last executing test programs:

11m44.914832636s ago: executing program 1 (id=1708):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0xf0f041, 0x0, '\x00', @value64}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r2)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020)
execve(&(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000800)={[&(0x7f0000000940)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01', &(0x7f0000000a40)='\x7f\xb7\xc3\x7f\xa5a\xd6A*c\x9b\xd8R\xf02b\xefA|uiWb\x8f\xee\x1c\xc5\xdb^\x11\x16h\x83\x94y<yN\xfbXh[\xe9\xa9\x1702\x7f\x9e\xf0\x99\xad\xdc;p\x98R\a\xb1\x9d^\x0f\x121\xb3\xab7P\xd6\xcb\x06\xfe2~W\xd9\xad\x80\xd9!\x89%\xb80\xa3l;\x1eK\x90\x15\xc6\x11A\xfc\x7f\xc6\xed\xe7\xa3\x9f\xb4\xce\"\xef\xa8\x86F\x15\xb9\rj\f\xafa\xb0}\xde\'E\x84\xb2bO\xd2\xd4\x85F\xde1e\xe0\xf2\xa0/\xd3<\xda\xfe\x04,\xfa\x97\xb6\xf4\xcf\x0el\xf2\xbd\x18\x88\xd7\x02\xce\x99\x1f\xadj\x89\xd9\xb7\xae9\xb0\xb0{n.\xd7\x87C\x0eh|KZG\x108l\n\xcd\xe9\x04\xafM\xbf\x83#>\x89\xf1Y{\x87\xd5\xf3\xccMr\xc5\xbdT\x9e\xc4\x84\x06\xcd\x8b\xcd\t\x01']})
shutdown(0xffffffffffffffff, 0x1)

11m44.249342741s ago: executing program 1 (id=1710):
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x20000)
socket(0x10, 0x803, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3)
ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0))
read$dsp(r1, &(0x7f0000000300)=""/79, 0x4f)

11m44.147864472s ago: executing program 1 (id=1712):
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x12, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)

11m43.454423758s ago: executing program 1 (id=1715):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xac, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
timerfd_create(0x0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

11m41.569600801s ago: executing program 1 (id=1719):
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0xc0049364, &(0x7f0000000180))
r5 = open(0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000d40)='./file0\x00', 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000017c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, 0x0)

11m40.425804948s ago: executing program 1 (id=1723):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000380)=@mmap={0x401, 0x2, 0x4, 0x10, 0x1, {0x77359400}, {0x3, 0x0, 0xf, 0xd, 0x7, 0x1}, 0x4, 0x1, {}, 0x101})
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046, 0x100000})

11m25.382977664s ago: executing program 32 (id=1723):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x80000000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000380)=@mmap={0x401, 0x2, 0x4, 0x10, 0x1, {0x77359400}, {0x3, 0x0, 0xf, 0xd, 0x7, 0x1}, 0x4, 0x1, {}, 0x101})
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046, 0x100000})

24.191559968s ago: executing program 2 (id=4055):
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = epoll_create(0x7)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000040))
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0x6)
ioctl$SIOCAX25ADDFWD(r4, 0x89ea, 0x0)

22.373883376s ago: executing program 3 (id=4059):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xac, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

21.090945271s ago: executing program 3 (id=4061):
unshare(0x2c020000)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0], 0x50)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x11)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000700)="1a589880094221163118c20ba67edecc8e404446a08a220bc228fdded14097f1bccd9ad61925bf16c950493dcbfa6ab0c9b15be904473944ae117dc771d96adb8d73784dfe7e94e74e3174a167769327c0d80ba8284629876a30092ed1a239694a89b84b0e057116bce4937d0f2b278462dba4d09bef9ee1", 0x78}], 0x1)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x49be, &(0x7f0000000480)={0x0, 0x37ad, 0x7dc0071a664f01a8, 0xfffffffe, 0x122, 0x0, r3}, &(0x7f00000001c0), &(0x7f00000003c0))
r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$revoke(0x3, r4)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000000e80)=""/4096, 0x1000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008041}, 0x0)
r7 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=@newqdisc={0x68, 0x14, 0xf0b, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, {0xd, 0x3}, {0xc, 0xe}, {0x8, 0xa}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xfc, 0x210, 0x400000a, 0x1, 0x0, 0xb}}, {0x4}}, {{0x1c, 0x1, {0x1, 0x5, 0x1f, 0x3, 0x0, 0x9, 0xb}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000500)={&(0x7f00000009c0)=ANY=[@ANYBLOB="69cdae1cc462d5b2140000001000010000000000000000000500000a20000000030a01030000000000000000010000090a000700726f757465003d8401ac0000090a010100000000000000000700000408000a400000000308000440000000120c0010400000000000000001080008400000000120000000030a01080000000000000000030000010c0002400000000000000003140000001100010000000000000000000300000a"], 0xa0}, 0x1, 0x0, 0x0, 0x90}, 0x10)
sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f50000000000000000020000000900020073797a31000000"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
connect$llc(r5, &(0x7f00000002c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @remote}, 0x10)
sendmmsg(r5, &(0x7f0000001380), 0x3fffffffffffeed, 0xf000000)

19.914685664s ago: executing program 3 (id=4064):
socket$nl_route(0x10, 0x3, 0x0)
add_key$keyring(&(0x7f00000003c0), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb)
r0 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000080)={0x2, r1, 0x1})
pselect6(0x40, &(0x7f0000000340)={0x0, 0x3ffffffffffffffc, 0xffffffffffffffff, 0xffffffffffffb5d2, 0xfffffffffffffffd, 0x200000000000010, 0xfffc}, &(0x7f0000000580)={0x10, 0x3, 0x7, 0x1, 0x0, 0x4, 0x6, 0x7}, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$FUSE_NOTIFY_POLL(r3, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_G_FMT(r5, 0xc0585604, 0x0)
socket$inet6(0xa, 0x4, 0x5)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x6)
socket$inet6(0xa, 0x3, 0x8)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000002c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f00000000c0)={0x28, 0x2, r7, 0x0, &(0x7f000047b000/0x4000)=nil, 0x4000, 0x1})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r6, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r7, 0x0, <r8=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r6, 0x3ba0, &(0x7f00000005c0)={0x48, 0x8, r8, 0x0, 0x2fff, 0x1, &(0x7f00000004c0)='\x00', 0x1})
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_FILTER(r9, 0x6b, 0x1, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0100000004000000080000000b000000000000", @ANYRES32, @ANYBLOB="1c5600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x50)

19.833488116s ago: executing program 0 (id=4065):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101040, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x200, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', 0x0, 0x0, 0x0)
lchown(&(0x7f0000000040)='./file0\x00', 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x20401, 0x1c7)
openat(r1, &(0x7f0000000200)='./file1\x00', 0x84000, 0x98)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f0000000680)=@raw={'raw\x00', 0x8, 0x3, 0x200, 0x0, 0x18c, 0x148, 0xd0, 0x0, 0x168, 0x2a8, 0x2a8, 0x168, 0x2a8, 0x3, 0x0, {[{{@ip={@dev, @remote, 0x0, 0x0, 'gretap0\x00', 'veth0_to_bond\x00'}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x6, 0x2, 0x3, 0x0, 0x0, 0x40000]}, {0xffffffffffffffff}}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth1\x00', 'bridge0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x260)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000280)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r2, 0x2)
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x2, @local}, 0x10)
close_range(r2, 0xffffffffffffffff, 0x0)

18.200343925s ago: executing program 5 (id=4068):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
getpid()
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe00000005"], 0x1)
r5 = landlock_create_ruleset(&(0x7f0000000180)={0x100}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r5, 0xf4240, 0x0, 0x0)
r6 = openat$cgroup_ro(r4, &(0x7f0000000380)='devices.list\x00', 0x0, 0x0)
preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0)

18.090328844s ago: executing program 0 (id=4069):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xf, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0}, 0x50)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_lsm={0xd, 0x5, &(0x7f00000000c0)=@framed={{0x15, 0xa, 0x0, 0x0, 0x80000000, 0x61, 0x11, 0x54}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
pipe(&(0x7f0000000480))
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r6, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r5], 0x38}}, 0x10)
r8 = gettid()
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000040)={0x1f, 0x40, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_SECURITY(r9, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)
sendmsg$sock(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)=<r10=>0x0)
timer_settime(r10, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x100)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r9, 0x8983, &(0x7f0000000000)={0x6, 'netdevsim0\x00', {0x9}, 0x520e})

17.145101335s ago: executing program 5 (id=4071):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x10)

16.33569279s ago: executing program 0 (id=4072):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22180, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0xb, 0x7, 0x0, 0x1c, 0x5, 0x83, 0x4d, 0x2, 0xf9, 0x3, 0x80, 0x9, 0x8000000000000000}, {0x6, 0x82, 0x4, 0xc4, 0x4, 0x7, 0x6, 0x3, 0x7, 0xf9, 0x0, 0x7d}, {0xe2a5, 0xd, 0x1, 0x9, 0x2, 0xe, 0xd, 0x6, 0xff, 0x6, 0x56, 0x7}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16.321516603s ago: executing program 3 (id=4073):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
timerfd_create(0x0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

16.320873195s ago: executing program 4 (id=4074):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xb3ad}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10)

16.166094852s ago: executing program 4 (id=4075):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x22180, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0xb, 0x7, 0x0, 0x1c, 0x5, 0x83, 0x4d, 0x2, 0xf9, 0x3, 0x80, 0x9, 0x8000000000000000}, {0x6, 0x82, 0x4, 0xc4, 0x4, 0x7, 0x6, 0x3, 0x7, 0xf9, 0x0, 0x7d}, {0xe2a5, 0xd, 0x1, 0x9, 0x2, 0xe, 0xd, 0x6, 0xff, 0x6, 0x56, 0x7}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0xffffffffffffffff, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x100000000004, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

16.065133222s ago: executing program 5 (id=4076):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
semget$private(0x0, 0x1, 0x380)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
io_setup(0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000000)=""/191, 0xbf}], 0x1, 0x55, 0xfffffffc)

16.044115404s ago: executing program 2 (id=4077):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xac, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

15.046480979s ago: executing program 0 (id=4078):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c, '\x00', 0x0, @fallback=0x2e}, 0x94)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
getrusage(0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
r4 = memfd_create(&(0x7f0000000b00)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xe4\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x19\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd\xa65`8\x83\xb1\x90\xc3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.EaR5\xd6aC\x93\xe24\xf8\x88\x10\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb0\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x80\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1$\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7f\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j', 0x2)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@generic={0x0}, 0x18)
execveat(r4, 0x0, 0x0, 0x0, 0x1000)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x328, 0x2e8, 0x2e8, 0x328, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x18}}, @inet=@rpfilter={{0x28}, {0x5}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0x16, 0x7, 0x40, 0x8b, 0x2, 0x8, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000078000000030a01030000000000000000050000000900010073797a300000000008000540000000001c0008800c00024000000000000000000c00014000000000000000000900030073797a3200000000280004800800024000000000140003007465616d5f736c6176655f30000000000800014000000001140000"], 0xd4}}, 0x0)

12.006347035s ago: executing program 4 (id=4079):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000280), r0)
sendmsg$SEG6_CMD_DUMPHMAC(r1, &(0x7f0000000400)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x8000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002300)={0x14, 0x34, 0x107, 0xffffffff, 0xfffffffe, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

8.357105369s ago: executing program 0 (id=4080):
syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x22, &(0x7f0000000100)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000080), 0x2000011a)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000380), 0x10)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000002c0)={0x0, 0x2a4}, 0x1, 0x0, 0x0, 0x40000d0}, 0x408d1)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.354729997s ago: executing program 3 (id=4081):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x2c, 0x2b, 0x107, 0x8000000, 0x0, {0x5, 0x7c}, [@nested={0x18, 0x1, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@local}]}]}, 0x2c}}, 0x40080c0)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
ppoll(&(0x7f00000000c0)=[{r1, 0xd000}, {r1, 0x4018}], 0x2, 0x0, 0x0, 0x0)
write$vga_arbiter(r1, 0x0, 0x0)
write$vga_arbiter(r1, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd)

8.354197505s ago: executing program 2 (id=4082):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, 0x0, 0x0}, 0x20)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x67)

8.330459439s ago: executing program 5 (id=4083):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xf, 0x3, &(0x7f00000003c0)=ANY=[@ANYRES64=r0], &(0x7f0000000200)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r1, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x0}, 0x50)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_lsm={0xd, 0x5, &(0x7f00000000c0)=@framed={{0x15, 0xa, 0x0, 0x0, 0x80000000, 0x61, 0x11, 0x54}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
pipe(&(0x7f0000000480))
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r6, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r5], 0x38}}, 0x10)
r8 = gettid()
r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r9, &(0x7f0000000040)={0x1f, 0x40, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
setsockopt$bt_BT_SECURITY(r9, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2)
sendmsg$sock(r9, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
r10 = syz_open_procfs(0x0, &(0x7f0000000100)='attr\x00')
mkdirat(r10, &(0x7f0000000040)='./file0\x00', 0x100)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r9, 0x8983, &(0x7f0000000000)={0x6, 'netdevsim0\x00', {0x9}, 0x520e})

6.873033601s ago: executing program 2 (id=4084):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
timerfd_create(0x0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

5.848987487s ago: executing program 5 (id=4085):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c, '\x00', 0x0, @fallback=0x2e}, 0x94)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
socket(0x1e, 0x4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
getrusage(0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
r4 = memfd_create(&(0x7f0000000b00)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xe4\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x19\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd\xa65`8\x83\xb1\x90\xc3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.EaR5\xd6aC\x93\xe24\xf8\x88\x10\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb0\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x80\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1$\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7f\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j', 0x2)
bpf$OBJ_PIN_PROG(0x6, &(0x7f00000001c0)=@generic={0x0}, 0x18)
execveat(r4, 0x0, 0x0, 0x0, 0x1000)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000001b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d0, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x328, 0x2e8, 0x2e8, 0x328, 0x2e8, 0x3, 0x0, {[{{@uncond, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'fsm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x18}}, @inet=@rpfilter={{0x28}, {0x5}}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xd8, 0x140, 0x0, {}, [@common=@srh={{0x30}, {0x16, 0x7, 0x40, 0x8b, 0x2, 0x8, 0x1}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x430)

5.53142855s ago: executing program 4 (id=4086):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xb3ad}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10)

5.437417519s ago: executing program 4 (id=4087):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x2, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c)
r4 = memfd_create(&(0x7f0000000380)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xa9\x1fg\xf1\x85z{\x1d<\xe2\x1c7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xedn\x8c<5\xcf\x92;\x85)\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\x05\x831\xd3\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xf6\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xc6(\x19\xf8\xb4?Fv\xac\xc7m\xe1\xf68W\x19\x0f\x87\x84\xafK\x91v\xb5\xe7Cf\xe0L\b9\xe2\x15d~R4\xdf\xbb\xfeiH', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000000)=0x2efb, 0x4)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$inet(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x400000000000171, 0x8800)
recvfrom(r5, &(0x7f00000001c0)=""/222, 0xde, 0x10000, &(0x7f00000000c0)=@in6={0xa, 0x4e24, 0x1, @loopback, 0x2}, 0x80)

