb 1-1: selecting invalid altsetting 1
[ 1695.624768][T15042] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1695.665556][T15042] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1695.665975][T15042] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1695.666022][T15042] usb 1-1: media controller created
[ 1695.832163][T15042] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1696.202748][T15042] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1696.202780][T15042] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1696.203098][T15042] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1696.277275][T18640] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1696.441182][T15042] usb 1-1: USB disconnect, device number 79
[ 1697.320315][T18803] netlink: 'syz.2.3480': attribute type 11 has an invalid length.
[ 1698.176130][T18640] veth0_vlan: entered promiscuous mode
[ 1698.232351][T18640] veth1_vlan: entered promiscuous mode
[ 1698.433262][T18640] veth0_macvtap: entered promiscuous mode
[ 1698.532125][T18640] veth1_macvtap: entered promiscuous mode
[ 1698.896528][T18640] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1698.954541][T18640] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1698.975863][ T8412] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1698.978269][ T8412] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1698.978309][ T8412] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1698.978341][ T8412] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1699.792582][ T7098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1699.792608][ T7098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1700.107516][ T7098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1700.107530][ T7098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1701.419771][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1701.695583][T18840] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3489'.
[ 1701.864020][T18840] team4: entered promiscuous mode
[ 1701.864038][T18840] team4: entered allmulticast mode
[ 1704.382655][T18885] random: crng reseeded on system resumption
[ 1704.841812][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1705.812145][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1705.993995][T18894] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3504'.
[ 1706.037867][T18894] team5: entered promiscuous mode
[ 1706.037884][T18894] team5: entered allmulticast mode
[ 1707.637945][T18907] netlink: 'syz.5.3509': attribute type 10 has an invalid length.
[ 1707.637967][T18907] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3509'.
[ 1708.417621][T18909] netlink: 'syz.0.3505': attribute type 21 has an invalid length.
[ 1711.184740][T18948] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3523'.
[ 1712.592580][T18980] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3528'.
[ 1712.819147][T18982] netlink: 'syz.2.3526': attribute type 21 has an invalid length.
[ 1716.372486][ T5923] usb 7-1: new low-speed USB device number 57 using dummy_hcd
[ 1716.547197][ T5923] usb 7-1: No LPM exit latency info found, disabling LPM.
[ 1716.593186][ T5923] usb 7-1: string descriptor 0 read error: -22
[ 1716.593341][ T5923] usb 7-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1716.593363][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1716.627385][ T5923] usb 7-1: config 0 descriptor??
[ 1718.602437][ T5923] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1718.635358][ T5923] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1718.635405][ T5923] dib0700: firmware download failed at 7 with -22
[ 1718.702231][ T5923] usb 7-1: USB disconnect, device number 57
[ 1719.224187][T19043] @: renamed from vlan0 (while UP)
[ 1720.052498][ T5923] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 1720.082790][T19040] netlink: 'syz.5.3547': attribute type 21 has an invalid length.
[ 1720.277511][T19061] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3552'.
[ 1720.503004][ T5923] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1720.503031][ T5923] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1720.503048][ T5923] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1720.503102][ T5923] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1720.578336][ T5923] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1720.578523][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1720.578719][ T5923] usb 1-1: Product: syz
[ 1720.578735][ T5923] usb 1-1: Manufacturer: syz
[ 1720.847975][ T5923] cdc_wdm 1-1:1.0: skipping garbage
[ 1720.847989][ T5923] cdc_wdm 1-1:1.0: skipping garbage
[ 1720.862722][ T5923] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[ 1720.862742][ T5923] cdc_wdm 1-1:1.0: Unknown control protocol
[ 1721.213275][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1722.460279][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1723.044578][T19073] fuse: Unknown parameter 'fd0000000000000000000001600000000000000000000'
[ 1724.091330][T19079] input: syz0 as /devices/virtual/input/input21
[ 1725.150368][T11998] usb 1-1: USB disconnect, device number 80
[ 1725.838828][T19088] binder: 19082:19088 unknown command 0
[ 1725.838841][T19088] binder: 19082:19088 ioctl c0306201 200000000080 returned -22
[ 1726.157791][T19101] netlink: 'syz.6.3563': attribute type 21 has an invalid length.
[ 1726.602563][T19088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3558'.
[ 1728.068984][T19125] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3570'.
[ 1728.534655][T19131] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1728.883630][T19144] input: syz0 as /devices/virtual/input/input22
[ 1729.014582][T19133] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3572'.
[ 1729.020597][T19133] net_ratelimit: 10 callbacks suppressed
[ 1729.020613][T19133] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1729.827417][T19158] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.3581'.
[ 1730.247278][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.247323][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.926777][T19174] netlink: 'syz.2.3582': attribute type 21 has an invalid length.
[ 1731.648549][T19156] binder: 19151:19156 unknown command 0
[ 1731.648562][T19156] binder: 19151:19156 ioctl c0306201 200000000080 returned -22
[ 1733.731994][T19190] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1734.139229][T19196] input: syz0 as /devices/virtual/input/input23
[ 1734.512403][T11998] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1734.544043][T19206] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1734.662466][T11998] usb 6-1: Using ep0 maxpacket: 32
[ 1734.665407][T11998] usb 6-1: config index 0 descriptor too short (expected 16373, got 27)
[ 1734.665432][T11998] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1734.665449][T11998] usb 6-1: config 0 has no interfaces?
[ 1734.665477][T11998] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1734.665497][T11998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1734.766803][T11998] usb 6-1: config 0 descriptor??
[ 1738.543293][T11998] usb 6-1: USB disconnect, device number 42
[ 1738.652403][ T5923] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 1738.802463][ T5923] usb 1-1: Using ep0 maxpacket: 32
[ 1738.809252][ T5923] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1738.809275][ T5923] usb 1-1: config 0 has no interface number 0
[ 1738.814201][ T5923] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1738.814224][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1738.814241][ T5923] usb 1-1: Product: syz
[ 1738.814253][ T5923] usb 1-1: Manufacturer: syz
[ 1738.814266][ T5923] usb 1-1: SerialNumber: syz
[ 1738.832968][ T5923] usb 1-1: config 0 descriptor??
[ 1738.859722][ T5923] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1738.859743][ T5923] usb 1-1: selecting invalid altsetting 1
[ 1738.859757][ T5923] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1738.880556][ T5923] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1738.880942][ T5923] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1738.880986][ T5923] usb 1-1: media controller created
[ 1739.028260][T19223] binder: 19219:19223 unknown command 0
[ 1739.028279][T19223] binder: 19219:19223 ioctl c0306201 200000000080 returned -22
[ 1739.059630][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1739.188169][ T5923] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1739.188225][ T5923] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1739.188719][ T5923] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1739.224777][T19245] input: syz0 as /devices/virtual/input/input24
[ 1739.356260][T19220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3597'.
[ 1739.504785][ T5923] usb 1-1: USB disconnect, device number 81
[ 1739.524204][T19247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1742.752497][T19287] netlink: 'syz.3.3614': attribute type 11 has an invalid length.
[ 1742.896167][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1743.263412][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1744.222075][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1744.708968][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1744.730361][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1744.753415][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1744.757476][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1744.762062][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1745.013581][ T7862] bond0: (slave syz_tun): Releasing backup interface
[ 1745.305752][T19303] input: syz0 as /devices/virtual/input/input25
[ 1746.178577][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.211788][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.429282][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.678368][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.778757][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.839089][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1746.872628][ T5155] Bluetooth: hci3: command tx timeout
[ 1747.947284][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888141fef800: rx timeout, send abort
[ 1747.947470][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888141fef400: rx timeout, send abort
[ 1747.951005][   T57] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1748.122615][T11998] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1748.182642][T19307] binder: 19305:19307 unknown command 0
[ 1748.182661][T19307] binder: 19305:19307 ioctl c0306201 200000000080 returned -22
[ 1748.235145][T19308] binder_alloc: 19305: binder_alloc_buf, no vma
[ 1748.235592][T19308] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3618'.
[ 1748.282442][T11998] usb 1-1: Using ep0 maxpacket: 32
[ 1748.285221][T11998] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1748.285243][T11998] usb 1-1: config 0 has no interface number 0
[ 1748.287936][T11998] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1748.287960][T11998] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1748.287978][T11998] usb 1-1: Product: syz
[ 1748.287990][T11998] usb 1-1: Manufacturer: syz
[ 1748.288002][T11998] usb 1-1: SerialNumber: syz
[ 1748.357569][T11998] usb 1-1: config 0 descriptor??
[ 1748.369772][T11998] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1748.369788][T11998] usb 1-1: selecting invalid altsetting 1
[ 1748.369796][T11998] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1748.399421][T11998] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1748.399716][T11998] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1748.399747][T11998] usb 1-1: media controller created
[ 1748.438124][T11998] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1748.447368][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888141fef800: abort rx timeout. Force session deactivation
[ 1748.448236][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888141fef400: abort rx timeout. Force session deactivation
[ 1748.567797][T11998] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1748.567830][T11998] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1748.569134][T11998] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1748.628242][T11998] usb 1-1: USB disconnect, device number 82
[ 1748.772685][   T57] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1748.952350][ T5155] Bluetooth: hci3: command tx timeout
[ 1750.375991][   T57] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1750.969218][T19343] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3627'.
[ 1751.032388][ T5155] Bluetooth: hci3: command tx timeout
[ 1751.186147][   T57] bond0: (slave netdevsim0): Releasing backup interface
[ 1751.248173][   T57] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1752.719335][T19363] input: syz0 as /devices/virtual/input/input26
[ 1752.731440][T19297] chnl_net:caif_netlink_parms(): no params data found
[ 1753.123720][ T5155] Bluetooth: hci3: command tx timeout
[ 1753.776816][   T57] bridge_slave_1: left allmulticast mode
[ 1753.776838][   T57] bridge_slave_1: left promiscuous mode
[ 1753.776998][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1753.913858][   T57] bridge_slave_0: left allmulticast mode
[ 1753.913880][   T57] bridge_slave_0: left promiscuous mode
[ 1753.914049][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1754.481042][T19376] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1754.908109][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1755.382439][ T5923] usb 7-1: new low-speed USB device number 58 using dummy_hcd
[ 1755.656126][ T5923] usb 7-1: No LPM exit latency info found, disabling LPM.
[ 1755.663212][ T5923] usb 7-1: string descriptor 0 read error: -22
[ 1755.663364][ T5923] usb 7-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1755.663385][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1755.727667][ T5923] usb 7-1: config 0 descriptor??
[ 1755.796839][   T57] bond1 (unregistering): (slave ip6gretap1): Releasing backup interface
[ 1755.796940][   T57] bond1 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - d2:39:f7:fa:2b:0a - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[ 1758.321229][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.391792][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.826289][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1758.999539][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.224442][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1759.337634][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1759.384677][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1759.407517][   T57] bond0 (unregistering): Released all slaves
[ 1759.495922][   T57] bond1 (unregistering): (slave veth3): Releasing backup interface
[ 1759.557428][   T57] bond1 (unregistering): Released all slaves
[ 1760.129060][ T5923] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1760.131572][ T5923] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1760.131601][ T5923] dib0700: firmware download failed at 7 with -22
[ 1760.172836][ T5923] usb 7-1: USB disconnect, device number 58
[ 1760.372996][   T57] : left promiscuous mode
[ 1760.931012][   T57] : left promiscuous mode
[ 1761.015281][T19424] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3643'.
[ 1761.169124][T19297] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1761.169348][T19297] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1761.169647][T19297] bridge_slave_0: entered allmulticast mode
[ 1761.202399][T19297] bridge_slave_0: entered promiscuous mode
[ 1761.230462][T19297] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1761.230603][T19297] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1761.230849][T19297] bridge_slave_1: entered allmulticast mode
[ 1761.257118][T19297] bridge_slave_1: entered promiscuous mode
[ 1761.678111][   T57] tipc: Left network mode
[ 1761.926480][T19297] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1762.089562][T19432] fuse: Bad value for 'user_id'
[ 1762.089581][T19432] fuse: Bad value for 'user_id'
[ 1762.128072][T19297] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1762.406485][T19439] input: syz0 as /devices/virtual/input/input27
[ 1764.387093][T19297] team0: Port device team_slave_0 added
[ 1764.391649][T19297] team0: Port device team_slave_1 added
[ 1765.188907][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1765.344324][T19459] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3650'.
[ 1766.020417][T19297] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1766.020428][T19297] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1766.020442][T19297] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1766.592958][   T57] hsr_slave_0: left promiscuous mode
[ 1767.320497][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1767.414654][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1767.444430][   T57] hsr_slave_1: left promiscuous mode
[ 1767.445400][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1767.445429][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1767.483055][   T57] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1767.483076][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1767.792994][   T57] veth1_macvtap: left promiscuous mode
[ 1767.793069][   T57] veth0_macvtap: left promiscuous mode
[ 1768.363427][ T1217] usb 4-1: new low-speed USB device number 81 using dummy_hcd
[ 1768.525095][ T1217] usb 4-1: No LPM exit latency info found, disabling LPM.
[ 1768.529174][ T1217] usb 4-1: string descriptor 0 read error: -22
[ 1768.529280][ T1217] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1768.529293][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1768.533151][ T1217] usb 4-1: config 0 descriptor??
