last executing test programs:

25m45.456054529s ago: executing program 32 (id=1163):
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d)
write$binfmt_script(r1, &(0x7f0000001b00), 0xfffffd9d)
ppoll(&(0x7f0000000540)=[{r0, 0x5086}], 0x1, 0x0, 0x0, 0x0)

24m24.976154718s ago: executing program 5 (id=1794):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

24m23.765404911s ago: executing program 5 (id=1802):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socket(0x10, 0x3, 0x27)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, 0x0)

24m22.456968962s ago: executing program 5 (id=1808):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000040000000000000000850000000e000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kvm_fpu\x00', r0}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

24m21.87685797s ago: executing program 5 (id=1810):
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800400, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)

24m21.748341084s ago: executing program 5 (id=1812):
r0 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x0, 0x2, 0x1}, &(0x7f0000000140)=<r3=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r2, 0x7bfe, 0x3ffb, 0xd, 0x0, 0xffffffffffffff73)

24m20.985129895s ago: executing program 5 (id=1823):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}, 0x0, 0x0}, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})

24m20.416963292s ago: executing program 33 (id=1823):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}, 0x0, 0x0}, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})

19m28.724499769s ago: executing program 4 (id=4323):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f0000008880), 0x45b, 0x2, 0x0)

19m27.78074071s ago: executing program 4 (id=4327):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x5}}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x8, 0x2, [@TCA_CGROUP_EMATCHES={0x4}]}}]}, 0x38}}, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

19m22.186228974s ago: executing program 4 (id=4337):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r0, &(0x7f0000000340)=ANY=[], 0xff2e)
r1 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x3)

19m21.149018375s ago: executing program 4 (id=4342):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040090}, 0x2400c8c1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)

19m20.850587688s ago: executing program 4 (id=4344):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x18, 0x0, 0xfffffffe, 0x0, 0xa1})

19m19.720822886s ago: executing program 4 (id=4350):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000001f)
fcntl$notify(r0, 0x402, 0x8000001f)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4)
fcntl$notify(r2, 0x402, 0x8000003d)
fcntl$notify(r0, 0x402, 0x0)

19m19.025169462s ago: executing program 34 (id=4350):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r1, 0x402, 0x8000001f)
fcntl$notify(r0, 0x402, 0x8000001f)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4)
fcntl$notify(r2, 0x402, 0x8000003d)
fcntl$notify(r0, 0x402, 0x0)

17m29.161371361s ago: executing program 0 (id=5195):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0xee01, 0xee01, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)

17m28.752830061s ago: executing program 0 (id=5198):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1f, {0x8, 0x10, 0x6169, 0x9, 0xd3, 0x0, 0xffffeffa, 0x7, 0x2ac8}}}}]}, 0x58}}, 0x44080)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'rti800\x00', [0x401, 0x10, 0x401, 0xa, 0x14000000, 0xfffffffc, 0x9, 0x2, 0xffd, 0xa, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x7, 0xf58, 0x6]})
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x92, 0x0, 0x0, 0x80000000})

17m28.300260097s ago: executing program 0 (id=5201):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000024000000080000000b"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000380)=r0}, 0x20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640)={<r3=>0xffffffffffffffff})
memfd_create(&(0x7f0000000680)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5J\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xba\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfcY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd0\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a*<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa9\a\xb7\xf5\xbc,\xd1\xd3k8\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xffGu)\xee\"\x83w\xe5\x96\x01\xa7}\xb1\xe78\xa2\x1a\x8cLX\xbf\xa5\xbe\xdb}\x855\xe5\x04jC\x95qt\xd0\xcf\\S\x1a\b\x0fq\xe7\f\xa8\x90xye>\xe0\xb9\xcfF\xe0H\x14 z\xe5\xb8g\xd6sCP)\tj\x962\x92l\x94\xaf\x15.\xa2;\xf2lo\x11\xf7\x0eN\xfb\xc8on\xe6F^Yv7\xa9\xea\xd9\x1a\xc3p\xb6\x04\xe8\xc0\xb9\xe4\xa1g/\x03\x13\x10R*Y\x1c\xa8-\xf6\xb3r\xf7 l\xb3\xcf\x7f\xca\xd4MY`\xc7=\x0e\xba94e)\\\xd9\\\xbb\x913\xee^t\xc8\xfc\xaa\xdc\xba\x10\t\r>\xa6+\x1d', 0xf)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000380)=r3}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000740)={r4, &(0x7f00000006c0)}, 0x20)

17m28.027135038s ago: executing program 0 (id=5204):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00')

17m27.760990113s ago: executing program 0 (id=5207):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)

17m26.809305845s ago: executing program 0 (id=5214):
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[], 0x69)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)

17m26.111522079s ago: executing program 35 (id=5214):
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
write$binfmt_elf32(r0, &(0x7f00000002c0)=ANY=[], 0x69)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x1}}, 0x40)

15m43.873016229s ago: executing program 8 (id=5787):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x604ab000)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000001380)=""/4060, 0xfc6e, 0x1, 0x0}, &(0x7f0000000180)=0x40)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff78, 0x0, 0x0}, &(0x7f0000000340)=0x40)

15m43.588797792s ago: executing program 8 (id=5790):
timer_create(0x0, 0x0, &(0x7f00000002c0)=<r0=>0x0)
timer_create(0x1, 0x0, &(0x7f0000000000)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000140)={{0x0, 0x3938700}}, 0x0)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8)
timer_settime(r1, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x77359400}}, 0x0)
rt_sigaction(0xe, &(0x7f00000000c0)={&(0x7f0000000180)="f30f1efc6645f10f0808c482adbcaf07000000c4e1fd5aa13c9c43713ef2400f1ed3c4c2e93be7f2262e669f8f88a4a2e100430f12957b2c0000653ed9fa", 0x80000004, 0x0, {[0x7ffc]}}, 0x0, 0x8, &(0x7f0000000200))

15m43.459671717s ago: executing program 8 (id=5791):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000600)=0xdfc, 0x10)
sendmmsg$inet(r1, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000380)="cebdd21fe03e57c125bd9c3965b579407c9962373117b122c45bf84c98a973ecb6b9ad663b6a07bdfb5c17a5a2cd48dc09da2f20c69872e6399874332704872ec2a432d22928522671038af0783ef06a2f8ef5bf4c1852cc25f1ab39b7c146d2cb25084504d5606202f98d0b03dc", 0x6e}, {&(0x7f0000000040)="dcf6c7a8594cbefed4f7b6af317a47ee47be6e2d4a61e5cc0a2a79081670698a39", 0x21}, {&(0x7f0000000580)="43b6624bcf70a4c826371a24e33c4d2bae5d7babbfb1ba2c6ecf970f9def87320ccb4fbbb31e12d8fd21d656ef864f17c24210eac6248dd40efb9b0ac8da179915840a5c9d2f213d47a7367669a3870626413286b92bd7b51f2b4f99eec1b6ff81751fb805f86ea434a7531f3c9878bdc2cadebaba4621", 0x77}, {&(0x7f00000002c0)="518d090c62a0a9a11ff26593bd52165b011c0e9f6c2c05550d880894aea3fd3718de3675e1f30ffff0ff511d8b6a90c94d442c509c6a01f65cad16374ea2e62749579d", 0x43}, {&(0x7f00000001c0)="9f189b8d5e6ee068cce816de05698d4fe01cdb8e875eefe3db5e153722b1745423f726b35f80b980f8a7e6cab9983bc947924f6d30813d0899d80c2cb6a3cb80a16f14c194157b98c823780ea180f5f304f5694e0b90569c14c118c5896396f9c79d867b5026d66ae9eda462f1233702f941cf239ec1bfe8c9ca3c5faa4c0efa368def9717a2da7e0cde5146db635972858964020d656353a476e01071bc9367c8ab8ee6b5ff6cd25be88a2326b81df502c8b117250afb4a1b9f205eac48359e3c4323ff3e32f2be7c235dfb3613995f704263f6085512d9e267d49f43cb", 0xde}, {&(0x7f00000008c0)="aa27de4a8cfe6fc7fd36ac634de0b7dce04f6ce3e3d452f1c75502b2cbb29fa999d2a372e83819556e792a18e17c128a1ee3a593fbac892cbb42575f483fe523c9abe644830816977ccba1f493bdfa33d63b1dbfd5dde8b03dfa6162f0849ad9823f4e302f12d77cefff93dae1d25662ce8cfe9cdf57a066565ea4a78f8b0e0379110f8d424740bb27839ccc87e687adf0d23ac64ce9c971e0d3eec711e7d49d051cb97526f79fe31b00421399b4101c763b33224a71d2e0b64c02374fc4f0ebc5fdb156e3b8716cba396ad951a983a24404dddcc37b8b5d32e138185df4c6326f8e9c5e4e5c2088c513b2", 0xeb}, {&(0x7f00000009c0)="d650774632b71a34a88292fcf26ad63f611e11baa9b64a99773dd6fbfe12178987d7b005129705e9d23da9376d714ea8cadc0d1b4f2d7fc2e73242b432015e5e298fd6e2161beacaa75ecb41f6aa8cca9a50239a518873cc1eef5ffcc67226fd8e2386d070a8fadf0e4573f3141917bf0fed3e6d0ba5e600840121a0df8deb37ca310ee1d23869f142d3ac1eda8027bd68f94969e492b24718ba715958516ef3b07f7d52465d66f705e80f816ac9a0a3ab08e8a6f1fa6fae5c12fe1526de3f51f545d49892b6fa2042a163e76a", 0xcd}], 0x7}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000f00)='2', 0x1}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x3, 0x40)
close_range(r0, 0xffffffffffffffff, 0x0)

15m43.355572218s ago: executing program 8 (id=5792):
creat(&(0x7f0000001380)='./file0\x00', 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x88800, 0x12d)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000180)='./file1/file3\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2)

15m43.277045591s ago: executing program 8 (id=5793):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x0, &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x100000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x0, 0x1c, &(0x7f0000000000)='//sys\x00\x00\x00\x00\x00\x00\x80\x004\x00\x00s/\x92ync_\x93\x96\xff\x92\xaf\x00Se\xf44.\x00'/49}, 0x30)
mount$bpf(0x200000000000, &(0x7f0000000780)='./file0/../file0\x00', 0x0, 0xa06002, 0x0)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x84000, 0x0)

15m43.063993068s ago: executing program 8 (id=5796):
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0xe, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a80016000800014009001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

15m27.904871328s ago: executing program 36 (id=5796):
syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0xe, &(0x7f0000000000)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e1208000b0000000401a80016000800014009001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360d070100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', 0x0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0)

12m50.77435906s ago: executing program 1 (id=6751):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sm3\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80000)
sendmsg$kcm(r3, &(0x7f0000001880)={0x0, 0xf5, &(0x7f0000001600)=[{&(0x7f0000001a00)="e8a472", 0x3}, {&(0x7f00000000c0)="bcc9b1557de1fad1f955144629ed4dcf3c33679ea22502e3cff8923bf5d43921bc111a262f295a8eb540", 0x7fffeffd}, {&(0x7f0000001680)="094fb143daa9baa36aaa2cca06886c533118e056", 0x14}], 0x3}, 0x0)

12m48.160937865s ago: executing program 1 (id=6762):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = creat(0x0, 0x4b)
ioctl$DRM_IOCTL_MODE_GETFB(r0, 0xc01c64ad, 0x0)
r1 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_int(r1, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)
r2 = socket$inet(0x2, 0x3, 0x6)
r3 = dup3(r1, r2, 0x0)
setsockopt$inet_int(r3, 0x0, 0x5, 0x0, 0x0)

12m48.032913469s ago: executing program 1 (id=6763):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000440)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file0\x00', 0x0)

12m47.7030937s ago: executing program 1 (id=6768):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80042, 0x50)
socket$key(0xf, 0x3, 0x2)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = openat2$dir(0xffffff9c, &(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000140)={0x40, 0x110, 0x2}, 0x18)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000000800)=[{&(0x7f00000002c0)=""/213, 0xd5}, {0x0}, {0x0}], 0x3, 0xfffffffb, 0x4)

12m47.393297018s ago: executing program 1 (id=6771):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x4, 0x200, 0x8, 0x4f, 0x5, 0x7, 0xc0, 0x1, 0xff, 0x6, 0xc, 0x4, 0x9}, {0x8, 0xaef3, 0x0, 0x8, 0x4, 0x1, 0x8, 0x43, 0x4, 0x10, 0x1, 0x6, 0x10005}, {0x0, 0x7, 0x10, 0x10, 0x25, 0x2, 0x0, 0x2, 0x4, 0x15, 0x1, 0x3, 0x40000000000002}], 0x9})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x81, 0x6, 0xfffffffffffffffd, 0x0, 0x10004, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0xfff, 0x3, 0x0, 0x0, 0x0, 0x8, 0x800000001], 0x0, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12m46.784822561s ago: executing program 1 (id=6777):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

12m46.358371124s ago: executing program 37 (id=6777):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x3, &(0x7f0000000040)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = syz_io_uring_setup(0x44cd, &(0x7f00000004c0)={0x0, 0x5331, 0x10100, 0x1000006, 0xfffefffe}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x2d3e, 0xec84, 0x0, 0x0, 0x0)

10m15.299308348s ago: executing program 3 (id=7434):
r0 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001})
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x2004})
epoll_wait(r3, &(0x7f00000000c0)=[{}], 0x1, 0x1fffc002)

10m12.92208373s ago: executing program 3 (id=7440):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$CAN_RAW_ERR_FILTER(0xffffffffffffffff, 0x65, 0x2, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000000010000fd0000000900000001"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5, r1}, 0x38)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x22})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x101, 0x0)