1.199396523s ago: executing program 5 (id=4088):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x5, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0xff, 0x6, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x0, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x5, 0x7, 0x83, 0x8, 0x4c74, 0x0, 0x242, 0x2, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x21, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x85, 0x6, 0x8, 0x3ff, 0x83, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0x88, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0xff, 0x0, 0x1000ff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0xbc2, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x4, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x1, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x3, 0x5, 0x800000, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x2, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x16d01, 0x6, 0x38, 0x800003, 0x600, 0x80, 0xbf7, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x4a9, 0x5, 0x6, 0xac8, 0x5, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x2, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0xa, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x1, 0x7fff, 0xffff, 0xa620, 0x1, 0x7, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0xffffffff, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xae, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x8, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x7ff]}, 0x45c)
r4 = memfd_create(&(0x7f0000000380)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xa9\x1fg\xf1\x85z{\x1d<\xe2\x1c7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xedn\x8c<5\xcf\x92;\x85)\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\x05\x831\xd3\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xf6\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xc6(\x19\xf8\xb4?Fv\xac\xc7m\xe1\xf68W\x19\x0f\x87\x84\xafK\x91v\xb5\xe7Cf\xe0L\b9\xe2\x15d~R4\xdf\xbb\xfeiH', 0x3)
ftruncate(r4, 0xffff)
fcntl$addseals(r4, 0x409, 0x7)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000100)={r4, 0x0, 0x0, 0x1000})
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f0000000000)=0x2efb, 0x4)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmmsg$inet(r5, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}}], 0x400000000000171, 0x8800)
recvfrom(r5, &(0x7f00000001c0)=""/222, 0xde, 0x10000, &(0x7f00000000c0)=@in6={0xa, 0x4e24, 0x1, @loopback, 0x2}, 0x80)

1.12799085s ago: executing program 3 (id=4089):
socket(0x2b, 0x80801, 0x1)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000001c0)=""/53, 0x35)
getdents(r2, 0xfffffffffffffffd, 0x58)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = fsopen(&(0x7f0000000040)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fchdir(r7)
openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x28880, 0x8c)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r7, &(0x7f00000002c0)="fac80f7f67278a919d2dd9b1fdcf924cffdb8a86dcb08b54ac90000d2bed57c498538c4e816b66f9365c74794a4cee8033fb4d47222eb2a03dac7a6a1dbb07fd2dac904b1e03143687784a817de736131b6ff5041dbc4af3917644b94cff3ac026ccb8a96498ed745868c52b59b6a54a35cc26b43b18c08b4fc7d24c1c66e587b322b2db4be8e9edd5420b56f08a5b8cd01014fe44d58fd993ada9f642c759c69c42167d54b2a5c6f2be8902a2dae257103080027f015048b1a3806067c6abf0ba39cff06af11764c158684141c7a092d2eec2bc038df9d69746998ad5c0192d25a1cd3601af091e91436813cea3", &(0x7f00000000c0)=""/12}, 0x20)

1.063666075s ago: executing program 0 (id=4090):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_RENAME(r1, &(0x7f0000000940)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x14, 0x5, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4080}, 0x20005004)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x6, 0x7, 0x7f, 0x5, 0x1, 0x6, 0x5f, 0x9, 0x15, 0xffff2d33, 0xff7fff01, 0x7, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x0, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x5, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x8, 0x9, 0x8000012f, 0x8008, 0x5, 0xfffffff3, 0x129c32f6, 0xc8, 0x5, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0xfffffffe, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xb, 0x4, 0x9, 0x8, 0x40, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x204, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93790, 0x42, 0x3], [0x7, 0x408, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x8, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x9, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x81, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac4, 0xbf, 0xfffffffe, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2009, 0x80a2ed, 0x2c4ad71a, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x0, 0x938, 0x6, 0x3, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x4000005, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff002, 0x10000, 0x3, 0x7e, 0x3, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf41, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000000)=0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
socket(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x3c, r3, 0x917, 0x70bd28, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_FD={0x8}]}, 0x3c}, 0x1, 0x620b}, 0x0)

1.061612591s ago: executing program 2 (id=4091):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f0000000040)='cpu.weight.nice\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000140)=ANY=[@ANYBLOB='-'], 0x9)

1.058626938s ago: executing program 4 (id=4092):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x1000000000003, 0x3, 0x8000000000007, 0xac, 0x3, 0x1, {0x0, 0x180, 0x20fe, 0x5, 0x87, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0xc000, 0x0, 0xee00, 0x0, 0x3ff, 0x401}}, {0x0, 0x11}}}, 0xa0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x7f03)
timerfd_create(0x0, 0x0)
symlinkat(0x0, 0xffffffffffffffff, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000200), 0x800)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r4, 0x4058534c, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

0s ago: executing program 2 (id=4093):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
semget$private(0x0, 0x1, 0x380)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
io_setup(0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sysvipc/sem\x00', 0x0, 0x0)
preadv(r4, &(0x7f0000000580)=[{&(0x7f0000000000)=""/191, 0xbf}], 0x1, 0x55, 0xfffffffc)

kernel console output (not intermixed with test programs):