[ 1770.063053][   T57] team0 (unregistering): Port device team_slave_1 removed
[ 1770.222884][   T57] team0 (unregistering): Port device team_slave_0 removed
[ 1772.321985][T19297] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1772.322001][T19297] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1772.322026][T19297] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1772.573410][ T1217] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1772.574621][ T1217] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1772.574646][ T1217] dib0700: firmware download failed at 7 with -22
[ 1772.651695][ T1217] usb 4-1: USB disconnect, device number 81
[ 1773.602178][T19297] hsr_slave_0: entered promiscuous mode
[ 1773.606606][T19297] hsr_slave_1: entered promiscuous mode
[ 1773.609725][T19297] debugfs: 'hsr0' already exists in 'hsr'
[ 1773.609751][T19297] Cannot create hsr debugfs directory
[ 1773.897225][T19508] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3659'.
[ 1775.289722][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804cec6800: rx timeout, send abort
[ 1775.789801][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804cec6800: abort rx timeout. Force session deactivation
[ 1776.076611][T19528] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.3662'.
[ 1780.287136][T19297] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1780.390371][T19297] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1780.494703][T19297] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1780.609604][T19297] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1781.983877][T19582] fuse: Bad value for 'fd'
[ 1783.053941][T19297] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1783.219218][T19297] 8021q: adding VLAN 0 to HW filter on device team0
[ 1783.244095][T19599] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3674'.
[ 1783.379154][T16863] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1783.379320][T16863] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1783.450365][T16863] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1783.450453][T16863] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1784.955027][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805d172800: rx timeout, send abort
[ 1786.292031][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805d172800: abort rx timeout. Force session deactivation
[ 1786.906917][T19297] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1787.162446][T11998] usb 1-1: new low-speed USB device number 83 using dummy_hcd
[ 1787.344998][T11998] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1787.454704][T11998] usb 1-1: string descriptor 0 read error: -22
[ 1787.454857][T11998] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1787.454875][T11998] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1787.474882][T11998] usb 1-1: config 0 descriptor??
[ 1788.428523][T19657] fuse: Bad value for 'fd'
[ 1788.458149][T19297] veth0_vlan: entered promiscuous mode
[ 1788.531255][T19297] veth1_vlan: entered promiscuous mode
[ 1788.827472][T19297] veth0_macvtap: entered promiscuous mode
[ 1790.322831][T19297] veth1_macvtap: entered promiscuous mode
[ 1790.669398][T11998] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1790.671547][T11998] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1790.671592][T11998] dib0700: firmware download failed at 7 with -22
[ 1790.688491][T11998] usb 1-1: USB disconnect, device number 83
[ 1791.278247][T19297] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1791.349514][T19297] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1791.386261][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1791.387688][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1791.518365][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1791.545826][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1791.677617][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1791.677663][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1792.878446][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1792.880626][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1793.510879][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1793.510900][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1794.294273][T19712] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3689'.
[ 1794.623993][T19716] netlink: 'syz.5.3613': attribute type 21 has an invalid length.
[ 1796.225346][T19723] binder: 19722:19723 unknown command 0
[ 1796.225359][T19723] binder: 19722:19723 ioctl c0306201 200000000080 returned -22
[ 1796.327451][T19725] binder_alloc: 19722: binder_alloc_buf, no vma
[ 1796.332380][T19725] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3692'.
[ 1797.057360][ T5931] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1797.168844][T19744] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3698'.
[ 1797.172082][T19744] IPVS: Error joining to the multicast group
[ 1798.073620][ T5931] usb 4-1: Using ep0 maxpacket: 32
[ 1798.075255][ T5931] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1798.075270][ T5931] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1798.075280][ T5931] usb 4-1: config 1 has an invalid descriptor of length 63, skipping remainder of the config
[ 1798.075290][ T5931] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1798.075301][ T5931] usb 4-1: config 1 has no interface number 0
[ 1798.075327][ T5931] usb 4-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[ 1798.075348][ T5931] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1798.075359][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1798.373551][ T5931] usb 4-1: string descriptor 0 read error: -71
[ 1798.415099][ T5931] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[ 1798.420989][ T5931] snd_usb_pod 4-1:1.1: set_interface failed
[ 1798.421300][ T5931] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[ 1798.421514][ T5931] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1798.545772][ T5931] usb 4-1: USB disconnect, device number 82
[ 1798.765564][ T1217] usb 6-1: new low-speed USB device number 43 using dummy_hcd
[ 1799.039480][ T1217] usb 6-1: No LPM exit latency info found, disabling LPM.
[ 1799.101486][ T1217] usb 6-1: string descriptor 0 read error: -22
[ 1799.101636][ T1217] usb 6-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1799.101658][ T1217] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1799.150866][ T1217] usb 6-1: config 0 descriptor??
[ 1799.685746][T19769] fuse: Bad value for 'fd'
[ 1804.102656][ T5155] Bluetooth: hci2: command 0x0406 tx timeout
[ 1804.233631][ T1217] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1804.237287][ T1217] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1804.237316][ T1217] dib0700: firmware download failed at 7 with -22
[ 1804.522856][T16341] usb 6-1: USB disconnect, device number 43
[ 1805.585415][T19803] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3710'.
[ 1805.588626][T19803] IPVS: Error joining to the multicast group
[ 1806.233474][T19799] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3708'.
[ 1806.642399][ T9204] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[ 1806.805956][ T9204] usb 6-1: Using ep0 maxpacket: 32
[ 1806.811444][ T9204] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1806.811471][ T9204] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1806.811488][ T9204] usb 6-1: config 1 has an invalid descriptor of length 63, skipping remainder of the config
[ 1806.811506][ T9204] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1806.811523][ T9204] usb 6-1: config 1 has no interface number 0
[ 1806.811576][ T9204] usb 6-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 17
[ 1806.811618][ T9204] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1806.811639][ T9204] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1807.105628][T19816] fuse: Bad value for 'fd'
[ 1807.188135][ T9204] usb 6-1: string descriptor 0 read error: -71
[ 1807.208179][ T9204] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1807.220470][ T9204] snd_usb_pod 6-1:1.1: set_interface failed
[ 1807.220657][ T9204] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1807.220779][ T9204] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -71
[ 1807.266328][ T9204] usb 6-1: USB disconnect, device number 44
[ 1807.870294][T19792] binder: 19789:19792 unknown command 0
[ 1807.870314][T19792] binder: 19789:19792 ioctl c0306201 200000000080 returned -22
[ 1807.989430][T19798] binder_alloc: 19789: binder_alloc_buf, no vma
[ 1807.991051][T19798] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3709'.
[ 1810.242906][ T9204] usb 4-1: new low-speed USB device number 83 using dummy_hcd
[ 1810.416414][ T9204] usb 4-1: No LPM exit latency info found, disabling LPM.
[ 1810.448742][ T9204] usb 4-1: string descriptor 0 read error: -22
[ 1810.448834][ T9204] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1810.448845][ T9204] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1810.477018][ T9204] usb 4-1: config 0 descriptor??
[ 1812.331723][T19851] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3723'.
[ 1812.332115][T19851] IPVS: Error joining to the multicast group
[ 1813.116176][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1814.016232][T19865] fuse: Bad value for 'fd'
[ 1814.210053][ T9204] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1814.211299][ T9204] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1814.211328][ T9204] dib0700: firmware download failed at 7 with -22
[ 1814.251418][ T9204] usb 4-1: USB disconnect, device number 83
[ 1814.806093][  T989] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[ 1814.972375][  T989] usb 6-1: Using ep0 maxpacket: 32
[ 1814.975267][  T989] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1814.975298][  T989] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1814.975316][  T989] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1814.975336][  T989] usb 6-1: config 1 has no interface number 0
[ 1814.975398][  T989] usb 6-1: config 1 interface 1 altsetting 0 has an endpoint descriptor with address 0xF5, changing to 0x85
[ 1814.975421][  T989] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1814.975445][  T989] usb 6-1: config 1 interface 1 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1814.975465][  T989] usb 6-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1814.975504][  T989] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1814.975525][  T989] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1815.168492][  T989] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[ 1815.190662][  T989] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[ 1815.191078][  T989] snd_usb_pod 6-1:1.1: invalid control EP
[ 1815.191092][  T989] snd_usb_pod 6-1:1.1: cannot start listening: -22
[ 1815.215874][  T989] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[ 1815.216451][  T989] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1815.380542][T19882] netlink: 'syz.6.3731': attribute type 11 has an invalid length.
[ 1815.413953][ T9204] usb 6-1: USB disconnect, device number 45
[ 1816.392948][ T9204] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[ 1816.672332][ T9204] usb 6-1: Using ep0 maxpacket: 32
[ 1816.676040][ T9204] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1816.676064][ T9204] usb 6-1: config 0 has no interface number 0
[ 1816.684536][ T9204] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1816.684564][ T9204] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1816.684583][ T9204] usb 6-1: Product: syz
[ 1816.684611][ T9204] usb 6-1: Manufacturer: syz
[ 1816.684623][ T9204] usb 6-1: SerialNumber: syz
[ 1816.763870][T19896] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3735'.
[ 1816.764266][T19896] IPVS: Error joining to the multicast group
[ 1817.673743][ T9204] usb 6-1: config 0 descriptor??
[ 1817.696196][ T9204] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1817.696219][ T9204] usb 6-1: selecting invalid altsetting 1
[ 1817.696234][ T9204] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1817.771616][ T9204] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1817.772174][ T9204] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1817.772225][ T9204] usb 6-1: media controller created
[ 1817.905440][ T9204] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1818.023893][ T9204] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1818.023945][ T9204] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1818.024517][ T9204] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1818.541028][ T9204] usb 6-1: USB disconnect, device number 46
[ 1818.623285][T19908] fuse: Invalid rootmode
[ 1819.258447][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803711e000: rx timeout, send abort
[ 1819.758524][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803711e000: abort rx timeout. Force session deactivation
[ 1820.132387][   T10] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1820.292432][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1820.294920][   T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1820.294944][   T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1820.294963][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1820.294982][   T10] usb 3-1: config 1 has no interface number 0
[ 1820.295027][   T10] usb 3-1: config 1 interface 1 altsetting 0 has an endpoint descriptor with address 0xF5, changing to 0x85
[ 1820.295052][   T10] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1820.295074][   T10] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 1820.295095][   T10] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1820.295134][   T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1820.295154][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1820.312503][ T9204] usb 4-1: new low-speed USB device number 84 using dummy_hcd
[ 1820.316867][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1820.430770][T19930] netlink: 'syz.0.3746': attribute type 11 has an invalid length.
[ 1820.497742][ T9204] usb 4-1: No LPM exit latency info found, disabling LPM.
[ 1820.513085][   T10] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[ 1820.521249][   T10] snd_usb_pod 3-1:1.1: invalid control EP
[ 1820.521261][   T10] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1820.561375][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1820.597740][ T9204] usb 4-1: string descriptor 0 read error: -22
[ 1820.597834][ T9204] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1820.597846][ T9204] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1820.609644][ T9204] usb 4-1: config 0 descriptor??
[ 1820.640149][   T10] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1820.763693][   T10] usb 3-1: USB disconnect, device number 76
[ 1821.521654][T19938] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3747'.
[ 1821.522039][T19938] IPVS: Error joining to the multicast group
[ 1822.488770][T19943] fuse: Invalid rootmode
[ 1825.722797][ T9204] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1825.731742][ T9204] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1825.742587][ T9204] dib0700: firmware download failed at 7 with -22
[ 1825.803586][ T9204] usb 4-1: USB disconnect, device number 84
[ 1826.636079][T19973] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3756'.
[ 1827.482510][ T5931] usb 7-1: new high-speed USB device number 59 using dummy_hcd
[ 1827.722357][    C1] vcan0: j1939_tp_rxtimer: 0xffff888036947c00: rx timeout, send abort
[ 1827.772419][ T5931] usb 7-1: Using ep0 maxpacket: 32
[ 1827.774886][ T5931] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1827.774908][ T5931] usb 7-1: config 0 has no interface number 0
[ 1827.782625][ T5931] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1827.782649][ T5931] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1827.782668][ T5931] usb 7-1: Product: syz
[ 1827.782682][ T5931] usb 7-1: Manufacturer: syz
[ 1827.782695][ T5931] usb 7-1: SerialNumber: syz
[ 1828.222578][    C1] vcan0: j1939_tp_rxtimer: 0xffff888036947c00: abort rx timeout. Force session deactivation
[ 1828.429381][ T5931] usb 7-1: config 0 descriptor??
[ 1828.656885][ T5931] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1828.656910][ T5931] usb 7-1: selecting invalid altsetting 1
[ 1828.656926][ T5931] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1828.693795][ T5931] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1828.694231][ T5931] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1828.694281][ T5931] usb 7-1: media controller created
[ 1828.831527][ T5931] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1828.895666][ T5931] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1828.895721][ T5931] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1828.896173][ T5931] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1828.938333][T19992] netlink: 'syz.0.3761': attribute type 11 has an invalid length.
[ 1828.998094][ T5931] usb 7-1: USB disconnect, device number 59
[ 1829.012539][T19991] input: syz0 as /devices/virtual/input/input28
[ 1829.188752][T19995] fuse: Invalid rootmode
[ 1830.511473][T20008] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3768'.
[ 1830.882418][ T5931] usb 1-1: new low-speed USB device number 84 using dummy_hcd
[ 1831.044783][ T5931] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1831.051773][ T5931] usb 1-1: string descriptor 0 read error: -22
[ 1831.051865][ T5931] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1831.051877][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1831.112961][ T5931] usb 1-1: config 0 descriptor??
