last executing test programs:

24m57.979035229s ago: executing program 2 (id=143):
syz_clone3(&(0x7f0000002c00)={0x9828000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x65)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@ipv6_delroute={0x3c, 0x19, 0x1, 0x70bd27, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x1000}, [@RTA_PRIORITY={0x8, 0x1e, 0x1}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_DST={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}]}, 0x3c}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
sendto$inet6(r3, &(0x7f0000000200), 0x0, 0x20000040, &(0x7f00000000c0)={0xa, 0x4e22, 0x8, @mcast2, 0x5}, 0x1c)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
r5 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0)
ioctl$IMADDTIMER(r5, 0x80044940, &(0x7f0000000080)=0x14)
close(r5)
sendto$inet6(r3, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$netlink(r0, 0x0, 0x0)
mkdir(0x0, 0x30)
fanotify_mark(0xffffffffffffffff, 0x105, 0x40009975, 0xffffffffffffffff, 0x0)

24m49.824268108s ago: executing program 2 (id=165):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
personality(0x5000004)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000380)={0x201, 0x0, &(0x7f0000000440), 0x0, &(0x7f00000000c0)=[0x0], 0x0})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xf, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r4, r5, 0x6, 0x0, @val=@iter={0x0}}, 0x20)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000180)={r4, r5, 0x6, 0x0, @val=@tracing}, 0x40)

24m47.976536825s ago: executing program 2 (id=170):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x40004)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x3a6}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
rt_sigprocmask(0x5, &(0x7f0000000040), 0x0, 0x8)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000340)={'ip_vti0\x00', &(0x7f00000002c0)={'erspan0\x00', 0x0, 0x20, 0x8, 0x8, 0xffffffff, {{0x8, 0x4, 0x2, 0x3, 0x20, 0x64, 0x0, 0x0, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x28}, @empty, {[@ra={0x94, 0x4}, @ssrr={0x89, 0x3, 0x31}, @timestamp={0x44, 0x4, 0x5f, 0x0, 0xa}]}}}}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000001"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

24m45.061343303s ago: executing program 2 (id=172):
syz_open_dev$sg(&(0x7f0000000180), 0x80000000, 0x103001)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x20, 0x2, 0x7, 0x4}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="30008097d49e663000"/19, @ANYRES32=0x0, @ANYBLOB="000000050a000100aaaaaaaaaabb000008000b00ff7f0000"], 0x30}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {}, {0x5, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x40004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000b00)={0x9, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x1, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x3, 0x0, 0x4, 0x400000000, 0x4, 0x7fffffff}, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x1e4011, 0x0)

24m41.819054279s ago: executing program 2 (id=181):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2abd708002dcdf2500000000000000"], 0x10}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
iopl(0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r2, &(0x7f0000000080), 0x12)

24m38.612682899s ago: executing program 2 (id=184):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$loop(0x0, 0x7fffffff, 0x2800)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000fce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_procfs$pagemap(0x0, 0x0)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5c})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448de, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

24m23.451324454s ago: executing program 32 (id=184):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_open_dev$loop(0x0, 0x7fffffff, 0x2800)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000fce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_procfs$pagemap(0x0, 0x0)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5c})
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$audio(0xffffffffffffff9c, 0x0, 0x40000000040201, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448de, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

14m59.400569885s ago: executing program 0 (id=1383):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(0x0, r1)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)={0x30, r2, 0x1, 0x1c, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7f}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x1}]}, 0x30}}, 0x0)

14m58.957970996s ago: executing program 0 (id=1386):
mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r0 = getpid()
syz_open_procfs(r0, &(0x7f0000000000)='net/route\x00')
r1 = inotify_init1(0x0)
inotify_add_watch(r1, &(0x7f0000000400)='.\x00', 0xa4000021)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
fcntl$setstatus(0xffffffffffffffff, 0x407, 0xa0018ce0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = dup(r7)
write$UHID_INPUT(r8, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x2020)
setsockopt$bt_hci_HCI_TIME_STAMP(r6, 0x0, 0x3, &(0x7f0000000000)=0x80000000, 0x4)
close(r1)

14m57.31905107s ago: executing program 0 (id=1388):
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
mount(&(0x7f0000000300)=@nullb, &(0x7f0000000380)='./bus\x00', &(0x7f00000003c0)='jfs\x00', 0x0, &(0x7f0000000400)='usrquota')

14m55.740093827s ago: executing program 0 (id=1392):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40080)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
close(0xffffffffffffffff)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0xd]})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES32, @ANYBLOB="828500000000000024001a80080002800400018018000a000000000000000000000000000000000000000000716934be46b15aa0084c117123c41d032135721dd24edb9714f49295e5cc24e39c8d8ef0263da4cfc66a90348be47b023a59dc0d5fc2a169a8682750eab57265a6d8617f4082c71e09ba8e91e1727c07e82fe3"], 0x44}}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x400007)
connect$inet6(r3, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r4, 0x10c, 0x4, &(0x7f0000000000)=0x3c, 0x4)

14m54.20333464s ago: executing program 0 (id=1393):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r1, 0x6, 0xd, 0x0, &(0x7f0000000b00))
open_tree(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x88100)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
add_key(&(0x7f0000000080)='pkcs7_test\x00', 0x0, &(0x7f0000000200), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, r2, 0x55fa3000)
r4 = socket(0x28, 0x5, 0x0)
r5 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
listen(r5, 0x0)
connect$vsock_stream(r4, &(0x7f0000000080), 0x10)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x1, 0x5}, 0x8)
sendmmsg(r4, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x1, 0x24008094)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0x10, &(0x7f0000000040)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffff5}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000140)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0x0, 0x8300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

14m52.735476259s ago: executing program 0 (id=1399):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8169, 0x6, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x1ff, 0x2b})
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000400)={r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x4, 0x3, 0x40008})
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000003c0)=""/82)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r10=>0x0})
connect$can_bcm(r9, &(0x7f00000000c0)={0x1d, r10}, 0x10)

14m37.109540863s ago: executing program 33 (id=1399):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000340)={0xda2, 0x8169, 0x6, 0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f00000000c0)={0x1, 0x1ff, 0x2b})
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000000)={0x8, 0x2, 0x7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r2, 0xc00464b4, &(0x7f0000000400)={r4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x401f, 0x3})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f00000002c0)={0x4, 0x3, 0x40008})
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f00000003c0)=""/82)
bind$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r9 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r10=>0x0})
connect$can_bcm(r9, &(0x7f00000000c0)={0x1d, r10}, 0x10)