12130]  ? lockdep_hardirqs_on+0x9c/0x150
[  672.227461][T12130]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.227479][T12130]  ? clear_bhb_loop+0x60/0xb0
[  672.227503][T12130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.227521][T12130] RIP: 0033:0x7fb768f8e929
[  672.227539][T12130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.227555][T12130] RSP: 002b:00007fb769ea4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  672.227576][T12130] RAX: ffffffffffffffda RBX: 00007fb7691b5fa0 RCX: 00007fb768f8e929
[  672.227590][T12130] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[  672.227602][T12130] RBP: 00007fb769010b39 R08: 0000000000000000 R09: 0000000000000000
[  672.227615][T12130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  672.227627][T12130] R13: 0000000000000000 R14: 00007fb7691b5fa0 R15: 00007ffff46d03e8
[  672.227657][T12130]  </TASK>
[  672.227686][T12130] Mem-Info:
[  672.488458][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.523020][T12162] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  672.538342][T12130] active_anon:2898 inactive_anon:9637 isolated_anon:0
[  672.538342][T12130]  active_file:4511 inactive_file:10384 isolated_file:0
[  672.538342][T12130]  unevictable:768 dirty:72 writeback:0
[  672.538342][T12130]  slab_reclaimable:6783 slab_unreclaimable:116474
[  672.538342][T12130]  mapped:34173 shmem:8173 pagetables:1293
[  672.538342][T12130]  sec_pagetables:0 bounce:0
[  672.538342][T12130]  kernel_misc_reclaimable:0
[  672.538342][T12130]  free:1327507 free_pcp:10593 free_cma:0
[  672.603636][    C0] vkms_vblank_simulate: vblank timer overrun
[  672.617563][T12162] syzkaller0: entered promiscuous mode
[  672.628868][T12162] syzkaller0: entered allmulticast mode
[  672.643432][T12162] tipc: Resetting bearer <eth:syzkaller0>
[  672.658169][T12130] Node 0 active_anon:11592kB inactive_anon:38548kB active_file:17988kB inactive_file:41400kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:136672kB dirty:288kB writeback:0kB shmem:31156kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11720kB pagetables:4824kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  673.143427][T12130] Node 1 active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:56kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  673.175034][    C0] vkms_vblank_simulate: vblank timer overrun
[  673.187388][T12161] tipc: Resetting bearer <eth:syzkaller0>
[  673.194070][T12130] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  673.223003][    C0] vkms_vblank_simulate: vblank timer overrun
[  673.255017][T12130] lowmem_reserve[]: 0 2500 2502 2502 2502
[  673.262658][T12130] Node 0 DMA32 free:1387488kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:11536kB inactive_anon:26844kB active_file:16460kB inactive_file:41300kB unevictable:1536kB writepending:288kB present:3129332kB managed:2560896kB mlocked:0kB bounce:0kB free_pcp:43184kB local_pcp:25764kB free_cma:0kB
[  673.297257][T12161] tipc: Disabling bearer <eth:syzkaller0>
[  673.297476][T12130] lowmem_reserve[]: 0 0 1 1 1
[  673.309333][T12130] Node 0 Normal free:32kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:64kB active_file:1528kB inactive_file:100kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:52kB local_pcp:44kB free_cma:0kB
[  673.352938][T12130] lowmem_reserve[]: 0 0 0 0 0
[  673.357732][T12130] Node 1 Normal free:3907188kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:56kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10432kB local_pcp:2560kB free_cma:0kB
[  673.392246][T12130] lowmem_reserve[]: 0 0 0 0 0
[  673.397550][T12130] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  673.411666][T12130] Node 0 DMA32: 18*4kB (UME) 177*8kB (UME) 539*16kB (UME) 1017*32kB (UME) 481*64kB (UME) 260*128kB (UME) 185*256kB (UME) 117*512kB (UME) 60*1024kB (UME) 21*2048kB (UM) 261*4096kB (UM) = 1387488kB
[  673.432822][T12130] Node 0 Normal: 14*4kB (M) 5*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 112kB
[  673.446179][T12130] Node 1 Normal: 197*4kB (UME) 62*8kB (UME) 43*16kB (UME) 238*32kB (UME) 92*64kB (UE) 24*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3907188kB
[  673.466339][T12130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  673.476793][T12130] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  673.486520][T12130] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  673.506379][T12130] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  673.517144][T12130] 20202 total pagecache pages
[  673.525699][T12130] 1 pages in swap cache
[  673.530638][T12130] Free swap  = 124992kB
[  673.534823][T12130] Total swap = 124996kB
[  673.540778][T12130] 2097051 pages RAM
[  673.544609][T12130] 0 pages HighMem/MovableOnly
[  673.570904][T12130] 424720 pages reserved
[  673.575120][T12130] 0 pages cma reserved
[  674.342235][T12193] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1733'.
[  674.778051][ T5951] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  674.861508][T12201] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  674.868981][T12201] syzkaller0: entered promiscuous mode
[  674.874586][T12201] syzkaller0: entered allmulticast mode
[  674.891741][T12201] tipc: Resetting bearer <eth:syzkaller0>
[  674.918342][T12200] tipc: Resetting bearer <eth:syzkaller0>
[  674.953540][ T5951] usb 1-1: Using ep0 maxpacket: 16
[  674.965273][T12200] tipc: Disabling bearer <eth:syzkaller0>
[  674.970118][ T5951] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  674.983717][ T5951] usb 1-1: config 1 has no interface number 0
[  674.991415][ T5951] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  675.005478][ T5951] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  675.016286][ T5951] usb 1-1: config 1 interface 105 has no altsetting 0
[  675.043693][ T5951] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  675.057848][ T5951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.065985][ T5951] usb 1-1: Product: syz
[  675.078128][ T5951] usb 1-1: Manufacturer: syz
[  675.083218][ T5951] usb 1-1: SerialNumber: syz
[  675.097590][T12195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  675.113243][T12195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  675.684316][T12195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  675.770295][T12195] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  676.620164][ T5951] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  676.775890][T12231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1749'.
[  676.787647][ T5951] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  676.944964][T12229] syz.2.1748 (12229): drop_caches: 2
[  676.972059][T12229] syz.2.1748 (12229): drop_caches: 2
[  677.408305][ T5951] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, a2:19:63:7f:90:c9
[  677.482360][ T5951] usb 1-1: USB disconnect, device number 21
[  677.512137][ T5951] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  677.670479][ T5951] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  677.691269][ T5951] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  677.714052][ T5951] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  678.277123][T12268] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1763'.
[  678.292183][T12268] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.299972][T12268] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.424462][T12270] IPVS: Error connecting to the multicast addr
[  679.118199][ T5951] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  679.163943][T12276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1767'.
[  679.191361][T12276] bridge3: the hash_elasticity option has been deprecated and is always 16
[  679.232221][T12279] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1767'.
[  679.279721][ T5951] usb 1-1: Using ep0 maxpacket: 8
[  679.333368][ T5951] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  679.374379][ T5951] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  679.427376][ T5951] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  679.474420][ T5951] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  679.523711][ T5951] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  679.555969][ T5951] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  679.615288][ T5951] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  679.649460][ T5951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.667384][ T5951] usbtmc 1-1:16.0: probe with driver usbtmc failed with error -22
[  679.950890][ T1225] usb 1-1: USB disconnect, device number 22
[  680.892650][T12304] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  681.138456][T12305] bridge0: port 1(bridge_slave_0) entered disabled state
[  682.418133][T12319] ip6gre1: entered allmulticast mode
[  683.807305][T12351] batman_adv: batadv0: Adding interface: ip6gretap1
[  683.834771][T12351] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  683.887430][T12351] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  683.938069][T12354] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  683.964204][T12354] batman_adv: batadv0: Removing interface: batadv_slave_0
[  683.979459][T12354] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  683.998397][T12354] batman_adv: batadv0: Removing interface: batadv_slave_1
[  684.006345][T12354] batman_adv: batadv0: Removing interface: ip6gretap1
[  684.515372][T12371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1799'.
[  684.536391][T12371] bridge3: the hash_elasticity option has been deprecated and is always 16
[  684.583893][T12373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1799'.
[  686.456010][T12390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  686.479465][T12390] syzkaller0: entered promiscuous mode
[  686.485002][T12390] syzkaller0: entered allmulticast mode
[  686.588570][T12390] tipc: Resetting bearer <eth:syzkaller0>
[  686.617424][T12389] tipc: Resetting bearer <eth:syzkaller0>
[  686.680801][T12389] tipc: Disabling bearer <eth:syzkaller0>
[  687.643266][ T3492] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  688.297853][ T3492] usb 4-1: Using ep0 maxpacket: 32
[  688.366895][ T3492] usb 4-1: config 0 has no interfaces?
[  688.412942][ T3492] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  688.498875][ T3492] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.566553][ T3492] usb 4-1: config 0 descriptor??
[  689.251080][ T1225] usb 4-1: USB disconnect, device number 22
[  690.237565][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  690.248569][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  690.258837][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  690.267081][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  690.285104][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  691.594408][T12443] chnl_net:caif_netlink_parms(): no params data found
[  692.434339][   T51] Bluetooth: hci1: command tx timeout
[  692.686948][T12443] bridge0: port 1(bridge_slave_0) entered blocking state
[  692.703900][T12443] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.747874][T12443] bridge_slave_0: entered allmulticast mode
[  692.823295][T12443] bridge_slave_0: entered promiscuous mode
[  692.846030][T12443] bridge0: port 2(bridge_slave_1) entered blocking state
[  692.866933][T12443] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.878498][T12443] bridge_slave_1: entered allmulticast mode
[  692.909967][T12443] bridge_slave_1: entered promiscuous mode
[  693.177589][T12443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  693.285409][T12443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  693.623685][T12443] team0: Port device team_slave_0 added
[  693.670057][T12443] team0: Port device team_slave_1 added
[  693.980729][T12443] batman_adv: batadv0: Adding interface: batadv_slave_0
[  694.000704][T12443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.072345][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  694.072364][   T30] audit: type=1804 audit(2000000321.640:84): pid=12501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.4.1840" name="/newroot/347/file1" dev="fuse" ino=1 res=1 errno=0
[  694.100889][T12443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  694.136370][T12443] batman_adv: batadv0: Adding interface: batadv_slave_1
[  694.144223][   T30] audit: type=1800 audit(2000000321.640:85): pid=12501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1840" name="/" dev="fuse" ino=1 res=0 errno=0
[  694.167866][T12443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  694.213317][   T30] audit: type=1800 audit(2000000321.640:86): pid=12501 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.4.1840" name="/" dev="fuse" ino=1 res=0 errno=0
[  694.248129][T12443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  694.298238][ T5953] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  694.434727][T12443] hsr_slave_0: entered promiscuous mode
[  694.465233][ T5953] usb 1-1: config 0 has an invalid interface number: 133 but max is 0
[  694.474447][T12443] hsr_slave_1: entered promiscuous mode
[  694.492929][ T5953] usb 1-1: config 0 has no interface number 0
[  694.507384][T12443] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  694.520407][   T51] Bluetooth: hci1: command tx timeout
[  694.538608][ T5953] usb 1-1: config 0 interface 133 altsetting 0 endpoint 0xB has invalid maxpacket 3840, setting to 64
[  694.595094][T12443] Cannot create hsr debugfs directory
[  694.647171][ T5953] usb 1-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  694.693417][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.743938][ T5953] usb 1-1: Product: syz
[  694.842379][ T5953] usb 1-1: Manufacturer: syz
[  694.847153][ T5953] usb 1-1: SerialNumber: syz
[  694.896600][ T5953] usb 1-1: config 0 descriptor??
[  696.085607][T12443] 8021q: adding VLAN 0 to HW filter on device bond0
[  696.232415][T12443] 8021q: adding VLAN 0 to HW filter on device team0
[  697.106654][ T6164] bridge0: port 1(bridge_slave_0) entered blocking state
[  697.113934][ T6164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  697.152263][   T51] Bluetooth: hci1: command tx timeout
[  697.234732][ T6164] bridge0: port 2(bridge_slave_1) entered blocking state
[  697.241965][ T6164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  697.649814][ T5953] keyspan 1-1:0.133: Keyspan 1 port adapter converter detected
[  697.657733][ T5953] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 82
[  697.701806][ T5953] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 81
[  697.727948][ T5953] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 1
[  697.735864][ T5953] keyspan 1-1:0.133: found no endpoint descriptor for endpoint 2
[  697.788916][ T5953] usb 1-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  697.824561][ T5953] usb 1-1: USB disconnect, device number 23
[  697.879081][ T5953] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  697.898590][ T5953] keyspan 1-1:0.133: device disconnected
[  698.849192][T12443] 8021q: adding VLAN 0 to HW filter on device batadv0
[  699.240678][   T51] Bluetooth: hci1: command tx timeout
[  699.987526][T12443] veth0_vlan: entered promiscuous mode
[  700.057722][T12443] veth1_vlan: entered promiscuous mode
[  700.213422][T12443] veth0_macvtap: entered promiscuous mode
[  700.241198][T12443] veth1_macvtap: entered promiscuous mode
[  700.315556][T12443] batman_adv: batadv0: Interface activated: batadv_slave_0
[  700.371227][T12443] batman_adv: batadv0: Interface activated: batadv_slave_1
[  700.590475][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  700.607584][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  700.685761][ T6168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  700.720497][ T6168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  701.797826][T12604] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1870'.
[  702.068583][ T1225] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  702.287723][ T1225] usb 1-1: Using ep0 maxpacket: 8
[  702.548327][ T1225] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  702.580777][ T1225] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.590112][T12615] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1874'.
[  702.608428][ T1225] usb 1-1: Product: syz
[  702.616886][ T1225] usb 1-1: Manufacturer: syz
[  702.651238][ T1225] usb 1-1: SerialNumber: syz
[  702.783352][ T1225] usb 1-1: config 0 descriptor??
[  702.810100][ T1225] gspca_main: sq930x-2.14.0 probing 2770:930c
[  703.627687][ T1225] gspca_sq930x: ucbus_write failed -71
[  703.721661][T12636] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  703.729451][T12636] syzkaller0: entered promiscuous mode
[  703.734987][T12636] syzkaller0: entered allmulticast mode
[  703.762082][T12636] tipc: Resetting bearer <eth:syzkaller0>
[  703.774982][T12634] tipc: Resetting bearer <eth:syzkaller0>
[  703.828438][T12634] tipc: Disabling bearer <eth:syzkaller0>
[  703.847938][ T1225] gspca_sq930x: Sensor ov9630 not yet treated
[  703.854186][ T1225] sq930x 1-1:0.0: probe with driver sq930x failed with error -22
[  703.904559][ T1225] usb 1-1: USB disconnect, device number 24
[  705.227888][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  705.228460][ T5853] Bluetooth: hci5: command 0x1003 tx timeout
[  708.230855][T12721] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1916'.
[  708.508099][ T1225] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  708.668984][ T1225] usb 4-1: Using ep0 maxpacket: 32
[  708.684574][ T1225] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[  708.714539][ T1225] usb 4-1: config 0 has no interface number 0
[  708.742016][ T1225] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  708.768419][ T1225] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.903598][ T1225] usb 4-1: Product: syz
[  708.908240][ T1225] usb 4-1: Manufacturer: syz
[  708.912884][ T1225] usb 4-1: SerialNumber: syz
[  708.929233][ T1225] usb 4-1: config 0 descriptor??
[  708.940588][ T1225] smsc95xx v2.0.0
[  708.944306][ T1225] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  708.968090][ T1225] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -22
[  709.203550][ T5951] usb 4-1: USB disconnect, device number 23
[  711.346282][T12756] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1927'.
[  711.367628][T12756] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1927'.
[  711.507051][T12760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1928'.
[  712.360365][T12769] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  714.015026][T12792] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1941'.
[  714.033929][T12792] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1941'.
[  714.308511][T12804] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  714.336077][T12804] CIFS: Unable to determine destination address
[  720.779711][T12861] CIFS: Unable to determine destination address
[  724.725468][   T30] audit: type=1326 audit(2000000352.320:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12923 comm="syz.5.1987" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f833638e929 code=0x0
[  727.408557][T12953] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1996'.
[  728.315812][T12969] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  729.226695][T12983] tipc: Started in network mode
[  729.232351][T12983] tipc: Node identity 8a7c0831cc7a, cluster identity 4711
[  729.241413][T12983] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  729.256066][T12983] tipc: Resetting bearer <eth:syzkaller0>
[  729.286361][T12982] tipc: Disabling bearer <eth:syzkaller0>
[  730.461599][T12997] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2013'.