[ 1831.330844][ T5931] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1831.353762][ T5931] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1831.353809][ T5931] dib0700: firmware download failed at 7 with -22
[ 1831.561587][ T5931] usb 1-1: USB disconnect, device number 84
[ 1832.683107][T20029] @: renamed from vlan0 (while UP)
[ 1832.889794][T20035] fuse: Bad value for 'rootmode'
[ 1833.164026][T20040] input: syz0 as /devices/virtual/input/input29
[ 1833.346945][ T9204] usb 7-1: new high-speed USB device number 60 using dummy_hcd
[ 1833.489552][T20045] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3780'.
[ 1833.507949][ T9204] usb 7-1: Using ep0 maxpacket: 32
[ 1833.510858][ T9204] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1833.510881][ T9204] usb 7-1: config 0 has no interface number 0
[ 1833.542700][ T9204] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1833.542717][ T9204] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1833.542727][ T9204] usb 7-1: Product: syz
[ 1833.542735][ T9204] usb 7-1: Manufacturer: syz
[ 1833.542742][ T9204] usb 7-1: SerialNumber: syz
[ 1833.558128][ T9204] usb 7-1: config 0 descriptor??
[ 1833.592826][ T9204] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1833.592842][ T9204] usb 7-1: selecting invalid altsetting 1
[ 1833.592850][ T9204] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1833.635053][ T9204] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1833.635470][ T9204] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1833.635526][ T9204] usb 7-1: media controller created
[ 1833.712780][ T9204] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1833.772760][ T9204] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1833.772815][ T9204] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1833.773268][ T9204] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1833.846175][T20053] netlink: 'syz.5.3781': attribute type 11 has an invalid length.
[ 1833.910069][ T9204] usb 7-1: USB disconnect, device number 60
[ 1835.962466][ T1217] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1836.044956][T20074] fuse: Bad value for 'rootmode'
[ 1836.112446][ T1217] usb 3-1: Using ep0 maxpacket: 32
[ 1836.114265][ T1217] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1836.114279][ T1217] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1836.114290][ T1217] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1836.114300][ T1217] usb 3-1: config 1 has no interface number 0
[ 1836.114328][ T1217] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1836.114340][ T1217] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1836.114362][ T1217] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1836.114374][ T1217] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1836.129703][ T1217] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1836.331530][ T1217] snd_usb_pod 3-1:1.1: invalid control EP
[ 1836.331543][ T1217] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1836.331724][ T1217] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1836.332027][ T1217] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1836.573927][   T10] usb 6-1: new low-speed USB device number 47 using dummy_hcd
[ 1836.580080][ T5923] usb 3-1: USB disconnect, device number 77
[ 1836.621508][T20078] input: syz0 as /devices/virtual/input/input30
[ 1836.744795][   T10] usb 6-1: No LPM exit latency info found, disabling LPM.
[ 1836.750989][   T10] usb 6-1: string descriptor 0 read error: -22
[ 1836.751154][   T10] usb 6-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1836.751176][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1836.793435][   T10] usb 6-1: config 0 descriptor??
[ 1837.109989][   T10] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1837.111230][   T10] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1837.111256][   T10] dib0700: firmware download failed at 7 with -22
[ 1837.159632][   T10] usb 6-1: USB disconnect, device number 47
[ 1837.242673][T20091] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3792'.
[ 1838.054004][   T10] usb 7-1: new high-speed USB device number 61 using dummy_hcd
[ 1838.842452][   T10] usb 7-1: Using ep0 maxpacket: 32
[ 1838.851006][   T10] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1838.851030][   T10] usb 7-1: config 0 has no interface number 0
[ 1838.872866][   T10] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1838.872893][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1838.872909][   T10] usb 7-1: Product: syz
[ 1838.872920][   T10] usb 7-1: Manufacturer: syz
[ 1838.872930][   T10] usb 7-1: SerialNumber: syz
[ 1838.918589][T20106] netlink: 'syz.2.3797': attribute type 11 has an invalid length.
[ 1838.935909][   T10] usb 7-1: config 0 descriptor??
[ 1838.969387][   T10] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1838.969404][   T10] usb 7-1: selecting invalid altsetting 1
[ 1838.969413][   T10] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1839.002994][   T10] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1839.004442][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1839.004475][   T10] usb 7-1: media controller created
[ 1839.058556][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1839.183036][   T10] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1839.183089][   T10] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1839.183596][   T10] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1839.379704][   T10] usb 7-1: USB disconnect, device number 61
[ 1839.626993][T20114] fuse: Bad value for 'rootmode'
[ 1840.192080][T20126] input: syz0 as /devices/virtual/input/input31
[ 1840.805017][T20129] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3803'.
[ 1844.226129][T20167] netlink: 'syz.3.3810': attribute type 11 has an invalid length.
[ 1844.832452][   T10] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1845.012521][   T10] usb 3-1: Using ep0 maxpacket: 32
[ 1845.015223][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1845.015247][   T10] usb 3-1: config 0 has no interface number 0
[ 1845.017450][   T10] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1845.017464][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1845.017474][   T10] usb 3-1: Product: syz
[ 1845.017481][   T10] usb 3-1: Manufacturer: syz
[ 1845.017488][   T10] usb 3-1: SerialNumber: syz
[ 1845.021164][   T10] usb 3-1: config 0 descriptor??
[ 1845.099307][   T10] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1845.099325][   T10] usb 3-1: selecting invalid altsetting 1
[ 1845.099333][   T10] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1845.102190][   T10] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1845.134906][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1845.134941][   T10] usb 3-1: media controller created
[ 1845.165654][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1845.270655][    C1] vcan0: j1939_tp_rxtimer: 0xffff888028e12800: rx timeout, send abort
[ 1845.534403][   T10] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1845.534458][   T10] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1845.534929][   T10] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1845.756156][T20162] netlink: 'syz.5.3809': attribute type 21 has an invalid length.
[ 1845.765092][   T10] usb 3-1: USB disconnect, device number 78
[ 1845.770784][    C1] vcan0: j1939_tp_rxtimer: 0xffff888028e12800: abort rx timeout. Force session deactivation
[ 1845.875872][T20179] fuse: Unknown parameter 'use00000000000000000000'
[ 1846.183511][T20182] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3815'.
[ 1847.821262][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1847.872180][T20186] binder: 20183:20186 unknown command 0
[ 1847.872195][T20186] binder: 20183:20186 ioctl c0306201 200000000080 returned -22
[ 1848.658714][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1849.600259][T20225] input: syz0 as /devices/virtual/input/input32
[ 1849.721675][T20229] netlink: 'syz.2.3824': attribute type 11 has an invalid length.
[ 1850.019021][T20232] fuse: Unknown parameter 'use00000000000000000000'
[ 1850.546729][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1851.529857][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1851.724520][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1852.152707][T20246] netlink: 68 bytes leftover after parsing attributes in process `syz.6.3828'.
[ 1852.515262][  T989] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1852.742372][  T989] usb 6-1: Using ep0 maxpacket: 32
[ 1852.759008][  T989] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[ 1852.759031][  T989] usb 6-1: config 0 has no interface number 0
[ 1852.762528][  T989] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1852.762554][  T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1852.762571][  T989] usb 6-1: Product: syz
[ 1852.762584][  T989] usb 6-1: Manufacturer: syz
[ 1852.762597][  T989] usb 6-1: SerialNumber: syz
[ 1852.832943][  T989] usb 6-1: config 0 descriptor??
[ 1852.935081][  T989] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1852.935098][  T989] usb 6-1: selecting invalid altsetting 1
[ 1852.935106][  T989] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1853.148478][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1853.148531][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1854.047877][  T989] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1854.048313][  T989] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1854.048361][  T989] usb 6-1: media controller created
[ 1854.300310][  T989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1854.383111][  T989] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1854.383239][  T989] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1854.414524][  T989] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1854.532435][ T1217] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1854.684753][ T1217] usb 3-1: Using ep0 maxpacket: 32
[ 1854.687916][ T1217] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1854.687940][ T1217] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1854.687959][ T1217] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1854.687978][ T1217] usb 3-1: config 1 has no interface number 0
[ 1854.688023][ T1217] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1854.688048][ T1217] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1854.688087][ T1217] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1854.688108][ T1217] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1854.704863][  T989] usb 6-1: USB disconnect, device number 48
[ 1854.741100][ T1217] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1854.945313][ T1217] snd_usb_pod 3-1:1.1: invalid control EP
[ 1854.945332][ T1217] snd_usb_pod 3-1:1.1: cannot start listening: -22
[ 1854.945627][ T1217] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1854.946163][ T1217] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[ 1855.253904][   T10] usb 3-1: USB disconnect, device number 79
[ 1855.359018][T20284] netlink: 'syz.5.3837': attribute type 11 has an invalid length.
[ 1855.880316][T20291] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3840'.
[ 1855.932382][  T989] usb 7-1: new low-speed USB device number 62 using dummy_hcd
[ 1856.150137][  T989] usb 7-1: No LPM exit latency info found, disabling LPM.
[ 1856.194192][  T989] usb 7-1: string descriptor 0 read error: -22
[ 1856.195218][  T989] usb 7-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1856.195241][  T989] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1856.232026][  T989] usb 7-1: config 0 descriptor??
[ 1856.331087][T20268] binder: 20262:20268 unknown command 0
[ 1856.331101][T20268] binder: 20262:20268 ioctl c0306201 200000000080 returned -22
[ 1860.260898][T20314] input: syz0 as /devices/virtual/input/input33
[ 1861.850526][  T989] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1861.851783][  T989] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1861.851819][  T989] dib0700: firmware download failed at 7 with -22
[ 1861.946261][  T989] usb 7-1: USB disconnect, device number 62
[ 1863.690138][T20346] netlink: 'syz.5.3850': attribute type 11 has an invalid length.
[ 1863.922627][T20349] netlink: 68 bytes leftover after parsing attributes in process `syz.3.3851'.
[ 1864.457360][T20351] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1867.606679][T20375] netlink: 'syz.5.3856': attribute type 21 has an invalid length.
[ 1868.426527][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803a0c1c00: rx timeout, send abort
[ 1868.520963][ T1217] usb 7-1: new high-speed USB device number 63 using dummy_hcd
[ 1868.712389][ T1217] usb 7-1: Using ep0 maxpacket: 32
[ 1868.714619][ T1217] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1868.714635][ T1217] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1868.714645][ T1217] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1868.714656][ T1217] usb 7-1: config 1 has no interface number 0
[ 1868.714686][ T1217] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1868.714699][ T1217] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 10229, setting to 1024
[ 1868.714711][ T1217] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1868.714734][ T1217] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1868.714745][ T1217] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1868.719882][T20384] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1868.876049][ T1217] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[ 1868.926595][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803a0c1c00: abort rx timeout. Force session deactivation
[ 1869.091395][T20384] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1869.101142][ T1217] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now attached
[ 1869.308554][   T10] usb 7-1: USB disconnect, device number 63
[ 1869.311642][   T10] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[ 1869.992717][T20407] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1871.126549][ T5155] Bluetooth: hci3: command 0x0406 tx timeout
[ 1871.958407][T20427] input: syz0 as /devices/virtual/input/input34
[ 1873.878079][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1873.879164][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804b69c400: rx timeout, send abort
[ 1874.379283][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804b69c400: abort rx timeout. Force session deactivation
[ 1875.582378][   T31] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[ 1875.842499][   T31] usb 1-1: Using ep0 maxpacket: 32
[ 1875.844089][   T31] usb 1-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1875.844104][   T31] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1875.844114][   T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1875.844125][   T31] usb 1-1: config 1 has no interface number 0
[ 1875.844150][   T31] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1875.844163][   T31] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 10229, setting to 1024
[ 1875.844176][   T31] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1875.844197][   T31] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1875.844208][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1875.848573][T20447] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1875.857589][   T31] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found
[ 1875.930072][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1876.447201][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1876.663681][T20447] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1876.681721][   T31] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now attached
[ 1876.873215][ T1217] usb 1-1: USB disconnect, device number 85
[ 1876.874688][ T1217] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected
[ 1877.516261][T20462] netlink: 'syz.3.3879': attribute type 21 has an invalid length.
[ 1881.511410][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804b0df400: rx timeout, send abort
[ 1881.965484][T20506] input: syz0 as /devices/virtual/input/input35
[ 1882.011483][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804b0df400: abort rx timeout. Force session deactivation
[ 1883.331909][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1884.755223][ T1217] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1885.453671][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1885.602818][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1885.796567][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1885.872149][ T1217] usb 3-1: Using ep0 maxpacket: 32
[ 1885.894964][ T1217] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1885.894980][ T1217] usb 3-1: config 0 has no interface number 0
[ 1885.896986][ T1217] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1885.897002][ T1217] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1885.897011][ T1217] usb 3-1: Product: syz
[ 1885.897019][ T1217] usb 3-1: Manufacturer: syz
[ 1885.897026][ T1217] usb 3-1: SerialNumber: syz
[ 1885.962136][ T1217] usb 3-1: config 0 descriptor??