10m10.232959516s ago: executing program 3 (id=7445):
r0 = socket(0x1e, 0x5, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda)
listen(r0, 0x0)
r1 = socket(0x1e, 0x805, 0x0)
sendmsg$tipc(r1, &(0x7f0000000080)={&(0x7f0000000100)=@name, 0x10, 0x0}, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f00000000c0)=@req3={0x80000000, 0x0, 0x2}, 0x1c)
r2 = accept4$nfc_llcp(r0, 0x0, 0x0, 0x0)
sendmsg$tipc(r1, &(0x7f0000000640)={&(0x7f0000000300), 0x10, &(0x7f0000000500)=[{&(0x7f0000000340)='Z', 0x1}], 0x1}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
dup2(r3, r2)

10m9.81353762s ago: executing program 3 (id=7447):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, 0x0, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)

10m8.688732472s ago: executing program 3 (id=7453):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x1370, &(0x7f00000000c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1, 0x0, 0x1})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)

10m4.467422739s ago: executing program 3 (id=7466):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0xfff2}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x4, 0xfff2}, {}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

9m49.236827697s ago: executing program 38 (id=7466):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xc, 0xfff2}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x4, 0xfff2}, {}, {0xfff2, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

8m54.913843801s ago: executing program 9 (id=7651):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r0 = gettid()
timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008840)

8m53.133944143s ago: executing program 9 (id=7660):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a010800000000000000000100000b0900030073797a32000000000900010073797a300000000060000000060a010400000000000000000100000008000b40000000000900010073797a300000000038000480340001800a0001006d61746368000000240002800c000300b07346e358c219250b0001006367726f75700000080002"], 0xd4}}, 0x0)

8m51.424946947s ago: executing program 9 (id=7662):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)

8m48.474709016s ago: executing program 9 (id=7665):
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x6299, 0x1000, 0x1, 0x334}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x4, 0x700000000000000, 0x0, 0x30004880}, 0x91)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x58}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10)
sendmmsg$inet(r3, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x10, 0x0}}], 0x1, 0x240080e4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

8m47.412973965s ago: executing program 9 (id=7666):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmsg$alg(r2, 0x0, 0x0)
recvmsg$can_raw(r2, 0x0, 0x40010022)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1000, 0xb20}, 0x48)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="120100009cb5984071042903dadb000000010902120001000000"], 0x0)

8m41.159378516s ago: executing program 9 (id=7678):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x181, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x68}}, 0x20000000)

8m25.94651197s ago: executing program 39 (id=7678):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x181, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r3, @ANYBLOB="08002600ad1600004000330010000000080211000000080211000000080211000001000000000000010001002d1a40000b0000000000000000040003000b0000000600500000000304006c"], 0x68}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[], 0x68}}, 0x20000000)

14.678374301s ago: executing program 2 (id=8536):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7f03)

14.645255671s ago: executing program 6 (id=8537):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$tipc(r4, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r4, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
sendmsg$tipc(r4, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
close(r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x28, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}]}, 0x28}}, 0x0)
r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000005dc0), 0x10b780, 0x0)
ioctl$IOCTL_GET_NUM_DEVICES(r5, 0x40046104, &(0x7f0000005e00))

12.485039768s ago: executing program 6 (id=8538):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x40)

11.329735143s ago: executing program 2 (id=8540):
r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0xb, 0x73}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

9.044028592s ago: executing program 6 (id=8541):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = open(&(0x7f0000000280)='.\x00', 0x20000, 0x0)
fcntl$notify(r4, 0x402, 0x5)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x10, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9, 0x1, "000000fd80"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd0}}, 0x0)

8.049674266s ago: executing program 2 (id=8543):
socket$unix(0x1, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000240)={0x0, 0x45888, 0x800, 0x0, 0x36c}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000007c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r3, 0x221f, 0x0, 0x23, 0x0, 0x0)

7.019415179s ago: executing program 6 (id=8545):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0xff0a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents(r4, &(0x7f0000000040)=""/61, 0x3d)

6.815016784s ago: executing program 2 (id=8546):
r0 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x20000, 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0xfffffffd)

6.787496985s ago: executing program 7 (id=8547):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x7f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$int_in(r3, 0x4b65, 0x0)
syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)

5.472010356s ago: executing program 7 (id=8548):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x15, &(0x7f0000000580)={r3, 0x0, 0x0}, 0x20)

5.068742362s ago: executing program 6 (id=8549):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000040d07d408612a41f16fb0102030109021b00010000000009"], 0x0)

3.724851769s ago: executing program 7 (id=8550):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0xf, 0x8, 0x80, 0x1, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x8, 0x4c75, 0x80000000, 0x2, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x6, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0xb94, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x403, 0x200006, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e2, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x8200, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x4, 0x3, 0x50, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0xb, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x4, 0x6d01, 0x2, 0x38, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x8, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x2, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x1, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40007, 0xaf, 0x5, 0x6, 0x227, 0x2, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0xd7, 0x201, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x100000000000000, &(0x7f0000000580)="b3"})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f0000002880)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

3.697876645s ago: executing program 7 (id=8551):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000001000900030073797a32000000001400000011000137d136e2a6fcf79d2fc5e30a59227a13172f0a53ac8d76f5e27ae43641152c4da8e500e55b"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x810}, 0x40404)
sendmsg$NFT_BATCH(r3, &(0x7f0000000180)={0x0, 0xf5, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)

2.140715717s ago: executing program 7 (id=8552):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r4)
sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000400)={0x0, 0xffffffa7, &(0x7f00000003c0)={&(0x7f0000000000)={0x24, r5, 0x301, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x10}]}, 0x24}, 0x1, 0x0, 0x0, 0x2840}, 0x40000040)

1.843135914s ago: executing program 2 (id=8553):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f076bbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000240)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
r4 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1)

193.614209ms ago: executing program 6 (id=8554):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x80000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100)={0xa000000d})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000400)={0xa})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)

192.604483ms ago: executing program 7 (id=8555):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
connect$tipc(r3, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
sendmmsg$unix(r3, &(0x7f0000004400), 0x400000000000203, 0x0)

0s ago: executing program 2 (id=8556):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000440)={0x28, 0x40, 0x9, 0xffffffff, 0x25dfdbfd, {0x2, 0x0, 0x300}, [@typed={0x4, 0x11f}, @nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x1f}]}, @nested={0x8, 0x4, 0x0, 0x1, [@nested={0x4, 0x65}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x800)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

kernel console output (not intermixed with test programs):