[  732.171289][T13015] random: crng reseeded on system resumption
[  732.266941][T13018] gfs2: Unexpected value for 'acl'
[  734.069490][T13045] pim6reg: entered allmulticast mode
[  736.587547][T13067] netlink: 4400 bytes leftover after parsing attributes in process `syz.5.2037'.
[  736.602255][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2035'.
[  736.615102][T13067] workqueue: name exceeds WQ_NAME_LEN. Truncating to: Ç`]Š•Iöq¯!¾>Ýsó³Îú*Š®!)\Ç+`
[  737.278130][ T6179] tipc: Subscription rejected, illegal request
[  737.626794][T13084] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  737.676895][T13084] tipc: Resetting bearer <eth:syzkaller0>
[  737.720392][T13083] tipc: Disabling bearer <eth:syzkaller0>
[  739.075958][ T5853] Bluetooth: hci1: link tx timeout
[  739.082464][ T5853] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  739.094862][ T5853] Bluetooth: hci1: link tx timeout
[  739.100678][ T5853] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  739.108827][ T5853] Bluetooth: hci1: link tx timeout
[  739.114080][ T5853] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  739.123240][ T5853] Bluetooth: hci1: link tx timeout
[  739.128517][ T5853] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  739.929720][T13112] Invalid option length (57448) for dns_resolver key
[  741.148027][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  743.166578][T13174] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  743.192168][T13174] tipc: Resetting bearer <eth:syzkaller0>
[  743.215058][T13173] tipc: Disabling bearer <eth:syzkaller0>
[  743.388083][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  743.755460][T13186] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  746.473529][T13216] serio: Serial port ptm0
[  748.024224][T13230] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2097'.
[  758.376695][T13350] bond2 (unregistering): Released all slaves
[  763.031530][T13412] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2154'.
[  763.710448][T13419] can0: slcan on ttyS3.
[  764.511653][T13419] can0 (unregistered): slcan off ttyS3.
[  766.970294][T13458] netlink: 'syz.4.2169': attribute type 1 has an invalid length.
[  767.090672][T13463] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2169'.
[  767.184853][T13458] bond3: entered promiscuous mode
[  767.196253][T13464] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2169'.
[  767.208576][T13458] bond3: entered allmulticast mode
[  767.294609][T13463] bridge5: the hash_elasticity option has been deprecated and is always 16
[  767.753638][T13471] can0: slcan on ttyS3.
[  768.328510][T13471] can0 (unregistered): slcan off ttyS3.
[  771.089093][T13516] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  771.174143][T13516] tipc: Resetting bearer <eth:syzkaller0>
[  771.325901][T13513] tipc: Disabling bearer <eth:syzkaller0>
[  772.359753][T13538] Invalid source name
[  772.363887][T13538] UBIFS error (pid: 13538): cannot open "/dev/sg0", error -22
[  772.913667][ T5853] Bluetooth: hci1: command 0x0406 tx timeout
[  773.189372][T13545] block nbd5: shutting down sockets
[  773.334304][T13547] kvm: pic: non byte read
[  773.362538][T13547] kvm: pic: level sensitive irq not supported
[  773.362660][T13547] kvm: pic: non byte read
[  773.432521][T13547] kvm: pic: level sensitive irq not supported
[  773.432591][T13547] kvm: pic: non byte read
[  773.529019][T13547] kvm: pic: level sensitive irq not supported
[  773.529100][T13547] kvm: pic: non byte read
[  773.624094][T13547] kvm: pic: level sensitive irq not supported
[  773.624172][T13547] kvm: pic: non byte read
[  773.680521][T13547] kvm: pic: level sensitive irq not supported
[  773.680603][T13547] kvm: pic: non byte read
[  773.736949][T13547] kvm: pic: level sensitive irq not supported
[  773.737007][T13547] kvm: pic: non byte read
[  773.758142][T13547] kvm: pic: level sensitive irq not supported
[  773.758198][T13547] kvm: pic: non byte read
[  773.797014][T13547] kvm: pic: level sensitive irq not supported
[  773.797074][T13547] kvm: pic: non byte read
[  773.822343][T13547] kvm: pic: level sensitive irq not supported
[  773.830647][T13547] kvm: pic: non byte read
[  773.863944][T13547] kvm: pic: level sensitive irq not supported
[  776.963924][T13582] delete_channel: no stack
[  777.175059][T13593] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  777.201838][T13593] tipc: Resetting bearer <eth:syzkaller0>
[  777.255386][T13592] tipc: Disabling bearer <eth:syzkaller0>
[  777.672724][T13606] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  779.821765][T13649] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2232'.
[  780.368147][T13659] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  783.699549][T13683] Set syz1 is full, maxelem 65536 reached
[  784.894134][T13698] pim6reg: entered allmulticast mode
[  785.916606][T13708] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2249'.
[  786.036875][T13711] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  787.456924][T13733] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  789.257911][T10459] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  789.438087][T10459] usb 3-1: device descriptor read/64, error -71
[  789.785827][T10459] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  789.814360][T13762] blktrace: Concurrent blktraces are not allowed on loop8
[  789.999720][T10459] usb 3-1: device descriptor read/64, error -71
[  790.132958][T10459] usb usb3-port1: attempt power cycle
[  790.517899][T10459] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  790.544179][T10459] usb 3-1: device descriptor read/8, error -71
[  790.583780][T13771] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  790.856527][T10459] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  790.929177][T10459] usb 3-1: device descriptor read/8, error -71
[  791.065092][T10459] usb usb3-port1: unable to enumerate USB device
[  791.580795][T13777] pim6reg: entered allmulticast mode
[  792.986605][T13800] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  793.912882][T13822] can0: slcan on ttyS3.
[  794.501510][T13818] can0 (unregistered): slcan off ttyS3.
[  795.019212][ T1225] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  795.674138][ T1225] usb 6-1: device descriptor read/64, error -71
[  795.898548][T13849] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  795.948387][ T1225] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  796.101213][ T1225] usb 6-1: device descriptor read/64, error -71
[  796.218262][ T1225] usb usb6-port1: attempt power cycle
[  797.172369][ T1225] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  798.182882][ T1225] usb 6-1: device descriptor read/8, error -71
[  798.231607][T13868] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2293'.
[  800.224202][ T6166] tipc: Subscription rejected, illegal request
[  801.956008][T13914] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  802.348017][ T5951] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  802.396511][T13916] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2308'.
[  802.666306][ T5951] usb 4-1: device descriptor read/64, error -71
[  802.909284][ T5951] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  803.759009][ T5951] usb 4-1: device descriptor read/64, error -71
[  803.917871][ T5951] usb usb4-port1: attempt power cycle
[  804.288390][ T5951] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  804.345440][ T5951] usb 4-1: device descriptor read/8, error -71
[  805.730294][ T5951] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  805.950025][ T5951] usb 4-1: device not accepting address 27, error -71
[  805.987124][T13956] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:2a
[  806.004822][ T5951] usb usb4-port1: unable to enumerate USB device
[  807.768497][ T5953] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  807.834212][T13988] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2334'.
[  807.856967][T13988] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2334'.
[  807.907921][ T5953] usb 6-1: device descriptor read/64, error -71
[  808.025214][T13995] netlink: 'syz.4.2338': attribute type 1 has an invalid length.
[  808.053551][T13995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2338'.
[  808.114626][T13995] bridge6: the hash_elasticity option has been deprecated and is always 16
[  808.146619][T13997] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2338'.
[  808.178029][ T5953] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  808.317849][ T5953] usb 6-1: device descriptor read/64, error -71
[  808.442445][ T5953] usb usb6-port1: attempt power cycle
[  809.628112][ T5953] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  809.653984][ T5953] usb 6-1: device descriptor read/8, error -71
[  809.898144][ T5953] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  809.978392][ T5953] usb 6-1: device descriptor read/8, error -71
[  810.230536][ T5953] usb usb6-port1: unable to enumerate USB device
[  812.636784][T14057] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2360'.
[  812.665286][T14057] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2360'.
[  813.491477][T14067] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2362'.
[  816.373401][ T6169] tipc: Subscription rejected, illegal request
[  818.083951][T14159] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2398'.
[  818.093181][T10459] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  818.107057][T14159] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2398'.
[  818.340638][T10459] usb 6-1: device descriptor read/64, error -71
[  818.738224][T10459] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  819.050480][T10459] usb 6-1: device descriptor read/64, error -71
[  819.177626][T10459] usb usb6-port1: attempt power cycle
[  819.597941][T10459] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  819.622150][T10459] usb 6-1: device descriptor read/8, error -71
[  819.918027][T10459] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  819.944668][T10459] usb 6-1: device descriptor read/8, error -71
[  820.066311][T10459] usb usb6-port1: unable to enumerate USB device
[  821.956337][T14234] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2427'.
[  821.998901][T14234] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2427'.
[  823.149197][ T3492] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  823.318056][ T3492] usb 1-1: Using ep0 maxpacket: 32
[  823.497959][ T3492] usb 1-1: no configurations
[  823.506482][ T3492] usb 1-1: can't read configurations, error -22
[  823.671446][ T3492] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  823.838133][ T3492] usb 1-1: Using ep0 maxpacket: 32
[  823.849151][ T3492] usb 1-1: no configurations
[  823.860321][ T3492] usb 1-1: can't read configurations, error -22
[  823.877381][ T3492] usb usb1-port1: attempt power cycle
[  824.227840][ T3492] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  824.279575][ T3492] usb 1-1: Using ep0 maxpacket: 32
[  824.299807][ T3492] usb 1-1: no configurations
[  824.316006][ T3492] usb 1-1: can't read configurations, error -22
[  824.532575][ T3492] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  824.593322][ T3492] usb 1-1: Using ep0 maxpacket: 32
[  824.713983][ T3492] usb 1-1: no configurations
[  824.825222][ T3492] usb 1-1: can't read configurations, error -22
[  824.953194][ T3492] usb usb1-port1: unable to enumerate USB device
[  832.037205][T14356] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2469'.
[  832.076509][T14356] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2469'.
[  832.212696][T14363] vlan0: entered promiscuous mode
[  832.223009][T14363] vlan0: entered allmulticast mode
[  832.232956][T14363] hsr_slave_1: entered allmulticast mode
[  832.355972][T14365] netlink: 'syz.0.2465': attribute type 4 has an invalid length.
[  832.767381][T14370] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2470'.
[  835.386450][T10459] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  836.351814][T10459] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  836.371671][T10459] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  836.391575][T10459] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  836.400766][T10459] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  836.411995][T10459] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  836.982205][T14428] option changes via remount are deprecated (pid=14423 comm=syz.4.2487)
[  837.445952][T10459] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  837.505074][T14431] 9pnet: Could not find request transport: 0xffffffffffffffff
[  837.614197][T10459] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  837.625023][T10459] usb 1-1: Product: syz
[  837.629717][T10459] usb 1-1: Manufacturer: syz
[  837.651875][T10459] cdc_wdm 1-1:1.0: skipping garbage
[  837.657145][T10459] cdc_wdm 1-1:1.0: skipping garbage
[  837.676929][T10459] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  837.684107][T10459] cdc_wdm 1-1:1.0: Unknown control protocol
[  837.861666][ T1225] usb 1-1: USB disconnect, device number 29
[  838.436839][T14439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2491'.
[  838.506019][T14439] bridge7: the hash_elasticity option has been deprecated and is always 16
[  838.647602][T14438] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2491'.
[  839.562441][T14460] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  840.031239][T14462] syzkaller0: entered promiscuous mode
[  840.049074][T14462] syzkaller0: entered allmulticast mode
[  843.465111][T14501] syzkaller0: entered promiscuous mode
[  843.490817][T14501] syzkaller0: entered allmulticast mode
[  843.748250][T10459] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  843.948400][T10459] usb 4-1: Using ep0 maxpacket: 32
[  844.012704][T10459] usb 4-1: config 0 has no interfaces?
[  844.085479][T10459] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  844.146277][ T5953] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  844.154418][T10459] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.162831][T10459] usb 4-1: config 0 descriptor??
[  844.305097][T14510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2517'.
[  844.323947][T14510] bridge8: the hash_elasticity option has been deprecated and is always 16
[  844.366458][T14515] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2517'.
[  844.525048][ T5953] usb 3-1: device descriptor read/64, error -71
[  845.369428][ T5953] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  845.537845][ T5953] usb 3-1: device descriptor read/64, error -71
[  845.648327][ T5953] usb usb3-port1: attempt power cycle
[  845.856428][ T1225] usb 4-1: USB disconnect, device number 28
[  846.347837][ T5953] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  846.355606][  T978] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  846.363467][ T1225] kernel read not supported for file /dsp (pid: 1225 comm: kworker/0:3)
[  846.389549][ T5953] usb 3-1: device descriptor read/8, error -71
[  846.521816][  T978] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  846.537537][  T978] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  846.546823][  T978] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  846.560247][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.579134][  T978] usb 1-1: config 0 descriptor??
[  846.587378][  T978] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  846.615107][  T978] dvb-usb: bulk message failed: -22 (3/0)
[  846.629072][ T5953] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  846.654034][  T978] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  846.673183][  T978] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  846.687406][  T978] usb 1-1: media controller created
[  846.723049][  T978] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  846.779916][ T5953] usb 3-1: device descriptor read/8, error -71
[  846.813110][  T978] dvb-usb: bulk message failed: -22 (6/0)
[  846.844231][  T978] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  846.893316][  T978] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input22
[  846.916171][ T5953] usb usb3-port1: unable to enumerate USB device
[  846.966447][T14544] syzkaller0: entered promiscuous mode
[  846.974215][  T978] dvb-usb: schedule remote query interval to 150 msecs.
[  847.007547][T14544] syzkaller0: entered allmulticast mode
[  847.023715][  T978] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  847.179763][ T5953] dvb-usb: bulk message failed: -22 (1/0)
[  847.186892][ T5953] dvb-usb: error while querying for an remote control event.
[  847.314349][ T5951] usb 1-1: USB disconnect, device number 30
[  847.389561][ T5951] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  847.597192][T14560] syzkaller0: entered promiscuous mode
[  847.604205][T14560] syzkaller0: entered allmulticast mode
[  848.218042][T14572] netlink: 'syz.0.2537': attribute type 10 has an invalid length.
[  854.075873][T14588] pim6reg: entered allmulticast mode
[  856.052927][T14663] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2566'.
[  856.078653][T14663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2566'.
[  856.116227][T14663] bridge2: the hash_elasticity option has been deprecated and is always 16
[  856.153354][T14667] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2566'.
[  858.324585][T14686] syzkaller0: entered promiscuous mode
[  858.356410][T14686] syzkaller0: entered allmulticast mode
[  859.344666][T14711] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2581'.
[  860.208197][  T978] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[  860.747777][  T978] usb 3-1: device descriptor read/64, error -71
[  861.280463][  T978] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[  861.454096][T14736] syzkaller0: entered promiscuous mode
[  861.460208][T14736] syzkaller0: entered allmulticast mode
[  861.558423][  T978] usb 3-1: device descriptor read/64, error -71
[  861.845446][T14740] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2592'.
[  862.709340][  T978] usb usb3-port1: attempt power cycle
[  863.213998][T14746] syzkaller0: entered promiscuous mode
[  863.239810][T14746] syzkaller0: entered allmulticast mode
[  863.287907][  T978] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[  863.793615][T14749] pim6reg: entered allmulticast mode
[  864.157857][T10459] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  864.176112][  T978] usb 3-1: device descriptor read/8, error -71
[  864.399921][T10459] usb 4-1: Using ep0 maxpacket: 32
[  864.502057][T10459] usb 4-1: unable to read config index 0 descriptor/start: -61
[  864.523508][T10459] usb 4-1: can't read configurations, error -61
[  864.794941][T10459] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  865.217895][T10459] usb 4-1: Using ep0 maxpacket: 32
[  865.245270][T10459] usb 4-1: unable to read config index 0 descriptor/start: -61
[  865.267935][T10459] usb 4-1: can't read configurations, error -61
[  865.291440][T10459] usb usb4-port1: attempt power cycle
[  865.848162][T10459] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  865.902843][T10459] usb 4-1: Using ep0 maxpacket: 32
[  865.959102][T10459] usb 4-1: unable to read config index 0 descriptor/start: -61
[  865.977396][T10459] usb 4-1: can't read configurations, error -61
[  866.148554][T10459] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  866.250935][T10459] usb 4-1: Using ep0 maxpacket: 32
[  866.267686][T10459] usb 4-1: unable to read config index 0 descriptor/start: -61
[  866.289868][T10459] usb 4-1: can't read configurations, error -61
[  866.309530][T10459] usb usb4-port1: unable to enumerate USB device