9m41.410193604s ago: executing program 4 (id=2114):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000080)=0x9, 0x4)
sendmmsg$inet6(r0, &(0x7f00000055c0)=[{{&(0x7f0000001640)={0xa, 0xf, 0xfffffc01, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x12}}, 0xe}, 0x1c, &(0x7f0000002880)=[{0x0}, {&(0x7f0000001780)="9c435a7de4c0ff7c4563074aa91bee4f6e90607e890a47d0be6a17fdc0c6a1796db4fe7dd11538645e1058e812536c926690b1b24c7efd5c00ecfb64781df49eab06e8d9c153ad38a9b439a4db81dc1e36f1e6f032183ebd46c2fd9827fc48c8cdb4f07e93b48410a25fdeded74f2bc99f878a19012e6b7b623763f2b4a717576faa2825abf02e2090bb34084a971ec99e558675a54179a2c8eec2cde79ad3c2f6dd3131a464f396a63c07a34b7e7016b5af1b7d7417c22a72fc036ac41b0ade14bf538417a60c26874402386fb1da4e8d427910c86cfd89d053c098bc0a65418a82eb9bc5a8dad36b55aaa44086c03f2c78ce7234559f7dbdb2373e000c78f882bd54bcc7349e849ec05e5d5fb9a97aca8e68a8c7b9aff05fbf42e516af486082f93b19947400e21e63a040d920333fa7c033143cfea3d6f4700d5e01c173e06d33369a5ed1c84ac19a79eda3153861bfa6eddb066458fc33e40af3977e3444c76769defae482a017730274b3daf39b605350792aa958573b78c4f2204c59873ce8b450530762896acffc52d3c568e5f760982af1c90b07e5c99b0d85e54272ccefb302095c3e0de9d8ce91912b3f11387a5b754ab481ef1230c1fe588c49e32d00ff20c367f0da6a59de83e3b24175deeaed3b37cbaea7cb057007f0ff830e2c25ba59145caa0d1c96086da2160dab1df2dc71ae120fcf1c1864aa6bca73e349947c529a8ca80bd0086d54bb4b51e1ee473bd8de1fd17584ebdb21154765c07d756bad41860478127206818387527d9bced660c492b3754beed0af6e4ca480fdb61543139f914eb54c5242ac1ea0658b3c2d3307b265ea9d918ebfb6871bd4a51924d19b05e09e603b2fb40f86cda3d428e6f3e942b5400a2f71c33b5454604f5ed1218f620db6679361d7458cdfc017ee9b01ce516362766533746fc86413ebe03a597e9e02b5bb1e6d768e62047864b2dfe51a481a84d0e671f58ed9f40cc529f9ee2acec4234ff00e994e8455e96bb81a004e2ee25212ce4b922afb0ab01f060f982b65ec3f62000ebb9e0fc82264b39b5f9a8dfe72fbde63ef0876d903884f2481d6a2a9b50b24bcb028dce129936411f16a5cb71b08d372326fc52965a041cc537eeb4558ba87234bd2ef96f303f78533193e0fd5ccd30bc28ce9c9dcff87699c089e661fcbf69211352f8bd1f8cb284a98b21d4f01ec8a534e24172323dff9f467a63603abfbefed785f01e6630dc1eb8a4af6405da321456357e7509c10427a67e924d3a3ab6f4be46f94fc2082720d203338022775f16298b96d4df44e88fad2969c25fcef52d78aa82923bad8bb40bed69a3599c61205f5c3a6cce0cd91dac99de831f8d25b25d08174545f15a223988325ff9c14e32fe6a80b92d220086d08b0b84d220e201e5893e00211b7310162376cd108fe0d94a1e181941217b5a5bcd89be84bc970f41a4788117ee4c56e355791bbe6cd23143c72c00f299384d5585a372174e65756e4b03a084f8d7d031e2d92105e2b8f144a56fec218bd50998fc34b2b6bd440aed89995e7cfdbf918ae186d823730a0fedca913d466741ec3d641beee576e41459ea006056b5eb8d813381bbbef871d0535dd20", 0x47f}], 0x2}}], 0x1, 0x4001c00)

9m40.245092457s ago: executing program 4 (id=2116):
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x581, 0x20000000008c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x540f, 0x1000000000000)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x400, &(0x7f0000000040)=ANY=[])

9m39.245344436s ago: executing program 4 (id=2119):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000005a00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x10)

9m38.19335854s ago: executing program 4 (id=2123):
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340), 0x440402, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
mknod(&(0x7f0000000480)='./file0\x00', 0x8000, 0x6262768b)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000013c0)={0xa8, 0x2, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x1000}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x3}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2c}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x44, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x8}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x9}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x5f}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e22}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x3}, @IPSET_ATTR_NETMASK={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x44085}, 0x80)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x8}, @hci_rp_read_auth_payload_to={{0x7}, {0x5, 0xc9, 0xde}}}}, 0xb)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x4, 0xc9}}}, 0x6)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x6, 0xe, &(0x7f0000000300)=ANY=[@ANYBLOB="b700000018000000bca30000000000002403000040feffff720af0ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000061140400000000001d430000000000007a0a00fe0000001f6114000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767912d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce0900000000000000499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a5"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000080))

9m36.325284109s ago: executing program 4 (id=2127):
r0 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000000)={@dev, 0x78, r1})
r2 = socket(0xa, 0x1, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}, 0x1, 0x0, 0x0, 0x20048801}, 0x10)
ioctl(r2, 0x8916, 0x0)
ioctl(r2, 0x8936, &(0x7f0000000000))

9m33.182359707s ago: executing program 4 (id=2134):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000280)={0x1, &(0x7f00000008c0)=[{}]})
r3 = add_key$user(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000340)={r3, 0x0, r3}, 0x0, 0x0, 0x0)

9m17.938109415s ago: executing program 34 (id=2134):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r2, 0x800448d2, &(0x7f0000000280)={0x1, &(0x7f00000008c0)=[{}]})
r3 = add_key$user(&(0x7f0000000740), &(0x7f0000000780)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000340)={r3, 0x0, r3}, 0x0, 0x0, 0x0)

17.998336545s ago: executing program 5 (id=3187):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
read$alg(r1, &(0x7f0000000000)=""/35, 0x23)
sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x1bc}, 0x1, 0x0, 0x0, 0x8884}, 0x10)

17.859094278s ago: executing program 3 (id=3188):
r0 = syz_open_dev$dri(0x0, 0xa, 0x200)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})

17.62971138s ago: executing program 5 (id=3189):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x90)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000000009500000000000000b7080000000000007b9a00fe00000000b509000000000000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

17.452370598s ago: executing program 3 (id=3192):
syz_io_uring_setup(0x497, 0x0, &(0x7f0000000340)=<r0=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000001000700000000000400000000"], 0x24, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3"], &(0x7f0000000080)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b303d0e8b089b0732306c090890e0879b0a0a5de70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)