[ 1885.973893][ T1217] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1885.973910][ T1217] usb 3-1: selecting invalid altsetting 1
[ 1885.973918][ T1217] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1886.053381][ T1217] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1886.053649][ T1217] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1886.053677][ T1217] usb 3-1: media controller created
[ 1886.238186][ T1217] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1886.523443][ T1217] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1886.523496][ T1217] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1886.524864][ T1217] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1886.969476][ T1217] usb 3-1: USB disconnect, device number 80
[ 1890.496017][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c577000: rx timeout, send abort
[ 1890.996082][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c577000: abort rx timeout. Force session deactivation
[ 1891.872426][  T989] usb 7-1: new high-speed USB device number 64 using dummy_hcd
[ 1892.088819][  T989] usb 7-1: Using ep0 maxpacket: 32
[ 1892.091392][  T989] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1892.091414][  T989] usb 7-1: config 0 has no interface number 0
[ 1892.095625][  T989] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1892.095652][  T989] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1892.095671][  T989] usb 7-1: Product: syz
[ 1892.095684][  T989] usb 7-1: Manufacturer: syz
[ 1892.095698][  T989] usb 7-1: SerialNumber: syz
[ 1892.101008][  T989] usb 7-1: config 0 descriptor??
[ 1892.106658][  T989] usb 7-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1892.106679][  T989] usb 7-1: selecting invalid altsetting 1
[ 1892.106693][  T989] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1892.312399][   T10] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1892.356165][  T989] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1892.356564][  T989] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1892.356612][  T989] usb 7-1: media controller created
[ 1892.470129][  T989] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1892.486035][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1892.486059][   T10] usb 6-1: config 0 has no interfaces?
[ 1892.507723][   T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1892.507752][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1892.507771][   T10] usb 6-1: Product: syz
[ 1892.507784][   T10] usb 6-1: Manufacturer: syz
[ 1892.507797][   T10] usb 6-1: SerialNumber: syz
[ 1892.572183][   T10] usb 6-1: config 0 descriptor??
[ 1892.722862][  T989] usb 7-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[ 1892.722915][  T989] zl10353_read_register: readreg error (reg=127, ret==-71)
[ 1892.723364][  T989] usb 7-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[ 1892.908694][T10274] usb 6-1: USB disconnect, device number 49
[ 1892.968604][T20608] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1893.048867][  T989] usb 7-1: USB disconnect, device number 64
[ 1893.234574][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1894.833825][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880308d8800: rx timeout, send abort
[ 1895.088049][T20641] netlink: 'syz.2.3923': attribute type 11 has an invalid length.
[ 1895.333879][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880308d8800: abort rx timeout. Force session deactivation
[ 1896.142373][ T9204] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[ 1896.388995][ T9204] usb 1-1: Using ep0 maxpacket: 32
[ 1896.397150][ T9204] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[ 1896.397171][ T9204] usb 1-1: config 0 has no interface number 0
[ 1896.400473][ T9204] usb 1-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[ 1896.400487][ T9204] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1896.400498][ T9204] usb 1-1: Product: syz
[ 1896.400505][ T9204] usb 1-1: Manufacturer: syz
[ 1896.400512][ T9204] usb 1-1: SerialNumber: syz
[ 1896.469736][ T9204] usb 1-1: config 0 descriptor??
[ 1896.475866][ T9204] usb 1-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[ 1896.475890][ T9204] usb 1-1: selecting invalid altsetting 1
[ 1896.475905][ T9204] usb 1-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[ 1896.535038][ T9204] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1896.535254][ T9204] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[ 1896.535289][ T9204] usb 1-1: media controller created
[ 1896.607111][ T9204] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1897.993225][ T9204] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[ 1897.995145][ T9204] zl10353_read_register: readreg error (reg=127, ret==-110)
[ 1898.092174][T20650] usb 1-1: dvb_usb_ce6230: usb_control_msg() failed=-32
[ 1898.102192][ T9204] usb 1-1: USB disconnect, device number 86
[ 1900.092396][  T989] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[ 1900.255043][  T989] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1900.255071][  T989] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1900.255090][  T989] usb 3-1: Product: syz
[ 1900.255102][  T989] usb 3-1: Manufacturer: syz
[ 1900.255116][  T989] usb 3-1: SerialNumber: syz
[ 1900.271270][  T989] usb 3-1: config 0 descriptor??
[ 1900.878662][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290a9c00: rx timeout, send abort
[ 1900.941850][  T989] usb 3-1: Firmware version (0.0) predates our first public release.
[ 1900.941876][  T989] usb 3-1: Please update to version 0.2 or newer
[ 1901.368715][  T989] usb 3-1: USB disconnect, device number 81
[ 1901.378734][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880290a9c00: abort rx timeout. Force session deactivation
[ 1902.368859][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1903.351029][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1903.555709][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1903.582347][   T37] audit: type=1800 audit(1756206792.393:36): pid=20704 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.3941" name="bus" dev="ramfs" ino=71410 res=0 errno=0
[ 1904.400732][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1904.878025][T20734] input: syz0 as /devices/virtual/input/input36
[ 1905.907808][T20742] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1906.402358][  T989] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1906.599746][  T989] usb 6-1: config 0 has no interfaces?
[ 1906.614399][  T989] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1906.614427][  T989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1906.614445][  T989] usb 6-1: Product: syz
[ 1906.614458][  T989] usb 6-1: Manufacturer: syz
[ 1906.614471][  T989] usb 6-1: SerialNumber: syz
[ 1906.627830][  T989] usb 6-1: config 0 descriptor??
[ 1907.648326][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1908.378926][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1908.430542][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1910.252464][ T1217] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[ 1910.469756][ T1217] usb 4-1: config 0 has no interfaces?
[ 1910.478670][ T1217] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1910.478698][ T1217] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1910.478715][ T1217] usb 4-1: Product: syz
[ 1910.478728][ T1217] usb 4-1: Manufacturer: syz
[ 1910.478741][ T1217] usb 4-1: SerialNumber: syz
[ 1910.486553][ T1217] usb 4-1: config 0 descriptor??
[ 1912.499510][ T9204] usb 6-1: USB disconnect, device number 50
[ 1913.686118][T20803] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1914.139780][  T989] usb 4-1: USB disconnect, device number 85
[ 1914.558679][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.558797][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1915.096064][T20815] loop8: detected capacity change from 0 to 7
[ 1915.211126][T20815] Dev loop8: unable to read RDB block 7
[ 1915.211171][T20815]  loop8: unable to read partition table
[ 1915.211496][T20815] loop8: partition table beyond EOD, truncated
[ 1915.211544][T20815] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1915.242420][ T9204] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 1915.772705][ T9204] usb 1-1: Using ep0 maxpacket: 16
[ 1915.801629][ T9204] usb 1-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[ 1915.801646][ T9204] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1915.839652][ T9204] usb 1-1: config 0 descriptor??
[ 1915.859462][ T9204] gspca_main: sonixj-2.14.0 probing 0471:0327
[ 1915.902434][   T10] usb 4-1: new full-speed USB device number 86 using dummy_hcd
[ 1916.187170][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1916.187186][   T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1916.187255][   T10] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1916.187268][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1916.273698][   T10] usb 4-1: config 0 descriptor??
[ 1916.458411][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1916.458452][   T10] dvb-usb: bulk message failed: -22 (3/0)
[ 1916.625147][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1916.811508][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1916.811548][   T10] usb 4-1: media controller created
[ 1916.827494][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1917.262327][   T10] dvb-usb: bulk message failed: -22 (6/0)
[ 1917.272452][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1917.285809][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input37
[ 1917.308669][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[ 1917.308691][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1917.320263][   T10] usb 4-1: USB disconnect, device number 86
[ 1917.881692][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1918.582340][ T9204] gspca_sonixj: i2c_w8 err -71
[ 1918.582451][ T9204] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[ 1918.619428][ T9204] usb 1-1: USB disconnect, device number 87
[ 1919.517780][T20840] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1929.415339][   T37] audit: type=1326 audit(1756206818.213:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=20920 comm="syz.3.3994" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5c91aeebe9 code=0x0
[ 1929.453637][T20927] vivid-001: disconnect
[ 1930.034921][T20920] vivid-001: reconnect
[ 1930.461567][T20932] tipc: Started in network mode
[ 1930.461585][T20932] tipc: Node identity 0e86926d0666, cluster identity 4711
[ 1930.461710][T20932] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1930.463216][T20932] syzkaller0: entered promiscuous mode
[ 1930.463239][T20932] syzkaller0: entered allmulticast mode
[ 1930.542769][T20932] tipc: Resetting bearer <eth:syzkaller0>
[ 1930.619084][T20931] tipc: Resetting bearer <eth:syzkaller0>
[ 1930.985687][T20931] tipc: Disabling bearer <eth:syzkaller0>
[ 1935.658112][T20994] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4014'.
[ 1938.507640][T21027] netlink: 68 bytes leftover after parsing attributes in process `syz.6.4022'.
[ 1938.855192][T21031] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1939.622389][T16341] usb 7-1: new high-speed USB device number 65 using dummy_hcd
[ 1939.788550][T16341] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1939.789597][T16341] usb 7-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1939.789612][T16341] usb 7-1: config 1 has no interface number 1
[ 1939.789638][T16341] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1939.837904][T16341] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1939.837932][T16341] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1939.837951][T16341] usb 7-1: Product: syz
[ 1939.837964][T16341] usb 7-1: Manufacturer: syz
[ 1939.837977][T16341] usb 7-1: SerialNumber: syz
[ 1941.453296][T16341] usb 7-1: found format II with max.bitrate = 26774, frame size=2
[ 1941.453442][T16341] usb 7-1: found format II with max.bitrate = 26774, frame size=2
[ 1941.506384][T16341] usb 7-1: failed to enable PITCH for EP 0x82
[ 1942.132945][T16341] usb 7-1: USB disconnect, device number 65
[ 1946.691745][T21106] tipc: Started in network mode
[ 1946.691774][T21106] tipc: Node identity ac14140f, cluster identity 4711
[ 1946.734857][T21106] tipc: New replicast peer: 255.255.255.255
[ 1946.735645][T21106] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1947.409667][T21116] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4044'.
[ 1947.949439][   T31] tipc: Node number set to 2886997007
[ 1951.020443][T21162] netlink: 68 bytes leftover after parsing attributes in process `syz.2.4057'.
[ 1951.153159][T21164] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4056'.
[ 1960.385489][T21260] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4076'.
[ 1966.461127][    C1] vcan0: j1939_tp_rxtimer: 0xffff888029b81800: rx timeout, send abort
[ 1966.575776][T21306] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1966.961193][    C1] vcan0: j1939_tp_rxtimer: 0xffff888029b81800: abort rx timeout. Force session deactivation
[ 1967.506476][T21316] loop8: detected capacity change from 0 to 7
[ 1967.609171][T19785] Dev loop8: unable to read RDB block 7
[ 1967.609221][T19785]  loop8: unable to read partition table
[ 1967.609468][T19785] loop8: partition table beyond EOD, truncated
[ 1967.650357][T21316] Dev loop8: unable to read RDB block 7
[ 1967.650404][T21316]  loop8: unable to read partition table
[ 1967.650636][T21316] loop8: partition table beyond EOD, truncated
[ 1967.650655][T21316] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1968.188704][   T31] usb 1-1: new full-speed USB device number 88 using dummy_hcd
[ 1968.414464][   T31] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1968.414480][   T31] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1968.414514][   T31] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1968.414526][   T31] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1968.471689][   T31] usb 1-1: config 0 descriptor??
[ 1968.492811][   T31] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1968.492859][   T31] dvb-usb: bulk message failed: -22 (3/0)
[ 1968.655158][   T31] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1968.678554][   T31] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1968.678587][   T31] usb 1-1: media controller created
[ 1968.680031][   T31] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1968.780380][   T31] dvb-usb: bulk message failed: -22 (6/0)
[ 1968.780428][   T31] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1968.927137][   T31] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input39
[ 1968.933777][   T31] dvb-usb: schedule remote query interval to 150 msecs.
[ 1968.933797][   T31] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1968.982404][T10274] usb 7-1: new low-speed USB device number 66 using dummy_hcd
[ 1968.989279][   T31] usb 1-1: USB disconnect, device number 88
[ 1969.411787][T10274] usb 7-1: No LPM exit latency info found, disabling LPM.
[ 1969.577986][T10274] usb 7-1: string descriptor 0 read error: -22
[ 1969.583689][T10274] usb 7-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 1969.583705][T10274] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1969.613928][T10274] usb 7-1: config 0 descriptor??
[ 1969.772831][   T31] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1969.910522][T21336] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4093'.
[ 1972.505870][T21343] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4094'.
[ 1972.857476][T21345] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[ 1974.426578][T21358] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1974.883008][T10274] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 1974.932481][T10274] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 1974.932529][T10274] dib0700: firmware download failed at 7 with -22
[ 1975.998420][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 1975.998465][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 1976.098524][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c844800: rx timeout, send abort
[ 1976.112378][   T31] usb 7-1: USB disconnect, device number 66
[ 1976.598619][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c844800: abort rx timeout. Force session deactivation
[ 1976.866242][T21385] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4104'.
[ 1979.832054][T21400] loop8: detected capacity change from 0 to 7
[ 1979.838714][T21400] Dev loop8: unable to read RDB block 7
[ 1979.838763][T21400]  loop8: unable to read partition table
[ 1979.839000][T21400] loop8: partition table beyond EOD, truncated
[ 1979.839017][T21400] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 1980.292309][T16341] usb 6-1: new full-speed USB device number 51 using dummy_hcd
[ 1980.522697][T16341] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1980.522713][T16341] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1980.522746][T16341] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1980.522757][T16341] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1980.526611][T16341] usb 6-1: config 0 descriptor??
[ 1980.594934][T16341] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1980.594963][T16341] dvb-usb: bulk message failed: -22 (3/0)
[ 1980.597811][T16341] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1980.598485][T16341] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1980.598519][T16341] usb 6-1: media controller created
[ 1980.599816][T16341] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1980.656120][T16341] dvb-usb: bulk message failed: -22 (6/0)
[ 1980.656175][T16341] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1980.658604][T16341] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input40
[ 1980.696282][T16341] dvb-usb: schedule remote query interval to 150 msecs.