[  866.453327][T14783] syzkaller0: entered promiscuous mode
[  866.470083][T14783] syzkaller0: entered allmulticast mode
[  869.635909][  T978] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  870.477842][  T978] usb 3-1: Using ep0 maxpacket: 32
[  870.504393][  T978] usb 3-1: unable to read config index 0 descriptor/start: -61
[  870.598149][  T978] usb 3-1: can't read configurations, error -61
[  870.747966][  T978] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  871.017929][  T978] usb 3-1: Using ep0 maxpacket: 32
[  871.031964][  T978] usb 3-1: unable to read config index 0 descriptor/start: -61
[  871.046451][  T978] usb 3-1: can't read configurations, error -61
[  871.138249][  T978] usb usb3-port1: attempt power cycle
[  871.481027][  T978] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  871.519058][  T978] usb 3-1: Using ep0 maxpacket: 32
[  871.529658][  T978] usb 3-1: unable to read config index 0 descriptor/start: -61
[  871.552587][  T978] usb 3-1: can't read configurations, error -61
[  871.918008][  T978] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  871.969452][  T978] usb 3-1: Using ep0 maxpacket: 32
[  871.980669][T14863] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2630'.
[  871.994110][T14863] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2630'.
[  872.127905][  T978] usb 3-1: unable to read config index 0 descriptor/start: -61
[  872.245368][T14865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2630'.
[  872.331573][  T978] usb 3-1: can't read configurations, error -61
[  872.550098][T14863] bridge4: the hash_elasticity option has been deprecated and is always 16
[  872.558276][  T978] usb usb3-port1: unable to enumerate USB device
[  873.320672][  T978] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  873.343048][  T978] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  873.825933][T14879] syzkaller0: entered promiscuous mode
[  873.837584][T14879] syzkaller0: entered allmulticast mode
[  877.293492][T14921] syzkaller0: entered promiscuous mode
[  877.330668][T14921] syzkaller0: entered allmulticast mode
[  877.402698][T14927] syzkaller0: entered promiscuous mode
[  877.428948][T14927] syzkaller0: entered allmulticast mode
[  877.937681][T14931] 9pnet_fd: Insufficient options for proto=fd
[  880.343394][T14966] syzkaller0: entered promiscuous mode
[  880.357062][T14966] syzkaller0: entered allmulticast mode
[  885.238421][ T1225] kernel write not supported for file /dsp (pid: 1225 comm: kworker/0:3)
[  885.499302][T15016] syzkaller0: entered promiscuous mode
[  885.583511][T15016] syzkaller0: entered allmulticast mode
[  890.948089][T15049] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2686'.
[  892.133004][ T5951] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  892.957814][ T5951] usb 1-1: Using ep0 maxpacket: 32
[  892.992456][ T5951] usb 1-1: unable to read config index 0 descriptor/start: -61
[  893.017370][ T5951] usb 1-1: can't read configurations, error -61
[  894.111588][ T5951] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  904.712098][T15198] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  905.515635][T15206] syzkaller0: entered promiscuous mode
[  905.521472][T15206] syzkaller0: entered allmulticast mode
[  908.882049][T15242] 9pnet_fd: Insufficient options for proto=fd
[  911.361563][T15274] 9pnet_fd: Insufficient options for proto=fd
[  914.018557][T15317] 9pnet_fd: Insufficient options for proto=fd
[  914.248070][T15319] netlink: 'syz.2.2779': attribute type 1 has an invalid length.
[  914.381378][T15324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2779'.
[  914.453227][T15319] bond1: entered promiscuous mode
[  914.460365][T15319] bond1: entered allmulticast mode
[  915.000938][T15324] bridge2: the hash_elasticity option has been deprecated and is always 16
[  915.013631][T15324] bridge2: entered promiscuous mode
[  915.020451][T15324] bridge2: entered allmulticast mode
[  915.032653][T15319] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2779'.
[  915.048156][T15324] bond1: (slave bridge2): Enslaving as an active interface with an up link
[  915.177130][T15319] 8021q: adding VLAN 0 to HW filter on device bond1
[  915.471424][T15329] syzkaller0: entered promiscuous mode
[  915.484103][T15329] syzkaller0: entered allmulticast mode
[  916.669233][T15336] No control pipe specified
[  918.417155][T15355] syzkaller0: entered promiscuous mode
[  918.437963][T15355] syzkaller0: entered allmulticast mode
[  923.483889][T15419] netlink: 'syz.4.2807': attribute type 2 has an invalid length.
[  923.492047][T15419] netlink: 119 bytes leftover after parsing attributes in process `syz.4.2807'.
[  925.025828][T15426] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2809'.
[  925.145660][T15428] syzkaller0: entered promiscuous mode
[  925.309090][T15428] syzkaller0: entered allmulticast mode
[  926.455596][T15445] syzkaller0: entered promiscuous mode
[  926.464441][T15445] syzkaller0: entered allmulticast mode
[  926.920139][T15457] netlink: 'syz.4.2819': attribute type 4 has an invalid length.
[  929.978643][T15497] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  929.993856][T15497] syzkaller0: entered promiscuous mode
[  930.009787][T15497] syzkaller0: entered allmulticast mode
[  930.036436][T15499] netlink: 'syz.0.2835': attribute type 66 has an invalid length.
[  935.937954][T15547] syzkaller0: entered promiscuous mode
[  936.063456][T15547] syzkaller0: entered allmulticast mode
[  939.146015][T15592] syzkaller0: entered promiscuous mode
[  939.166061][T15592] syzkaller0: entered allmulticast mode
[  944.608312][T15651] autofs: Unknown parameter '0x0000000000000000'
[  946.009528][T15661] netlink: 'syz.3.2884': attribute type 4 has an invalid length.
[  946.057989][T15661] netlink: 'syz.3.2884': attribute type 4 has an invalid length.
[  946.570854][ T5951] kernel write not supported for file /1735/attr/exec (pid: 5951 comm: kworker/1:5)
[  947.901810][T15686] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  951.217866][ T5953] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  951.347853][ T5953] usb 4-1: device descriptor read/64, error -71
[  951.608204][ T5953] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  951.877273][ T5953] usb 4-1: device descriptor read/64, error -71
[  952.541460][ T5953] usb usb4-port1: attempt power cycle
[  952.988490][ T5953] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  953.159493][ T5953] usb 4-1: device descriptor read/8, error -71
[  957.140982][ T1225] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  957.479582][ T1225] usb 4-1: config 0 has an invalid descriptor of length 185, skipping remainder of the config
[  957.679784][ T1225] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  961.178182][T15821] ubi: mtd0 is already attached to ubi31
[  961.525744][ T1225] usb 4-1: string descriptor 0 read error: -71
[  961.549953][ T1225] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  961.597247][ T1225] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.657217][ T1225] usb 4-1: config 0 descriptor??
[  961.698131][ T1225] usb 4-1: can't set config #0, error -71
[  961.731660][ T1225] usb 4-1: USB disconnect, device number 37
[  963.435257][T15846] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2942'.
[  963.456977][T15846] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2942'.
[  963.493860][T15846] bridge3: the hash_elasticity option has been deprecated and is always 16
[  963.565816][T15847] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2942'.
[  965.551726][T15859] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2945'.
[  965.627268][T15861] 9pnet_fd: Insufficient options for proto=fd
[  968.046977][T15897] 9pnet_fd: Insufficient options for proto=fd
[  972.364958][T15934] 9pnet_fd: Insufficient options for proto=fd
[  973.171197][T15952] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2976'.
[  973.194961][T15952] bridge6: the hash_elasticity option has been deprecated and is always 16
[  973.240417][T15954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2976'.
[  973.692818][T15960] syzkaller0: entered promiscuous mode
[  973.732034][T15960] syzkaller0: entered allmulticast mode
[  975.786423][T15986] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2987'.
[  978.730571][T16023] hub 6-0:1.0: USB hub found
[  978.736415][T16023] hub 6-0:1.0: 1 port detected
[  985.605517][T16085] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3020'.
[  985.674675][T16089] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3020'.
[  985.720658][T16085] bridge9: the hash_elasticity option has been deprecated and is always 16
[  985.747182][T16092] 9pnet_fd: Insufficient options for proto=fd
[  990.586850][T16139] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3032'.
[  991.167605][ T6164] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  991.225582][ T5853] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  991.256506][ T5853] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  991.271836][ T5853] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  991.362508][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  991.370699][ T5853] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  991.435847][ T6164] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  992.672298][ T6164] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.332091][ T6164] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  993.557896][ T5853] Bluetooth: hci2: command tx timeout
[  995.655931][ T5853] Bluetooth: hci2: command tx timeout
[  995.688951][ T6164] bridge_slave_1: left allmulticast mode
[  995.694625][ T6164] bridge_slave_1: left promiscuous mode
[  995.702736][ T6164] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.741249][ T6164] bridge_slave_0: left allmulticast mode
[  995.746981][ T6164] bridge_slave_0: left promiscuous mode
[  995.753423][ T6164] bridge0: port 1(bridge_slave_0) entered disabled state
[  997.341316][ T6164] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  997.551738][ T6164] bond1 (unregistering): (slave bridge2): Releasing backup interface
[  997.571871][ T6164] bridge2 (unregistering): left promiscuous mode
[  997.589468][ T6164] bridge2 (unregistering): left allmulticast mode
[  997.717693][ T5853] Bluetooth: hci2: command tx timeout
[  998.610982][ T6164] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  998.629044][ T6164] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  998.645658][ T6164] bond0 (unregistering): Released all slaves
[  998.828412][ T6164] bond1 (unregistering): Released all slaves
[  999.167757][T16148] chnl_net:caif_netlink_parms(): no params data found
[  999.217630][ T6164] tipc: Left network mode
[  999.668106][T16148] bridge0: port 1(bridge_slave_0) entered blocking state
[  999.685538][T16148] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.702816][T16253] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input24
[  999.726178][T16148] bridge_slave_0: entered allmulticast mode
[  999.751695][T16148] bridge_slave_0: entered promiscuous mode
[  999.783747][T16148] bridge0: port 2(bridge_slave_1) entered blocking state
[  999.791122][ T5853] Bluetooth: hci2: command tx timeout
[  999.801729][T16148] bridge0: port 2(bridge_slave_1) entered disabled state
[  999.810715][T16148] bridge_slave_1: entered allmulticast mode
[  999.823144][T16148] bridge_slave_1: entered promiscuous mode
[ 1000.013806][T16148] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1000.234065][T16148] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1001.556929][T16148] team0: Port device team_slave_0 added
[ 1001.617082][ T6164] hsr_slave_0: left promiscuous mode
[ 1001.628697][ T6164] hsr_slave_1: left promiscuous mode
[ 1001.637076][ T6164] batman_adv: batadv0: Interface deactivated: dummy0
[ 1001.649761][ T6164] batman_adv: batadv0: Removing interface: dummy0
[ 1001.656867][ T6164] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1001.672006][ T6164] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1001.682036][ T6164] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1001.714576][ T6164] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1001.841760][ T6164] veth1_macvtap: left promiscuous mode
[ 1001.856277][ T6164] veth0_macvtap: left promiscuous mode
[ 1001.876235][ T6164] veth1_vlan: left promiscuous mode
[ 1002.007823][ T6164] veth0_vlan: left promiscuous mode
[ 1003.134739][ T6164] pim6reg (unregistering): left allmulticast mode
[ 1004.765849][ T6164] team0 (unregistering): Port device team_slave_1 removed
[ 1005.665778][ T6164] team0 (unregistering): Port device team_slave_0 removed
[ 1006.993423][T16318] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3077'.
[ 1007.879253][T16327] sg_write: data in/out 49276/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1007.879253][T16327]    program syz.0.3079 not setting count and/or reply_len properly
[ 1008.088048][T16148] team0: Port device team_slave_1 added
[ 1008.105095][T16267] syzkaller0: entered promiscuous mode
[ 1008.112311][T16267] syzkaller0: entered allmulticast mode
[ 1008.586041][T16148] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1008.610529][T16148] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1008.646088][T16148] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1008.698383][T16148] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1008.742998][T16148] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1008.768916][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1009.480273][T16148] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1009.884864][T16148] hsr_slave_0: entered promiscuous mode
[ 1009.987059][T16148] hsr_slave_1: entered promiscuous mode
[ 1009.993595][T16148] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1010.001653][T16148] Cannot create hsr debugfs directory
[ 1010.108619][  T978] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1010.299334][  T978] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1010.312951][  T978] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1010.361162][  T978] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1010.377027][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1010.393460][  T978] usb 6-1: SerialNumber: syz
[ 1010.747007][  T978] usb 6-1: 0:2 : does not exist
[ 1010.768808][  T978] usb 6-1: unit 5: unexpected type 0x0d
[ 1011.064603][  T978] usb 6-1: USB disconnect, device number 14
[ 1011.205976][T16148] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1011.234600][T16148] 8021q: adding VLAN 0 to HW filter on device team0
[ 1011.292258][ T6176] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1011.299514][ T6176] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1011.320677][ T6176] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1011.327868][ T6176] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1011.736394][T16378] syzkaller0: entered promiscuous mode
[ 1011.888568][T16378] syzkaller0: entered allmulticast mode
[ 1013.382558][T16148] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1014.538040][T16420] netlink: 4400 bytes leftover after parsing attributes in process `syz.4.3104'.
[ 1014.876708][T16148] veth0_vlan: entered promiscuous mode
[ 1015.545108][T16148] veth1_vlan: entered promiscuous mode
[ 1015.876072][T16148] veth0_macvtap: entered promiscuous mode
[ 1015.882276][T16434] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3107'.
[ 1015.902998][T16148] veth1_macvtap: entered promiscuous mode
[ 1016.703357][T16148] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1016.724952][T16148] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1016.778826][  T978] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1016.908975][T12557] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1016.927129][T12557] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1016.949702][  T978] usb 6-1: Using ep0 maxpacket: 8
[ 1016.960944][  T978] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1017.039078][  T978] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1017.054307][  T978] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1017.070008][  T978] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[ 1017.083375][  T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.092072][  T978] usb 6-1: Product: syz
[ 1017.096595][  T978] usb 6-1: Manufacturer: syz
[ 1017.101696][  T978] usb 6-1: SerialNumber: syz
[ 1017.250935][  T978] usb 6-1: config 0 descriptor??
[ 1017.263660][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1017.277594][  T978] streamzap 6-1:0.0: streamzap_probe: endpoint Max Packet Size is 0!?!
[ 1017.286264][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1017.904762][ T5917] usb 6-1: USB disconnect, device number 15
[ 1018.834960][T16453] syzkaller0: entered promiscuous mode
[ 1018.841659][T16453] syzkaller0: entered allmulticast mode
[ 1022.819595][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1022.848665][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1022.857393][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1022.868826][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1022.878078][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1024.704091][T16499] chnl_net:caif_netlink_parms(): no params data found
[ 1024.908771][ T5853] Bluetooth: hci3: command tx timeout
[ 1025.139117][T16499] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1025.151439][T16499] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1025.161994][T16499] bridge_slave_0: entered allmulticast mode
[ 1025.171823][T16499] bridge_slave_0: entered promiscuous mode
[ 1025.186013][T16499] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1025.194800][T16499] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1025.202430][T16499] bridge_slave_1: entered allmulticast mode
[ 1025.211770][T16499] bridge_slave_1: entered promiscuous mode
[ 1025.273851][T16499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1025.314144][T16499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1025.454376][T16499] team0: Port device team_slave_0 added
[ 1025.494850][T16499] team0: Port device team_slave_1 added
[ 1025.711766][T16499] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1025.719683][T16499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1025.788933][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1025.795673][T16499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1025.976843][T16499] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1026.307951][T16499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1026.333896][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1026.390447][T16499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1026.987836][ T5853] Bluetooth: hci3: command tx timeout
[ 1027.677331][T16499] hsr_slave_0: entered promiscuous mode
[ 1027.725621][T16499] hsr_slave_1: entered promiscuous mode
[ 1027.736253][T16499] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1027.743962][T16499] Cannot create hsr debugfs directory
[ 1029.067820][ T5853] Bluetooth: hci3: command tx timeout
[ 1030.561727][T16499] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1030.815409][T16499] 8021q: adding VLAN 0 to HW filter on device team0
[ 1030.889504][T16600] hub 6-0:1.0: USB hub found
[ 1030.896112][T16600] hub 6-0:1.0: 1 port detected
[ 1031.538181][ T5853] Bluetooth: hci3: command tx timeout
[ 1031.547226][ T6176] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1031.554430][ T6176] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1031.565405][ T6176] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1031.572623][ T6176] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.664323][T16499] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1033.434530][T16499] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1036.327176][T16499] veth0_vlan: entered promiscuous mode