15.810231447s ago: executing program 1 (id=3193):
syz_open_dev$vim2m(&(0x7f0000000040), 0x404, 0x2)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240))
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000, 0x3, &(0x7f0000003000/0x2000)=nil)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$int_in(r3, 0x40000000af01, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/timers\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000002280)={0x2020}, 0x2020)
bpf$PROG_BIND_MAP(0x23, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0x0, {0x2, @empty, 'veth1_to_bridge\x00'}}, 0x1e)

15.111062775s ago: executing program 5 (id=3194):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x656, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x11, 0x0, 0x0)

14.924229562s ago: executing program 3 (id=3195):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
getrlimit(0x9, &(0x7f0000000080))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x4000000}}], 0x400000000000172, 0x0)

12.331180376s ago: executing program 5 (id=3196):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="1802000000000000000000000000800085"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000240)="243c2de8680d85ffff03742f0800dfe3cedd9dad", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

11.967938221s ago: executing program 1 (id=3197):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0xff, 0x3, 0x1, 0xd, 0x9, 0x80000001, 0x4, 0x2, r3}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400", @ANYRES16=0x0, @ANYBLOB="01072bbd70000000000005001000"], 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, 0x0, &(0x7f0000000340)=""/39}, 0x20)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)

11.415577647s ago: executing program 6 (id=3199):
getxattr(0x0, &(0x7f00000007c0)=ANY=[], 0x0, 0x0)
dup(0xffffffffffffffff)
creat(0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x4000800)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)

10.160358812s ago: executing program 5 (id=3200):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000180)="0203", 0x2, 0x0, 0x0, 0x0)
unshare(0x2c020400)
r2 = msgget$private(0x0, 0x0)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
msgrcv(r2, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000a00))
syz_open_dev$vim2m(&(0x7f0000000680), 0x7ff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b80)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010011a80100005800400058008000000000000000800038030000180050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d80500060000000000130002006272696467655f736c6176655f30000007000200293a0000050006000000000008000100001b000018000180140004004d2906d0880fc8acc30fe2020f9849675000018014000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af080001000000000008000100000000006000018005000600000000000500060000000000080001000000000005000600000000000c00020073797a746e6c30000800010000000000130002006272696467655f736c6176655f30000014000500e078d277f38ed3a40a448f3f6b6763e83c000c8008002c000000000005000600000000001400190002dd96197aca85b64424a37dbda7b69414000800eb052fcd3dd4d3e8bbcbf1de857c0e1c3c0001800800010000000000080001000000000014000400b2112a97bf9704ee57915340334b827114000500e8635392a70f36f95f4b9b352920ebec080028000000000060333cb93f99b4a41732d5b68bc8470f001a8020000a80050008000000000014000700fe8000000000000000000000000000aa34000a8000000700fe8000000000000000000000000000aa1400070000000000000000000000ffffffffffff14000700ff0100000000000000000000000000010400070000000a8000000800000000dfff000700fe8000000000000000000000000000bb00000700000000000000000000000000000000010000080000000000000008000000000000000700fc02000000000000000000000000000000000700fc0100000000000000000000000000001937c425f956b3c61fe6bd2120f64d7ccfc00128f3eb340cc3c15455b18e736ce7def0c187f21b7c76532dccdcc278239e551f5d9d199e0a9d7ac812f8503ca2303b77ee535039523d86cfd77839c01ed0698d1841196ff2e16b3f9bcafc98d350ec365fd9d00661416295d4b0b31d6bbfb3aea0446f6ade5c4b0400000031ffb7b77cb34fd1e8ca9138b9595b0f4510648268929ced9a2904e88824567978cd2071ecbbf591e126a1e70cde36f998bfe90174a942ba8dbee82a7a8662b94756bb377b9655cebb8ef5c257031503b2669fd8609aa3ea6207e0376f28e2969915a84864a8104629ea0932d5d216be94e2d3e7d135c07f34132aaaee10"], 0x270}}, 0x0)

9.274006241s ago: executing program 6 (id=3202):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x64004}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @mcast1}, @IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0xc}]}}}]}, 0x50}}, 0x0)

9.18063734s ago: executing program 1 (id=3203):
r0 = syz_open_dev$dri(0x0, 0xa, 0x200)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})

9.009998484s ago: executing program 3 (id=3204):
setitimer(0x2, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r1 = syz_usb_connect(0x2, 0x1b, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xf2, 0xff, 0x78, 0x20, 0x1b80, 0xe39a, 0x3ad7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9, 0x0, 0x0, 0xe3, 0x30}}]}}, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
close_range(r0, 0xffffffffffffffff, 0x0)

8.898079581s ago: executing program 1 (id=3205):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x800000000001c8, 0x12)

8.858219992s ago: executing program 7 (id=3206):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee7, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x90)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bc8900000000000035090100000000009500000000000000b7080000000000007b9a00fe00000000b509000000000000c3aaf0fff1000000bf8600000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7050000080000004608ebff76000000bf9800000000000056080000000000008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

8.800325264s ago: executing program 6 (id=3207):
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
socket(0x1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20800, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x1a0, 0x4c, 0x1a, 0x1a0, 0x73, 0x300, 0x258, 0x258, 0x300, 0x258, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0x0, 0x0, 0xff], [0x0, 0xffffff00], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0x138, 0x1a0, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@unspec=@rateest={{0x68}, {'veth1_vlan\x00', 'veth0\x00', 0x24, 0x3, 0x8, 0x2, 0x39, 0x80000001, {0x8001}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0xe, 0xb, 0xc, 0xc07, 'syz1\x00', 'syz0\x00', {0x2}}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@icmp6={{0x28}, {0xc, "fc84"}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x14, 0x8000, 0x7, 0x18d, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001640)={0x11, 0x19, &(0x7f0000001740)=ANY=[@ANYBLOB="18080000060000000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
getrusage(0xffffffffffffffff, &(0x7f00000002c0))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x300000e, 0x11, r1, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)

7.555425262s ago: executing program 7 (id=3208):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x656, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
sendto$inet(r3, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf74", 0x49, 0x11, 0x0, 0x0)

7.361006141s ago: executing program 1 (id=3209):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
mount(&(0x7f00000003c0)=@sr0, &(0x7f0000000400)='.\x00', 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
rt_sigqueueinfo(0x0, 0x0, &(0x7f0000000fc0)={0x0, 0x0, 0x200})
socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000003c0), 0x40002ee, 0x24000041)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.810603087s ago: executing program 7 (id=3210):
ioctl$SNDCTL_SEQ_GETINCOUNT(0xffffffffffffffff, 0x80045105, &(0x7f00000000c0))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x6c00, 0x0, 0x4d080}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x9}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x8000)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x10)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='gadgetfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
getdents64(r2, &(0x7f0000000300)=""/154, 0x9a)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