[  956.532371][   T37] kauditd_printk_skb: 8 callbacks suppressed
[  956.532387][   T37] audit: type=1800 audit(1759139167.195:790): pid=22696 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.9.6581" name="bus" dev="overlay" ino=655 res=0 errno=0
[  958.580432][T14153] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  958.735482][T14153] usb 7-1: Using ep0 maxpacket: 16
[  958.737486][T14153] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  958.737511][T14153] usb 7-1: config 0 has no interface number 0
[  958.741192][T14153] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  958.741220][T14153] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  958.741240][T14153] usb 7-1: Product: syz
[  958.741255][T14153] usb 7-1: Manufacturer: syz
[  958.741270][T14153] usb 7-1: SerialNumber: syz
[  958.813579][T14153] usb 7-1: config 0 descriptor??
[  958.833792][T14153] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  959.283341][   T37] audit: type=1800 audit(1759139169.895:791): pid=22729 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.9.6593" name="/" dev="fuse" ino=9 res=0 errno=0
[  960.827265][ T5921] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 121 sec
[  960.835006][T14153] gspca_spca1528: reg_r err -110
[  960.835105][T14153] spca1528 7-1:0.1: probe with driver spca1528 failed with error -110
[  961.991833][T14153] usb 7-1: USB disconnect, device number 33
[  963.462047][T22806] netlink: 159784 bytes leftover after parsing attributes in process `syz.6.6621'.
[  963.615665][T22808] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  963.992843][ T5921] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  964.031991][T20750] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  964.032024][T20750] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  964.143109][ T5921] usb 10-1: Using ep0 maxpacket: 32
[  964.147334][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  964.147364][ T5921] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.147403][ T5921] usb 10-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  964.147425][ T5921] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  964.234847][ T5921] usb 10-1: config 0 descriptor??
[  964.452658][ T5921] usbhid 10-1:0.0: can't add hid device: -71
[  964.452790][ T5921] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  964.455797][ T5921] usb 10-1: USB disconnect, device number 6
[  964.530886][ T5835] Bluetooth: hci4: command 0x0406 tx timeout
[  965.249036][T20750] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  965.249059][T20750] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.111448][T22832] netlink: 120 bytes leftover after parsing attributes in process `syz.6.6629'.
[  966.278468][T20750] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  966.278491][T20750] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  966.357632][T22832] netlink: 120 bytes leftover after parsing attributes in process `syz.6.6629'.
[  966.981169][T20750] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  966.981191][T20750] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  967.671002][ T5935] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  967.783848][T22851] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  967.814215][ T5838] Bluetooth: hci4: unexpected event for opcode 0x0000
[  968.171679][T14137] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  968.539561][T22869] openvswitch: netlink: IPv4 tun info is not correct
[  969.030671][ T5935] usb 3-1: new full-speed USB device number 61 using dummy_hcd
[  969.264737][ T5935] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  969.264765][ T5935] usb 3-1: config 0 has no interface number 0
[  969.272423][ T5935] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  969.272453][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.272473][ T5935] usb 3-1: Product: syz
[  969.272487][ T5935] usb 3-1: Manufacturer: syz
[  969.272501][ T5935] usb 3-1: SerialNumber: syz
[  969.277781][ T5935] usb 3-1: config 0 descriptor??
[  969.630178][    C1] vkms_vblank_simulate: vblank timer overrun
[  969.746254][ T5935] usb 3-1: Firmware: major: 230, minor: 61, hardware type: UNKNOWN (237)
[  969.813057][    C1] vkms_vblank_simulate: vblank timer overrun
[  969.983585][ T5935] usb 3-1: no permanent extended address found, random address set
[  969.983618][ T5935] usb 3-1: atusb_probe: initialization failed, error = -524
[  969.983879][ T5935] atusb 3-1:0.128: probe with driver atusb failed with error -524
[  970.089219][    C1] vkms_vblank_simulate: vblank timer overrun
[  970.200439][ T5935] usb 3-1: USB disconnect, device number 61
[  970.372220][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.333216][    C1] vkms_vblank_simulate: vblank timer overrun
[  971.810518][ T5838] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  971.810830][ T5838] Bluetooth: hci4: Injecting HCI hardware error event
[  971.822412][ T5835] Bluetooth: hci4: hardware error 0x00
[  972.417755][    C1] vkms_vblank_simulate: vblank timer overrun
[  972.540562][    C1] vkms_vblank_simulate: vblank timer overrun
[  973.002108][T22923] netlink: 129704 bytes leftover after parsing attributes in process `syz.7.6659'.
[  973.792237][    C1] vkms_vblank_simulate: vblank timer overrun
[  974.285476][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  975.982897][T22980] Failed to get privilege flags for destination (handle=0x2:0x0)
[  976.235382][T20750] hsr_slave_0: left promiscuous mode
[  976.303051][T20750] hsr_slave_1: left promiscuous mode
[  976.320075][T22986] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  976.320236][T22986] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  976.584445][T20750] veth1_macvtap: left promiscuous mode
[  976.584568][T20750] veth0_macvtap: left promiscuous mode
[  976.585304][T20750] veth1_vlan: left promiscuous mode
[  976.585421][T20750] veth0_vlan: left promiscuous mode
[  980.116395][T20746] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  982.530913][T23055] overlayfs: failed to clone upperpath
[  982.830581][T23060] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6707'.
[  982.931361][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  990.400558][T23068] syz_tun: entered allmulticast mode
[  990.411469][T23070] syz_tun: left allmulticast mode
[  990.702614][T23102] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  991.346246][T23107] overlayfs: missing 'lowerdir'
[  991.812494][T23117] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6726'.
[  993.469573][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[  994.355969][   T37] audit: type=1804 audit(1759139205.015:792): pid=23146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.6736" name="file0" dev="tmpfs" ino=3189 res=1 errno=0
[  996.384328][T23182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6748'.
[  997.460535][ T5921] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  997.791278][ T5921] usb 3-1: Using ep0 maxpacket: 8
[  998.096023][ T5921] usb 3-1: unable to get BOS descriptor or descriptor too short
[  998.230214][ T5921] usb 3-1: config 4 has an invalid interface number: 146 but max is 0
[  998.230241][ T5921] usb 3-1: config 4 has no interface number 0
[  998.230876][ T5921] usb 3-1: config 4 interface 146 has no altsetting 0
[  998.258900][ T5921] usb 3-1: New USB device found, idVendor=13d8, idProduct=0021, bcdDevice=af.79
[  998.258930][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.258949][ T5921] usb 3-1: Product: syz
[  998.258962][ T5921] usb 3-1: Manufacturer: syz
[  998.258976][ T5921] usb 3-1: SerialNumber: syz
[  998.846923][ T5921] comedi comedi5: could not set alternate setting 3 in high speed
[  998.846946][ T5921] usbduxsigma 3-1:4.146: driver 'usbduxsigma' failed to auto-configure device.
[  998.864254][ T5921] usbduxsigma 3-1:4.146: probe with driver usbduxsigma failed with error -71
[  998.874108][ T5921] usb 3-1: USB disconnect, device number 62
[  999.793553][ T5833] overlayfs: failed lookup in lower (newroot/1341, name='file0', err=-40): overlapping layers
[  999.794379][ T5833] overlayfs: failed lookup in lower (newroot/1341, name='file0', err=-40): overlapping layers
[ 1000.380885][ T2169] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1000.540818][ T2169] usb 7-1: Using ep0 maxpacket: 16
[ 1000.543318][ T2169] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1000.546420][ T2169] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1000.546447][ T2169] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1000.546467][ T2169] usb 7-1: Product: syz
[ 1000.546481][ T2169] usb 7-1: Manufacturer: syz
[ 1000.546497][ T2169] usb 7-1: SerialNumber: syz
[ 1000.598562][ T2169] usb 7-1: config 0 descriptor??
[ 1000.609914][ T2169] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1000.609945][ T2169] em28xx 7-1:0.0: DVB interface 0 found: bulk
[ 1000.970599][ T1922] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1001.146726][T23255] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6778'.
[ 1001.163476][T23255] netlink: 4 bytes leftover after parsing attributes in process `syz.9.6778'.
[ 1001.164252][T20751] netdevsim netdevsim9 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1001.169100][T20751] netdevsim netdevsim9 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1001.169155][T20751] netdevsim netdevsim9 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1001.169188][T20751] netdevsim netdevsim9 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1001.225164][ T2169] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1001.579250][ T1922] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1001.679019][ T2169] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1001.679050][ T2169] em28xx 7-1:0.0: board has no eeprom
[ 1001.684917][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1001.713584][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1001.715539][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1001.725001][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1001.730922][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1001.970465][ T2169] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1001.970492][ T2169] em28xx 7-1:0.0: dvb set to bulk mode.
[ 1001.971867][T14137] em28xx 7-1:0.0: Binding DVB extension
[ 1002.019702][ T2169] usb 7-1: USB disconnect, device number 34
[ 1002.027965][ T2169] em28xx 7-1:0.0: Disconnecting em28xx
[ 1002.040190][T14137] em28xx 7-1:0.0: Registering input extension
[ 1002.070668][ T2169] em28xx 7-1:0.0: Closing input extension
[ 1002.095936][ T2169] em28xx 7-1:0.0: Freeing device
[ 1002.114668][ T1922] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1002.455761][ T1922] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1003.840555][ T5838] Bluetooth: hci0: command tx timeout
[ 1004.251107][T23264] chnl_net:caif_netlink_parms(): no params data found
[ 1005.893694][ T5838] Bluetooth: hci0: command tx timeout
[ 1006.360643][T23327] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6801'.
[ 1007.976059][ T5838] Bluetooth: hci0: command tx timeout
[ 1008.189959][T23349] netlink: 'syz.7.6806': attribute type 10 has an invalid length.
[ 1010.050964][ T5838] Bluetooth: hci0: command tx timeout
[ 1010.119876][T23374] futex_wake_op: syz.9.6814 tries to shift op by -1; fix this program
[ 1011.367787][ T1922] bond0 (unregistering): Released all slaves
[ 1011.398402][ T1922] bond1 (unregistering): Released all slaves
[ 1011.479620][T20751] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1012.474501][T14155] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 181 sec
[ 1013.624781][ T1922] bond2 (unregistering): Released all slaves
[ 1014.864646][ T1922] bond3 (unregistering): Released all slaves
[ 1016.034823][ T1922] bond4 (unregistering): Released all slaves
[ 1016.620508][T23349] bond0: (slave netdevsim0): Releasing backup interface
[ 1016.665110][T23349] team0: Port device netdevsim0 added
[ 1017.032343][ T1922] : left promiscuous mode
[ 1017.513191][   T37] audit: type=1800 audit(1759139228.155:793): pid=23427 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.6834" name="bus" dev="ramfs" ino=101397 res=0 errno=0
[ 1017.686079][ T1922] tipc: Disabling bearer <udp:syz2>
[ 1017.686301][ T1922] tipc: Left network mode
[ 1017.869284][T23449] input: syz0 as /devices/virtual/input/input70
[ 1017.978157][T23264] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.978365][T23264] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1017.978627][T23264] bridge_slave_0: entered allmulticast mode
[ 1018.019315][T23264] bridge_slave_0: entered promiscuous mode
[ 1018.047635][T23264] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1018.047788][T23264] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1018.048026][T23264] bridge_slave_1: entered allmulticast mode
[ 1018.079042][T23264] bridge_slave_1: entered promiscuous mode
[ 1018.267783][T23457] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6847'.
[ 1019.149921][T23264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1019.363678][T23264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1019.982797][T23485] netlink: 12 bytes leftover after parsing attributes in process `syz.9.6855'.
[ 1020.156489][T23264] team0: Port device team_slave_0 added
[ 1020.159614][T23264] team0: Port device team_slave_1 added
[ 1020.938241][T23264] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1020.938258][T23264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1020.938283][T23264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1020.961319][T23264] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1020.961336][T23264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1020.961361][T23264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1021.491191][ T5921] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 181 sec
[ 1021.637441][T23264] hsr_slave_0: entered promiscuous mode
[ 1021.638946][T23264] hsr_slave_1: entered promiscuous mode
[ 1021.640032][T23264] debugfs: 'hsr0' already exists in 'hsr'
[ 1021.640056][T23264] Cannot create hsr debugfs directory
[ 1021.941371][ T1922] hsr_slave_0: left promiscuous mode
[ 1021.992775][ T1922] hsr_slave_1: left promiscuous mode
[ 1030.698967][T23567] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6879'.
[ 1032.518993][ T1922] IPVS: stop unused estimator thread 0...
[ 1033.844548][T23264] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1034.077458][T23264] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1034.126291][T23264] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1034.175763][T23264] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1034.483651][T23648] overlayfs: failed to clone upperpath
[ 1034.576855][T23264] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1034.608424][T23264] 8021q: adding VLAN 0 to HW filter on device team0
[ 1034.638553][ T8460] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1034.638784][ T8460] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1034.667767][ T8469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1034.667978][ T8469] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1035.636109][T23264] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1035.802927][T23264] veth0_vlan: entered promiscuous mode
[ 1035.838470][T23688] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6919'.
[ 1035.865712][T23264] veth1_vlan: entered promiscuous mode
[ 1036.013118][T23264] veth0_macvtap: entered promiscuous mode
[ 1036.018424][T23264] veth1_macvtap: entered promiscuous mode
[ 1036.140050][T23264] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1036.173966][T23264] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1036.225240][   T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.234193][   T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.252945][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.270392][   T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.347547][ T5921] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[ 1036.504701][ T5921] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1036.504733][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.573152][ T5921] usb 3-1: config 0 descriptor??
[ 1036.657229][ T5921] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1037.236861][T19750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.236881][T19750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.632757][T19750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1037.634098][T19750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.985042][ T5921] gspca_stv06xx: I2C: Read error writing address: -71
[ 1038.058623][ T5921] usb 3-1: USB disconnect, device number 63
[ 1038.097831][T23705] 9pnet: p9_errstr2errno: server reported unknown error �0x000000000000000a
[ 1039.364042][   T37] audit: type=1800 audit(1759139250.015:794): pid=23723 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.6929" name="/" dev="fuse" ino=3 res=0 errno=0
[ 1042.785649][T19750] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1043.406800][T23764] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[ 1043.720029][T23781] netlink: 'syz.7.6950': attribute type 4 has an invalid length.
[ 1043.812649][T23782] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input71
[ 1043.906255][T14153] kernel write not supported for file bpf-prog (pid: 14153 comm: kworker/0:16)
[ 1044.182484][T23791] tipc: Started in network mode
[ 1044.182513][T23791] tipc: Node identity 080211000001, cluster identity 4711
[ 1044.183855][T23791] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1044.186019][T23791] mac80211_hwsim hwsim30 +
: renamed from syzkaller0 (while UP)
[ 1044.302170][T23791] tipc: Disabling bearer <eth:syzkaller0>
[ 1044.957708][T23802] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6957'.
[ 1046.044563][T23816] overlayfs: failed to clone upperpath
[ 1049.214534][T23879] Failed to enqueue queue_pair DETACH event datagram for context (ID=0x0)
[ 1050.459530][T23911] syz_tun: entered allmulticast mode
[ 1050.810421][T23910] syz_tun: left allmulticast mode
[ 1051.020457][T14153] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1051.190512][T14153] usb 7-1: Using ep0 maxpacket: 8
[ 1051.204263][T14153] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 1051.204293][T14153] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1051.204313][T14153] usb 7-1: Product: syz
[ 1051.204327][T14153] usb 7-1: Manufacturer: syz
[ 1051.204341][T14153] usb 7-1: SerialNumber: syz
[ 1051.256215][T14153] usb 7-1: config 0 descriptor??
[ 1051.509258][T14153] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 1051.739832][T23934] loop2: detected capacity change from 0 to 7