[ 1980.696302][T16341] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1980.884401][T16341] dvb-usb: bulk message failed: -22 (1/0)
[ 1980.884456][T16341] dvb-usb: error while querying for an remote control event.
[ 1981.033115][   T31] usb 6-1: USB disconnect, device number 51
[ 1981.447498][   T31] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1982.391567][T21425] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4112'.
[ 1984.295086][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802ff84000: rx timeout, send abort
[ 1984.795223][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802ff84000: abort rx timeout. Force session deactivation
[ 1987.112619][T21460] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4119'.
[ 1990.833053][T21484] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1991.989543][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804b0dd800: rx timeout, send abort
[ 1992.282038][T21503] netlink: 24 bytes leftover after parsing attributes in process `syz.5.4131'.
[ 1992.489627][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804b0dd800: abort rx timeout. Force session deactivation
[ 1995.347558][T21529] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4137'.
[ 1999.447971][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804cdd2400: rx timeout, send abort
[ 1999.948073][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804cdd2400: abort rx timeout. Force session deactivation
[ 2003.162480][T10274] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 2003.316800][T10274] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2003.316819][T10274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2003.316836][T10274] usb 3-1: Product: syz
[ 2003.316843][T10274] usb 3-1: Manufacturer: syz
[ 2003.316850][T10274] usb 3-1: SerialNumber: syz
[ 2003.320105][T10274] usb 3-1: config 0 descriptor??
[ 2003.802466][T10274] usb 3-1: Firmware version (0.0) predates our first public release.
[ 2003.802483][T10274] usb 3-1: Please update to version 0.2 or newer
[ 2005.166755][T10274] usb 3-1: USB disconnect, device number 82
[ 2005.341190][T21595] binder: 21593:21595 unknown command 0
[ 2005.341204][T21595] binder: 21593:21595 ioctl c0306201 200000000080 returned -22
[ 2005.359978][T21595] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4151'.
[ 2005.731155][T21623] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4154'.
[ 2008.374973][T21649] loop7: detected capacity change from 0 to 16384
[ 2011.762548][T21686] ptrace attach of "./syz-executor exec"[16404] was attempted by ""[21686]
[ 2013.365484][T21690] binder: 21687:21690 unknown command 0
[ 2013.365505][T21690] binder: 21687:21690 ioctl c0306201 200000000080 returned -22
[ 2013.950579][T21688] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4172'.
[ 2014.302704][T21707] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4175'.
[ 2014.526924][T21714] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4177'.
[ 2014.927888][T21724] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2018.504542][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888026844000: rx timeout, send abort
[ 2018.978894][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888028e29800: rx timeout, send abort
[ 2019.004632][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888026844000: abort rx timeout. Force session deactivation
[ 2019.162525][T16341] usb 7-1: new low-speed USB device number 67 using dummy_hcd
[ 2019.330117][T16341] usb 7-1: No LPM exit latency info found, disabling LPM.
[ 2019.344560][T16341] usb 7-1: string descriptor 0 read error: -22
[ 2019.344686][T16341] usb 7-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 2019.344700][T16341] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2019.422952][T16341] usb 7-1: config 0 descriptor??
[ 2019.478932][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888028e29800: abort rx timeout. Force session deactivation
[ 2019.530491][T21766] binder: 21757:21766 unknown command 0
[ 2019.530507][T21766] binder: 21757:21766 ioctl c0306201 200000000080 returned -22
[ 2020.302374][ T9204] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[ 2020.479325][ T9204] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2020.479342][ T9204] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2020.479352][ T9204] usb 3-1: Product: syz
[ 2020.479359][ T9204] usb 3-1: Manufacturer: syz
[ 2020.479367][ T9204] usb 3-1: SerialNumber: syz
[ 2020.529942][ T9204] usb 3-1: config 0 descriptor??
[ 2020.945197][ T9204] usb 3-1: Firmware version (0.0) predates our first public release.
[ 2020.945222][ T9204] usb 3-1: Please update to version 0.2 or newer
[ 2021.079053][T21758] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4187'.
[ 2021.749169][ T9204] usb 3-1: USB disconnect, device number 83
[ 2022.042541][T21786] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2022.183921][T21782] tipc: Started in network mode
[ 2022.183947][T21782] tipc: Node identity dec3f422dfaa, cluster identity 4711
[ 2022.184137][T21782] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2022.262697][T21782] tipc: Resetting bearer <eth:syzkaller0>
[ 2022.940031][T21781] tipc: Disabling bearer <eth:syzkaller0>
[ 2024.118945][T16341] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 2024.121192][T16341] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 2024.121239][T16341] dib0700: firmware download failed at 7 with -22
[ 2024.171028][T16341] usb 7-1: USB disconnect, device number 67
[ 2025.099142][T21820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4202'.
[ 2026.488452][T21829] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 2027.413355][T16341] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[ 2027.632165][T16341] usb 3-1: config 0 has no interfaces?
[ 2027.636315][T16341] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2027.636342][T16341] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2027.636361][T16341] usb 3-1: Product: syz
[ 2027.636375][T16341] usb 3-1: Manufacturer: syz
[ 2027.636388][T16341] usb 3-1: SerialNumber: syz
[ 2027.691494][T16341] usb 3-1: config 0 descriptor??
[ 2029.096208][   T37] audit: type=1326 audit(1756206917.923:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21853 comm="syz.6.4214" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc0af54ebe9 code=0x0
[ 2029.147068][T21854] vivid-002: disconnect
[ 2029.211084][   T31] usb 4-1: new low-speed USB device number 87 using dummy_hcd
[ 2029.377179][   T31] usb 4-1: No LPM exit latency info found, disabling LPM.
[ 2029.417040][   T31] usb 4-1: string descriptor 0 read error: -22
[ 2029.417190][   T31] usb 4-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d
[ 2029.417213][   T31] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2029.421018][   T31] usb 4-1: config 0 descriptor??
[ 2029.829789][T21853] vivid-002: reconnect
[ 2033.109405][T16341] usb 3-1: USB disconnect, device number 84
[ 2034.202416][ T5923] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[ 2034.352389][ T5923] usb 3-1: Using ep0 maxpacket: 8
[ 2034.360892][ T5923] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 2034.401386][ T5923] usb 3-1: config 4 has an invalid interface number: 30 but max is 0
[ 2034.401412][ T5923] usb 3-1: config 4 has no interface number 0
[ 2034.401434][ T5923] usb 3-1: config 4 interface 30 has no altsetting 0
[ 2034.431368][ T5923] usb 3-1: string descriptor 0 read error: -22
[ 2034.432213][ T5923] usb 3-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[ 2034.467512][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2034.472726][   T31] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware
[ 2034.474823][   T31] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[ 2034.474866][   T31] dib0700: firmware download failed at 7 with -22
[ 2034.594468][ T5923] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[ 2034.594519][ T5923] dw2102: su3000_power_ctrl: 1, initialized 0
[ 2034.595096][ T5923] dvb-usb: bulk message failed: -22 (2/0)
[ 2034.816399][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 2034.818525][ T5923] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[ 2034.818580][ T5923] usb 3-1: media controller created
[ 2034.818918][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.818933][ T5923] dw2102: i2c transfer failed.
[ 2034.818952][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.818965][ T5923] dw2102: i2c transfer failed.
[ 2034.818982][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.818999][ T5923] dw2102: i2c transfer failed.
[ 2034.819016][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.819029][ T5923] dw2102: i2c transfer failed.
[ 2034.819045][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.819058][ T5923] dw2102: i2c transfer failed.
[ 2034.819074][ T5923] dvb-usb: bulk message failed: -22 (6/0)
[ 2034.819086][ T5923] dw2102: i2c transfer failed.
[ 2034.819096][ T5923] dvb-usb: MAC address: 02:02:02:02:02:02
[ 2034.945285][T21883] dvb-usb: bulk message failed: -22 (3/0)
[ 2034.945306][T21883] dw2102: i2c transfer failed.
[ 2034.945314][T21883] dvb-usb: bulk message failed: -22 (3/0)
[ 2034.945326][T21883] dw2102: i2c transfer failed.
[ 2035.083005][   T31] usb 4-1: USB disconnect, device number 87
[ 2035.179634][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 2035.370187][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[ 2035.370211][ T5923] dw2102: command 0x0e transfer failed.
[ 2035.370222][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[ 2035.370235][ T5923] dw2102: command 0x0e transfer failed.
[ 2035.672450][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[ 2035.672465][ T5923] dw2102: command 0x0e transfer failed.
[ 2035.672470][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[ 2035.672477][ T5923] dw2102: command 0x0e transfer failed.
[ 2035.672483][ T5923] dvb-usb: bulk message failed: -22 (1/0)
[ 2035.672489][ T5923] dw2102: command 0x51 transfer failed.
[ 2035.672494][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[ 2035.672501][ T5923] dw2102: i2c probe for address 0x68 failed.
[ 2035.672507][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[ 2035.672514][ T5923] dw2102: i2c probe for address 0x69 failed.
[ 2035.672519][ T5923] dvb-usb: bulk message failed: -22 (5/0)
[ 2035.672526][ T5923] dw2102: i2c probe for address 0x6a failed.
[ 2035.672531][ T5923] dw2102: probing for demodulator failed. Is the external power switched on?
[ 2035.672537][ T5923] dvb-usb: no frontend was attached by 'TeVii S482 (tuner 2)'
[ 2036.001670][T21899] syzkaller0: entered promiscuous mode
[ 2036.001697][T21899] syzkaller0: entered allmulticast mode
[ 2036.102369][ T5923] rc_core: IR keymap rc-tt-1500 not found
[ 2036.102383][ T5923] Registered IR keymap rc-empty
[ 2036.104109][ T5923] rc rc0: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[ 2036.105941][ T5923] input: TeVii S482 (tuner 2) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input42
[ 2036.107411][ T5923] dvb-usb: schedule remote query interval to 250 msecs.
[ 2036.107424][ T5923] dw2102: su3000_power_ctrl: 0, initialized 1
[ 2036.107431][ T5923] dvb-usb: TeVii S482 (tuner 2) successfully initialized and connected.
[ 2036.111739][ T5923] usb 3-1: USB disconnect, device number 85
[ 2036.463700][   T37] audit: type=1326 audit(1756206925.273:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.484035][   T37] audit: type=1326 audit(1756206925.283:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.492611][   T37] audit: type=1326 audit(1756206925.313:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.493552][ T5923] dvb-usb: TeVii S482 (tuner 2) successfully deinitialized and disconnected.
[ 2036.592371][   T37] audit: type=1326 audit(1756206925.323:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592409][   T37] audit: type=1326 audit(1756206925.413:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592434][   T37] audit: type=1326 audit(1756206925.413:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592457][   T37] audit: type=1326 audit(1756206925.413:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592479][   T37] audit: type=1326 audit(1756206925.413:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592503][   T37] audit: type=1326 audit(1756206925.413:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2036.592526][   T37] audit: type=1326 audit(1756206925.413:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21904 comm="syz.3.4228" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f5c91aeebe9 code=0x7ffc0000
[ 2037.454425][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 2037.454501][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 2038.943028][T10274] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[ 2039.094865][T10274] usb 3-1: config 0 has no interfaces?
[ 2039.098287][T10274] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2039.098304][T10274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2039.098328][T10274] usb 3-1: Product: syz
[ 2039.098337][T10274] usb 3-1: Manufacturer: syz
[ 2039.098345][T10274] usb 3-1: SerialNumber: syz
[ 2039.102004][T10274] usb 3-1: config 0 descriptor??
[ 2041.743787][T21962] loop8: detected capacity change from 0 to 7
[ 2041.788662][T21962] Dev loop8: unable to read RDB block 7
[ 2041.788752][T21962]  loop8: unable to read partition table
[ 2041.790084][T21962] loop8: partition table beyond EOD, truncated
[ 2041.790106][T21962] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[ 2044.191405][T16341] usb 3-1: USB disconnect, device number 86
[ 2044.715336][   T37] kauditd_printk_skb: 24 callbacks suppressed
[ 2044.715353][   T37] audit: type=1326 audit(1756206933.543:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.717378][   T37] audit: type=1326 audit(1756206933.543:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.717425][   T37] audit: type=1326 audit(1756206933.543:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.719316][   T37] audit: type=1326 audit(1756206933.543:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.720288][   T37] audit: type=1326 audit(1756206933.543:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.738095][   T37] audit: type=1326 audit(1756206933.543:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.738147][   T37] audit: type=1326 audit(1756206933.543:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.738189][   T37] audit: type=1326 audit(1756206933.553:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.738231][   T37] audit: type=1326 audit(1756206933.553:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2044.738271][   T37] audit: type=1326 audit(1756206933.553:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=21985 comm="syz.2.4250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efd3f7cebe9 code=0x7ffc0000
[ 2045.943357][T21979] binder: 21975:21979 unknown command 0
[ 2045.943371][T21979] binder: 21975:21979 ioctl c0306201 200000000080 returned -22
[ 2046.688828][T21976] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4247'.
[ 2048.700376][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f77d800: rx timeout, send abort
[ 2049.201014][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f77d800: abort rx timeout. Force session deactivation
[ 2050.472331][   T10] usb 7-1: new high-speed USB device number 68 using dummy_hcd
[ 2050.712484][ T9204] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 2050.736719][   T10] usb 7-1: config 0 has no interfaces?