4.325088232s ago: executing program 7 (id=3211):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000d00)=ANY=[@ANYBLOB="18020000000000000000000000008000850000006100000085"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0x14, 0x0, &(0x7f0000000240)="243c2de8680d85ffff03742f0800dfe3cedd9dad", 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.323807381s ago: executing program 6 (id=3212):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_clone3(&(0x7f0000000300)={0x120100200, &(0x7f0000000040), 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

4.313780839s ago: executing program 3 (id=3213):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req={0x7, 0x0, 0xd, 0x9}, 0x10)
syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x101040)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, 0xffffffffffffffff, &(0x7f0000002080)=0x64, 0x23b)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
dup(0xffffffffffffffff)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r3, 0x1, 0x44, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)={0xdc, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x6, 0x0, 0x0, @u32=0xffff}]}, @nested={0xc, 0x2, 0x0, 0x1, [@typed={0x8, 0xd9, 0x0, 0x0, @uid}]}, @typed={0xac, 0xe7, 0x0, 0x0, @binary="6996111389078830881e3e16ac75d199f8b6a5bff2f87bd325205b75b3aa089bed69376e901dc504d4be41cf74853834647138e7bc26a30cd4c81636338579de322528a2ac47163c3bdf737888bf3d51a14b39971ff4d64ff2ac579574a67c417c89f56a715376411c81c3c8e498b3a041c6026ac805de30eb1bb574ac799e3da826b9b46490b6036e610c8a083a21d48f16187b7aae6dbd737f98be8156688b104630db33c22914"}]}, 0xdc}, 0x1, 0x0, 0x0, 0xc000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
syz_open_procfs$namespace(r5, 0xfffffffffffffffe)
sched_setscheduler(0x0, 0x1, 0x0)

4.216786744s ago: executing program 5 (id=3214):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0xff, 0x3, 0x1, 0xd, 0x9, 0x80000001, 0x4, 0x2, r3}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="1400", @ANYRES16=0x0, @ANYBLOB="01072bbd70000000000005001000"], 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0)
syz_genetlink_get_family_id$netlbl_mgmt(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000540)={r0, 0x0, &(0x7f0000000340)=""/39}, 0x20)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)

1.623277251s ago: executing program 1 (id=3215):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x0, 0x4, 0x20a}}, 0x10)
r1 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
socket(0x2c, 0x5, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f00000002c0)={0x402, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={0x0, 0x24}, &(0x7f0000000200)=0x8)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)=""/130, 0x82}], 0x1}}], 0x1, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="4400000010001fff2bbd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000098120100240012800b00010062726964676500001400028005002c000600010005002b000200000030f0374fc95ca0ba7e1989497f709b4c2e9c827768a00ab66d75a34ba1ade2ebf5bf1610101dc1e512ad0291", @ANYBLOB="ed7c2d681a51bc0a57892ca64d04598d6069bcc5032b40226321c6deb1e8fcd9773eae5f5e444231f323ed49b512b156d5309e39e9c76fffdb5ab87914a677e0b7a056a5d80d3ee1f9a8e4ce6a80c76f6843b3289493edd8c8f33ed0b31422cb25ac28d0c0f68e0984a469ffb0e4d00c147d3e823418cdd0cbd1daad0f38ede9406e9df2b3ace0bf744b7ff623c9e2170e6070197e73cd55d1dfb4d1cf595a641cae482c27bab257b4e56f0e7f48c02a18ed39f44a4ee8751570dd59cce1fe7d8dc8f1c8198569a9b2bef10637122cd4617b5d27c12418b3107e51fce37e40aa", @ANYRESOCT], 0x44}}, 0x4000)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, 0x0, 0x0)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r6 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r6, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r5])
ioctl$sock_bt_bnep_BNEPGETCONNLIST(r6, 0x800442d2, &(0x7f0000000440)={0x1, &(0x7f0000000340)=[{0x0, 0x0, 0x0, @remote}]})
setsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000140), 0x4)

1.462394969s ago: executing program 7 (id=3216):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0xa, 0x200)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, 0x0)

1.460885777s ago: executing program 6 (id=3217):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmsg$alg(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
read$alg(r5, &(0x7f0000000000)=""/35, 0x23)

1.431605089s ago: executing program 3 (id=3218):
r0 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x4000000}}], 0x400000000000172, 0x0)

1.076304ms ago: executing program 6 (id=3219):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x2, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r0}, &(0x7f0000000600), &(0x7f00000001c0)}, 0x20)

0s ago: executing program 7 (id=3220):
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r5 = accept4(r4, 0x0, 0x0, 0x0)
read$alg(r5, &(0x7f0000000000)=""/35, 0x23)
sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x1bc}, 0x1, 0x0, 0x0, 0x8884}, 0x10)

kernel console output (not intermixed with test programs):