[ 1051.816471][T23934] Dev loop2: unable to read RDB block 7
[ 1051.816507][T23934]  loop2: unable to read partition table
[ 1051.816744][T23934] loop2: partition table beyond EOD, truncated
[ 1051.816757][T23934] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1052.517356][T14153] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 1052.767213][ T5921] usb 7-1: USB disconnect, device number 35
[ 1054.380439][ T5921] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1054.533080][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1054.533138][ T5921] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1054.533162][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1054.539239][ T5921] usb 7-1: config 0 descriptor??
[ 1054.577008][ T5921] pwc: Askey VC010 type 2 USB webcam detected.
[ 1054.624405][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.853810][T23974] overlayfs: failed to clone upperpath
[ 1054.985686][ T5921] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1054.986625][ T5921] pwc: recv_control_msg error -32 req 02 val 2700
[ 1054.987629][ T5921] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1054.988612][ T5921] pwc: recv_control_msg error -32 req 04 val 1000
[ 1054.990013][ T5921] pwc: recv_control_msg error -32 req 04 val 1300
[ 1054.991054][ T5921] pwc: recv_control_msg error -32 req 04 val 1400
[ 1055.193064][ T5921] pwc: recv_control_msg error -71 req 02 val 2100
[ 1055.193626][ T5921] pwc: recv_control_msg error -71 req 04 val 1500
[ 1055.194096][ T5921] pwc: recv_control_msg error -71 req 02 val 2500
[ 1055.194661][ T5921] pwc: recv_control_msg error -71 req 02 val 2400
[ 1055.195134][ T5921] pwc: recv_control_msg error -71 req 02 val 2600
[ 1055.195606][ T5921] pwc: recv_control_msg error -71 req 02 val 2900
[ 1055.196478][ T5921] pwc: recv_control_msg error -71 req 02 val 2800
[ 1055.197186][ T5921] pwc: recv_control_msg error -71 req 04 val 1100
[ 1055.197791][ T5921] pwc: recv_control_msg error -71 req 04 val 1200
[ 1055.200868][ T5921] pwc: Registered as video103.
[ 1055.204254][ T5921] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input72
[ 1055.281975][ T5921] usb 7-1: USB disconnect, device number 36
[ 1057.675646][T24018] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7041'.
[ 1058.318076][T24030] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7045'.
[ 1068.774709][T24156] overlayfs: failed to clone upperpath
[ 1069.321824][T24168] syz_tun: entered allmulticast mode
[ 1069.460967][T24167] syz_tun: left allmulticast mode
[ 1070.426731][   T37] audit: type=1326 audit(1759139281.085:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24185 comm="syz.6.7096" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x0
[ 1072.258341][T24215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1072.312375][T24215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1072.367861][T24212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1072.641008][T24219] binder: 24218:24219 ioctl c0306201 200000000000 returned -14
[ 1072.770635][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 241 sec
[ 1074.083101][T24234] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1076.747744][T24257] ref_ctr_offset mismatch. inode: 0xe6a offset: 0x0 ref_ctr_offset(old): 0x200000000100 ref_ctr_offset(new): 0x0
[ 1078.221731][T24272] syz_tun: entered allmulticast mode
[ 1078.257212][T24272] pimreg: entered allmulticast mode
[ 1078.281207][T24271] syz_tun: left allmulticast mode
[ 1078.734882][T24285] overlayfs: failed to resolve './file0': -2
[ 1082.661174][   T10] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 243 sec
[ 1082.909831][   T37] audit: type=1800 audit(1759139293.565:796): pid=24332 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.7145" name="bus" dev="overlay" ino=4831 res=0 errno=0
[ 1083.618083][T24348] sctp: [Deprecated]: syz.3.7152 (pid 24348) Use of int in max_burst socket option.
[ 1083.618083][T24348] Use struct sctp_assoc_value instead
[ 1086.237885][T24363] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1087.250426][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1087.850361][   T37] audit: type=1804 audit(1759139298.495:797): pid=24380 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.7163" name="file0" dev="ramfs" ino=104731 res=1 errno=0
[ 1087.850399][   T37] audit: type=1804 audit(1759139298.505:798): pid=24379 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.7.7164" name="file0" dev="ramfs" ino=104732 res=1 errno=0
[ 1089.655794][ T5838] Bluetooth: hci0: link tx timeout
[ 1089.660621][ T5838] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.695120][T24418] Bluetooth: hci0: link tx timeout
[ 1089.695140][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.696357][T24418] Bluetooth: hci0: link tx timeout
[ 1089.696371][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.702987][T24418] Bluetooth: hci0: link tx timeout
[ 1089.703006][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.704127][T24418] Bluetooth: hci0: link tx timeout
[ 1089.704141][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.704579][T24418] Bluetooth: hci0: link tx timeout
[ 1089.704593][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.704804][T24418] Bluetooth: hci0: link tx timeout
[ 1089.704816][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.705011][T24418] Bluetooth: hci0: link tx timeout
[ 1089.705023][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.705215][T24418] Bluetooth: hci0: link tx timeout
[ 1089.705226][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1089.706333][T24418] Bluetooth: hci0: link tx timeout
[ 1089.706347][T24418] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1091.744030][T24418] Bluetooth: hci0: command 0x0406 tx timeout
[ 1097.569616][   T37] audit: type=1326 audit(1759139308.225:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24515 comm="syz.6.7212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7fc00000
[ 1097.649375][   T37] audit: type=1326 audit(1759139308.295:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24515 comm="syz.6.7212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7fc00000
[ 1098.008171][   T37] audit: type=1326 audit(1759139308.665:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24515 comm="syz.6.7212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7fc00000
[ 1098.120599][   T37] audit: type=1326 audit(1759139308.765:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=24515 comm="syz.6.7212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7fc00000
[ 1098.760207][T24526] Bluetooth: (null): Invalid header checksum
[ 1101.292323][ T2169] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[ 1101.474129][ T2169] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1101.474152][ T2169] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1101.474187][ T2169] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[ 1101.474210][ T2169] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1101.533993][ T2169] usb 3-1: config 0 descriptor??
[ 1101.997717][ T2169] keytouch 0003:0926:3333.004F: fixing up Keytouch IEC report descriptor
[ 1102.180815][ T2169] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.004F/input/input73
[ 1102.960926][ T2169] keytouch 0003:0926:3333.004F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[ 1103.092150][ T2169] usb 3-1: USB disconnect, device number 64
[ 1104.899049][T24585] overlayfs: failed to clone upperpath
[ 1111.905382][T24682] mmap: syz.6.7267 (24682): VmData 45834240 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[ 1113.093045][T24691] binder: 24689:24691 ioctl c0306201 200000000240 returned -14
[ 1113.731802][T24703] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7275'.
[ 1113.762808][T24704] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7277'.
[ 1113.772555][T14137] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[ 1114.007076][T24704] 8021q: adding VLAN 0 to HW filter on device bond5
[ 1114.015739][T14137] usb 7-1: Using ep0 maxpacket: 16
[ 1114.022089][T14137] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1114.022121][T14137] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1114.029057][T14137] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1114.029086][T14137] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1114.029105][T14137] usb 7-1: Product: syz
[ 1114.029119][T14137] usb 7-1: Manufacturer: syz
[ 1114.029133][T14137] usb 7-1: SerialNumber: syz
[ 1114.055166][T14137] usb 7-1: config 0 descriptor??
[ 1114.082285][T14137] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1114.082319][T14137] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[ 1114.106101][T24706] macvlan5: entered promiscuous mode
[ 1114.106409][T24706] macvlan5: entered allmulticast mode
[ 1114.144317][T24706] bond5: entered promiscuous mode
[ 1114.145423][T24706] 8021q: adding VLAN 0 to HW filter on device macvlan5
[ 1114.348827][T24708] overlayfs: failed to clone upperpath
[ 1114.377006][T24706] bond5: left promiscuous mode
[ 1114.714035][T14137] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1114.714890][T14137] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[ 1114.904164][T24714] overlayfs: failed to clone upperpath
[ 1115.732895][T14137] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[ 1115.733409][T14137] em28xx 7-1:0.0: couldn't setup AC97 register 2
[ 1115.733764][T14137] em28xx 7-1:0.0: couldn't setup AC97 register 4
[ 1115.735107][T14137] em28xx 7-1:0.0: couldn't setup AC97 register 6
[ 1115.735473][T14137] em28xx 7-1:0.0: couldn't setup AC97 register 54
[ 1115.735768][T14137] em28xx 7-1:0.0: couldn't setup AC97 register 56
[ 1115.759230][T14137] usb 7-1: USB disconnect, device number 37
[ 1116.055546][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.069729][T24750] ptrace attach of "./syz-executor exec"[11714] was attempted by "./syz-executor exec"[24750]
[ 1117.921273][T24776] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1118.550422][T24793] kernel profiling enabled (shift: 63)
[ 1118.550445][T24793] profiling shift: 63 too large
[ 1120.885255][T24806] overlayfs: upper fs does not support file handles, falling back to index=off.
[ 1122.240477][T14137] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1122.404186][T14137] usb 10-1: config 0 has no interfaces?
[ 1122.404225][T14137] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1122.404249][T14137] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.412503][T14137] usb 10-1: config 0 descriptor??
[ 1122.653618][T24828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1122.654038][T24828] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1122.656921][T14137] usb 10-1: USB disconnect, device number 7
[ 1122.705004][T24840] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7328'.
[ 1122.766069][T24838] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1123.090839][T14137] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1123.850498][T14137] usb 10-1: Using ep0 maxpacket: 16
[ 1123.852959][T14137] usb 10-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1123.852986][T14137] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1123.859654][T14137] usb 10-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[ 1123.859686][T14137] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.859707][T14137] usb 10-1: Product: syz
[ 1123.859722][T14137] usb 10-1: Manufacturer: syz
[ 1123.859737][T14137] usb 10-1: SerialNumber: syz
[ 1124.036808][T24851] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7331'.
[ 1124.215277][T24854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7331'.
[ 1124.336002][T24858] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7333'.
[ 1124.417448][T14137] usb 10-1: 0:2 : does not exist
[ 1124.846333][T14137] usb 10-1: 5:0: failed to get current value for ch 0 (-22)
[ 1124.898119][T14137] usb 10-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1124.913057][T14137] usb 10-1: 5:0: cannot get min/max values for control 4 (id 5)
[ 1125.053403][T14137] usb 10-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1125.072600][T14137] usb 10-1: USB disconnect, device number 8
[ 1125.438679][T14153] usb 7-1: new full-speed USB device number 38 using dummy_hcd
[ 1127.262528][T14153] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1127.265314][T14153] usb 7-1: no configurations
[ 1127.265327][T14153] usb 7-1: can't read configurations, error -22
[ 1127.814533][T24891] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1128.838114][T24137] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1130.865618][T24137] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1132.010110][T24137] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1132.544967][T24958] overlayfs: failed to clone upperpath
[ 1132.735851][T24137] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.490994][ T5921] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 302 sec
[ 1133.954594][T24137] bridge_slave_1: left allmulticast mode
[ 1133.954630][T24137] bridge_slave_1: left promiscuous mode
[ 1133.954910][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1134.118134][T24137] bridge_slave_0: left allmulticast mode
[ 1134.118169][T24137] bridge_slave_0: left promiscuous mode
[ 1134.118432][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1139.631238][T25044] overlayfs: failed to clone upperpath
[ 1143.415337][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 303 sec
[ 1145.552316][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1145.634851][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1145.717715][T24137] bond0 (unregistering): Released all slaves
[ 1146.691140][T24137] tipc: Left network mode
[ 1146.845101][T24137] IPVS: stopping master sync thread 20184 ...
[ 1147.091617][T25120] overlayfs: failed to clone upperpath
[ 1148.713401][T25136] 9pnet: Found fid 0 not clunked
[ 1153.700618][T24137] hsr_slave_0: left promiscuous mode
[ 1153.880889][T24137] hsr_slave_1: left promiscuous mode
[ 1153.881833][T24137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1153.881863][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1153.883193][T25180] overlayfs: failed to clone upperpath
[ 1153.947382][T24137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1153.947416][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1154.323560][T24137] veth1_macvtap: left promiscuous mode
[ 1154.323663][T24137] veth0_macvtap: left promiscuous mode
[ 1154.323920][T24137] veth1_vlan: left promiscuous mode
[ 1154.324092][T24137] veth0_vlan: left promiscuous mode
[ 1157.880346][T21927] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 1158.060376][T21927] usb 7-1: Using ep0 maxpacket: 8
[ 1158.066301][T21927] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1158.066332][T21927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1158.066352][T21927] usb 7-1: Product: syz
[ 1158.066367][T21927] usb 7-1: Manufacturer: syz
[ 1158.066382][T21927] usb 7-1: SerialNumber: syz
[ 1158.108188][T21927] usb 7-1: config 0 descriptor??
[ 1158.125890][T21927] gspca_main: se401-2.14.0 probing 047d:5003
[ 1160.797414][T21927] gspca_se401: read req failed req 0x06 error -19
[ 1160.827854][T21927] usb 7-1: USB disconnect, device number 40
[ 1162.492418][   T37] audit: type=1804 audit(1759139373.155:803): pid=25262 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.2.7463" name="file0" dev="tmpfs" ino=8348 res=1 errno=0
[ 1162.534279][T25264] sctp: [Deprecated]: syz.7.7464 (pid 25264) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1162.534279][T25264] Use struct sctp_sack_info instead
[ 1169.302046][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1171.053513][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1176.142752][   T37] audit: type=1800 audit(1759139386.785:804): pid=25398 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.7506" name="bus" dev="ramfs" ino=108831 res=0 errno=0
[ 1176.186942][T25403] overlayfs: failed to clone upperpath
[ 1177.676064][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1180.530815][T24418] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1180.646458][T24418] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1180.648591][T24418] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1180.777672][T24418] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1180.790647][T24418] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1182.954550][T24418] Bluetooth: hci5: command tx timeout
[ 1184.104060][T25443] chnl_net:caif_netlink_parms(): no params data found
[ 1185.835164][T24418] Bluetooth: hci5: command tx timeout
[ 1185.926259][T25486] overlay: Unknown parameter '\�8âvn&ÛO½~à7*«'
[ 1186.628002][T25496] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7536'.
[ 1187.903281][T24418] Bluetooth: hci5: command tx timeout
[ 1187.992348][T25508] sock: sock_set_timeout: `syz.9.7543' (pid 25508) tries to set negative timeout
[ 1188.231072][T25499] bridge1: port 1(veth0_to_bond) entered blocking state
[ 1188.231235][T25499] bridge1: port 1(veth0_to_bond) entered disabled state
[ 1188.290659][T25499] veth0_to_bond: entered allmulticast mode
[ 1188.293485][T25499] veth0_to_bond: entered promiscuous mode
[ 1188.880572][T25443] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1188.880868][T25443] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1188.881248][T25443] bridge_slave_0: entered allmulticast mode
[ 1188.883669][T25443] bridge_slave_0: entered promiscuous mode
[ 1188.940067][T25443] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1188.948640][T25443] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1188.949436][T25443] bridge_slave_1: entered allmulticast mode
[ 1188.987264][T25443] bridge_slave_1: entered promiscuous mode
[ 1189.531574][T25443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1189.534865][T25443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1189.971047][T24418] Bluetooth: hci5: command tx timeout
[ 1190.654902][T25443] team0: Port device team_slave_0 added
[ 1191.494066][T24137] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1191.573668][T25443] team0: Port device team_slave_1 added
[ 1191.911277][T25443] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1191.911289][T25443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1191.911302][T25443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1193.477708][T24137] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1193.567979][T25443] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1193.567996][T25443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1193.568022][T25443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1194.439186][ T5921] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 363 sec