[ 1036.374902][T16499] veth1_vlan: entered promiscuous mode
[ 1038.017062][T16499] veth0_macvtap: entered promiscuous mode
[ 1038.233271][T16499] veth1_macvtap: entered promiscuous mode
[ 1038.908290][T16499] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1038.961181][T16499] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1039.255091][   T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1039.273100][   T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1039.660380][   T67] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1039.690958][   T67] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1040.036453][T16692] block device autoloading is deprecated and will be removed.
[ 1041.737395][T11604] syz_tun (unregistering): left allmulticast mode
[ 1041.947665][   T30] audit: type=1326 audit(2000000669.530:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.2.3183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1042.059120][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1042.109437][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1042.119386][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1042.136621][   T30] audit: type=1326 audit(2000000669.530:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.2.3183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1042.308223][   T30] audit: type=1326 audit(2000000669.570:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.2.3183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1042.329735][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1042.401994][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1042.422472][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1042.673397][   T30] audit: type=1326 audit(2000000669.570:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.2.3183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1042.763488][   T30] audit: type=1326 audit(2000000669.570:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16729 comm="syz.2.3183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1043.652844][T16754] netlink: 'syz.2.3190': attribute type 1 has an invalid length.
[ 1044.041816][T16758] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1044.089297][T16731] chnl_net:caif_netlink_parms(): no params data found
[ 1044.381563][T16763] syzkaller0: entered promiscuous mode
[ 1044.387159][T16763] syzkaller0: entered allmulticast mode
[ 1044.508834][   T51] Bluetooth: hci4: command tx timeout
[ 1044.565368][   T67] bridge_slave_1: left allmulticast mode
[ 1044.578024][   T67] bridge_slave_1: left promiscuous mode
[ 1044.585797][   T67] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1044.613420][   T67] bridge_slave_0: left allmulticast mode
[ 1044.627603][   T67] bridge_slave_0: left promiscuous mode
[ 1044.634183][   T67] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1044.658296][ T5953] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1044.847936][ T5953] usb 4-1: Using ep0 maxpacket: 8
[ 1044.864508][ T5953] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[ 1044.886466][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.901877][ T5953] usb 4-1: Product: syz
[ 1044.909494][ T5953] usb 4-1: Manufacturer: syz
[ 1044.920666][ T5953] usb 4-1: SerialNumber: syz
[ 1045.027492][ T5953] usb 4-1: config 0 descriptor??
[ 1045.063602][ T5953] gspca_main: sq905-2.14.0 probing 2770:9120
[ 1045.118354][   T67] bond1 (unregistering): (slave gretap1): Releasing backup interface
[ 1045.207508][   T67] bond0 (unregistering): (slave bridge0): Releasing backup interface
[ 1045.272272][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3193'.
[ 1045.482133][T16790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3193'.
[ 1046.537676][ T5953] gspca_sq905: sq905_command: usb_control_msg failed 2 (-110)
[ 1046.545285][ T5953] sq905 4-1:0.0: probe with driver sq905 failed with error -110
[ 1046.627696][   T51] Bluetooth: hci4: command tx timeout
[ 1046.694017][   T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1046.734650][   T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1046.772035][   T67] bond0 (unregistering): Released all slaves
[ 1047.401789][   T67] bond1 (unregistering): (slave bond2): Releasing backup interface
[ 1047.434579][   T67] bond1 (unregistering): Released all slaves
[ 1047.667396][   T67] bond2 (unregistering): Released all slaves
[ 1047.685529][   T67] bond3 (unregistering): Released all slaves
[ 1047.710354][T16731] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1047.722995][T16731] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1047.730446][T16731] bridge_slave_0: entered allmulticast mode
[ 1047.751449][T16731] bridge_slave_0: entered promiscuous mode
[ 1047.775707][T16731] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1047.789021][T16731] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1047.811744][T16731] bridge_slave_1: entered allmulticast mode
[ 1047.827345][T16731] bridge_slave_1: entered promiscuous mode
[ 1047.882600][T16731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1047.897469][T16731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1047.964845][T16731] team0: Port device team_slave_0 added
[ 1047.977320][T16731] team0: Port device team_slave_1 added
[ 1048.022099][T16731] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1048.030800][T16731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1048.067469][T16731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1048.795742][   T51] Bluetooth: hci4: command tx timeout
[ 1048.820825][   T67] tipc: Left network mode
[ 1048.835957][T16731] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1048.885160][T16731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1048.928213][T16731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1049.015362][T16439] usb 4-1: USB disconnect, device number 38
[ 1051.211128][   T51] Bluetooth: hci4: command tx timeout
[ 1052.542626][T16731] hsr_slave_0: entered promiscuous mode
[ 1052.587211][T16731] hsr_slave_1: entered promiscuous mode
[ 1052.615930][T16731] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1052.665175][T16731] Cannot create hsr debugfs directory
[ 1052.721902][T16857] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1052.788284][T16850] syzkaller0: entered promiscuous mode
[ 1052.847197][T16850] syzkaller0: entered allmulticast mode
[ 1053.434049][   T67] hsr_slave_0: left promiscuous mode
[ 1053.447346][   T67] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1053.461462][   T67] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1053.495315][   T67] pim6reg (unregistering): left allmulticast mode
[ 1053.922683][T16877] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1055.523760][   T67] team0 (unregistering): Port device team_slave_1 removed
[ 1055.805977][   T67] team0 (unregistering): Port device team_slave_0 removed
[ 1056.395100][T16910] 9pnet_fd: Insufficient options for proto=fd
[ 1056.723555][T16915] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3241'.
[ 1060.356799][T16930] pim6reg: entered allmulticast mode
[ 1062.099395][T16961] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3254'.
[ 1062.423156][T16731] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1063.358996][T16731] 8021q: adding VLAN 0 to HW filter on device team0
[ 1063.740661][T12557] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1063.747890][T12557] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1065.102232][ T6169] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1065.109454][ T6169] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1066.720738][T16731] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1066.830038][T17022] netlink: 'syz.3.3267': attribute type 1 has an invalid length.
[ 1066.933635][T17025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3267'.
[ 1067.034567][T17022] bond1: entered promiscuous mode
[ 1067.051211][T17022] bond1: entered allmulticast mode
[ 1067.087413][T17025] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1068.986732][T16731] veth0_vlan: entered promiscuous mode
[ 1069.038962][T17047] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1069.112421][T17042] tipc: Disabling bearer <eth:syzkaller0>
[ 1069.168661][T16731] veth1_vlan: entered promiscuous mode
[ 1069.358506][T16731] veth0_macvtap: entered promiscuous mode
[ 1069.380811][T16731] veth1_macvtap: entered promiscuous mode
[ 1070.033523][T16731] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1070.211745][T16731] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1071.777739][ T6176] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1071.785980][ T6176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1071.830288][ T6168] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1071.838581][T17077] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3280'.
[ 1071.847576][T17077] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3280'.
[ 1071.893105][ T6168] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1074.193406][T17109] netlink: 'syz.3.3291': attribute type 1 has an invalid length.
[ 1074.293328][T17113] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1080.631459][T17186] dummy0: entered allmulticast mode
[ 1084.308349][T17216] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1084.319049][T17216] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1084.327777][T17216] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1084.335762][T17216] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1084.344433][T17216] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1084.998219][   T30] audit: type=1804 audit(2000000712.590:93): pid=17225 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.3328" name="/newroot/48/bus" dev="tmpfs" ino=264 res=1 errno=0
[ 1085.853424][T17236] 9pnet_fd: Insufficient options for proto=fd
[ 1085.914526][T17214] chnl_net:caif_netlink_parms(): no params data found
[ 1087.046620][T17216] Bluetooth: hci5: command tx timeout
[ 1087.448377][   T30] audit: type=1326 audit(2000000714.970:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17256 comm="syz.4.3339" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9b938e929 code=0x0
[ 1087.674208][T17214] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1087.736492][T17214] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1087.745349][T17214] bridge_slave_0: entered allmulticast mode
[ 1087.767383][T17214] bridge_slave_0: entered promiscuous mode
[ 1087.916403][T17214] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1088.083762][T17214] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1088.091477][T17214] bridge_slave_1: entered allmulticast mode
[ 1088.099619][T17214] bridge_slave_1: entered promiscuous mode
[ 1088.723579][T17271] pim6reg: entered allmulticast mode
[ 1088.755768][T17214] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1088.773137][T17214] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1088.836403][T17280] 9pnet_fd: Insufficient options for proto=fd
[ 1088.918397][ T5917] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1089.050287][T17214] team0: Port device team_slave_0 added
[ 1089.075491][T17214] team0: Port device team_slave_1 added
[ 1089.088785][ T5917] usb 3-1: Using ep0 maxpacket: 16
[ 1089.108336][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1089.137204][ T5917] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[ 1089.160105][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1089.169909][ T5917] usb 3-1: Product: syz
[ 1089.174429][ T6166] bridge_slave_1: left allmulticast mode
[ 1089.181488][ T6166] bridge_slave_1: left promiscuous mode
[ 1089.188340][ T6166] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1089.196477][ T5917] usb 3-1: Manufacturer: syz
[ 1089.202463][ T5917] usb 3-1: SerialNumber: syz
[ 1089.220727][ T6166] bridge_slave_0: left allmulticast mode
[ 1089.226707][ T6166] bridge_slave_0: left promiscuous mode
[ 1089.232938][T17216] Bluetooth: hci5: command tx timeout
[ 1089.235798][ T5917] usb 3-1: config 0 descriptor??
[ 1089.244484][ T6166] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1089.273887][ T5917] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1089.304389][ T5917] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1089.357230][ T5917] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input30
[ 1090.968978][ T5917] usb 3-1: USB disconnect, device number 32
[ 1091.232415][T17315] netlink: 'syz.4.3356': attribute type 1 has an invalid length.
[ 1091.251884][ T6166] bond1 (unregistering): (slave bridge1): Releasing active interface
[ 1091.309890][T17216] Bluetooth: hci5: command tx timeout
[ 1091.398351][ T6166] bridge1 (unregistering): left promiscuous mode
[ 1091.466840][ T6166] bridge1 (unregistering): left allmulticast mode
[ 1092.170755][ T6166] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1092.204547][ T6166] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1092.228344][ T6166] bond0 (unregistering): Released all slaves
[ 1093.387784][T17216] Bluetooth: hci5: command tx timeout
[ 1094.305129][ T6166] bond1 (unregistering): Released all slaves
[ 1094.405116][T17214] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1094.456569][T17214] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.552892][T17214] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1094.631287][T17214] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1094.654299][T17214] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1094.691998][T17355] netlink: 'syz.5.3366': attribute type 1 has an invalid length.
[ 1094.749130][T17214] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1094.773603][ T6166] tipc: Left network mode
[ 1094.894653][T17214] hsr_slave_0: entered promiscuous mode
[ 1094.906523][T17214] hsr_slave_1: entered promiscuous mode
[ 1095.025087][T17214] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1095.035341][T17214] Cannot create hsr debugfs directory
[ 1095.205742][ T6166] hsr_slave_0: left promiscuous mode
[ 1095.218710][ T6166] hsr_slave_1: left promiscuous mode
[ 1095.238803][ T6166] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1095.257134][ T6166] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1095.285342][ T6166] pim6reg (unregistering): left allmulticast mode
[ 1096.556387][T17374] x_tables: duplicate underflow at hook 2
[ 1097.287837][T16439] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1097.478253][T16439] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1097.495904][T16439] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1097.537991][T16439] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1097.574643][T16439] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1097.601305][ T6166] team0 (unregistering): Port device team_slave_1 removed
[ 1097.609922][T16439] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.633685][T16439] usb 4-1: Product: syz
[ 1097.670307][T16439] usb 4-1: Manufacturer: syz
[ 1097.675141][T16439] usb 4-1: SerialNumber: syz
[ 1097.739580][ T6166] team0 (unregistering): Port device team_slave_0 removed
[ 1098.005987][T17378] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1098.130462][T16439] usb 4-1: USB disconnect, device number 39
[ 1098.536406][T17397] tipc: Started in network mode
[ 1098.546366][T17397] tipc: Node identity b21d550ab8c2, cluster identity 4711
[ 1098.557453][T17397] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1098.604875][T17398] syzkaller0: entered promiscuous mode
[ 1098.611312][T17398] syzkaller0: entered allmulticast mode
[ 1098.643417][T17396] tipc: Resetting bearer <eth:syzkaller0>
[ 1098.688387][T17394] tipc: Resetting bearer <eth:syzkaller0>
[ 1098.766533][T17394] tipc: Disabling bearer <eth:syzkaller0>
[ 1099.356190][T17416] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3380'.
[ 1100.208964][T17424] netlink: 'syz.2.3382': attribute type 1 has an invalid length.
[ 1100.272383][T17424] bond1: entered promiscuous mode
[ 1100.277489][T17424] bond1: entered allmulticast mode
[ 1100.428874][T17424] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3382'.
[ 1100.545979][T17424] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1101.815794][T17214] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1101.848454][T17214] 8021q: adding VLAN 0 to HW filter on device team0
[ 1101.881356][T16841] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1101.888604][T16841] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1102.356011][T16841] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1102.363297][T16841] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1102.866073][T17449] syzkaller0: entered promiscuous mode
[ 1102.877143][T17449] syzkaller0: entered allmulticast mode
[ 1103.154437][  T978] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1103.676591][  T978] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1103.695602][  T978] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1103.705456][  T978] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1103.716098][  T978] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1104.017823][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1104.053180][  T978] usb 4-1: Product: syz
[ 1104.060352][  T978] usb 4-1: Manufacturer: syz
[ 1104.065945][  T978] usb 4-1: SerialNumber: syz
[ 1104.333552][T17214] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1105.432690][  T978] usb 4-1: USB disconnect, device number 40
[ 1105.587483][T17214] veth0_vlan: entered promiscuous mode
[ 1105.614621][T17214] veth1_vlan: entered promiscuous mode
[ 1105.713856][T17214] veth0_macvtap: entered promiscuous mode
[ 1105.847535][T17214] veth1_macvtap: entered promiscuous mode
[ 1106.284248][T17214] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1106.323461][T17214] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1106.514756][T17500] syzkaller0: entered promiscuous mode
[ 1106.527579][T17500] syzkaller0: entered allmulticast mode
[ 1106.718899][ T6166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.739455][ T6166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1106.782010][ T6166] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.815655][ T6166] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1108.045222][T10459] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1108.630556][T10459] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1108.651621][T10459] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1108.681094][T10459] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1108.704882][T10459] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1108.714542][T10459] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1108.736695][T10459] usb 4-1: Product: syz
[ 1108.753488][T10459] usb 4-1: Manufacturer: syz
[ 1108.767325][T10459] usb 4-1: SerialNumber: syz
[ 1109.096135][T17538] x_tables: duplicate underflow at hook 2
[ 1109.104037][T10459] usb 4-1: USB disconnect, device number 41
[ 1109.725504][T17548] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3417'.
[ 1113.600428][T17600] netlink: 'syz.5.3433': attribute type 1 has an invalid length.
[ 1113.668694][T17604] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1116.961039][T17643] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3444'.
[ 1118.201352][T17661] usb usb8: usbfs: process 17661 (syz.2.3449) did not claim interface 0 before use
[ 1118.517763][T17668] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1120.635680][T17686] pim6reg: entered allmulticast mode