d promiscuous mode
[  803.006352][T11967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  803.064992][T11967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  803.336181][ T9962] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  803.352660][ T6192] hsr_slave_0: left promiscuous mode
[  803.378702][ T6192] hsr_slave_1: left promiscuous mode
[  803.394962][ T6192] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  803.412462][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_0
[  803.466970][ T6192] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  803.483298][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_1
[  803.504625][ T9962] usb 5-1: Using ep0 maxpacket: 8
[  803.569707][ T6192] veth1_macvtap: left promiscuous mode
[  803.581997][ T9962] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  803.606385][ T6192] veth0_macvtap: left promiscuous mode
[  803.638597][ T9962] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  803.654247][ T6192] veth1_vlan: left promiscuous mode
[  803.669674][ T9962] usb 5-1: Product: syz
[  803.674483][ T6192] veth0_vlan: left promiscuous mode
[  803.689899][ T9962] usb 5-1: Manufacturer: syz
[  803.703179][ T9962] usb 5-1: SerialNumber: syz
[  803.741591][ T9962] usb 5-1: config 0 descriptor??
[  803.981129][ T9962] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  804.091233][ T5826] Bluetooth: hci1: command 0x0401 tx timeout
[  804.404130][ T9322] usb 6-1: USB disconnect, device number 7
[  804.608586][T12132] fuse: Unknown parameter 'grou00000000000000000000'
[  804.842995][ T9962] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  804.894162][ T9962] usb 5-1: USB disconnect, device number 4
[  805.076891][ T6192] team0 (unregistering): Port device team_slave_1 removed
[  805.153556][ T6192] team0 (unregistering): Port device team_slave_0 removed
[  808.079129][T12158] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1479'.
[  808.205072][T12160] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1479'.
[  808.323525][T12164] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1481'.
[  808.998215][T12158] bond1: entered promiscuous mode
[  809.018977][T12158] bond1: entered allmulticast mode
[  809.060193][T12159] vti0: entered allmulticast mode
[  809.070403][T12159] bond1: (slave vti0): The slave device specified does not support setting the MAC address
[  809.088224][T12159] bond1: (slave vti0): Error -95 calling set_mac_address
[  809.113260][T12160] 8021q: adding VLAN 0 to HW filter on device bond1
[  809.142167][T11967] team0: Port device team_slave_0 added
[  809.711642][T11967] team0: Port device team_slave_1 added
[  809.756438][T12175] overlayfs: missing 'lowerdir'
[  810.931754][T12186] Bluetooth: hci1: Opcode 0x0401 failed: -4
[  811.019532][T12188] fuse: Unknown parameter 'group_i00000000000000000000'
[  811.070521][T11967] batman_adv: batadv0: Adding interface: batadv_slave_0
[  811.105052][T11967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.289910][T11967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  811.399080][T11967] batman_adv: batadv0: Adding interface: batadv_slave_1
[  811.419015][T11967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  811.535973][T11967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  812.848282][T11820] Bluetooth: hci2: command 0x0405 tx timeout
[  812.882381][ T5826] Bluetooth: hci1: command 0x0401 tx timeout
[  814.209266][T11967] hsr_slave_0: entered promiscuous mode
[  815.239993][T11967] hsr_slave_1: entered promiscuous mode
[  815.300911][T11967] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  815.321890][T11967] Cannot create hsr debugfs directory
[  815.366901][ T6192] IPVS: stop unused estimator thread 0...
[  815.445241][T12229] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1494'.
[  818.329132][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  818.345009][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  819.455465][T11820] Bluetooth: hci1: unexpected event for opcode 0x0c7b
[  820.681892][T11967] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  820.723616][T11967] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  821.686267][T11967] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  821.987474][T10309] IPVS: starting estimator thread 0...
[  822.202188][T12275] IPVS: using max 20 ests per chain, 48000 per kthread
[  822.316258][T11967] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  822.839046][T11967] 8021q: adding VLAN 0 to HW filter on device bond0
[  822.889963][T11967] 8021q: adding VLAN 0 to HW filter on device team0
[  822.904942][T10532] bridge0: port 1(bridge_slave_0) entered blocking state
[  822.912150][T10532] bridge0: port 1(bridge_slave_0) entered forwarding state
[  823.883993][ T5909] bridge0: port 2(bridge_slave_1) entered blocking state
[  823.891309][ T5909] bridge0: port 2(bridge_slave_1) entered forwarding state
[  828.100181][T11967] 8021q: adding VLAN 0 to HW filter on device batadv0
[  828.340250][T12341] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1522'.
[  832.071258][T11967] veth0_vlan: entered promiscuous mode
[  832.134369][T11967] veth1_vlan: entered promiscuous mode
[  832.254206][T12383] ieee802154 phy0 wpan0: encryption failed: -22
[  832.624647][T11967] veth0_macvtap: entered promiscuous mode
[  832.814134][T11967] veth1_macvtap: entered promiscuous mode
[  833.158654][T11967] batman_adv: batadv0: Interface activated: batadv_slave_0
[  833.998175][T11967] batman_adv: batadv0: Interface activated: batadv_slave_1
[  834.080730][T11967] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  834.137798][T11967] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  834.200846][T11967] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  834.247874][T11967] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  834.718150][T12397] overlayfs: missing 'lowerdir'
[  837.463976][ T5909] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  837.482818][ T5909] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  837.755411][T10532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  838.172932][T10532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  838.989225][ T5826] Bluetooth: hci1: unexpected event for opcode 0x0c7b
[  839.441476][T12439] NILFS (nullb0): couldn't find nilfs on the device
[  842.179317][T12463] fuse: Unknown parameter 'group_id00000000000000000000'
[  844.772940][T12494] ieee802154 phy0 wpan0: encryption failed: -22
[  846.605206][T12519] netlink: 'syz.6.1564': attribute type 1 has an invalid length.
[  846.613141][T12519] netlink: 240 bytes leftover after parsing attributes in process `syz.6.1564'.
[  853.532095][T12576] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1578'.
[  853.599452][T12576] veth1_macvtap: left promiscuous mode
[  853.801150][T12578] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  854.333372][T10036] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  854.351973][T10036] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  855.394634][T12588] NILFS (nullb0): couldn't find nilfs on the device
[  857.984809][T12592] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  859.469731][T12614] netlink: 'syz.5.1590': attribute type 1 has an invalid length.
[  859.477612][T12614] netlink: 240 bytes leftover after parsing attributes in process `syz.5.1590'.
[  860.570736][T12640] NILFS (nullb0): couldn't find nilfs on the device
[  862.404010][T12646] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  864.327003][T12670] netlink: 'syz.5.1603': attribute type 10 has an invalid length.
[  864.651851][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  864.651893][   T30] audit: type=1326 audit(1747387383.633:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12666 comm="syz.7.1604" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x0
[  865.444701][T12670] syz_tun: entered promiscuous mode
[  865.609814][T12670] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  866.554264][T12682] netlink: 'syz.3.1607': attribute type 1 has an invalid length.
[  866.562310][T12682] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1607'.
[  870.992222][T12725] ieee802154 phy0 wpan0: encryption failed: -22
[  871.830346][   T30] audit: type=1326 audit(1747387390.253:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12718 comm="syz.3.1618" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7738b8e969 code=0x0
[  872.583601][T12729] Bluetooth: hci1: Opcode 0x0401 failed: -4
[  875.193220][T11820] Bluetooth: hci1: command 0x0401 tx timeout