[ 1194.769467][T24137] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1194.903116][T25443] hsr_slave_0: entered promiscuous mode
[ 1194.904698][T25443] hsr_slave_1: entered promiscuous mode
[ 1197.714802][T24137] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1198.552414][ T5921] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1199.201107][ T5921] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1199.201163][ T5921] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1199.201185][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1200.237307][ T5921] usb 7-1: config 0 descriptor??
[ 1200.515236][ T5921] pwc: Askey VC010 type 2 USB webcam detected.
[ 1200.982574][ T5921] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1200.988197][ T5921] pwc: recv_control_msg error -32 req 02 val 2700
[ 1200.989000][ T5921] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1200.989625][ T5921] pwc: recv_control_msg error -32 req 04 val 1000
[ 1201.016868][ T5921] pwc: recv_control_msg error -32 req 04 val 1300
[ 1201.017611][ T5921] pwc: recv_control_msg error -32 req 04 val 1400
[ 1201.018263][ T5921] pwc: recv_control_msg error -32 req 02 val 2000
[ 1201.018975][ T5921] pwc: recv_control_msg error -32 req 02 val 2100
[ 1201.221480][ T5921] pwc: recv_control_msg error -71 req 02 val 2500
[ 1201.221983][ T5921] pwc: recv_control_msg error -71 req 02 val 2400
[ 1201.222461][ T5921] pwc: recv_control_msg error -71 req 02 val 2600
[ 1201.222930][ T5921] pwc: recv_control_msg error -71 req 02 val 2900
[ 1201.223762][ T5921] pwc: recv_control_msg error -71 req 02 val 2800
[ 1201.224543][ T5921] pwc: recv_control_msg error -71 req 04 val 1100
[ 1201.225046][ T5921] pwc: recv_control_msg error -71 req 04 val 1200
[ 1201.227589][ T5921] pwc: Registered as video103.
[ 1201.327079][ T5921] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input74
[ 1202.185852][ T5921] usb 7-1: USB disconnect, device number 41
[ 1203.127054][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1203.261680][T25654] netlink: 2 bytes leftover after parsing attributes in process `syz.7.7588'.
[ 1204.370730][   T10] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 364 sec
[ 1205.327214][T24137] bridge_slave_1: left allmulticast mode
[ 1205.327248][T24137] bridge_slave_1: left promiscuous mode
[ 1205.327521][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1205.505175][T24137] bridge_slave_0: left allmulticast mode
[ 1205.505198][T24137] bridge_slave_0: left promiscuous mode
[ 1205.505375][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1218.382875][T25745] overlayfs: failed to clone upperpath
[ 1221.026811][T25774] overlayfs: failed to clone upperpath
[ 1221.824855][   T37] audit: type=1326 audit(1759139688.480:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.825131][   T37] audit: type=1326 audit(1759139688.480:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860509][   T37] audit: type=1326 audit(1759139688.510:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860563][   T37] audit: type=1326 audit(1759139688.510:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860604][   T37] audit: type=1326 audit(1759139688.510:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860643][   T37] audit: type=1326 audit(1759139688.510:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860683][   T37] audit: type=1326 audit(1759139688.510:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860722][   T37] audit: type=1326 audit(1759139688.510:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860823][   T37] audit: type=1326 audit(1759139688.510:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1221.860867][   T37] audit: type=1326 audit(1759139688.510:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25780 comm="syz.7.7629" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x7ffc0000
[ 1223.099936][T25785] __kmem_cache_create_args(9p-fcall-cache-69) failed with error -22
[ 1223.099968][T25785] CPU: 0 UID: 0 PID: 25785 Comm: syz.7.7631 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1223.099994][T25785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1223.100008][T25785] Call Trace:
[ 1223.100017][T25785]  <TASK>
[ 1223.100026][T25785]  dump_stack_lvl+0x189/0x250
[ 1223.100067][T25785]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1223.100096][T25785]  ? __pfx__printk+0x10/0x10
[ 1223.100123][T25785]  ? __kmem_cache_create_args+0x2b6/0x330
[ 1223.100160][T25785]  __kmem_cache_create_args+0x24e/0x330
[ 1223.100196][T25785]  p9_client_create+0xaf0/0x1010
[ 1223.100230][T25785]  ? __pfx_p9_client_create+0x10/0x10
[ 1223.100266][T25785]  ? v9fs_session_init+0xfd/0x19a0
[ 1223.100309][T25785]  v9fs_session_init+0x1d7/0x19a0
[ 1223.100372][T25785]  ? __pfx_v9fs_session_init+0x10/0x10
[ 1223.100404][T25785]  ? v9fs_mount+0xb2/0xa50
[ 1223.100434][T25785]  ? __kasan_kmalloc+0x93/0xb0
[ 1223.100461][T25785]  ? __kmalloc_cache_noprof+0x1a8/0x320
[ 1223.100487][T25785]  ? v9fs_mount+0xb2/0xa50
[ 1223.100519][T25785]  v9fs_mount+0xc8/0xa50
[ 1223.100552][T25785]  ? __pfx_v9fs_mount+0x10/0x10
[ 1223.100582][T25785]  ? rcu_is_watching+0x15/0xb0
[ 1223.100611][T25785]  ? cap_capable+0x11f/0x460
[ 1223.100638][T25785]  legacy_get_tree+0xfa/0x1a0
[ 1223.100666][T25785]  ? __pfx_v9fs_mount+0x10/0x10
[ 1223.100696][T25785]  vfs_get_tree+0x8f/0x2b0
[ 1223.100726][T25785]  do_new_mount+0x2a2/0x9e0
[ 1223.100758][T25785]  ? ns_capable+0x8a/0xf0
[ 1223.100782][T25785]  ? __pfx_do_new_mount+0x10/0x10
[ 1223.100809][T25785]  ? path_mount+0x61c/0xfe0
[ 1223.100847][T25785]  __se_sys_mount+0x317/0x410
[ 1223.100882][T25785]  ? __pfx___se_sys_mount+0x10/0x10
[ 1223.100908][T25785]  ? rcu_is_watching+0x15/0xb0
[ 1223.100942][T25785]  ? do_syscall_64+0xbe/0x3b0
[ 1223.100961][T25785]  ? __x64_sys_mount+0x20/0xc0
[ 1223.100990][T25785]  do_syscall_64+0xfa/0x3b0
[ 1223.101009][T25785]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1223.101038][T25785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1223.101059][T25785]  ? clear_bhb_loop+0x60/0xb0
[ 1223.101083][T25785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1223.101103][T25785] RIP: 0033:0x7ff65c60eec9
[ 1223.101122][T25785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1223.101140][T25785] RSP: 002b:00007ff65a86e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1223.101163][T25785] RAX: ffffffffffffffda RBX: 00007ff65c865fa0 RCX: 00007ff65c60eec9
[ 1223.101179][T25785] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[ 1223.101194][T25785] RBP: 00007ff65c691f91 R08: 0000200000000580 R09: 0000000000000000
[ 1223.101208][T25785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1223.101221][T25785] R13: 00007ff65c866038 R14: 00007ff65c865fa0 R15: 00007ffef04555f8
[ 1223.101255][T25785]  </TASK>
[ 1223.607296][T25792] netlink: 64 bytes leftover after parsing attributes in process `syz.7.7634'.
[ 1223.842093][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1223.897501][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1225.134512][T24137] bond0 (unregistering): Released all slaves
[ 1234.333769][T24137] hsr_slave_0: left promiscuous mode
[ 1235.780394][T24137] hsr_slave_1: left promiscuous mode
[ 1235.781348][T24137] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1235.781376][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1236.069962][T24137] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1236.069993][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1238.321795][T24137] veth1_macvtap: left promiscuous mode
[ 1238.321918][T24137] veth0_macvtap: left promiscuous mode
[ 1238.322207][T24137] veth1_vlan: left promiscuous mode
[ 1238.322434][T24137] veth0_vlan: left promiscuous mode
[ 1238.365288][T25891] overlayfs: failed to clone upperpath
[ 1239.709079][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1240.229481][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1240.260354][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1240.296501][ T5838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1240.310979][ T5838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1240.311816][ T5838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1242.450399][ T5838] Bluetooth: hci0: command tx timeout
[ 1244.598269][ T5838] Bluetooth: hci0: command tx timeout
[ 1245.724826][T25936] tmpfs: Unsupported parameter 'huge'
[ 1246.619089][ T5838] Bluetooth: hci0: command tx timeout
[ 1248.364673][T25965] overlayfs: failed to clone lowerpath
[ 1248.697722][T24418] Bluetooth: hci0: command tx timeout
[ 1253.461447][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1253.512897][T26027] overlayfs: failed to clone upperpath
[ 1253.781149][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1254.844023][T26037] binder: 26036:26037 unknown command 0
[ 1254.844043][T26037] binder: 26036:26037 ioctl c0306201 200000000080 returned -22
[ 1254.850650][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 423 sec
[ 1259.003241][T26058] overlayfs: failed to clone upperpath
[ 1264.006676][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1264.033810][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1264.057935][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1264.058971][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1264.080574][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1264.821855][T25906] chnl_net:caif_netlink_parms(): no params data found
[ 1264.850614][   T10] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 425 sec
[ 1266.433832][T24418] Bluetooth: hci6: command tx timeout
[ 1266.830333][T14153] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[ 1267.033789][T14153] usb 7-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1267.033818][T14153] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1267.033838][T14153] usb 7-1: Product: syz
[ 1267.033852][T14153] usb 7-1: Manufacturer: syz
[ 1267.033867][T14153] usb 7-1: SerialNumber: syz
[ 1267.076523][T14153] usb 7-1: config 0 descriptor??
[ 1267.362977][T14153] airspy 7-1:0.0: usb_control_msg() failed -71 request 09
[ 1267.363015][T14153] airspy 7-1:0.0: Could not detect board
[ 1267.363127][T14153] airspy 7-1:0.0: probe with driver airspy failed with error -71
[ 1267.394632][T14153] usb 7-1: USB disconnect, device number 42
[ 1268.589760][ T5838] Bluetooth: hci6: command tx timeout
[ 1269.024522][T25906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1269.025679][T25906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1269.025860][T25906] bridge_slave_0: entered allmulticast mode
[ 1269.043026][T25906] bridge_slave_0: entered promiscuous mode
[ 1269.201512][T25906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1269.201590][T25906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1269.201769][T25906] bridge_slave_1: entered allmulticast mode
[ 1269.221426][T25906] bridge_slave_1: entered promiscuous mode
[ 1270.612249][ T5838] Bluetooth: hci6: command tx timeout
[ 1271.484306][T26163] binder: 26162:26163 ioctl c0306201 200000000240 returned -14
[ 1271.653415][T25906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1272.086966][T25906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1272.094065][   T37] kauditd_printk_skb: 11 callbacks suppressed
[ 1272.094082][   T37] audit: type=1800 audit(1759139738.750:826): pid=26171 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.7752" name="/" dev="9p" ino=2 res=0 errno=0
[ 1273.105022][ T5838] Bluetooth: hci6: command tx timeout
[ 1276.299853][T25906] team0: Port device team_slave_0 added
[ 1276.414318][T25906] team0: Port device team_slave_1 added
[ 1282.544559][T25906] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1282.544577][T25906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1282.544603][T25906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1282.596415][T25906] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1282.596433][T25906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1282.596459][T25906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1282.649684][T26094] chnl_net:caif_netlink_parms(): no params data found
[ 1285.486554][T25906] hsr_slave_0: entered promiscuous mode
[ 1285.487892][T25906] hsr_slave_1: entered promiscuous mode
[ 1285.488796][T25906] debugfs: 'hsr0' already exists in 'hsr'
[ 1285.488821][T25906] Cannot create hsr debugfs directory
[ 1288.954781][T26094] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1288.954917][T26094] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1288.955165][T26094] bridge_slave_0: entered allmulticast mode
[ 1288.957921][T26094] bridge_slave_0: entered promiscuous mode
[ 1289.223838][T26094] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1289.223999][T26094] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1289.224260][T26094] bridge_slave_1: entered allmulticast mode
[ 1289.227688][T26094] bridge_slave_1: entered promiscuous mode
[ 1290.829575][T26094] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1290.829821][T24137] bridge_slave_1: left allmulticast mode
[ 1290.829900][T24137] bridge_slave_1: left promiscuous mode
[ 1290.830387][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1291.023076][T24137] bridge_slave_0: left allmulticast mode
[ 1291.023098][T24137] bridge_slave_0: left promiscuous mode
[ 1291.023261][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1292.481039][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1292.622095][T26308] netlink: 'syz.2.7794': attribute type 12 has an invalid length.
[ 1292.821173][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1294.097214][T24137] bond0 (unregistering): Released all slaves
[ 1295.082664][T26094] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1296.552530][T26337] netlink: 24 bytes leftover after parsing attributes in process `syz.7.7800'.
[ 1296.804139][T26094] team0: Port device team_slave_0 added
[ 1297.193606][T26343] overlayfs: failed to clone upperpath
[ 1297.230516][T24137] hsr_slave_0: left promiscuous mode
[ 1297.280526][T24137] hsr_slave_1: left promiscuous mode
[ 1297.281206][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1297.551141][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1299.600891][T26360] netlink: 'syz.7.7809': attribute type 1 has an invalid length.
[ 1300.247530][T24418] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1300.307075][T24418] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1300.394918][T24418] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1300.397040][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.421469][T24418] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1300.429154][T24418] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1301.247662][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1302.651390][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1302.691082][ T5838] Bluetooth: hci4: command tx timeout
[ 1304.994417][ T5838] Bluetooth: hci4: command tx timeout
[ 1305.765150][T26094] team0: Port device team_slave_1 added
[ 1305.766699][T26360] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[ 1306.743502][T26410] overlayfs: failed to clone upperpath
[ 1306.867086][T26362] gretap2: entered promiscuous mode
[ 1307.010689][T24418] Bluetooth: hci4: command tx timeout
[ 1309.970803][T24418] Bluetooth: hci4: command tx timeout
[ 1313.502115][T26094] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1313.502132][T26094] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1313.502157][T26094] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1313.507942][T26094] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1313.507959][T26094] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1313.507986][T26094] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1315.277770][T26094] hsr_slave_0: entered promiscuous mode
[ 1315.279104][T26094] hsr_slave_1: entered promiscuous mode
[ 1315.342535][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 484 sec
[ 1318.413069][T26509] tipc: Failed to remove unknown binding: 66,1,1/0:4068889826/4068889828
[ 1318.415331][T26509] tipc: Failed to remove unknown binding: 66,1,1/0:4068889826/4068889828
[ 1318.415369][T26509] tipc: Failed to remove unknown binding: 66,1,1/0:4068889826/4068889828
[ 1318.915220][T24137] bridge_slave_1: left allmulticast mode
[ 1318.915255][T24137] bridge_slave_1: left promiscuous mode
[ 1318.915884][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1319.134992][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1319.286807][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1319.376985][T24137] bridge_slave_0: left allmulticast mode
[ 1319.377023][T24137] bridge_slave_0: left promiscuous mode
[ 1319.377310][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1319.774596][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1320.793590][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1321.294673][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1322.987979][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1323.209547][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1323.456943][   T37] audit: type=1326 audit(1759139790.110:827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.456995][   T37] audit: type=1326 audit(1759139790.110:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.457036][   T37] audit: type=1326 audit(1759139790.110:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.458128][   T37] audit: type=1326 audit(1759139790.110:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.458276][   T37] audit: type=1326 audit(1759139790.110:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.458319][   T37] audit: type=1326 audit(1759139790.110:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.458363][   T37] audit: type=1326 audit(1759139790.110:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.458858][   T37] audit: type=1326 audit(1759139790.110:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.459109][   T37] audit: type=1326 audit(1759139790.110:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.590880][   T37] audit: type=1326 audit(1759139790.250:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26540 comm="syz.2.7852" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1323.976690][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1324.088871][T24418] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1324.113473][T24418] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1324.115327][T24418] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1324.146862][T24418] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1324.149680][T24418] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1324.181951][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1324.315307][T24137] bond0 (unregistering): Released all slaves