[ 2050.768915][   T10] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2050.768943][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2050.768963][   T10] usb 7-1: Product: syz
[ 2050.768976][   T10] usb 7-1: Manufacturer: syz
[ 2050.768989][   T10] usb 7-1: SerialNumber: syz
[ 2050.785141][   T10] usb 7-1: config 0 descriptor??
[ 2050.895310][ T9204] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2050.895328][ T9204] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2050.895338][ T9204] usb 1-1: Product: syz
[ 2050.895345][ T9204] usb 1-1: Manufacturer: syz
[ 2050.895352][ T9204] usb 1-1: SerialNumber: syz
[ 2050.898434][ T9204] usb 1-1: config 0 descriptor??
[ 2051.309203][ T9204] usb 1-1: Firmware version (0.0) predates our first public release.
[ 2051.309219][ T9204] usb 1-1: Please update to version 0.2 or newer
[ 2054.023852][T22052] openvswitch: netlink: IPv6 tunnel dst address is zero
[ 2054.321833][ T9204] usb 1-1: USB disconnect, device number 89
[ 2054.694977][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88803a0f5000: rx timeout, send abort
[ 2054.695096][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88803a0f4000: rx timeout, send abort
[ 2054.695237][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88803a0f5000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 2054.695465][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88803a0f4000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 2056.013049][ T9204] usb 7-1: USB disconnect, device number 68
[ 2056.528574][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803a0e5400: rx timeout, send abort
[ 2057.028647][    C1] vcan0: j1939_tp_rxtimer: 0xffff88803a0e5400: abort rx timeout. Force session deactivation
[ 2057.532914][ T5923] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 2057.688310][ T5923] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 2057.688337][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2057.688352][ T5923] usb 6-1: Product: syz
[ 2057.688360][ T5923] usb 6-1: Manufacturer: syz
[ 2057.688367][ T5923] usb 6-1: SerialNumber: syz
[ 2057.691780][ T5923] usb 6-1: config 0 descriptor??
[ 2058.100844][ T5923] usb 6-1: Firmware version (0.0) predates our first public release.
[ 2058.100860][ T5923] usb 6-1: Please update to version 0.2 or newer
[ 2058.466050][ T5923] usb 6-1: USB disconnect, device number 52
[ 2058.817267][T22104] binder: 22103:22104 unknown command 0
[ 2058.817286][T22104] binder: 22103:22104 ioctl c0306201 200000000080 returned -22
[ 2058.883130][T22104] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4278'.
[ 2059.016529][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2059.183409][T22117] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4281'.
[ 2059.782811][ T5923] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 2059.968447][ T5923] usb 1-1: config 0 has no interfaces?
[ 2059.993394][ T5923] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2059.993423][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2059.993441][ T5923] usb 1-1: Product: syz
[ 2059.993454][ T5923] usb 1-1: Manufacturer: syz
[ 2059.993468][ T5923] usb 1-1: SerialNumber: syz
[ 2060.086278][ T5923] usb 1-1: config 0 descriptor??
[ 2060.618603][T22138] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4289'.
[ 2060.928362][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2061.009394][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805e8bc400: rx timeout, send abort
[ 2061.143132][T22138] bond0: (slave bond_slave_1): Releasing backup interface
[ 2061.509475][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805e8bc400: abort rx timeout. Force session deactivation
[ 2062.431123][T22151] syzkaller0: entered promiscuous mode
[ 2062.431152][T22151] syzkaller0: entered allmulticast mode
[ 2063.309181][T22179] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4296'.
[ 2063.386633][ T9204] usb 1-1: USB disconnect, device number 90
[ 2063.901412][T22171] binder: 22168:22171 unknown command 0
[ 2063.901433][T22171] binder: 22168:22171 ioctl c0306201 200000000080 returned -22
[ 2064.073654][T22187] binder_alloc: 22168: binder_alloc_buf, no vma
[ 2064.073961][T22187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4293'.
[ 2065.620854][   T37] kauditd_printk_skb: 25 callbacks suppressed
[ 2065.620866][   T37] audit: type=1326 audit(1756206954.443:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22205 comm="syz.0.4303" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbdcec8ebe9 code=0x0
[ 2066.040756][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880308d8000: rx timeout, send abort
[ 2066.540829][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880308d8000: abort rx timeout. Force session deactivation
[ 2066.634383][   T37] audit: type=1326 audit(1756206955.463:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=22215 comm="syz.3.4316" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5c91aeebe9 code=0x0
[ 2066.864216][T22220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4307'.
[ 2067.211978][T22220] bond0: (slave bond_slave_1): Releasing backup interface
[ 2067.482431][ T5923] usb 7-1: new high-speed USB device number 69 using dummy_hcd
[ 2067.685743][ T5923] usb 7-1: config 0 has no interfaces?
[ 2067.692122][ T5923] usb 7-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2067.692150][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2067.692168][ T5923] usb 7-1: Product: syz
[ 2067.692181][ T5923] usb 7-1: Manufacturer: syz
[ 2067.692195][ T5923] usb 7-1: SerialNumber: syz
[ 2067.705672][ T5923] usb 7-1: config 0 descriptor??
[ 2068.131162][T22231] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2068.137881][T22248] tipc: Resetting bearer <eth:syzkaller0>
[ 2068.138868][T22246] syzkaller0: entered promiscuous mode
[ 2068.138894][T22246] syzkaller0: entered allmulticast mode
[ 2068.315555][T22225] tipc: Resetting bearer <eth:syzkaller0>
[ 2068.653096][T22225] tipc: Disabling bearer <eth:syzkaller0>
[ 2071.251242][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f7a9400: rx timeout, send abort
[ 2071.383440][ T5923] usb 7-1: USB disconnect, device number 69
[ 2071.751334][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802f7a9400: abort rx timeout. Force session deactivation
[ 2073.214844][T22311] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 2073.657225][T22317] tipc: Started in network mode
[ 2073.657264][T22317] tipc: Node identity 2adb85e3e2b4, cluster identity 4711
[ 2073.657386][T22317] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2073.660542][T22317] syzkaller0: entered promiscuous mode
[ 2073.660568][T22317] syzkaller0: entered allmulticast mode
[ 2073.738757][T22319] netlink: 68 bytes leftover after parsing attributes in process `syz.5.4329'.
[ 2073.819792][T22317] tipc: Resetting bearer <eth:syzkaller0>
[ 2073.903918][T22316] tipc: Resetting bearer <eth:syzkaller0>
[ 2074.166688][T22316] tipc: Disabling bearer <eth:syzkaller0>
[ 2076.577848][    C1] vcan0: j1939_tp_rxtimer: 0xffff88801bea4c00: rx timeout, send abort
[ 2076.617382][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.668673][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.698700][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.764357][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.798510][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.868374][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.949266][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2076.987554][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2077.090717][    C1] vcan0: j1939_tp_rxtimer: 0xffff88801bea4c00: abort rx timeout. Force session deactivation
[ 2077.155906][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2077.186508][    C1] vkms_vblank_simulate: vblank timer overrun
[ 2096.952359][T22296] sched: DL replenish lagged too much
[ 2099.532635][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 2099.532718][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 2152.852572][T22378] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2152.871733][T22378] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2152.880685][T22378] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2152.907040][T22378] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2152.907911][T22378] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2153.797169][ T5155] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 2153.817068][ T5155] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 2153.818518][ T5155] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 2153.820075][ T5155] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 2153.820823][ T5155] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 2154.218030][T22382] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 2154.268043][T22382] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 2154.270732][T22382] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 2154.290882][T22382] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 2154.301337][T22382] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 2154.731655][T22389] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 2154.751450][T22392] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 2154.761878][T22392] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 2154.764508][T22392] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 2154.790072][T22392] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 2154.801275][T22392] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 2154.801449][T22392] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 2154.812946][T22389] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 2154.822607][T22389] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 2154.836079][T22392] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 2155.607614][T22375] chnl_net:caif_netlink_parms(): no params data found
[ 2160.319861][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 2160.319938][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 2165.919578][T22386] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 2165.940138][T22386] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 2165.951075][T22386] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 2165.962131][T22386] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 2165.970737][T22386] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 2175.032841][ T5836] Bluetooth: hci7: command tx timeout
[ 2175.033433][ T5836] Bluetooth: hci8: command tx timeout
[ 2175.033661][ T5836] Bluetooth: hci9: command tx timeout
[ 2175.033878][ T5836] Bluetooth: hci6: command tx timeout
[ 2175.122847][ T5836] Bluetooth: hci4: command tx timeout
[ 2177.112595][T22389] Bluetooth: hci6: command tx timeout
[ 2177.112627][T22389] Bluetooth: hci9: command tx timeout
[ 2177.112647][T22389] Bluetooth: hci7: command tx timeout
[ 2177.140921][ T5836] Bluetooth: hci8: command tx timeout
[ 2177.192545][ T5836] Bluetooth: hci4: command tx timeout
[ 2179.192558][ T5836] Bluetooth: hci8: command tx timeout
[ 2179.192589][ T5836] Bluetooth: hci7: command tx timeout
[ 2179.192609][ T5836] Bluetooth: hci9: command tx timeout
[ 2179.192636][ T5836] Bluetooth: hci6: command tx timeout
[ 2179.283972][T22386] Bluetooth: hci4: command tx timeout
[ 2181.272657][T22386] Bluetooth: hci6: command tx timeout
[ 2181.272696][T22386] Bluetooth: hci9: command tx timeout
[ 2181.272717][T22386] Bluetooth: hci7: command tx timeout
[ 2181.272736][T22386] Bluetooth: hci8: command tx timeout
[ 2181.362694][ T5836] Bluetooth: hci4: command tx timeout
[ 2191.516449][T22386] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2191.539886][T22386] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2191.541319][T22386] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2191.573286][T22386] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2191.580469][T22386] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2200.152626][ T5836] Bluetooth: hci0: command tx timeout
[ 2202.242640][ T5836] Bluetooth: hci0: command tx timeout
[ 2204.322835][ T5836] Bluetooth: hci0: command tx timeout
[ 2206.393752][ T5836] Bluetooth: hci0: command tx timeout
[ 2213.360220][T22386] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2213.379119][T22386] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2213.380532][T22386] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2213.381743][T22386] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2213.447001][T22386] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2213.617688][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 2213.651814][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 2213.666589][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 2213.669808][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 2213.694407][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 2213.819804][T22389] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 2213.836626][T22389] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 2213.850325][T22389] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 2213.862867][T22389] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 2213.866576][T22389] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 2215.512637][T22389] Bluetooth: hci1: command tx timeout
[ 2215.763111][T22389] Bluetooth: hci2: command tx timeout
[ 2216.006192][T22389] Bluetooth: hci3: command tx timeout
[ 2217.602881][T22389] Bluetooth: hci1: command tx timeout
[ 2217.837231][T22389] Bluetooth: hci2: command tx timeout
[ 2218.082697][T22389] Bluetooth: hci3: command tx timeout
[ 2219.673000][T22389] Bluetooth: hci1: command tx timeout
[ 2219.912548][T22389] Bluetooth: hci2: command tx timeout
[ 2220.152997][T22389] Bluetooth: hci3: command tx timeout
[ 2221.769283][T22389] Bluetooth: hci1: command tx timeout
[ 2221.770171][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 2221.770244][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 2221.992569][T22389] Bluetooth: hci2: command tx timeout
[ 2222.232699][T22389] Bluetooth: hci3: command tx timeout
[ 2227.055568][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 2227.079353][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 2227.080836][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 2227.082047][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 2227.103900][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 2230.152606][ T5836] Bluetooth: hci5: command tx timeout
[ 2232.242703][ T5836] Bluetooth: hci5: command tx timeout
[ 2234.318423][ T5836] Bluetooth: hci5: command tx timeout
[ 2236.392422][ T5836] Bluetooth: hci5: command tx timeout
[ 2253.106871][T22389] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 2253.142789][T22389] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 2253.145184][T22389] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 2253.146477][T22389] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 2253.147323][T22389] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 2255.292387][T22389] Bluetooth: hci10: command tx timeout
[ 2257.362552][T22389] Bluetooth: hci10: command tx timeout
[ 2259.442518][T22389] Bluetooth: hci10: command tx timeout
[ 2261.512699][T22389] Bluetooth: hci10: command tx timeout
[ 2273.913631][T22386] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 2273.940712][T22386] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 2273.953339][T22386] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 2273.955679][T22386] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 2273.956514][T22386] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 2274.054719][T22386] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 2274.089888][T22386] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 2274.091339][T22386] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 2274.103756][T22386] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 2274.104618][T22386] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 2275.005693][T22386] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[ 2275.029625][T22386] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[ 2275.031401][T22386] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[ 2275.047385][T22386] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[ 2275.048293][T22386] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[ 2276.232629][T22386] Bluetooth: hci11: command tx timeout
[ 2276.233217][T22386] Bluetooth: hci6: command tx timeout
[ 2277.122675][ T5836] Bluetooth: hci12: command tx timeout
[ 2278.312858][ T5836] Bluetooth: hci6: command tx timeout
[ 2278.312896][ T5836] Bluetooth: hci11: command tx timeout
[ 2279.192489][T22386] Bluetooth: hci12: command tx timeout
[ 2280.394882][ T5836] Bluetooth: hci6: command tx timeout
[ 2280.396569][T22386] Bluetooth: hci11: command tx timeout
[ 2281.282568][T22386] Bluetooth: hci12: command tx timeout
[ 2282.472510][ T5836] Bluetooth: hci6: command tx timeout
[ 2282.472556][T22386] Bluetooth: hci11: command tx timeout
[ 2283.210722][ T1322] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.210798][ T1322] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.364456][T22386] Bluetooth: hci12: command tx timeout
[ 2288.061347][ T5836] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[ 2288.087641][ T5836] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[ 2288.089994][ T5836] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[ 2288.113042][ T5836] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[ 2288.146496][ T5836] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[ 2290.243241][T22392] Bluetooth: hci13: command tx timeout
[ 2290.424283][T22382] Bluetooth: hci7: command 0x0406 tx timeout
[ 2290.424323][T22382] Bluetooth: hci9: command 0x0406 tx timeout
[ 2290.424349][T22382] Bluetooth: hci8: command 0x0406 tx timeout
[ 2292.312560][T22392] Bluetooth: hci13: command tx timeout
[ 2294.392536][T22382] Bluetooth: hci13: command tx timeout
[ 2295.526034][T22382] Bluetooth: hci4: command 0x0406 tx timeout
[ 2296.482280][T22382] Bluetooth: hci13: command tx timeout
[ 2313.324865][T22382] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[ 2313.345338][T22382] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[ 2313.347832][T22382] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[ 2313.392282][T22382] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[ 2313.393198][T22382] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[ 2321.112592][ T5155] Bluetooth: hci0: command 0x0406 tx timeout
[ 2333.261865][T22386] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[ 2333.287152][T22386] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[ 2333.288595][T22386] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[ 2333.289792][T22386] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[ 2333.320423][T22386] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[ 2334.101297][ T5155] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[ 2334.129545][ T5155] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[ 2334.130923][ T5155] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[ 2334.148135][ T5155] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[ 2334.148983][ T5155] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[ 2334.393175][   T38] INFO: task syz-executor:15903 blocked for more than 143 seconds.