[  877.047950][T12778] netlink: 'syz.4.1632': attribute type 2 has an invalid length.
[  877.118013][T12778] : entered promiscuous mode
[  880.747839][T12771] syz.4.1632 (12771): drop_caches: 2
[  880.773598][T12771] syz.4.1632 (12771): drop_caches: 2
[  881.112464][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  881.118917][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[  886.878537][T12830] fuse: Bad value for 'fd'
[  888.890367][T12834] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  889.117607][   T30] audit: type=1326 audit(1747387408.103:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12836 comm="syz.6.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x0
[  891.376542][T12869] NILFS (nullb0): couldn't find nilfs on the device
[  892.575181][T12883] ieee802154 phy0 wpan0: encryption failed: -22
[  895.178003][T12893] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  896.521828][   T30] audit: type=1326 audit(1747387415.383:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12913 comm="syz.5.1669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x0
[  898.845188][T12939] NILFS (nullb0): couldn't find nilfs on the device
[  899.926710][T12947] fuse: Bad value for 'fd'
[  901.836400][T12953] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  902.232934][T12969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1684'.
[  904.414980][T13004] NILFS (nullb0): couldn't find nilfs on the device
[  905.968843][T13021] fuse: Bad value for 'fd'
[  908.282442][T13022] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  908.322696][T13045] overlayfs: missing 'lowerdir'
[  909.869025][T13067] netlink: 'syz.3.1709': attribute type 1 has an invalid length.
[  909.913592][T13067] netlink: 240 bytes leftover after parsing attributes in process `syz.3.1709'.
[  910.484697][ T5826] Bluetooth: hci2: command 0x0405 tx timeout
[  915.742820][T13102] fuse: Bad value for 'fd'
[  916.756107][ T5883] IPVS: starting estimator thread 0...
[  916.913077][T13122] IPVS: using max 19 ests per chain, 45600 per kthread
[  917.672893][T11820] Bluetooth: hci2: command 0x0405 tx timeout
[  920.616535][T13149] overlayfs: missing 'lowerdir'
[  922.971592][T13157] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  928.711942][ T5826] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  933.532233][T13265] ieee802154 phy0 wpan0: encryption failed: -22
[  933.912144][T11820] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  935.804371][T13297] netlink: 'syz.3.1764': attribute type 11 has an invalid length.
[  935.812375][T13297] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1764'.
[  938.150073][T13317] NILFS (nullb0): couldn't find nilfs on the device
[  940.068095][T13320] No source specified
[  940.477905][T13338] bridge0: port 3(netdevsim0) entered blocking state
[  940.486323][T13338] bridge0: port 3(netdevsim0) entered disabled state
[  940.500614][T13338] netdevsim netdevsim6 netdevsim0: entered allmulticast mode
[  940.672998][T13338] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  940.681002][T13338] bridge0: port 3(netdevsim0) entered blocking state
[  940.687860][T13338] bridge0: port 3(netdevsim0) entered forwarding state
[  940.918918][T13329] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[  941.120751][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[  943.911354][T13385] NILFS (nullb0): couldn't find nilfs on the device
[  952.415381][T13472] netlink: 'syz.3.1809': attribute type 2 has an invalid length.
[  952.453636][T13472] : entered promiscuous mode
[  952.643252][T13463] syz.3.1809 (13463): drop_caches: 2
[  952.661595][T13463] syz.3.1809 (13463): drop_caches: 2
[  953.201877][ T5839] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  953.361848][ T5839] usb 6-1: Using ep0 maxpacket: 32
[  954.029226][ T5839] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  954.045311][ T5839] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  954.064626][ T5839] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  954.076122][ T5839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  954.105685][ T5839] usb 6-1: config 0 descriptor??
[  954.113868][ T5839] hub 6-1:0.0: USB hub found
[  954.662429][ T5839] hub 6-1:0.0: 1 port detected
[  955.926986][    T9] hub 6-1:0.0: hub_ext_port_status failed (err = 0)
[  956.390683][    T9] usb 6-1: USB disconnect, device number 8
[  968.549700][   T30] audit: type=1326 audit(1747387487.523:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  968.646116][   T30] audit: type=1326 audit(1747387487.523:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  969.498068][   T30] audit: type=1326 audit(1747387487.523:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  969.589160][   T30] audit: type=1326 audit(1747387487.523:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  969.791843][   T30] audit: type=1326 audit(1747387487.523:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  970.261806][   T30] audit: type=1326 audit(1747387487.563:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  970.551793][   T30] audit: type=1326 audit(1747387487.563:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  970.913193][   T30] audit: type=1326 audit(1747387487.563:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  971.060821][T13626] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1849'.
[  971.622135][   T30] audit: type=1326 audit(1747387487.583:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  971.877791][   T30] audit: type=1326 audit(1747387487.583:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13604 comm="syz.6.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[  972.143462][T13633] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  972.334042][T13633] bridge0: port 2(bridge_slave_1) entered disabled state
[  972.343678][T13633] bridge0: port 1(bridge_slave_0) entered disabled state
[  978.505094][T13672] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1864'.
[  984.429886][T13741] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1881'.
[  985.187978][ T5826] block nbd6: Receive control failed (result -107)
[  985.206357][T13746] syz.6.1882: attempt to access beyond end of device
[  985.206357][T13746] nbd6: rw=0, sector=64, nr_sectors = 1 limit=0
[  985.222821][T13746] syz.6.1882: attempt to access beyond end of device
[  985.222821][T13746] nbd6: rw=0, sector=256, nr_sectors = 1 limit=0
[  985.277251][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  985.289961][T13746] syz.6.1882: attempt to access beyond end of device
[  985.289961][T13746] nbd6: rw=0, sector=512, nr_sectors = 1 limit=0
[  985.303436][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  985.318639][T13746] syz.6.1882: attempt to access beyond end of device
[  985.318639][T13746] nbd6: rw=0, sector=64, nr_sectors = 2 limit=0
[  985.335013][T13746] syz.6.1882: attempt to access beyond end of device
[  985.335013][T13746] nbd6: rw=0, sector=512, nr_sectors = 2 limit=0
[  985.348463][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  985.361094][T13746] syz.6.1882: attempt to access beyond end of device
[  985.361094][T13746] nbd6: rw=0, sector=1024, nr_sectors = 2 limit=0
[  985.374603][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  985.388440][T13746] syz.6.1882: attempt to access beyond end of device
[  985.388440][T13746] nbd6: rw=0, sector=64, nr_sectors = 4 limit=0
[  985.402378][T13746] syz.6.1882: attempt to access beyond end of device
[  985.402378][T13746] nbd6: rw=0, sector=1024, nr_sectors = 4 limit=0
[  985.415830][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  985.426008][T13746] syz.6.1882: attempt to access beyond end of device
[  985.426008][T13746] nbd6: rw=0, sector=2048, nr_sectors = 4 limit=0
[  985.501566][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  985.513895][T13746] syz.6.1882: attempt to access beyond end of device
[  985.513895][T13746] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[  985.529592][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  985.540468][T13746] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  985.550321][T13746] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[  987.735031][T13752] nbd6: detected capacity change from 0 to 29912
[  988.062610][T13752] block nbd6: shutting down sockets
[  991.134313][T13799] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1898'.
[  992.341828][T13815] ieee802154 phy0 wpan0: encryption failed: -22
[ 1000.674539][T13904] NILFS (nullb0): couldn't find nilfs on the device