[ 1325.097984][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 485 sec
[ 1326.216871][T24418] Bluetooth: hci0: command tx timeout
[ 1326.605376][T24137] hsr_slave_0: left promiscuous mode
[ 1326.776064][T24137] hsr_slave_1: left promiscuous mode
[ 1326.777124][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1326.861514][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1328.292727][T24418] Bluetooth: hci0: command tx timeout
[ 1330.380902][T24418] Bluetooth: hci0: command tx timeout
[ 1333.393728][T24418] Bluetooth: hci0: command tx timeout
[ 1335.408546][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1335.770905][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1342.741209][T26364] chnl_net:caif_netlink_parms(): no params data found
[ 1347.902553][T26364] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1347.902710][T26364] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1347.902966][T26364] bridge_slave_0: entered allmulticast mode
[ 1347.906249][T26364] bridge_slave_0: entered promiscuous mode
[ 1348.072385][T26364] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1348.072526][T26364] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1348.072765][T26364] bridge_slave_1: entered allmulticast mode
[ 1348.075548][T26364] bridge_slave_1: entered promiscuous mode
[ 1349.292766][T26554] chnl_net:caif_netlink_parms(): no params data found
[ 1349.428045][T26364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1349.566247][T26364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1350.021647][T24137] bridge_slave_1: left allmulticast mode
[ 1350.021681][T24137] bridge_slave_1: left promiscuous mode
[ 1350.021953][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1350.161989][T24137] bridge_slave_0: left allmulticast mode
[ 1350.162021][T24137] bridge_slave_0: left promiscuous mode
[ 1350.162285][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1356.410934][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1356.531771][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1356.602785][T24137] bond0 (unregistering): Released all slaves
[ 1356.959910][T26364] team0: Port device team_slave_0 added
[ 1356.968934][T26364] team0: Port device team_slave_1 added
[ 1359.190229][T24137] hsr_slave_0: left promiscuous mode
[ 1359.409221][T24137] hsr_slave_1: left promiscuous mode
[ 1359.417260][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1359.468577][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1359.907764][T26824] overlayfs: failed to resolve './file0': -2
[ 1361.274538][ T5838] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1361.315795][ T5838] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1361.318351][ T5838] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1361.319468][ T5838] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1361.324458][ T5838] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1361.847500][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1363.434750][ T5838] Bluetooth: hci5: command tx timeout
[ 1363.611545][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1363.922478][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1365.601546][ T5838] Bluetooth: hci5: command tx timeout
[ 1366.511847][   T37] audit: type=1326 audit(1759139833.170:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26867 comm="syz.7.7942" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff65c60eec9 code=0x0
[ 1367.652448][ T5838] Bluetooth: hci5: command tx timeout
[ 1369.160248][T26554] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1369.160468][T26554] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1369.160724][T26554] bridge_slave_0: entered allmulticast mode
[ 1369.163860][T26554] bridge_slave_0: entered promiscuous mode
[ 1369.240492][T26554] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1369.240636][T26554] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1369.240892][T26554] bridge_slave_1: entered allmulticast mode
[ 1369.243944][T26554] bridge_slave_1: entered promiscuous mode
[ 1370.353338][T25762] IPVS: starting estimator thread 0...
[ 1370.708039][ T5838] Bluetooth: hci5: command tx timeout
[ 1370.870481][T26906] IPVS: using max 8 ests per chain, 19200 per kthread
[ 1371.122002][   T37] audit: type=1326 audit(1759139837.780:838): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=26912 comm="syz.6.7955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1371.122055][   T37] audit: type=1326 audit(1759139837.780:839): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=26912 comm="syz.6.7955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1371.122101][   T37] audit: type=1326 audit(1759139837.780:840): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=26912 comm="syz.6.7955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1371.122537][   T37] audit: type=1326 audit(1759139837.780:841): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=_ pid=26912 comm="syz.6.7955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1371.262636][T26554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1371.267045][T26554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1372.376219][   T12] kworker/u8:0 (12) used greatest stack depth: 12360 bytes left
[ 1374.258523][T26554] team0: Port device team_slave_0 added
[ 1374.268773][T26554] team0: Port device team_slave_1 added
[ 1375.947529][ T5921] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 544 sec
[ 1377.469911][T26554] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1377.469929][T26554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1377.469954][T26554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1379.436766][T26554] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1379.436783][T26554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1379.436809][T26554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1381.334839][T26554] hsr_slave_0: entered promiscuous mode
[ 1381.336301][T26554] hsr_slave_1: entered promiscuous mode
[ 1382.674025][T24137] bridge_slave_1: left allmulticast mode
[ 1382.674058][T24137] bridge_slave_1: left promiscuous mode
[ 1382.681628][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1382.783842][T24137] bridge_slave_0: left allmulticast mode
[ 1382.783876][T24137] bridge_slave_0: left promiscuous mode
[ 1382.784124][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1384.993334][T27008] tmpfs: Bad value for 'nr_inodes'
[ 1385.470371][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 545 sec
[ 1385.475691][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1386.094742][T24418] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1386.126071][T24418] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1386.129819][T24418] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1386.152702][T24418] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1386.153495][T24418] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1386.351128][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1386.447722][T24137] bond0 (unregistering): Released all slaves
[ 1388.809675][ T5838] Bluetooth: hci4: command tx timeout
[ 1390.771474][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1390.880213][ T5838] Bluetooth: hci4: command tx timeout
[ 1390.892195][   T37] audit: type=1326 audit(1759139857.550:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.892247][   T37] audit: type=1326 audit(1759139857.550:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894035][   T37] audit: type=1326 audit(1759139857.550:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894083][   T37] audit: type=1326 audit(1759139857.550:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894135][   T37] audit: type=1326 audit(1759139857.550:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894174][   T37] audit: type=1326 audit(1759139857.550:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894215][   T37] audit: type=1326 audit(1759139857.550:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894254][   T37] audit: type=1326 audit(1759139857.550:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894298][   T37] audit: type=1326 audit(1759139857.550:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1390.894339][   T37] audit: type=1326 audit(1759139857.550:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27051 comm="syz.2.7993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1392.551646][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1393.774644][ T5838] Bluetooth: hci4: command tx timeout
[ 1395.866989][ T5838] Bluetooth: hci4: command tx timeout
[ 1397.423829][T26825] chnl_net:caif_netlink_parms(): no params data found
[ 1397.466318][   T37] kauditd_printk_skb: 49 callbacks suppressed
[ 1397.466335][   T37] audit: type=1326 audit(1759139864.120:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.466608][   T37] audit: type=1326 audit(1759139864.120:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.467325][   T37] audit: type=1326 audit(1759139864.120:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc2b5cfaf79 code=0x7ffc0000
[ 1397.467868][   T37] audit: type=1326 audit(1759139864.120:904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.468423][   T37] audit: type=1326 audit(1759139864.120:905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.468872][   T37] audit: type=1326 audit(1759139864.120:906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.469537][   T37] audit: type=1326 audit(1759139864.120:907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.470024][   T37] audit: type=1326 audit(1759139864.120:908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.651282][   T37] audit: type=1326 audit(1759139864.310:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc2b5d5eec9 code=0x7ffc0000
[ 1397.651895][   T37] audit: type=1326 audit(1759139864.310:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27107 comm="syz.2.8010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc2b5cfaf79 code=0x7ffc0000
[ 1398.683233][T27118] netlink: 32 bytes leftover after parsing attributes in process `syz.2.8012'.
[ 1398.872889][T26825] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1398.873084][T26825] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1398.873327][T26825] bridge_slave_0: entered allmulticast mode
[ 1398.876219][T26825] bridge_slave_0: entered promiscuous mode
[ 1398.923025][T26825] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1398.923191][T26825] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1398.923456][T26825] bridge_slave_1: entered allmulticast mode
[ 1398.926778][T26825] bridge_slave_1: entered promiscuous mode
[ 1400.625487][T26825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1401.738308][T27012] chnl_net:caif_netlink_parms(): no params data found
[ 1401.785799][T26825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1406.844720][T26825] team0: Port device team_slave_0 added
[ 1408.156088][T26825] team0: Port device team_slave_1 added
[ 1408.720816][T27189] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[ 1409.401602][T26825] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1409.401614][T26825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1409.401628][T26825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1409.402800][T24137] bridge_slave_1: left allmulticast mode
[ 1409.402821][T24137] bridge_slave_1: left promiscuous mode
[ 1409.402997][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1410.325860][T24137] bridge_slave_0: left allmulticast mode
[ 1410.325894][T24137] bridge_slave_0: left promiscuous mode
[ 1410.326172][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1413.450340][ T2169] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1413.511647][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1413.732838][ T2169] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1413.732899][ T2169] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1413.732923][ T2169] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1413.739571][ T2169] usb 7-1: config 0 descriptor??
[ 1413.799074][T27211] netlink: 'syz.2.8037': attribute type 23 has an invalid length.
[ 1414.564220][ T2169] pwc: Askey VC010 type 2 USB webcam detected.
[ 1414.601284][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1414.896352][ T2169] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1414.897338][ T2169] pwc: recv_control_msg error -32 req 02 val 2700
[ 1414.898370][ T2169] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1414.899300][ T2169] pwc: recv_control_msg error -32 req 04 val 1000
[ 1414.900039][ T2169] pwc: recv_control_msg error -32 req 04 val 1300
[ 1414.901197][ T2169] pwc: recv_control_msg error -32 req 04 val 1400
[ 1414.902034][ T2169] pwc: recv_control_msg error -32 req 02 val 2000
[ 1414.902707][ T2169] pwc: recv_control_msg error -32 req 02 val 2100
[ 1414.903517][ T2169] pwc: recv_control_msg error -32 req 04 val 1500
[ 1414.904541][ T2169] pwc: recv_control_msg error -32 req 02 val 2500
[ 1415.204243][ T2169] pwc: recv_control_msg error -71 req 02 val 2600
[ 1415.212804][ T2169] pwc: recv_control_msg error -71 req 02 val 2900
[ 1415.217616][ T2169] pwc: recv_control_msg error -71 req 02 val 2800
[ 1415.241320][ T2169] pwc: recv_control_msg error -71 req 04 val 1100
[ 1415.244791][ T2169] pwc: recv_control_msg error -71 req 04 val 1200
[ 1415.356490][ T2169] pwc: Registered as video103.
[ 1415.435126][ T2169] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input75
[ 1415.905395][T24137] bond0 (unregistering): Released all slaves
[ 1416.058957][ T2169] usb 7-1: USB disconnect, device number 43
[ 1416.645237][T26825] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1416.645254][T26825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1416.645277][T26825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1416.646991][T27012] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1416.647124][T27012] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1416.647325][T27012] bridge_slave_0: entered allmulticast mode
[ 1416.660850][T27012] bridge_slave_0: entered promiscuous mode
[ 1417.773250][T27012] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1417.773407][T27012] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1417.773674][T27012] bridge_slave_1: entered allmulticast mode
[ 1417.776481][T27012] bridge_slave_1: entered promiscuous mode
[ 1419.773260][T24137] hsr_slave_0: left promiscuous mode
[ 1419.828919][T24137] hsr_slave_1: left promiscuous mode
[ 1419.836957][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1419.887540][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1423.599625][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.861642][   T37] kauditd_printk_skb: 293 callbacks suppressed
[ 1423.861661][   T37] audit: type=1326 audit(1759139890.510:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.861934][   T37] audit: type=1326 audit(1759139890.520:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.877335][   T37] audit: type=1326 audit(1759139890.530:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.877382][   T37] audit: type=1326 audit(1759139890.530:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.877423][   T37] audit: type=1326 audit(1759139890.530:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.878106][   T37] audit: type=1326 audit(1759139890.530:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.878149][   T37] audit: type=1326 audit(1759139890.530:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.878187][   T37] audit: type=1326 audit(1759139890.530:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.882464][   T37] audit: type=1326 audit(1759139890.540:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1423.882518][   T37] audit: type=1326 audit(1759139890.540:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27259 comm="syz.6.8051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6522c0eec9 code=0x7ffc0000
[ 1424.159308][T27266] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1424.180415][T27266] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1424.182495][T27266] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1425.048196][T27266] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1425.070410][T27266] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1427.185111][T24418] Bluetooth: hci0: command tx timeout
[ 1428.163282][ T5921] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 60 sec
[ 1428.759420][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1429.821981][T24418] Bluetooth: hci0: command tx timeout
[ 1430.021251][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1430.300527][T27301] binder_alloc: 27300: binder_alloc_buf, no vma
[ 1431.923484][T24418] Bluetooth: hci0: command tx timeout
[ 1434.088228][T24418] Bluetooth: hci0: command tx timeout
[ 1436.251703][ T5921] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 605 sec
[ 1437.128399][T27012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1439.031753][T27368] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8081'.
[ 1439.304692][T27012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1439.305264][T27366] syz_tun: entered allmulticast mode
[ 1439.548428][T27368] syz_tun (unregistering): left allmulticast mode
[ 1439.875479][T27375] netlink: 'syz.6.8083': attribute type 4 has an invalid length.
[ 1440.054865][T27012] team0: Port device team_slave_0 added
[ 1440.058578][T27012] team0: Port device team_slave_1 added
[ 1442.723432][T27012] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1442.723449][T27012] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1442.723475][T27012] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1442.759665][T27012] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1442.759681][T27012] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1442.759707][T27012] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1443.370031][T27012] hsr_slave_0: entered promiscuous mode
[ 1443.372327][T27012] hsr_slave_1: entered promiscuous mode
[ 1443.995836][T27401] nfs: Unknown parameter 'ntext'
[ 1446.152627][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 606 sec
[ 1446.333084][T24137] bridge_slave_1: left allmulticast mode
[ 1446.333118][T24137] bridge_slave_1: left promiscuous mode
[ 1446.333377][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1446.512314][T27266] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1446.518543][T27266] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1446.536810][T27266] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1446.552334][T27266] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1446.558262][T27266] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1446.573875][T24137] bridge_slave_0: left allmulticast mode