[ 2334.393214][   T38]       Not tainted syzkaller #0
[ 2334.393224][   T38]       Blocked by coredump.
[ 2334.393231][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2334.393245][   T38] task:syz-executor    state:D stack:21192 pid:15903 tgid:15903 ppid:1      task_flags:0x40054c flags:0x00004006
[ 2334.393299][   T38] Call Trace:
[ 2334.393306][   T38]  <TASK>
[ 2334.393320][   T38]  __schedule+0x16f3/0x4c20
[ 2334.393374][   T38]  ? __pfx___schedule+0x10/0x10
[ 2334.393414][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2334.393438][   T38]  rt_mutex_schedule+0x77/0xf0
[ 2334.393457][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[ 2334.393476][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[ 2334.393520][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[ 2334.393541][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[ 2334.393560][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[ 2334.393596][   T38]  ? __pfx___fsnotify_parent+0x10/0x10
[ 2334.393625][   T38]  ? tun_chr_close+0x41/0x1c0
[ 2334.393646][   T38]  mutex_lock_nested+0x16a/0x1d0
[ 2334.393666][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[ 2334.393695][   T38]  tun_chr_close+0x41/0x1c0
[ 2334.393718][   T38]  __fput+0x45b/0xa80
[ 2334.393749][   T38]  task_work_run+0x1d4/0x260
[ 2334.393771][   T38]  ? __pfx_task_work_run+0x10/0x10
[ 2334.393790][   T38]  ? do_exit+0x6b0/0x2300
[ 2334.393806][   T38]  ? kmem_cache_free+0x195/0x510
[ 2334.393834][   T38]  do_exit+0x6b5/0x2300
[ 2334.393851][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2334.393877][   T38]  ? __lock_acquire+0xab9/0xd20
[ 2334.393903][   T38]  ? __pfx_do_exit+0x10/0x10
[ 2334.393917][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 2334.393939][   T38]  ? rt_spin_lock+0x1bb/0x2c0
[ 2334.393967][   T38]  do_group_exit+0x21c/0x2d0
[ 2334.393990][   T38]  get_signal+0x125e/0x1310
[ 2334.394034][   T38]  arch_do_signal_or_restart+0x9a/0x750
[ 2334.394058][   T38]  ? kmem_cache_free+0x402/0x510
[ 2334.394082][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2334.394119][   T38]  ? exit_to_user_mode_loop+0x40/0x110
[ 2334.394146][   T38]  exit_to_user_mode_loop+0x75/0x110
[ 2334.394168][   T38]  do_syscall_64+0x2bd/0x3b0
[ 2334.394190][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2334.394211][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2334.394228][   T38]  ? clear_bhb_loop+0x60/0xb0
[ 2334.394250][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2334.394273][   T38] RIP: 0033:0x7efd3f7cd5fc
[ 2334.394293][   T38] RSP: 002b:00007ffeb3981270 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2334.394312][   T38] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007efd3f7cd5fc
[ 2334.394325][   T38] RDX: 0000000000000030 RSI: 00007ffeb3981330 RDI: 00000000000000f9
[ 2334.394338][   T38] RBP: 00007ffeb39812dc R08: 0000000000000000 R09: 00007ffeb3980fe7
[ 2334.394350][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000013d
[ 2334.394361][   T38] R13: 0000000000000055 R14: 00000000001fba02 R15: 00007ffeb3981330
[ 2334.394392][   T38]  </TASK>
[ 2334.394405][   T38] INFO: tas[ 2334.394405][   T38] INFO: task syz-executor:16404 blocked for more than 143 seconds.
[ 2334.394418][   T38]       Not tainted syzkaller #0
[ 2334.394427][   T38]       Blocked by coredump.
[ 2334.394433][   T38] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 2334.394441][   T38] task:syz-executor    state:D stack:20936 pid:16404 tgid:16404 ppid:1      task_flags:0x40054c flags:0x00004006
[ 2334.394486][   T38] Call Trace:
[ 2334.394493][   T38]  <TASK>
[ 2334.394505][   T38]  __schedule+0x16f3/0x4c20
[ 2334.394553][   T38]  ? __pfx___schedule+0x10/0x10
[ 2334.394592][   T38]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2334.394617][   T38]  rt_mutex_schedule+0x77/0xf0
[ 2334.394634][   T38]  rt_mutex_slowlock_block+0x5ba/0x6d0
[ 2334.394652][   T38]  ? task_blocks_on_rt_mutex+0xf12/0x1380
[ 2334.394701][   T38]  rt_mutex_slowlock+0x2b1/0x6e0
[ 2334.394721][   T38]  ? rt_mutex_slowlock+0x1c9/0x6e0
[ 2334.394741][   T38]  ? __pfx_rt_mutex_slowlock+0x10/0x10
[ 2334.394774][   T38]  ? __pfx___fsnotify_parent+0x10/0x10
[ 2334.394803][   T38]  ? tun_chr_close+0x41/0x1c0
[ 2334.394822][   T38]  mutex_lock_nested+0x16a/0x1d0
[ 2334.394843][   T38]  ? __pfx_tun_chr_close+0x10/0x10
[ 2334.394865][   T38]  tun_chr_close+0x41/0x1c0
[ 2334.394889][   T38]  __fput+0x45b/0xa80
[ 2334.394919][   T38]  task_work_run+0x1d4/0x260
[ 2334.394940][   T38]  ? __pfx_task_work_run+0x10/0x10
[ 2334.394959][   T38]  ? do_exit+0x6b0/0x2300
[ 2334.394974][   T38]  ? kmem_cache_free+0x195/0x510
[ 2334.395001][   T38]  do_exit+0x6b5/0x2300
[ 2334.395018][   T38]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2334.395045][   T38]  ? __lock_acquire+0xab9/0xd20
[ 2334.395070][   T38]  ? __pfx_do_exit+0x10/0x10
[ 2334.395084][   T38]  ? rt_mutex_slowunlock+0x493/0x8a0
[ 2334.395106][   T38]  ? rt_spin_lock+0x1bb/0x2c0
[ 2334.395134][   T38]  do_group_exit+0x21c/0x2d0
[ 2334.395158][   T38]  get_signal+0x125e/0x1310
[ 2334.395202][   T38]  arch_do_signal_or_restart+0x9a/0x750
[ 2334.395226][   T38]  ? kmem_cache_free+0x402/0x510
[ 2334.395248][   T38]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 2334.395286][   T38]  ? exit_to_user_mode_loop+0x40/0x110
[ 2334.395312][   T38]  exit_to_user_mode_loop+0x75/0x110
[ 2334.395335][   T38]  do_syscall_64+0x2bd/0x3b0
[ 2334.395356][   T38]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2334.395376][   T38]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2334.395392][   T38]  ? clear_bhb_loop+0x60/0xb0
[ 2334.395415][   T38]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2334.395432][   T38] RIP: 0033:0x7f5c91aed5fc
[ 2334.395448][   T38] RSP: 002b:00007fff5997e050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2334.395466][   T38] RAX: fffffffffffffe00 RBX: 0000000000000003 RCX: 00007f5c91aed5fc
[ 2334.395480][   T38] RDX: 0000000000000030 RSI: 00007fff5997e110 RDI: 00000000000000f9
[ 2334.395492][   T38] RBP: 00007fff5997e0bc R08: 0000000000000000 R09: 00007fff5997ddc7
[ 2334.395505][   T38] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000112
[ 2334.395517][   T38] R13: 000055557a810590 R14: 00000000001facca R15: 00007fff5997e110
[ 2334.395547][   T38]  </TASK>
[ 2334.395596][   T38] 
[ 2334.395596][   T38] Showing all locks held in the system:
[ 2334.395607][   T38] 2 locks held by rcuc/1/28:
[ 2334.395618][   T38]  #0: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[ 2334.395664][   T38]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[ 2334.395714][   T38] 6 locks held by ktimers/1/29:
[ 2334.395725][   T38] 2 locks held by ksoftirqd/1/30:
[ 2334.395738][   T38] 1 lock held by khungtaskd/38:
[ 2334.395748][   T38]  #0: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 2334.395798][   T38] 2 locks held by kworker/1:2/989:
[ 2334.395822][   T38] 5 locks held by kworker/u8:12/4512:
[ 2334.395835][   T38] 2 locks held by getty/5595:
[ 2334.395846][   T38]  #0: ffff88823bf2a8a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 2334.395892][   T38]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410
[ 2334.395937][   T38] 4 locks held by kworker/u9:2/5836:
[ 2334.395947][   T38]  #0: ffff888057054138 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.395996][   T38]  #1: ffffc90004a6fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.396040][   T38]  #2: ffff88809d8480a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[ 2334.396082][   T38]  #3: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[ 2334.396125][   T38] 2 locks held by kworker/1:5/5923:
[ 2334.396139][   T38] 4 locks held by kworker/1:8/10274:
[ 2334.396150][   T38]  #0: ffff888019899938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.396201][   T38]  #1: ffffc9000f127bc0 ((work_completion)(&(&tbl->gc_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.396246][   T38]  #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[ 2334.396289][   T38]  #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[ 2334.396332][   T38] 1 lock held by syz-executor/15302:
[ 2334.396343][   T38]  #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 2334.396385][   T38] 3 locks held by kworker/u8:6/15407:
[ 2334.396396][   T38]  #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.396441][   T38]  #1: ffffc9000bb87bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.396485][   T38]  #2: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[ 2334.396533][   T38] 1 lock held by syz-executor/15903:
[ 2334.396544][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[ 2334.396588][   T38] 1 lock held by syz-executor/16404:
[ 2334.396600][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[ 2334.396643][   T38] 1 lock held by syz-executor/18640:
[ 2334.396654][   T38]  #0: ffffffff8d9ae530 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[ 2334.396702][   T38] 1 lock held by syz-executor/19297:
[ 2334.396713][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[ 2334.396757][   T38] 3 locks held by kworker/u8:14/22360:
[ 2334.396768][   T38]  #0: ffff88814cd77938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.396813][   T38]  #1: ffffc9001421fbc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.396858][   T38]  #2: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[ 2334.396901][   T38] 4 locks held by kworker/u8:16/22371:
[ 2334.396910][   T38]  #0: ffff888031321938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.396960][   T38]  #1: ffffc90004b0fbc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.397004][   T38]  #2: ffffffff8d84a760 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[ 2334.397047][   T38]  #3: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[ 2334.397091][   T38] 1 lock held by syz-executor/22375:
[ 2334.397102][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[ 2334.397146][   T38] 1 lock held by syz-executor/22380:
[ 2334.397157][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[ 2334.397201][   T38] 4 locks held by kworker/u9:3/22382:
[ 2334.397211][   T38]  #0: ffff888036e3f138 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.397260][   T38]  #1: ffffc9000cf77bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.397305][   T38]  #2: ffff88809aef80a8 (&hdev->lock){+.+.}-{4:4}, at: le_conn_complete_evt+0xb1/0x1220
[ 2334.397349][   T38]  #3: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_connect_cfm+0x2c/0x140
[ 2334.397390][   T38] 1 lock held by syz-executor/22384:
[ 2334.397401][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet6_rtm_newaddr+0x5b7/0xd20
[ 2334.397443][   T38] 4 locks held by kworker/u9:4/22386:
[ 2334.397454][   T38]  #0: ffff888031a82138 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.397502][   T38]  #1: ffffc9000cef7bc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.397547][   T38]  #2: ffff88809f3840a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[ 2334.397588][   T38]  #3: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[ 2334.397629][   T38] 2 locks held by syz-executor/22387:
[ 2334.397640][   T38]  #0: ffffffff8ecc5040 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[ 2334.397691][   T38]  #1: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0
[ 2334.397731][   T38] 2 locks held by syz-executor/22388:
[ 2334.397742][   T38]  #0: ffffffff8ecc5040 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x304/0x4d0
[ 2334.397785][   T38]  #1: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: wg_netns_pre_exit+0x1c/0x1d0
[ 2334.397825][   T38] 6 locks held by kworker/u9:5/22389:
[ 2334.397835][   T38]  #0: ffff888063c2b138 ((wq_completion)hci0#3){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.397883][   T38]  #1: ffffc9000d0cfbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.397928][   T38]  #2: ffff88806778ce80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[ 2334.397975][   T38]  #3: ffff88806778c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[ 2334.398018][   T38]  #4: ffffffff8ee39838 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_failed+0x165/0x310