[ 1002.278585][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1002.558172][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1007.221403][T13970] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1009.366189][T13983] overlayfs: missing 'lowerdir'
[ 1011.607628][T11820] Bluetooth: hci2: command 0x0405 tx timeout
[ 1015.728212][   T30] kauditd_printk_skb: 19 callbacks suppressed
[ 1015.728236][   T30] audit: type=1326 audit(1747387534.713:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1015.978865][   T30] audit: type=1326 audit(1747387534.713:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1016.014099][   T30] audit: type=1326 audit(1747387534.993:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1016.060554][   T30] audit: type=1326 audit(1747387534.993:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1016.764959][   T30] audit: type=1326 audit(1747387535.003:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1016.880159][   T30] audit: type=1326 audit(1747387535.003:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1017.073386][   T30] audit: type=1326 audit(1747387535.043:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1017.151861][   T30] audit: type=1326 audit(1747387535.043:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1017.438719][T14052] overlayfs: missing 'lowerdir'
[ 1017.466346][   T30] audit: type=1326 audit(1747387535.043:990): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1018.254188][   T30] audit: type=1326 audit(1747387535.043:991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14038 comm="syz.6.1957" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x7ffc0000
[ 1025.261337][T14128] overlayfs: missing 'lowerdir'
[ 1027.448526][T14144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1983'.
[ 1027.561843][T14144] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1983'.
[ 1029.202485][T14146] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1031.890498][T14193] IPVS: Scheduler module ip_vs_sip not found
[ 1032.096259][   T30] kauditd_printk_skb: 13 callbacks suppressed
[ 1032.096285][   T30] audit: type=1326 audit(1747387551.085:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1032.428725][T14211] vivid-000: disconnect
[ 1032.440825][T14211] vivid-000: reconnect
[ 1033.983617][   T30] audit: type=1326 audit(1747387551.085:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1034.007045][   T30] audit: type=1326 audit(1747387551.085:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1034.030418][   T30] audit: type=1326 audit(1747387551.135:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1034.090565][   T30] audit: type=1326 audit(1747387551.305:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1034.183860][T14203] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1034.673853][   T30] audit: type=1326 audit(1747387551.305:1010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1034.841797][   T30] audit: type=1326 audit(1747387552.285:1011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1035.075479][   T30] audit: type=1326 audit(1747387552.285:1012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1035.128915][   T30] audit: type=1326 audit(1747387552.285:1013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1035.199860][   T30] audit: type=1326 audit(1747387552.285:1014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14202 comm="syz.5.1998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7fe26398e969 code=0x7ffc0000
[ 1035.722598][T14234] Malformed UNC in devname
[ 1035.722598][T14234] 
[ 1035.731981][T14234] CIFS: VFS: Malformed UNC in devname
[ 1036.049258][T14241] random: crng reseeded on system resumption
[ 1041.251782][T14282] qnx4: no qnx4 filesystem (no root dir).
[ 1041.299227][T14282] ubi31: attaching mtd0
[ 1041.409960][T14282] ubi31: scanning is finished
[ 1041.414936][T14282] ubi31: empty MTD device detected
[ 1041.743233][T14284] NILFS (nullb0): couldn't find nilfs on the device
[ 1041.804552][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1041.804576][   T30] audit: type=1326 audit(1747387560.785:1020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1041.937433][   T30] audit: type=1326 audit(1747387560.785:1021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.044318][   T30] audit: type=1326 audit(1747387560.785:1022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.074183][   T30] audit: type=1326 audit(1747387560.795:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.087855][T14282] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1043.096914][   T30] audit: type=1326 audit(1747387560.795:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.131833][T14282] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1043.571280][T14282] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1043.581403][   T30] audit: type=1326 audit(1747387560.795:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=203 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.617873][   T30] audit: type=1326 audit(1747387560.795:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.791947][T14282] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1043.813734][   T30] audit: type=1326 audit(1747387560.795:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1043.836703][T14282] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1044.084546][T14282] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1044.666069][T14298] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1044.879422][T14282] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2213008638
[ 1044.892539][   T30] audit: type=1326 audit(1747387560.795:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1044.915073][   T30] audit: type=1326 audit(1747387560.795:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14285 comm="syz.7.2021" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1044.986106][T14282] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1045.130526][T14292] ubi31: background thread "ubi_bgt31d" started, PID 14292
[ 1047.980768][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1047.980824][   T30] audit: type=1326 audit(1747387566.795:1039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.032327][   T30] audit: type=1326 audit(1747387566.795:1040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.272342][   T30] audit: type=1326 audit(1747387566.795:1041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.397723][   T30] audit: type=1326 audit(1747387566.965:1042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.529691][   T30] audit: type=1326 audit(1747387567.105:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.610693][   T30] audit: type=1326 audit(1747387567.285:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1048.701867][   T30] audit: type=1326 audit(1747387567.295:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1049.011755][   T30] audit: type=1326 audit(1747387567.295:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1049.778926][   T30] audit: type=1326 audit(1747387567.305:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1050.101767][   T30] audit: type=1326 audit(1747387567.305:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14340 comm="syz.7.2037" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ff18818e969 code=0x7ffc0000
[ 1050.187760][T14362] bridge0: port 3(netdevsim0) entered blocking state
[ 1050.195103][T14362] bridge0: port 3(netdevsim0) entered disabled state
[ 1050.202060][T14362] netdevsim netdevsim7 netdevsim0: entered allmulticast mode
[ 1050.213810][T14362] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[ 1050.646153][T14358] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1052.982266][T14382] ubi: mtd0 is already attached to ubi31
[ 1053.076142][T14387] ubi: mtd0 is already attached to ubi31
[ 1055.510320][T14404] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2053'.
[ 1057.300407][T14407] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1060.665987][T14445] ubi: mtd0 is already attached to ubi31
[ 1063.874382][T14467] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1063.999798][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1067.457616][T14500] netlink: 'syz.7.2078': attribute type 2 has an invalid length.
[ 1067.505359][T14500] : entered promiscuous mode
[ 1068.045773][T14498] syz.7.2078 (14498): drop_caches: 2
[ 1068.050197][T14498] syz.7.2078 (14498): drop_caches: 2
[ 1071.061559][T14524] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1072.027349][T11820] Bluetooth: hci2: command 0x0405 tx timeout