[ 1446.573905][T24137] bridge_slave_0: left promiscuous mode
[ 1446.574212][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1448.051814][   T37] kauditd_printk_skb: 7 callbacks suppressed
[ 1448.051841][   T37] audit: type=1326 audit(1759139914.710:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.052095][   T37] audit: type=1326 audit(1759139914.710:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.052360][   T37] audit: type=1326 audit(1759139914.710:1223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.052593][   T37] audit: type=1326 audit(1759139914.710:1224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.052898][   T37] audit: type=1326 audit(1759139914.710:1225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.053193][   T37] audit: type=1326 audit(1759139914.710:1226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.053438][   T37] audit: type=1326 audit(1759139914.710:1227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.053671][   T37] audit: type=1326 audit(1759139914.710:1228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.053977][   T37] audit: type=1326 audit(1759139914.710:1229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.054205][   T37] audit: type=1326 audit(1759139914.710:1230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27425 comm="syz.7.8097" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff65c60eec9 code=0x50000
[ 1448.184931][T25762] hid-generic 0000:0000:0000.0050: unknown main item tag 0x0
[ 1448.220561][T25762] hid-generic 0000:0000:0000.0050: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1448.521177][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1449.207001][T24418] Bluetooth: hci5: command tx timeout
[ 1449.523342][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1452.408599][T24137] bond0 (unregistering): Released all slaves
[ 1452.430774][T24418] Bluetooth: hci5: command tx timeout
[ 1452.799470][T27451] sctp: [Deprecated]: syz.6.8106 (pid 27451) Use of int in max_burst socket option.
[ 1452.799470][T27451] Use struct sctp_assoc_value instead
[ 1454.455694][T24418] Bluetooth: hci5: command tx timeout
[ 1455.716587][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1455.751158][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1456.161187][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1456.531742][T24418] Bluetooth: hci5: command tx timeout
[ 1456.745664][T27486] netlink: 'syz.6.8112': attribute type 32 has an invalid length.
[ 1456.761224][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1468.592841][T27263] chnl_net:caif_netlink_parms(): no params data found
[ 1470.382741][T27557] Set syz0 is full, maxelem 0 reached
[ 1471.955810][   T37] kauditd_printk_skb: 67 callbacks suppressed
[ 1471.955830][   T37] audit: type=1800 audit(1759139938.600:1298): pid=27577 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.8136" name="/" dev="9p" ino=2 res=0 errno=0
[ 1472.054954][T27263] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1472.055085][T27263] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1472.055301][T27263] bridge_slave_0: entered allmulticast mode
[ 1472.058152][T27263] bridge_slave_0: entered promiscuous mode
[ 1472.127287][T27263] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1472.127418][T27263] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1472.127622][T27263] bridge_slave_1: entered allmulticast mode
[ 1472.134274][T27263] bridge_slave_1: entered promiscuous mode
[ 1477.218547][T27263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1477.265251][T27416] chnl_net:caif_netlink_parms(): no params data found
[ 1477.307380][T27263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1480.172541][T27263] team0: Port device team_slave_0 added
[ 1481.856219][T24137] bridge_slave_1: left allmulticast mode
[ 1481.856254][T24137] bridge_slave_1: left promiscuous mode
[ 1481.856520][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1482.056511][T24137] bridge_slave_0: left allmulticast mode
[ 1482.056542][T24137] bridge_slave_0: left promiscuous mode
[ 1482.060738][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1483.940313][   T10] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1484.017981][T24418] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1484.055448][T24418] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1484.058314][T24418] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1484.075251][T24418] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1484.076296][T24418] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1484.090370][   T10] usb 7-1: Using ep0 maxpacket: 32
[ 1484.348321][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1484.513840][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1484.655256][   T10] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1484.656344][   T10] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1484.656383][   T10] usb 7-1: can't read configurations, error -71
[ 1484.807253][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.848670][T24137] bond0 (unregistering): Released all slaves
[ 1485.662217][T27416] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1485.663687][T27416] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1485.663940][T27416] bridge_slave_0: entered allmulticast mode
[ 1485.675828][T27416] bridge_slave_0: entered promiscuous mode
[ 1486.164522][T27266] Bluetooth: hci0: command tx timeout
[ 1488.162513][T27416] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1488.162652][T27416] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.162906][T27416] bridge_slave_1: entered allmulticast mode
[ 1488.165630][T27416] bridge_slave_1: entered promiscuous mode
[ 1488.219255][T27266] Bluetooth: hci0: command tx timeout
[ 1489.141193][   T10] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 121 sec
[ 1490.305057][T27266] Bluetooth: hci0: command tx timeout
[ 1490.779061][T24137] hsr_slave_0: left promiscuous mode
[ 1491.741246][T24137] hsr_slave_1: left promiscuous mode
[ 1491.802792][T24137] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1493.060852][T27266] Bluetooth: hci0: command tx timeout
[ 1493.065686][T24137] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1495.562565][T27737] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1496.031105][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1497.580551][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 666 sec
[ 1497.746572][T27751] sctp: [Deprecated]: syz.2.8178 (pid 27751) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1497.746572][T27751] Use struct sctp_sack_info instead
[ 1501.275152][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1501.836547][T27761] ptrace attach of "./syz-executor exec"[5841] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[ 1503.458948][T27781] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1506.610469][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 666 sec
[ 1508.699886][T24418] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1508.722140][T24418] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1508.724134][T24418] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1508.726498][T24418] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1508.727301][T24418] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1509.930648][T27650] chnl_net:caif_netlink_parms(): no params data found
[ 1510.390270][T27825] Option '                                                                                                                  ' to dns_resolver key: bad/missing value
[ 1511.195799][T27266] Bluetooth: hci4: command tx timeout
[ 1513.307211][T27266] Bluetooth: hci4: command tx timeout
[ 1516.090232][T27266] Bluetooth: hci4: command tx timeout
[ 1519.616799][T27266] Bluetooth: hci4: command tx timeout
[ 1522.956709][T27650] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.957570][T27650] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1522.957788][T27650] bridge_slave_0: entered allmulticast mode
[ 1524.073204][T27650] bridge_slave_0: entered promiscuous mode
[ 1524.127458][T27650] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.127597][T27650] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1524.127922][T27650] bridge_slave_1: entered allmulticast mode
[ 1524.156726][T27650] bridge_slave_1: entered promiscuous mode
[ 1526.700420][T27904] netlink: 384 bytes leftover after parsing attributes in process `syz.7.8217'.
[ 1526.700566][T27904] netlink: 'syz.7.8217': attribute type 2 has an invalid length.
[ 1526.954901][T27650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1528.130476][T27650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1532.138926][T27650] team0: Port device team_slave_0 added
[ 1532.179609][T27650] team0: Port device team_slave_1 added
[ 1533.125057][   T37] audit: type=1800 audit(1759139999.010:1299): pid=27933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.6.8225" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=117895 res=0 errno=0
[ 1533.157516][T24137] bridge_slave_1: left allmulticast mode
[ 1533.157600][T24137] bridge_slave_1: left promiscuous mode
[ 1533.157881][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1534.293150][T27939] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8227'.
[ 1534.833901][T24137] bridge_slave_0: left allmulticast mode
[ 1534.833934][T24137] bridge_slave_0: left promiscuous mode
[ 1534.834216][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1535.145449][T24137] bridge_slave_1: left allmulticast mode
[ 1535.145484][T24137] bridge_slave_1: left promiscuous mode
[ 1535.145766][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1536.251922][T24137] bridge_slave_0: left allmulticast mode
[ 1536.251955][T24137] bridge_slave_0: left promiscuous mode
[ 1536.252213][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1539.762033][T24137] bond0 (unregistering): Released all slaves
[ 1541.943234][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1542.278541][T27981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8238'.
[ 1542.278653][T27981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8238'.
[ 1543.029459][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1543.220399][T24137] bond0 (unregistering): Released all slaves
[ 1543.326498][T24418] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1543.335483][T24418] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1543.337915][T24418] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1543.360328][T24418] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1543.368479][T24418] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1543.946660][T27939] veth1_macvtap: left promiscuous mode
[ 1545.359026][T28002] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8244'.
[ 1545.508167][T27266] Bluetooth: hci5: command tx timeout
[ 1546.844485][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1548.293258][T27266] Bluetooth: hci5: command tx timeout
[ 1549.689811][T14153] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 181 sec
[ 1550.259355][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1550.380256][T24418] Bluetooth: hci5: command tx timeout
[ 1552.666838][T24418] Bluetooth: hci5: command tx timeout
[ 1554.775392][T28043] IPVS: wlc: SCTP 172.20.20.187:0 - no destination available
[ 1557.428068][T27810] chnl_net:caif_netlink_parms(): no params data found
[ 1558.312677][T28068] sctp: [Deprecated]: syz.7.8259 (pid 28068) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1558.312677][T28068] Use struct sctp_sack_info instead
[ 1559.085006][   T10] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 728 sec
[ 1560.904250][T25762] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1561.054696][T25762] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1561.054722][T25762] usb 7-1: config 0 has no interfaces?
[ 1561.066178][T25762] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1561.066299][T25762] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1561.066426][T25762] usb 7-1: Product: syz
[ 1561.066517][T25762] usb 7-1: Manufacturer: syz
[ 1561.066532][T25762] usb 7-1: SerialNumber: syz
[ 1561.075863][T25762] usb 7-1: config 0 descriptor??
[ 1561.331374][T27810] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1561.331483][T27810] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1561.331653][T27810] bridge_slave_0: entered allmulticast mode
[ 1561.380634][   T10] usb 7-1: USB disconnect, device number 46
[ 1561.397484][T27810] bridge_slave_0: entered promiscuous mode
[ 1561.473842][T27810] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1561.474076][T27810] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1561.474332][T27810] bridge_slave_1: entered allmulticast mode
[ 1561.476906][T27810] bridge_slave_1: entered promiscuous mode
[ 1562.000459][T28090] Device name cannot be null; rc = [-22]
[ 1563.145065][T27810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1563.208748][T27810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1563.360475][T28096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8266'.
[ 1564.635896][T27810] team0: Port device team_slave_0 added
[ 1566.236681][T27810] team0: Port device team_slave_1 added
[ 1566.610737][   T10] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 726 sec
[ 1572.020625][T27982] chnl_net:caif_netlink_parms(): no params data found
[ 1574.203495][T24137] bridge_slave_1: left allmulticast mode
[ 1574.203529][T24137] bridge_slave_1: left promiscuous mode
[ 1574.203783][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1574.271693][T24137] bridge_slave_0: left allmulticast mode
[ 1574.271725][T24137] bridge_slave_0: left promiscuous mode
[ 1574.271998][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1574.389027][T27266] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1574.413475][T27266] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1574.416344][T27266] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1574.417580][T27266] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1574.418392][T27266] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1576.955143][T24418] Bluetooth: hci0: command tx timeout
[ 1577.410276][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1578.412822][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1580.108394][T24418] Bluetooth: hci0: command tx timeout
[ 1580.160332][T24137] bond0 (unregistering): Released all slaves
[ 1582.180177][T27266] Bluetooth: hci0: command tx timeout
[ 1582.311799][T28221] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0'
[ 1584.420911][T27266] Bluetooth: hci0: command tx timeout
[ 1587.222552][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1589.639181][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1596.341099][T28307] overlayfs: failed to clone lowerpath
[ 1597.290368][T27982] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1597.290506][T27982] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1597.290756][T27982] bridge_slave_0: entered allmulticast mode
[ 1597.295324][T27982] bridge_slave_0: entered promiscuous mode
[ 1597.318108][T27982] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1597.318254][T27982] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1597.318458][T27982] bridge_slave_1: entered allmulticast mode
[ 1597.331332][T27982] bridge_slave_1: entered promiscuous mode
[ 1607.890666][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1610.422093][T14153] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 242 sec
[ 1610.767318][T28165] chnl_net:caif_netlink_parms(): no params data found
[ 1610.809985][T24418] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1610.850090][T24418] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1610.894540][T24418] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1610.900756][T24418] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1610.918179][T24418] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1613.437298][T24418] Bluetooth: hci4: command tx timeout
[ 1615.965293][T24418] Bluetooth: hci4: command tx timeout
[ 1616.444605][T24137] bridge_slave_1: left allmulticast mode
[ 1616.444638][T24137] bridge_slave_1: left promiscuous mode
[ 1616.444902][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1616.685814][T24137] bridge_slave_0: left allmulticast mode
[ 1616.685834][T24137] bridge_slave_0: left promiscuous mode
[ 1616.686007][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1618.627807][T24418] Bluetooth: hci4: command tx timeout
[ 1619.924428][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 788 sec
[ 1620.896768][T24418] Bluetooth: hci4: command tx timeout
[ 1621.497377][T28451] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8353'.
[ 1621.654301][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1621.941022][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1622.252648][T24137] bond0 (unregistering): Released all slaves
[ 1626.476360][T28494] netlink: 20 bytes leftover after parsing attributes in process `syz.2.8364'.
[ 1627.417377][T27651] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 787 sec
[ 1627.721076][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1628.112545][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1634.218848][T27266] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1634.253050][T27266] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1634.255776][T27266] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1634.258842][T27266] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1634.896663][T28165] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1634.896811][T28165] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1634.897063][T28165] bridge_slave_0: entered allmulticast mode
[ 1634.910565][T28165] bridge_slave_0: entered promiscuous mode
[ 1635.210655][T27266] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1638.077797][T27266] Bluetooth: hci5: command tx timeout
[ 1640.282027][T27266] Bluetooth: hci5: command tx timeout
[ 1642.639627][T27266] Bluetooth: hci5: command tx timeout
[ 1643.065547][T28389] chnl_net:caif_netlink_parms(): no params data found
[ 1643.201737][T28582] netlink: 'syz.6.8383': attribute type 1 has an invalid length.
[ 1643.201811][T28582] netlink: 224 bytes leftover after parsing attributes in process `syz.6.8383'.
[ 1644.844313][T27266] Bluetooth: hci5: command tx timeout
[ 1648.515442][T28524] chnl_net:caif_netlink_parms(): no params data found