[ 1121.096512][   T30] audit: type=1326 audit(2000000748.690:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17692 comm="syz.5.3459" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f833638e929 code=0x0
[ 1122.017942][   T30] audit: type=1326 audit(2000000749.600:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17705 comm="syz.2.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1122.116953][   T30] audit: type=1326 audit(2000000749.600:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17705 comm="syz.2.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1122.204388][T17713] usb usb8: usbfs: process 17713 (syz.3.3465) did not claim interface 0 before use
[ 1122.236826][   T30] audit: type=1326 audit(2000000749.610:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17705 comm="syz.2.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1122.337422][   T30] audit: type=1326 audit(2000000749.610:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17705 comm="syz.2.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1122.360170][   T30] audit: type=1326 audit(2000000749.610:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17705 comm="syz.2.3464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f876838e929 code=0x7ffc0000
[ 1124.540828][T17747] hub 6-0:1.0: USB hub found
[ 1124.548641][T17747] hub 6-0:1.0: 1 port detected
[ 1125.528667][   T30] audit: type=1326 audit(2000000753.130:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17746 comm="syz.0.3478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5720b8e929 code=0x0
[ 1125.705888][T17760] usb usb8: usbfs: process 17760 (syz.3.3480) did not claim interface 0 before use
[ 1126.686124][ T5953] hid (null): global environment stack underflow
[ 1126.703092][ T5953] hid (null): unknown global tag 0xd
[ 1126.723771][ T5953] hid (null): unknown global tag 0xd2
[ 1126.739631][ T5953] hid (null): unknown global tag 0xe
[ 1126.776619][ T5953] hid (null): global environment stack underflow
[ 1127.038502][T17727] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1127.407263][T17727] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1127.501256][T17727] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1127.752187][ T5953] hid (null): unknown global tag 0xa6
[ 1127.759737][ T5953] hid (null): unknown global tag 0xd
[ 1127.765172][ T5953] hid (null): unknown global tag 0xd
[ 1127.770585][ T5953] hid (null): unknown global tag 0x9e
[ 1127.779796][ T5953] hid-generic 0003:0007:0004.0009: unknown main item tag 0x4
[ 1127.787268][ T5953] hid-generic 0003:0007:0004.0009: collection stack underflow
[ 1128.054444][T17727] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1128.098061][T17727] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1128.098380][ T5953] hid-generic 0003:0007:0004.0009: item 0 1 0 12 parsing failed
[ 1128.118351][ T5953] hid-generic 0003:0007:0004.0009: probe with driver hid-generic failed with error -22
[ 1128.127724][T17727] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1128.136012][T17727] usb 4-1: Product: syz
[ 1128.268882][T17727] usb 4-1: Manufacturer: syz
[ 1128.273564][T17727] usb 4-1: SerialNumber: syz
[ 1128.590645][T17770] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1128.711909][T17727] usb 4-1: USB disconnect, device number 42
[ 1128.985293][T17801] syzkaller0: entered promiscuous mode
[ 1128.991310][T17801] syzkaller0: entered allmulticast mode
[ 1131.181696][T17824] syzkaller0: entered promiscuous mode
[ 1131.187374][T17824] syzkaller0: entered allmulticast mode
[ 1132.190498][T17833] netlink: 'syz.3.3506': attribute type 10 has an invalid length.
[ 1132.343612][T17833] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1133.236665][T17833] team0: Port device bond0 added
[ 1133.591552][T17847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1136.187983][T17863] usb usb8: usbfs: process 17863 (syz.0.3515) did not claim interface 0 before use
[ 1136.807972][ T5917] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1137.577857][ T5917] usb 4-1: Using ep0 maxpacket: 16
[ 1138.405146][ T5917] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1138.444385][T17876] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1138.462094][ T5917] usb 4-1: config 1 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1138.478731][ T5917] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1138.495462][ T5917] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.40
[ 1138.505197][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[ 1138.513626][ T5917] usb 4-1: Product: syz
[ 1138.518219][ T5917] usb 4-1: SerialNumber: syz
[ 1138.971468][ T5917] usbhid 4-1:1.0: can't add hid device: -71
[ 1138.979056][ T5917] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[ 1139.013328][ T5917] usb 4-1: USB disconnect, device number 43
[ 1140.019512][T17892] usb usb8: usbfs: process 17892 (syz.0.3524) did not claim interface 0 before use
[ 1140.587794][T10459] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1141.779276][T10459] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.790273][T10459] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1141.801195][T10459] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1141.970101][T10459] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1141.985622][T10459] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1141.993713][T10459] usb 4-1: Product: syz
[ 1141.998106][T10459] usb 4-1: Manufacturer: syz
[ 1142.002971][T10459] usb 4-1: SerialNumber: syz
[ 1142.649425][T10459] usb 4-1: USB disconnect, device number 44
[ 1145.117642][T17948] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3540'.
[ 1148.668010][T17216] Bluetooth: hci3: command 0x0406 tx timeout
[ 1149.093967][ T1225] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1149.587742][ T1225] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1150.020779][ T1225] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1150.035968][ T1225] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1150.046234][ T1225] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1150.055611][ T1225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1150.071114][ T1225] usb 3-1: Product: syz
[ 1150.075318][ T1225] usb 3-1: Manufacturer: syz
[ 1150.080003][ T1225] usb 3-1: SerialNumber: syz
[ 1150.278932][T17990] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3554'.
[ 1150.519072][T17990] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3554'.
[ 1150.671349][T17990] netlink: 'syz.3.3554': attribute type 12 has an invalid length.
[ 1150.763424][T17996] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3555'.
[ 1150.773086][T17997] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3556'.
[ 1151.041353][ T1225] usb 3-1: USB disconnect, device number 33
[ 1151.308182][T18005] usb usb8: usbfs: process 18005 (syz.4.3559) did not claim interface 0 before use
[ 1153.200684][T18036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3568'.
[ 1155.186259][T18057] usb usb8: usbfs: process 18057 (syz.5.3573) did not claim interface 0 before use
[ 1156.833047][T18080] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1160.186098][T18106] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1160.526259][T18110] overlayfs: failed to resolve './file1': -2
[ 1161.448695][T18113] trusted_key: syz.5.3592 sent an empty control message without MSG_MORE.
[ 1161.525642][T18115] syzkaller0: entered promiscuous mode
[ 1161.531477][T18115] syzkaller0: entered allmulticast mode
[ 1162.322430][T18130] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3598'.
[ 1163.041894][ T5917] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[ 1163.091001][ T5917] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1163.154435][T18138] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3601'.
[ 1164.219619][T18148] overlayfs: failed to resolve './file1': -2
[ 1165.513230][T18162] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1165.520827][T18162] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1165.599092][T18164] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3610'.
[ 1165.609320][T18164] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3610'.
[ 1166.891097][T18179] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1166.898927][T18179] syzkaller0: entered promiscuous mode
[ 1166.904543][T18179] syzkaller0: entered allmulticast mode
[ 1166.929797][T18179] tipc: Resetting bearer <eth:syzkaller0>
[ 1166.962224][T18176] tipc: Resetting bearer <eth:syzkaller0>
[ 1167.076602][T18176] tipc: Disabling bearer <eth:syzkaller0>
[ 1169.550427][T18201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3621'.
[ 1169.562877][T18201] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3621'.
[ 1170.206156][T18213] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3626'.
[ 1173.464151][   T30] audit: type=1326 audit(2000000801.060:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=18237 comm="syz.4.3635" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff9b938e929 code=0x0
[ 1178.323077][T18284] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3648'.
[ 1178.467344][T18285] binder: 18264:18285 ioctl 40046210 0 returned -14
[ 1179.086149][T18290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3651'.
[ 1179.095097][T18290] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3651'.
[ 1180.336708][T18298] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1180.577989][T18303] syzkaller0: entered promiscuous mode
[ 1180.583526][T18303] syzkaller0: entered allmulticast mode
[ 1181.287852][T18322] netlink: 'syz.0.3661': attribute type 1 has an invalid length.
[ 1181.392094][T18323] ubi: mtd0 is already attached to ubi31
[ 1182.110670][T18326] netlink: 124 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1182.200118][T18327] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3661'.
[ 1184.327907][T18344] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3666'.
[ 1184.341614][T18344] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3666'.
[ 1187.284052][T18322] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1188.078071][T18388] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1188.141747][T18388] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3679'.
[ 1188.182948][T18389] ubi: mtd0 is already attached to ubi31
[ 1189.445882][T18397] sp0: Synchronizing with TNC
[ 1191.588644][T18395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3680'.
[ 1191.708696][T18401] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3682'.
[ 1191.771934][T18402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3682'.
[ 1193.397698][T18416] netlink: 'syz.5.3686': attribute type 1 has an invalid length.
[ 1193.499204][T18422] netlink: 124 bytes leftover after parsing attributes in process `syz.5.3686'.
[ 1194.260671][T18427] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3686'.
[ 1194.278829][T18416] bond1: entered promiscuous mode
[ 1194.312865][T18416] bond1: entered allmulticast mode
[ 1194.397325][T18427] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1195.116797][T17216] Bluetooth: hci4: command 0x0406 tx timeout
[ 1195.679333][T18439] ubi: mtd0 is already attached to ubi31
[ 1196.411436][T18444] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1196.977100][T18448] hub 6-0:1.0: USB hub found
[ 1196.984432][T18448] hub 6-0:1.0: 1 port detected
[ 1198.464743][T18455] sp0: Synchronizing with TNC
[ 1200.402188][T18476] netlink: 'syz.3.3702': attribute type 1 has an invalid length.
[ 1200.511869][T18485] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3702'.
[ 1200.717880][T18489] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3702'.
[ 1200.732022][T18476] bond2: entered promiscuous mode
[ 1200.738951][T18476] bond2: entered allmulticast mode
[ 1200.815314][ T5917] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1201.430678][T18489] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1201.449023][T18496] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3706'.
[ 1201.459666][ T5917] usb 3-1: config 0 has no interfaces?
[ 1201.468631][T18496] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3706'.
[ 1201.585238][ T5917] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1201.616945][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1201.638098][ T5917] usb 3-1: config 0 descriptor??
[ 1201.860823][T18503] usb usb8: usbfs: process 18503 (syz.0.3709) did not claim interface 0 before use
[ 1203.741451][ T1225] usb 3-1: USB disconnect, device number 34
[ 1206.195471][T18541] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3718'.
[ 1206.306987][T18541] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3718'.
[ 1206.349247][T18544] netlink: 'syz.2.3719': attribute type 1 has an invalid length.
[ 1206.472521][T18549] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3719'.
[ 1206.550648][T18549] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3719'.
[ 1206.566527][T18550] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3719'.
[ 1206.591680][T18555] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1206.609663][T18544] bond2: entered promiscuous mode
[ 1206.738503][T18544] bond2: entered allmulticast mode
[ 1206.821713][T18558] usb usb8: usbfs: process 18558 (syz.3.3722) did not claim interface 0 before use
[ 1207.132678][T18550] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1210.652537][T17216] Bluetooth: hci5: command 0x0406 tx timeout
[ 1211.309473][T18586] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3730'.
[ 1211.318884][T18586] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3730'.
[ 1212.536967][T18601] usb usb8: usbfs: process 18601 (syz.5.3733) did not claim interface 0 before use
[ 1212.927026][T18605] netlink: 'syz.0.3735': attribute type 1 has an invalid length.
[ 1213.009135][T18608] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3735'.
[ 1213.059246][T18608] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3735'.
[ 1213.155199][T18605] bond1: entered promiscuous mode
[ 1213.248518][T18609] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3735'.
[ 1213.276355][T18584] ubi: mtd0 is already attached to ubi31
[ 1213.284441][T18605] bond1: entered allmulticast mode
[ 1213.585926][T18609] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1220.326116][T18658] xt_CT: No such helper "snmp"
[ 1220.474618][T18671] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3749'.
[ 1221.173396][T18676] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1221.494563][T18677] netlink: 'syz.2.3751': attribute type 1 has an invalid length.
[ 1221.587658][T18677] bond3: entered promiscuous mode
[ 1221.593200][T18677] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1221.669170][T18681] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1221.677812][T18681] bond3: (slave vcan1): The slave device specified does not support setting the MAC address
[ 1221.705155][T18681] bond3: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[ 1221.729010][T18681] bond3: (slave vcan1): making interface the new active one
[ 1221.746591][T18681] vcan1: entered promiscuous mode
[ 1221.778800][T18681] bond3: (slave vcan1): Enslaving as an active interface with an up link
[ 1223.281188][ T6171] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.349073][ T6171] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.385002][T18710] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[ 1224.582354][ T6171] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1224.672272][T18719] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3764'.
[ 1224.681845][T18719] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3764'.
[ 1225.262569][T18723] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3765'.
[ 1225.664575][ T6171] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1227.317654][T18736] syz.5.3766: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1227.351820][ T6171] bridge_slave_1: left allmulticast mode
[ 1227.357527][ T6171] bridge_slave_1: left promiscuous mode
[ 1227.384666][T18736] CPU: 0 UID: 0 PID: 18736 Comm: syz.5.3766 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[ 1227.384693][T18736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1227.384704][T18736] Call Trace:
[ 1227.384713][T18736]  <TASK>
[ 1227.384722][T18736]  dump_stack_lvl+0x189/0x250
[ 1227.384754][T18736]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1227.384775][T18736]  ? __pfx__printk+0x10/0x10
[ 1227.384798][T18736]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1227.384823][T18736]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1227.384849][T18736]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1227.384874][T18736]  warn_alloc+0x214/0x310
[ 1227.384898][T18736]  ? __pfx_warn_alloc+0x10/0x10
[ 1227.384925][T18736]  ? __get_vm_area_node+0x28f/0x300
[ 1227.384953][T18736]  ? frame_vector_create+0x62/0x110
[ 1227.384982][T18736]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1227.385038][T18736]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1227.385070][T18736]  ? rcu_is_watching+0x15/0xb0
[ 1227.385093][T18736]  ? frame_vector_create+0x62/0x110
[ 1227.385115][T18736]  ? frame_vector_create+0x62/0x110
[ 1227.385136][T18736]  __kvmalloc_node_noprof+0x3b8/0x5f0
[ 1227.385163][T18736]  ? frame_vector_create+0x62/0x110
[ 1227.385193][T18736]  frame_vector_create+0x62/0x110
[ 1227.385220][T18736]  vb2_create_framevec+0x37/0xd0
[ 1227.385240][T18736]  vb2_vmalloc_get_userptr+0x108/0x450
[ 1227.385266][T18736]  ? __pfx_vb2_vmalloc_get_userptr+0x10/0x10
[ 1227.385297][T18736]  __buf_prepare+0xf4f/0x4740
[ 1227.385336][T18736]  ? __pfx___buf_prepare+0x10/0x10
[ 1227.385374][T18736]  ? is_bpf_text_address+0x26/0x2b0
[ 1227.385398][T18736]  ? is_bpf_text_address+0x292/0x2b0
[ 1227.385415][T18736]  ? is_bpf_text_address+0x26/0x2b0
[ 1227.385436][T18736]  ? kernel_text_address+0xa5/0xe0
[ 1227.385472][T18736]  ? __lock_acquire+0xab9/0xd20
[ 1227.385550][T18736]  vb2_core_prepare_buf+0xad/0x2c0
[ 1227.385574][T18736]  __video_do_ioctl+0xc98/0xdb0
[ 1227.385607][T18736]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1227.385643][T18736]  video_usercopy+0x871/0x14f0
[ 1227.385679][T18736]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1227.385701][T18736]  ? __pfx_video_usercopy+0x10/0x10
[ 1227.385747][T18736]  v4l2_ioctl+0x18d/0x1e0
[ 1227.385769][T18736]  ? __pfx_v4l2_ioctl+0x10/0x10
[ 1227.385790][T18736]  __se_sys_ioctl+0xf9/0x170
[ 1227.385817][T18736]  do_syscall_64+0xfa/0x3b0
[ 1227.385853][T18736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.385871][T18736]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1227.385891][T18736]  ? clear_bhb_loop+0x60/0xb0
[ 1227.385914][T18736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.385933][T18736] RIP: 0033:0x7f833638e929
[ 1227.385951][T18736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1227.385986][T18736] RSP: 002b:00007f83372b8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1227.386022][T18736] RAX: ffffffffffffffda RBX: 00007f83365b6080 RCX: 00007f833638e929
[ 1227.386036][T18736] RDX: 0000200000000500 RSI: 00000000c058565d RDI: 0000000000000006
[ 1227.386049][T18736] RBP: 00007f8336410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1227.386061][T18736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1227.386090][T18736] R13: 0000000000000000 R14: 00007f83365b6080 R15: 00007ffcb0fe6b48
[ 1227.386122][T18736]  </TASK>
[ 1227.386445][ T6171] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1227.750975][T18736] Mem-Info:
[ 1227.767713][T18736] active_anon:20113 inactive_anon:8819 isolated_anon:0
[ 1227.767713][T18736]  active_file:14657 inactive_file:4292 isolated_file:0
[ 1227.767713][T18736]  unevictable:768 dirty:52 writeback:0
[ 1227.767713][T18736]  slab_reclaimable:6886 slab_unreclaimable:109084
[ 1227.767713][T18736]  mapped:33163 shmem:24371 pagetables:1399