[ 2334.398062][   T38]  #5: ffff8880357d0b58 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[ 2334.398111][   T38] 4 locks held by kworker/u9:6/22392:
[ 2334.398122][   T38]  #0: ffff88804a366138 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 2334.398176][   T38]  #1: ffffc9000ccffbc0 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 2334.398220][   T38]  #2: ffff888057820e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x1d4/0x3a0
[ 2334.398266][   T38]  #3: ffff8880578200a8 (&hdev->lock){+.+.}-{4:4}, at: hci_abort_conn_sync+0x242/0xe30
[ 2334.398310][   T38] 1 lock held by syz-executor/22403:
[ 2334.398321][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x8db/0x1c70
[ 2334.398364][   T38] 1 lock held by syz-executor/22413:
[ 2334.398374][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398421][   T38] 1 lock held by syz-executor/22422:
[ 2334.398430][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398477][   T38] 1 lock held by syz-executor/22425:
[ 2334.398488][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398534][   T38] 1 lock held by syz-executor/22427:
[ 2334.398544][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398591][   T38] 1 lock held by syz-executor/22431:
[ 2334.398602][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398648][   T38] 1 lock held by syz-executor/22437:
[ 2334.398658][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398710][   T38] 1 lock held by syz-executor/22449:
[ 2334.398721][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398765][   T38] 1 lock held by syz-executor/22450:
[ 2334.398775][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398822][   T38] 1 lock held by syz-executor/22456:
[ 2334.398833][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398889][   T38] 1 lock held by syz-executor/22460:
[ 2334.398900][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.398946][   T38] 1 lock held by syz-executor/22466:
[ 2334.398957][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.399005][   T38] 1 lock held by syz-executor/22477:
[ 2334.399016][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.399062][   T38] 1 lock held by syz-executor/22480:
[ 2334.399073][   T38]  #0: ffffffff8ecd1f38 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[ 2334.399119][   T38] 
[ 2334.399125][   T38] =============================================
[ 2334.399125][   T38] 
[ 2334.399142][   T38] NMI backtrace for cpu 0
[ 2334.399165][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2334.399185][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2334.399196][   T38] Call Trace:
[ 2334.399204][   T38]  <TASK>
[ 2334.399212][   T38]  dump_stack_lvl+0x189/0x250
[ 2334.399243][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2334.399267][   T38]  ? __pfx__printk+0x10/0x10
[ 2334.399298][   T38]  nmi_cpu_backtrace+0x39e/0x3d0
[ 2334.399320][   T38]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 2334.399341][   T38]  ? __pfx__printk+0x10/0x10
[ 2334.399364][   T38]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 2334.399387][   T38]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 2334.399409][   T38]  watchdog+0xf93/0xfe0
[ 2334.399435][   T38]  ? watchdog+0x1de/0xfe0
[ 2334.399462][   T38]  kthread+0x711/0x8a0
[ 2334.399487][   T38]  ? __pfx_watchdog+0x10/0x10
[ 2334.399507][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.399534][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.399568][   T38]  ret_from_fork+0x3fc/0x770
[ 2334.399593][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[ 2334.399620][   T38]  ? __switch_to_asm+0x39/0x70
[ 2334.399636][   T38]  ? __switch_to_asm+0x33/0x70
[ 2334.399651][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.399681][   T38]  ret_from_fork_asm+0x1a/0x30
[ 2334.399717][   T38]  </TASK>
[ 2334.399725][   T38] Sending NMI from CPU 0 to CPUs 1:
[ 2334.399752][    C1] NMI backtrace for cpu 1
[ 2334.399766][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2334.399786][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2334.399796][    C1] RIP: 0010:unwind_next_frame+0x17e/0x2390
[ 2334.399821][    C1] Code: f6 03 03 0f 85 e4 17 00 00 49 8d 5e 35 48 89 d8 48 c1 e8 03 48 89 44 24 28 0f b6 04 28 84 c0 0f 85 3c 1b 00 00 4c 89 6c 24 50 <4c> 89 64 24 20 4c 89 7c 24 48 48 89 5c 24 10 0f b6 1b 48 8b 44 24
[ 2334.399836][    C1] RSP: 0018:ffffc90000a3e538 EFLAGS: 00000246
[ 2334.399851][    C1] RAX: 0000000000000000 RBX: ffffc90000a3e63d RCX: 1de0ab6b4bd9f100
[ 2334.399864][    C1] RDX: 0000000000000000 RSI: ffffffff8b620c60 RDI: ffffffff8b620c20
[ 2334.399877][    C1] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff8172b165
[ 2334.399889][    C1] R10: ffffc90000a3e658 R11: ffffffff81aae030 R12: 1ffff92000147cc1
[ 2334.399902][    C1] R13: ffffc90000a3e658 R14: ffffc90000a3e608 R15: ffffffff8172b165
[ 2334.399916][    C1] FS:  0000000000000000(0000) GS:ffff8881269c2000(0000) knlGS:0000000000000000
[ 2334.399929][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2334.399941][    C1] CR2: 000055ce78157660 CR3: 000000000d7a6000 CR4: 00000000003526f0
[ 2334.399957][    C1] Call Trace:
[ 2334.399964][    C1]  <TASK>
[ 2334.399974][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 2334.399996][    C1]  ? ip_route_output_key_hash+0x1b9/0x2e0
[ 2334.400023][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 2334.400041][    C1]  arch_stack_walk+0x11c/0x150
[ 2334.400066][    C1]  ? ip_route_output_key_hash+0x1b9/0x2e0
[ 2334.400091][    C1]  stack_trace_save+0x9c/0xe0
[ 2334.400107][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 2334.400123][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 2334.400147][    C1]  kasan_save_track+0x3e/0x80
[ 2334.400165][    C1]  ? kasan_save_track+0x3e/0x80
[ 2334.400181][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[ 2334.400199][    C1]  ? kmem_cache_alloc_noprof+0x143/0x310
[ 2334.400219][    C1]  ? dst_alloc+0x105/0x170
[ 2334.400239][    C1]  ? ip_route_output_key_hash_rcu+0x14e1/0x23d0
[ 2334.400261][    C1]  ? ip_route_output_key_hash+0x1b9/0x2e0
[ 2334.400302][    C1]  ? dst_alloc+0x105/0x170
[ 2334.400325][    C1]  __kasan_slab_alloc+0x6c/0x80
[ 2334.400343][    C1]  ? dst_alloc+0x105/0x170
[ 2334.400363][    C1]  kmem_cache_alloc_noprof+0x143/0x310
[ 2334.400386][    C1]  dst_alloc+0x105/0x170
[ 2334.400409][    C1]  ip_route_output_key_hash_rcu+0x14e1/0x23d0
[ 2334.400445][    C1]  ? ip_route_output_key_hash+0xde/0x2e0
[ 2334.400469][    C1]  ip_route_output_key_hash+0x1b9/0x2e0
[ 2334.400491][    C1]  ? __lock_acquire+0xab9/0xd20
[ 2334.400512][    C1]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[ 2334.400537][    C1]  ? ip_route_me_harder+0x4ad/0x1030
[ 2334.400557][    C1]  ip_route_output_flow+0x2a/0x150
[ 2334.400577][    C1]  ? ip_route_me_harder+0x6c0/0x1030
[ 2334.400593][    C1]  ip_route_me_harder+0x6d2/0x1030
[ 2334.400614][    C1]  ? __pfx_ip_route_me_harder+0x10/0x10
[ 2334.400643][    C1]  synproxy_send_tcp+0x359/0x6c0
[ 2334.400667][    C1]  synproxy_send_client_synack+0x8bb/0xe20
[ 2334.400695][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[ 2334.400715][    C1]  ? nft_tproxy_eval+0x6e8/0x1c00
[ 2334.400736][    C1]  ? synproxy_pernet+0x45/0x270
[ 2334.400761][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[ 2334.400787][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[ 2334.400810][    C1]  ? nf_ip_checksum+0x13c/0x510
[ 2334.400835][    C1]  nft_synproxy_do_eval+0x345/0x570
[ 2334.400861][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[ 2334.400892][    C1]  nft_do_chain+0x40c/0x1920
[ 2334.400920][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[ 2334.400946][    C1]  ? __lock_acquire+0xab9/0xd20
[ 2334.400974][    C1]  ? try_to_take_rt_mutex+0x840/0xb00
[ 2334.400995][    C1]  nft_do_chain_inet+0x25d/0x340
[ 2334.401017][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 2334.401040][    C1]  ? __lock_acquire+0xab9/0xd20
[ 2334.401064][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 2334.401082][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[ 2334.401105][    C1]  nf_hook_slow+0xc5/0x220
[ 2334.401126][    C1]  NF_HOOK+0x206/0x3a0
[ 2334.401145][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 2334.401164][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 2334.401181][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 2334.401197][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[ 2334.401217][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[ 2334.401237][    C1]  ? skb_dst+0x4f/0xd0
[ 2334.401255][    C1]  ? ip_local_deliver+0x12a/0x1b0
[ 2334.401275][    C1]  NF_HOOK+0x309/0x3a0
[ 2334.401300][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 2334.401318][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 2334.401335][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 2334.401354][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 2334.401377][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 2334.401394][    C1]  __netif_receive_skb+0x143/0x380
[ 2334.401410][    C1]  ? rt_spin_unlock+0x65/0x80
[ 2334.401433][    C1]  ? process_backlog+0x27b/0x900
[ 2334.401450][    C1]  process_backlog+0x31e/0x900
[ 2334.401473][    C1]  __napi_poll+0xb6/0x540
[ 2334.401492][    C1]  net_rx_action+0x707/0xe00
[ 2334.401509][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2334.401536][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 2334.401569][    C1]  handle_softirqs+0x22c/0x710
[ 2334.401593][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 2334.401617][    C1]  run_ktimerd+0xcf/0x190
[ 2334.401637][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[ 2334.401657][    C1]  ? schedule+0x91/0x360
[ 2334.401744][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 2334.401772][    C1]  smpboot_thread_fn+0x542/0xa60
[ 2334.401792][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[ 2334.401815][    C1]  kthread+0x711/0x8a0
[ 2334.401839][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 2334.401865][    C1]  ? __pfx_kthread+0x10/0x10
[ 2334.401893][    C1]  ? __pfx_kthread+0x10/0x10
[ 2334.401916][    C1]  ret_from_fork+0x3fc/0x770
[ 2334.401937][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 2334.401960][    C1]  ? __switch_to_asm+0x39/0x70
[ 2334.401976][    C1]  ? __switch_to_asm+0x33/0x70
[ 2334.401990][    C1]  ? __pfx_kthread+0x10/0x10
[ 2334.402013][    C1]  ret_from_fork_asm+0x1a/0x30
[ 2334.402036][    C1]  </TASK>
[ 2334.769318][   T38] Kernel panic - not syncing: hung_task: blocked tasks
[ 2334.769340][   T38] CPU: 0 UID: 0 PID: 38 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 2334.769361][   T38] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2334.769372][   T38] Call Trace:
[ 2334.769409][   T38]  <TASK>
[ 2334.769418][   T38]  dump_stack_lvl+0x99/0x250
[ 2334.769447][   T38]  ? __asan_memcpy+0x40/0x70
[ 2334.769467][   T38]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2334.769490][   T38]  ? __pfx__printk+0x10/0x10
[ 2334.769521][   T38]  vpanic+0x281/0x750
[ 2334.769547][   T38]  ? __pfx_vpanic+0x10/0x10
[ 2334.769570][   T38]  ? preempt_schedule+0xae/0xc0
[ 2334.769593][   T38]  ? preempt_schedule_common+0x83/0xd0
[ 2334.769620][   T38]  panic+0xb9/0xc0
[ 2334.769642][   T38]  ? __pfx_panic+0x10/0x10
[ 2334.769671][   T38]  ? preempt_schedule_thunk+0x16/0x30
[ 2334.769698][   T38]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[ 2334.769720][   T38]  watchdog+0xfd2/0xfe0
[ 2334.769746][   T38]  ? watchdog+0x1de/0xfe0
[ 2334.769772][   T38]  kthread+0x711/0x8a0
[ 2334.769799][   T38]  ? __pfx_watchdog+0x10/0x10
[ 2334.769819][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.769848][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.769872][   T38]  ret_from_fork+0x3fc/0x770
[ 2334.769897][   T38]  ? __pfx_ret_from_fork+0x10/0x10
[ 2334.769923][   T38]  ? __switch_to_asm+0x39/0x70
[ 2334.769939][   T38]  ? __switch_to_asm+0x33/0x70
[ 2334.769955][   T38]  ? __pfx_kthread+0x10/0x10
[ 2334.769980][   T38]  ret_from_fork_asm+0x1a/0x30
[ 2334.770012][   T38]  </TASK>
[ 2334.770264][   T38] Kernel Offset: disabled