[ 1653.889645][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[ 1653.976672][T28389] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1653.976829][T28389] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1653.977081][T28389] bridge_slave_0: entered allmulticast mode
[ 1654.001080][T28389] bridge_slave_0: entered promiscuous mode
[ 1654.817827][T28389] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1654.817967][T28389] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1654.818230][T28389] bridge_slave_1: entered allmulticast mode
[ 1654.844649][T28389] bridge_slave_1: entered promiscuous mode
[ 1655.923331][T28655] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8400'.
[ 1658.189699][T28683] gfs2: path_lookup on /dev/virtual_nci returned error -2
[ 1661.531161][T28697] tls_set_device_offload_rx: netdev not found
[ 1661.663864][T28389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1663.706724][T28389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1663.706955][T24137] bridge_slave_0: left allmulticast mode
[ 1663.706981][T24137] bridge_slave_0: left promiscuous mode
[ 1663.707230][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1663.794408][T24137] bridge_slave_1: left allmulticast mode
[ 1663.794443][T24137] bridge_slave_1: left promiscuous mode
[ 1663.794725][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1663.892370][T24137] bridge_slave_0: left allmulticast mode
[ 1663.892402][T24137] bridge_slave_0: left promiscuous mode
[ 1663.892658][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1664.185894][T24137] bond0 (unregistering): Released all slaves
[ 1664.427189][T24137] bond0 (unregistering): Released all slaves
[ 1665.704176][T28524] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1665.704320][T28524] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1665.704578][T28524] bridge_slave_0: entered allmulticast mode
[ 1665.707413][T28524] bridge_slave_0: entered promiscuous mode
[ 1667.277480][T24418] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1667.293512][T24418] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1667.315035][T24418] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1667.317585][T24418] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1667.318555][T24418] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1669.699862][T27266] Bluetooth: hci0: command tx timeout
[ 1669.830889][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1671.050686][T14153] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 303 sec
[ 1671.320620][T28524] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1671.320763][T28524] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1671.321019][T28524] bridge_slave_1: entered allmulticast mode
[ 1671.323865][T28524] bridge_slave_1: entered promiscuous mode
[ 1672.360779][T27266] Bluetooth: hci0: command tx timeout
[ 1673.290050][   T37] audit: type=1800 audit(1759140139.940:1300): pid=28751 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.8420" name="bus" dev="ramfs" ino=119925 res=0 errno=0
[ 1674.552798][T27266] Bluetooth: hci0: command tx timeout
[ 1676.885190][T27266] Bluetooth: hci0: command tx timeout
[ 1677.237429][T28524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1677.480619][T28524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1680.517054][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 849 sec
[ 1686.223765][T28524] team0: Port device team_slave_0 added
[ 1686.255953][T28524] team0: Port device team_slave_1 added
[ 1688.259701][T14153] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 848 sec
[ 1690.147230][T28734] chnl_net:caif_netlink_parms(): no params data found
[ 1691.564783][T28863] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8448'.
[ 1691.564808][T28863] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8448'.
[ 1693.033996][T24418] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1693.065593][T24418] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1693.068702][T24418] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1693.075567][T24418] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1693.076399][T24418] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1695.400154][T24418] Bluetooth: hci4: command tx timeout
[ 1698.020124][T24418] Bluetooth: hci4: command tx timeout
[ 1699.756091][T28734] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1699.756320][T28734] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1699.756519][T28734] bridge_slave_0: entered allmulticast mode
[ 1699.759381][T28734] bridge_slave_0: entered promiscuous mode
[ 1699.796885][T28734] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1699.797168][T28734] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1699.797587][T28734] bridge_slave_1: entered allmulticast mode
[ 1700.908276][T28734] bridge_slave_1: entered promiscuous mode
[ 1700.926908][T24418] Bluetooth: hci4: command tx timeout
[ 1703.207504][T27266] Bluetooth: hci4: command tx timeout
[ 1704.987584][T28734] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1705.628217][T28945] openvswitch: netlink: IP tunnel dst address not specified
[ 1705.691552][T28734] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1709.529012][T28734] team0: Port device team_slave_0 added
[ 1709.578643][T28734] team0: Port device team_slave_1 added
[ 1711.430359][T28984] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1711.608353][T28734] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1711.608365][T28734] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1711.608379][T28734] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1711.612199][T28981] tipc: Resetting bearer <eth:syzkaller0>
[ 1711.616268][T28734] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1711.616277][T28734] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1711.616291][T28734] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1711.706999][T24137] bridge_slave_1: left allmulticast mode
[ 1711.707033][T24137] bridge_slave_1: left promiscuous mode
[ 1711.707288][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1711.819919][T24137] bridge_slave_0: left allmulticast mode
[ 1711.819940][T24137] bridge_slave_0: left promiscuous mode
[ 1711.832230][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1712.116446][T24137] bridge_slave_1: left allmulticast mode
[ 1712.116469][T24137] bridge_slave_1: left promiscuous mode
[ 1712.116633][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1712.393992][T24137] bridge_slave_0: left allmulticast mode
[ 1712.394015][T24137] bridge_slave_0: left promiscuous mode
[ 1712.394180][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1713.075753][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1713.350885][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1713.638149][T24137] bond0 (unregistering): Released all slaves
[ 1713.952377][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1714.231012][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1715.057523][T24137] bond0 (unregistering): Released all slaves
[ 1715.551139][T28977] tipc: Disabling bearer <eth:syzkaller0>
[ 1722.460964][T24137] team0 (unregistering): Port device team_slave_1 removed
[ 1723.289299][T24137] team0 (unregistering): Port device team_slave_0 removed
[ 1727.599022][T28875] chnl_net:caif_netlink_parms(): no params data found
[ 1729.522367][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.068731][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.514535][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.682129][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.711113][ T1324] ieee802154 phy1 wpan1: encryption failed: -22
[ 1730.795864][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1730.942909][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.563037][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1731.570608][T27651] page_pool_release_retry() stalled pool shutdown: id 149, 3329 inflight 363 sec
[ 1731.919569][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.083170][T24418] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1732.169783][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.177205][T24418] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1732.192553][T24418] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1732.200703][T24418] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1732.203263][T24418] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1732.571746][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1732.661967][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1733.562969][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1734.187474][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1735.024957][T29120] netlink: 'syz.2.8511': attribute type 1 has an invalid length.
[ 1735.025029][T29120] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.8511'.
[ 1736.576652][T27266] Bluetooth: hci5: command tx timeout
[ 1739.555317][T27266] Bluetooth: hci5: command tx timeout
[ 1740.530636][T14153] page_pool_release_retry() stalled pool shutdown: id 113, 3329 inflight 909 sec
[ 1741.214438][T28875] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1741.214580][T28875] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1741.214823][T28875] bridge_slave_0: entered allmulticast mode
[ 1741.231651][T28875] bridge_slave_0: entered promiscuous mode
[ 1741.689545][T27266] Bluetooth: hci5: command tx timeout
[ 1742.164360][T28875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1742.164502][T28875] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1742.164755][T28875] bridge_slave_1: entered allmulticast mode
[ 1742.167622][T28875] bridge_slave_1: entered promiscuous mode
[ 1742.606052][T29155] ceph: No mds server is up or the cluster is laggy
[ 1742.642382][T29151] ceph: No mds server is up or the cluster is laggy
[ 1742.692936][T29159] ceph: No mds server is up or the cluster is laggy
[ 1743.980223][T27266] Bluetooth: hci5: command tx timeout
[ 1744.525262][T29175] netlink: 4804 bytes leftover after parsing attributes in process `syz.2.8523'.
[ 1744.525389][T29175] netlink: 4804 bytes leftover after parsing attributes in process `syz.2.8523'.
[ 1745.367323][T28875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1745.392541][T28875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1747.354333][T28875] team0: Port device team_slave_0 added
[ 1747.391195][T28875] team0: Port device team_slave_1 added
[ 1749.010480][T27651] page_pool_release_retry() stalled pool shutdown: id 114, 3329 inflight 909 sec
[ 1749.951590][T28875] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1749.951607][T28875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1749.951634][T28875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1750.031922][T28875] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1750.031938][T28875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1750.031964][T28875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1751.123139][T29213] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[ 1751.280515][T29101] chnl_net:caif_netlink_parms(): no params data found
[ 1752.408571][T24418] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1752.437347][T24418] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1752.439404][T24418] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1752.472384][T24418] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1752.474299][T24418] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1754.735042][T29236] overlayfs: failed to clone upperpath
[ 1754.991092][T27266] Bluetooth: hci0: command tx timeout
[ 1756.444093][T24137] bridge_slave_1: left allmulticast mode
[ 1756.444128][T24137] bridge_slave_1: left promiscuous mode
[ 1756.444409][T24137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1758.465677][T27266] Bluetooth: hci0: command tx timeout
[ 1759.221680][T24137] bridge_slave_0: left allmulticast mode
[ 1759.221716][T24137] bridge_slave_0: left promiscuous mode
[ 1759.221992][T24137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1760.719095][T27266] Bluetooth: hci0: command tx timeout
[ 1763.127579][T27266] Bluetooth: hci0: command tx timeout
[ 1763.628910][T27651] usb 7-1: new full-speed USB device number 47 using dummy_hcd
[ 1763.875144][T29289] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8551'.
[ 1763.884998][T29289] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8551'.
[ 1764.712167][T27651] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1764.712193][T27651] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1764.714825][T27651] usb 7-1: New USB device found, idVendor=1286, idProduct=1fa4, bcdDevice=fb.16
[ 1764.714855][T27651] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1764.714876][T27651] usb 7-1: Product: syz
[ 1764.714891][T27651] usb 7-1: Manufacturer: syz
[ 1764.714906][T27651] usb 7-1: SerialNumber: syz
[ 1764.728501][T27651] usb 7-1: config 0 descriptor??
[ 1764.998054][T24137] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1765.380797][T29294] netlink: 12 bytes leftover after parsing attributes in process `syz.7.8552'.
[ 1766.840810][ T2169] usb 7-1: USB disconnect, device number 47
[ 1767.124273][T24137] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1768.288073][T24137] bond0 (unregistering): Released all slaves
[ 1768.665349][   T26] ==================================================================
[ 1768.665372][   T26] BUG: KASAN: vmalloc-out-of-bounds in irq_work_single+0x14f/0x2b0
[ 1768.665404][   T26] Write of size 4 at addr ffffc90005dc5098 by task irq_work/1/26
[ 1768.665427][   T26] 
[ 1768.665439][   T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1768.665461][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1768.665473][   T26] Call Trace:
[ 1768.665481][   T26]  <TASK>
[ 1768.665490][   T26]  dump_stack_lvl+0x189/0x250
[ 1768.665514][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.665536][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1768.665559][   T26]  ? __pfx__printk+0x10/0x10
[ 1768.665577][   T26]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1768.665605][   T26]  ? __virt_addr_valid+0xdc/0x5c0
[ 1768.665622][   T26]  ? __virt_addr_valid+0xdc/0x5c0
[ 1768.665639][   T26]  print_report+0xca/0x240
[ 1768.665660][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.665679][   T26]  kasan_report+0x118/0x150
[ 1768.665704][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.665729][   T26]  kasan_check_range+0x2b0/0x2c0
[ 1768.665753][   T26]  irq_work_single+0x14f/0x2b0
[ 1768.665775][   T26]  run_irq_workd+0x121/0x190
[ 1768.665795][   T26]  ? __pfx_run_irq_workd+0x10/0x10
[ 1768.665815][   T26]  ? schedule+0x91/0x360
[ 1768.665840][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.665862][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.665882][   T26]  smpboot_thread_fn+0x542/0xa60
[ 1768.665903][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.665927][   T26]  kthread+0x711/0x8a0
[ 1768.665952][   T26]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1768.665973][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.665998][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.666022][   T26]  ret_from_fork+0x436/0x7d0
[ 1768.666044][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[ 1768.666068][   T26]  ? __switch_to_asm+0x39/0x70
[ 1768.666085][   T26]  ? __switch_to_asm+0x33/0x70
[ 1768.666101][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.666125][   T26]  ret_from_fork_asm+0x1a/0x30
[ 1768.666149][   T26]  </TASK>
[ 1768.666157][   T26] 
[ 1768.666162][   T26] The buggy address belongs to a vmalloc virtual mapping
[ 1768.666180][   T26] Memory state around the buggy address:
[ 1768.666192][   T26]  ffffc90005dc4f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1768.666204][   T26]  ffffc90005dc5000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1768.666217][   T26] >ffffc90005dc5080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1768.666226][   T26]                             ^
[ 1768.666237][   T26]  ffffc90005dc5100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1768.666248][   T26]  ffffc90005dc5180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1768.666258][   T26] ==================================================================
[ 1768.666400][   T26] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1768.666420][   T26] CPU: 1 UID: 0 PID: 26 Comm: irq_work/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1768.666442][   T26] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1768.666453][   T26] Call Trace:
[ 1768.666460][   T26]  <TASK>
[ 1768.666468][   T26]  dump_stack_lvl+0x99/0x250
[ 1768.666491][   T26]  ? __asan_memcpy+0x40/0x70
[ 1768.666510][   T26]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1768.666532][   T26]  ? __pfx__printk+0x10/0x10
[ 1768.666557][   T26]  vpanic+0x281/0x750
[ 1768.666580][   T26]  ? preempt_schedule+0xae/0xc0
[ 1768.666603][   T26]  ? __pfx_vpanic+0x10/0x10
[ 1768.666624][   T26]  ? preempt_schedule_common+0x83/0xd0
[ 1768.666647][   T26]  ? preempt_schedule+0xae/0xc0
[ 1768.666669][   T26]  ? __pfx_preempt_schedule+0x10/0x10
[ 1768.666695][   T26]  panic+0xb9/0xc0
[ 1768.666717][   T26]  ? __pfx_panic+0x10/0x10
[ 1768.666742][   T26]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1768.666771][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.666791][   T26]  check_panic_on_warn+0x89/0xb0
[ 1768.666809][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.666829][   T26]  end_report+0x78/0x160
[ 1768.666849][   T26]  kasan_report+0x129/0x150
[ 1768.666872][   T26]  ? irq_work_single+0x14f/0x2b0
[ 1768.666896][   T26]  kasan_check_range+0x2b0/0x2c0
[ 1768.666919][   T26]  irq_work_single+0x14f/0x2b0
[ 1768.666942][   T26]  run_irq_workd+0x121/0x190
[ 1768.666962][   T26]  ? __pfx_run_irq_workd+0x10/0x10
[ 1768.666982][   T26]  ? schedule+0x91/0x360
[ 1768.667005][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.667027][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.667046][   T26]  smpboot_thread_fn+0x542/0xa60
[ 1768.667067][   T26]  ? smpboot_thread_fn+0x4d/0xa60
[ 1768.667092][   T26]  kthread+0x711/0x8a0
[ 1768.667116][   T26]  ? __pfx_smpboot_thread_fn+0x10/0x10
[ 1768.667138][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.667163][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.667186][   T26]  ret_from_fork+0x436/0x7d0
[ 1768.667208][   T26]  ? __pfx_ret_from_fork+0x10/0x10
[ 1768.667232][   T26]  ? __switch_to_asm+0x39/0x70
[ 1768.667248][   T26]  ? __switch_to_asm+0x33/0x70
[ 1768.667264][   T26]  ? __pfx_kthread+0x10/0x10
[ 1768.667287][   T26]  ret_from_fork_asm+0x1a/0x30
[ 1768.667312][   T26]  </TASK>
[ 1768.667591][   T26] Kernel Offset: disabled