[ 1227.767713][T18736]  sec_pagetables:5 bounce:0
[ 1227.767713][T18736]  kernel_misc_reclaimable:0
[ 1227.767713][T18736]  free:1304375 free_pcp:18648 free_cma:0
[ 1227.828703][ T6171] bridge_slave_0: left allmulticast mode
[ 1227.870617][ T6171] bridge_slave_0: left promiscuous mode
[ 1227.876724][T18736] Node 0 active_anon:86432kB inactive_anon:29120kB active_file:58544kB inactive_file:17032kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:126444kB dirty:216kB writeback:0kB shmem:95948kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12716kB pagetables:5344kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1227.927657][ T6171] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1227.937855][T18736] Node 1 active_anon:0kB inactive_anon:0kB active_file:92kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:80kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1228.061072][T18736] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1228.126127][T18736] lowmem_reserve[]: 0 2500 2502 2502 2502
[ 1228.307292][T18736] Node 0 DMA32 free:1309908kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB free_highatomic:0KB active_anon:80428kB inactive_anon:35092kB active_file:56916kB inactive_file:16968kB unevictable:1536kB writepending:216kB present:3129332kB managed:2560896kB mlocked:0kB bounce:0kB free_pcp:45700kB local_pcp:28024kB free_cma:0kB
[ 1228.353777][T18736] lowmem_reserve[]: 0 0 1 1 1
[ 1229.083951][T18736] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:128kB active_file:1628kB inactive_file:64kB unevictable:0kB writepending:0kB present:1048580kB managed:1904kB mlocked:0kB bounce:0kB free_pcp:56kB local_pcp:28kB free_cma:0kB
[ 1229.207801][T18736] lowmem_reserve[]: 0 0 0 0 0
[ 1229.213061][T18736] Node 1 Normal free:3911792kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:92kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:9952kB local_pcp:9952kB free_cma:0kB
[ 1229.246143][T18736] lowmem_reserve[]: 0 0 0 0 0
[ 1229.254583][T18736] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1229.269440][T18757] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1229.279914][T18736] Node 0 DMA32: 2383*4kB (UME) 1117*8kB (UME) 380*16kB (UME) 798*32kB (UME) 304*64kB (UME) 169*128kB (UME) 152*256kB (UME) 64*512kB (UME) 44*1024kB (UME) 12*2048kB (UM) 263*4096kB (UM) = 1309732kB
[ 1229.303165][T18736] Node 0 Normal: 4*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[ 1229.316580][T18736] Node 1 Normal: 198*4kB (UME) 61*8kB (UME) 41*16kB (UME) 251*32kB (UME) 102*64kB (UE) 32*128kB (UME) 6*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 3*2048kB (UE) 947*4096kB (M) = 3911792kB
[ 1229.335667][T18736] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1229.349049][T18736] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[ 1229.364356][T18736] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1229.380257][T18736] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1229.394378][T18736] 43319 total pagecache pages
[ 1229.399228][T18736] 1 pages in swap cache
[ 1229.411414][T18736] Free swap  = 124992kB
[ 1229.415688][T18736] Total swap = 124996kB
[ 1229.425742][T18736] 2097051 pages RAM
[ 1229.429685][T18736] 0 pages HighMem/MovableOnly
[ 1229.435096][T18736] 424720 pages reserved
[ 1229.439542][T18736] 0 pages cma reserved
[ 1229.574737][T17072] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[ 1229.593626][T17072] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1229.864519][ T6171] bond1 (unregistering): (slave bridge2): Releasing active interface
[ 1229.877363][ T6171] bridge2 (unregistering): left promiscuous mode
[ 1229.884577][ T6171] bridge2 (unregistering): left allmulticast mode
[ 1230.474114][T18765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3778'.
[ 1230.751144][ T6171] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1230.763972][ T6171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1230.775388][ T6171] bond0 (unregistering): Released all slaves
[ 1231.865681][ T6171] bond1 (unregistering): Released all slaves
[ 1233.097221][T18786] xt_CT: No such helper "snmp"
[ 1233.402116][T18780] syzkaller0: entered promiscuous mode
[ 1233.422661][T18780] syzkaller0: entered allmulticast mode
[ 1233.685045][ T6171] tipc: Left network mode
[ 1235.768351][T18812] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1237.106342][  T978] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1237.165005][T18823] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3794'.
[ 1237.957869][  T978] usb 6-1: config 0 has no interfaces?
[ 1237.963525][  T978] usb 6-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1237.976391][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1238.003386][  T978] usb 6-1: config 0 descriptor??
[ 1238.256975][T10459] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[ 1238.279681][T10459] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1239.637614][T18845] netlink: 'syz.2.3798': attribute type 1 has an invalid length.
[ 1239.876471][T17072] usb 6-1: USB disconnect, device number 16
[ 1240.656303][T18845] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[ 1242.616670][T18872] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1242.721848][ T6171] hsr_slave_0: left promiscuous mode
[ 1242.732605][ T6171] hsr_slave_1: left promiscuous mode
[ 1242.800013][  T978] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[ 1242.815525][  T978] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1242.863824][ T6171] veth1_macvtap: left promiscuous mode
[ 1242.875254][ T6171] veth0_macvtap: left promiscuous mode
[ 1242.888034][ T6171] veth1_vlan: left promiscuous mode
[ 1242.929599][ T6171] veth0_vlan: left promiscuous mode
[ 1243.100313][T18882] exFAT-fs (nbd2): mounting with "discard" option, but the device does not support discard
[ 1243.112040][T18882] syz.2.3807: attempt to access beyond end of device
[ 1243.112040][T18882] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1243.125629][T18882] exFAT-fs (nbd2): unable to read boot sector
[ 1243.131814][T18882] exFAT-fs (nbd2): failed to read boot sector
[ 1243.138182][T18882] exFAT-fs (nbd2): failed to recognize exfat type
[ 1245.585056][ T6171] pim6reg (unregistering): left allmulticast mode
[ 1246.397220][T18902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3812'.
[ 1247.246744][ T6171] team0 (unregistering): Port device team_slave_1 removed
[ 1247.298011][ T6171] team0 (unregistering): Port device team_slave_0 removed
[ 1249.627734][T18916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3816'.
[ 1250.032760][T18923] usb usb8: usbfs: process 18923 (syz.5.3818) did not claim interface 0 before use
[ 1250.108904][ T6171] IPVS: stop unused estimator thread 0...
[ 1251.696940][T18936] sp0: Synchronizing with TNC
[ 1254.732124][T18934] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1254.978480][T18948] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3824'.
[ 1254.994384][T18948] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3824'.
[ 1257.083625][T10459] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[ 1257.318271][T10459] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1257.330888][T18969] usb usb8: usbfs: process 18969 (syz.5.3831) did not claim interface 0 before use
[ 1257.456116][ T1225] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1257.738064][ T1225] usb 3-1: config 0 has no interfaces?
[ 1258.055661][ T1225] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1258.185757][ T1225] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1258.234543][ T1225] usb 3-1: config 0 descriptor??
[ 1258.593197][T18980] sp0: Synchronizing with TNC
[ 1259.021408][T18992] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1260.330588][ T5917] usb 3-1: USB disconnect, device number 35
[ 1262.014508][T19009] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3842'.
[ 1262.023536][T19009] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3842'.
[ 1262.749322][T19022] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3846'.
[ 1264.304968][T19043] overlayfs: missing 'lowerdir'
[ 1264.862662][ T5917] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1265.053788][ T5917] usb 4-1: config 0 has no interfaces?
[ 1265.069381][ T5917] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[ 1265.102653][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1265.128144][ T5917] usb 4-1: config 0 descriptor??
[ 1265.241480][T19065] netlink: 40 bytes leftover after parsing attributes in process `syz.5.3859'.
[ 1266.902224][T19074] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1267.701429][T10459] usb 4-1: USB disconnect, device number 45
[ 1269.313648][T19100] hub 6-0:1.0: USB hub found
[ 1269.319754][T19100] hub 6-0:1.0: 1 port detected
[ 1270.687352][T19113] sp0: Synchronizing with TNC
[ 1273.388748][T19112] delete_channel: no stack
[ 1273.430327][T19126] usb usb8: usbfs: process 19126 (syz.5.3877) did not claim interface 0 before use
[ 1273.777280][T19133] usb usb8: usbfs: process 19133 (syz.5.3879) did not claim interface 0 before use
[ 1276.518825][T19155] hub 6-0:1.0: USB hub found
[ 1276.526891][T19155] hub 6-0:1.0: 1 port detected
[ 1277.155529][T19158] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3885'.
[ 1277.873990][T19167] overlayfs: missing 'workdir'
[ 1279.014885][T19171] sp0: Synchronizing with TNC
[ 1281.749429][T19183] usb usb8: usbfs: process 19183 (syz.0.3890) did not claim interface 0 before use
[ 1282.291094][T19195] netlink: 'syz.5.3894': attribute type 1 has an invalid length.
[ 1282.631439][T19195] bond2: entered promiscuous mode
[ 1282.637041][T19195] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1282.694573][T19197] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1282.701967][T19197] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[ 1282.722484][T19197] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[ 1282.743037][T19197] bond2: (slave vcan1): making interface the new active one
[ 1282.750571][T19197] vcan1: entered promiscuous mode
[ 1282.768337][T19197] bond2: (slave vcan1): Enslaving as an active interface with an up link
[ 1283.806808][T19214] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3901'.
[ 1283.816115][T19214] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3901'.
[ 1285.764156][T19224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3903'.
[ 1286.310722][T19230] usb usb8: usbfs: process 19230 (syz.5.3904) did not claim interface 0 before use
[ 1286.513181][T19234] exFAT-fs (nbd2): mounting with "discard" option, but the device does not support discard
[ 1286.524662][T19234] syz.2.3906: attempt to access beyond end of device
[ 1286.524662][T19234] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1286.537980][T19234] exFAT-fs (nbd2): unable to read boot sector
[ 1286.544467][T19234] exFAT-fs (nbd2): failed to read boot sector
[ 1286.550674][T19234] exFAT-fs (nbd2): failed to recognize exfat type
[ 1289.403953][T19242] Falling back ldisc for ptm0.
[ 1289.953560][T19261] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3915'.
[ 1290.731907][T19269] exFAT-fs (nbd4): mounting with "discard" option, but the device does not support discard
[ 1290.743460][T19269] syz.4.3918: attempt to access beyond end of device
[ 1290.743460][T19269] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1290.756968][T19269] exFAT-fs (nbd4): unable to read boot sector
[ 1290.763644][T19269] exFAT-fs (nbd4): failed to read boot sector
[ 1290.770539][T19269] exFAT-fs (nbd4): failed to recognize exfat type
[ 1291.878961][T19273] usb usb8: usbfs: process 19273 (syz.5.3919) did not claim interface 0 before use
[ 1292.837685][T19286] usb usb8: usbfs: process 19286 (syz.2.3923) did not claim interface 0 before use
[ 1294.254982][T19289] xt_CT: No such helper "snmp"
[ 1295.023179][T19309] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported
[ 1295.783316][T19306] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3930'.
[ 1295.792457][T19306] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3930'.
[ 1296.347711][T19303] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3928'.
[ 1296.517389][T19323] usb usb8: usbfs: process 19323 (syz.3.3933) did not claim interface 0 before use
[ 1300.256141][T19371] usb usb8: usbfs: process 19371 (syz.2.3945) did not claim interface 0 before use
[ 1302.128602][T19392] ubi: mtd0 is already attached to ubi31
[ 1303.804750][T19405] overlayfs: missing 'lowerdir'
[ 1308.287838][T19419] usb usb8: usbfs: process 19419 (syz.0.3958) did not claim interface 0 before use
[ 1310.526226][T19444] exFAT-fs (nbd2): mounting with "discard" option, but the device does not support discard
[ 1310.568804][T19444] syz.2.3967: attempt to access beyond end of device
[ 1310.568804][T19444] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1310.753109][T19444] exFAT-fs (nbd2): unable to read boot sector
[ 1311.329319][T19444] exFAT-fs (nbd2): failed to read boot sector
[ 1311.379240][T19444] exFAT-fs (nbd2): failed to recognize exfat type
[ 1311.545984][T19461] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1312.555748][T19477] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3975'.
[ 1312.566009][T19477] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3975'.
[ 1318.278372][T19512] xt_CT: No such helper "snmp"
[ 1320.160561][T19530] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1325.842765][T19592] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3987'.
[ 1326.535115][T19598] usb usb8: usbfs: process 19598 (syz.5.4005) did not claim interface 0 before use
[ 1329.502010][T19625] sp0: Synchronizing with TNC
[ 1333.411829][T19636] SET target dimension over the limit!
[ 1333.663499][T19642] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4020'.
[ 1334.712966][T19649] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1337.435679][ T1225] libceph: connect (1)[c::]:6789 error -101
[ 1337.442186][ T1225] libceph: mon0 (1)[c::]:6789 connect error
[ 1337.454348][T19681] netlink: 'syz.0.4028': attribute type 1 has an invalid length.
[ 1337.520005][T19680] ceph: No mds server is up or the cluster is laggy
[ 1337.735123][T19687] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4028'.
[ 1337.992330][T19681] bond2: entered promiscuous mode
[ 1337.998143][T19681] bond2: entered allmulticast mode
[ 1338.025988][T19687] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1338.486476][T19697] sp0: Synchronizing with TNC
[ 1345.452273][T16439] libceph: connect (1)[c::]:6789 error -101
[ 1345.464959][T16439] libceph: mon0 (1)[c::]:6789 connect error
[ 1345.713183][T19755] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4047'.
[ 1345.733100][T16439] libceph: connect (1)[c::]:6789 error -101
[ 1345.739202][T16439] libceph: mon0 (1)[c::]:6789 connect error
[ 1345.747225][T19747] ceph: No mds server is up or the cluster is laggy
[ 1345.785700][T19755] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4047'.
[ 1347.755323][T19773] netlink: 'syz.3.4052': attribute type 1 has an invalid length.
[ 1347.905585][T19774] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1353.242121][T19811] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4061'.
[ 1354.782147][T19826] netlink: 'syz.4.4066': attribute type 1 has an invalid length.
[ 1354.789009][T19827] SET target dimension over the limit!
[ 1355.294108][T19833] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1368.063873][T19887] netlink: 'syz.3.4081': attribute type 1 has an invalid length.
[ 1368.308410][T19887] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[ 1375.487442][T17216]  non-paged memory
[ 1375.491478][T17216] list_del corruption, ffff888035a1db80->next is LIST_POISON1 (dead000000000100)
[ 1375.502864][T17216] ------------[ cut here ]------------
[ 1375.509329][T17216] kernel BUG at lib/list_debug.c:58!
[ 1375.515118][T17216] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1375.521377][T17216] CPU: 1 UID: 0 PID: 17216 Comm: kworker/u9:1 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[ 1375.533645][T17216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1375.543696][T17216] Workqueue: hci5 hci_conn_timeout
[ 1375.548817][T17216] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 1375.555844][T17216] Code: 00 ce e1 8b 48 89 de e8 b0 bb 66 fc 90 0f 0b 4c 89 e7 e8 a5 1c 40 fd 48 c7 c7 60 ce e1 8b 48 89 de 4c 89 e2 e8 93 bb 66 fc 90 <0f> 0b 4c 89 e7 e8 88 1c 40 fd 48 c7 c7 c0 ce e1 8b 48 89 de 4c 89
[ 1375.575448][T17216] RSP: 0018:ffffc9000b677980 EFLAGS: 00010246
[ 1375.581510][T17216] RAX: 000000000000004e RBX: ffff888035a1db80 RCX: f7dc0cdf53339300
[ 1375.589491][T17216] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1375.597454][T17216] RBP: ffffffff8a774950 R08: ffffc9000b6776a7 R09: 1ffff920016ceed4
[ 1375.605421][T17216] R10: dffffc0000000000 R11: fffff520016ceed5 R12: dead000000000100
[ 1375.613397][T17216] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 1375.621362][T17216] FS:  0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[ 1375.630288][T17216] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1375.636870][T17216] CR2: 0000001b30102ff8 CR3: 00000000767ec000 CR4: 00000000003526f0
[ 1375.644867][T17216] Call Trace:
[ 1375.648142][T17216]  <TASK>
[ 1375.651068][T17216]  hci_cmd_sync_dequeue_once+0x24a/0x370
[ 1375.656710][T17216]  hci_cancel_connect_sync+0xc8/0x120
[ 1375.662085][T17216]  hci_abort_conn+0x191/0x330
[ 1375.666763][T17216]  ? process_scheduled_works+0x9ef/0x17b0
[ 1375.672479][T17216]  process_scheduled_works+0xade/0x17b0
[ 1375.678031][T17216]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1375.684009][T17216]  worker_thread+0x8a0/0xda0
[ 1375.688619][T17216]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1375.694950][T17216]  ? __kthread_parkme+0x7b/0x200
[ 1375.699901][T17216]  kthread+0x711/0x8a0
[ 1375.703999][T17216]  ? __pfx_worker_thread+0x10/0x10
[ 1375.709130][T17216]  ? __pfx_kthread+0x10/0x10
[ 1375.713737][T17216]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1375.719035][T17216]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1375.724245][T17216]  ? __pfx_kthread+0x10/0x10
[ 1375.728849][T17216]  ret_from_fork+0x3fc/0x770
[ 1375.733524][T17216]  ? __pfx_ret_from_fork+0x10/0x10
[ 1375.738654][T17216]  ? __switch_to_asm+0x39/0x70
[ 1375.743432][T17216]  ? __switch_to_asm+0x33/0x70
[ 1375.748198][T17216]  ? __pfx_kthread+0x10/0x10
[ 1375.752797][T17216]  ret_from_fork_asm+0x1a/0x30
[ 1375.757598][T17216]  </TASK>
[ 1375.760643][T17216] Modules linked in:
[ 1375.765345][T17216] ---[ end trace 0000000000000000 ]---
[ 1375.776852][T17216] RIP: 0010:__list_del_entry_valid_or_report+0x10e/0x190
[ 1375.784174][T17216] Code: 00 ce e1 8b 48 89 de e8 b0 bb 66 fc 90 0f 0b 4c 89 e7 e8 a5 1c 40 fd 48 c7 c7 60 ce e1 8b 48 89 de 4c 89 e2 e8 93 bb 66 fc 90 <0f> 0b 4c 89 e7 e8 88 1c 40 fd 48 c7 c7 c0 ce e1 8b 48 89 de 4c 89
[ 1375.806869][T17216] RSP: 0018:ffffc9000b677980 EFLAGS: 00010246
[ 1375.813708][T17216] RAX: 000000000000004e RBX: ffff888035a1db80 RCX: f7dc0cdf53339300
[ 1375.822682][T17216] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1375.831071][T17216] RBP: ffffffff8a774950 R08: ffffc9000b6776a7 R09: 1ffff920016ceed4
[ 1375.839154][T17216] R10: dffffc0000000000 R11: fffff520016ceed5 R12: dead000000000100
[ 1375.847176][T17216] R13: dffffc0000000000 R14: dead000000000100 R15: dead000000000122
[ 1375.855173][T17216] FS:  0000000000000000(0000) GS:ffff888125d4f000(0000) knlGS:0000000000000000
[ 1375.864506][T17216] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1375.871175][T17216] CR2: 00007f5720b743e0 CR3: 000000000df38000 CR4: 00000000003526f0
[ 1375.879343][T17216] Kernel panic - not syncing: Fatal exception
[ 1375.885839][T17216] Kernel Offset: disabled
[ 1375.890174][T17216] Rebooting in 86400 seconds..