[ 1075.010169][T14562] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1083.171111][T14623] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1084.614466][T14641] netlink: 'syz.7.2122': attribute type 1 has an invalid length.
[ 1084.614552][T14641] netlink: 240 bytes leftover after parsing attributes in process `syz.7.2122'.
[ 1085.519679][T14633] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1085.652377][T14640] tty tty3: ldisc open failed (-12), clearing slot 2
[ 1085.661568][T14644] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[ 1092.987763][T14701] netlink: 'syz.6.2138': attribute type 1 has an invalid length.
[ 1092.995640][T14701] netlink: 240 bytes leftover after parsing attributes in process `syz.6.2138'.
[ 1093.468066][T14697] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1095.813513][T14727] fuse: Unknown parameter '0x0000000000000004'
[ 1097.325524][T14728] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1100.834107][T14757] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1101.136055][T14760] syz.1.2153 (14760): drop_caches: 2
[ 1101.154709][T14760] syz.1.2153 (14760): drop_caches: 2
[ 1104.500784][T14784] fuse: Bad value for 'fd'
[ 1104.542974][T14784] fuseblk: Bad value for 'fd'
[ 1105.611097][T14797] fuse: Unknown parameter '0x0000000000000004'
[ 1105.998636][    T9] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[ 1106.259513][    T9] usb 2-1: config 0 has an invalid interface number: 23 but max is 0
[ 1106.488616][    T9] usb 2-1: config 0 has no interface number 0
[ 1106.675206][    T9] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1106.727497][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.775182][    T9] usb 2-1: Product: syz
[ 1106.809935][    T9] usb 2-1: Manufacturer: syz
[ 1106.880604][    T9] usb 2-1: SerialNumber: syz
[ 1107.433744][    T9] usb 2-1: config 0 descriptor??
[ 1107.458772][    T9] ftdi_sio 2-1:0.23: FTDI USB Serial Device converter detected
[ 1107.505800][    T9] usb 2-1: Detected SIO
[ 1107.546204][    T9] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1107.729286][    T9] usb 2-1: USB disconnect, device number 11
[ 1108.416336][T14808] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1108.908743][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1108.947503][    T9] ftdi_sio 2-1:0.23: device disconnected
[ 1109.490558][T14826] hub 8-0:1.0: USB hub found
[ 1109.498021][T14826] hub 8-0:1.0: 1 port detected
[ 1110.372268][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1110.390164][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1110.421806][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1110.439817][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1110.463204][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1111.992821][T14845] syz.7.2174 (14845): drop_caches: 2
[ 1112.012226][T14845] syz.7.2174 (14845): drop_caches: 2
[ 1114.284582][ T5831] Bluetooth: hci4: command tx timeout
[ 1114.453995][T10036] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1115.874913][T10036] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1115.981284][T14863] fuse: Unknown parameter '0x0000000000000004'
[ 1116.312508][ T5831] Bluetooth: hci4: command tx timeout
[ 1116.631879][T13859] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[ 1117.595555][T13859] usb 8-1: config 0 has an invalid interface number: 23 but max is 0
[ 1117.859091][T13859] usb 8-1: config 0 has no interface number 0
[ 1117.873814][T10036] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.902897][T13859] usb 8-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1117.932741][T13859] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1117.944779][T13859] usb 8-1: Product: syz
[ 1117.949051][T13859] usb 8-1: Manufacturer: syz
[ 1117.992125][T13859] usb 8-1: SerialNumber: syz
[ 1118.070890][T13859] usb 8-1: config 0 descriptor??
[ 1118.150728][   T30] kauditd_printk_skb: 9 callbacks suppressed
[ 1118.150787][   T30] audit: type=1326 audit(1747387637.135:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14877 comm="syz.6.2183" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x0
[ 1118.158985][T10036] bridge0: port 3(netdevsim0) entered disabled state
[ 1118.197311][T13859] ftdi_sio 8-1:0.23: FTDI USB Serial Device converter detected
[ 1118.294806][T13859] usb 8-1: Detected SIO
[ 1118.335593][T13859] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1118.426548][ T5826] Bluetooth: hci4: command tx timeout
[ 1118.742940][T10036] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode
[ 1118.785908][T10036] netdevsim netdevsim4 netdevsim0 (unregistering): left promiscuous mode
[ 1118.825220][T10036] bridge0: port 3(netdevsim0) entered disabled state
[ 1118.878197][T10036] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1119.553331][T13158] usb 8-1: USB disconnect, device number 2
[ 1119.661977][T14894] overlayfs: overlapping lowerdir path
[ 1119.665865][T13158] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1119.702238][T13158] ftdi_sio 8-1:0.23: device disconnected
[ 1119.741056][T14893] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2188'.
[ 1120.482039][ T5826] Bluetooth: hci4: command tx timeout
[ 1120.497974][T14828] chnl_net:caif_netlink_parms(): no params data found
[ 1121.389549][T10036] bridge_slave_1: left allmulticast mode
[ 1121.400439][T10036] bridge_slave_1: left promiscuous mode
[ 1121.432642][T10036] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1121.527411][T10036] bridge_slave_0: left allmulticast mode
[ 1121.552469][T10036] bridge_slave_0: left promiscuous mode
[ 1121.558445][T10036] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1121.630044][T14907] syz.7.2192 (14907): drop_caches: 2
[ 1121.679570][T14907] syz.7.2192 (14907): drop_caches: 2
[ 1122.419589][T14916] random: crng reseeded on system resumption
[ 1122.682643][T14920] fuse: Unknown parameter 'fd0xffffffffffffffff'
[ 1125.013753][T14926] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1125.440356][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1128.891147][T10036] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1128.957679][T10036] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1129.164067][T10036] bond0 (unregistering): Released all slaves
[ 1129.571078][T10036] : left promiscuous mode
[ 1129.610671][T14960] syz.6.2208 (14960): drop_caches: 2
[ 1130.547642][T14960] syz.6.2208 (14960): drop_caches: 2
[ 1132.892390][T14828] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1132.899588][T14828] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1132.969781][T14828] bridge_slave_0: entered allmulticast mode
[ 1133.002303][T14828] bridge_slave_0: entered promiscuous mode
[ 1133.496430][T15005] NILFS (nullb0): couldn't find nilfs on the device
[ 1134.991893][T14828] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1134.999088][T14828] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1135.040161][T14828] bridge_slave_1: entered allmulticast mode
[ 1136.289545][T14828] bridge_slave_1: entered promiscuous mode
[ 1136.989050][T15027] qnx4: no qnx4 filesystem (no root dir).
[ 1137.478486][T15021] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1137.623658][T15027] ubi: mtd0 is already attached to ubi31
[ 1138.965262][T14828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1139.715506][T10036] hsr_slave_0: left promiscuous mode
[ 1139.985226][T10036] hsr_slave_1: left promiscuous mode
[ 1139.991521][T10036] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1140.612074][T10036] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1140.674961][T10036] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1140.732875][T10036] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1140.788656][ T1208] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1140.951729][ T1208] usb 7-1: Using ep0 maxpacket: 8
[ 1140.963876][ T1208] usb 7-1: config 0 has an invalid interface number: 52 but max is 0
[ 1141.008778][ T1208] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.051751][ T1208] usb 7-1: config 0 has no interface number 0
[ 1141.081969][ T1208] usb 7-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1141.134490][T10036] veth0_macvtap: left promiscuous mode
[ 1141.140341][T10036] veth1_vlan: left promiscuous mode
[ 1141.159436][T10036] veth0_vlan: left promiscuous mode
[ 1141.228362][T15072] NILFS (nullb0): couldn't find nilfs on the device
[ 1141.901738][ T1208] usb 7-1: config 0 interface 52 has no altsetting 0
[ 1141.919831][ T1208] usb 7-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[ 1141.941734][ T1208] usb 7-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0
[ 1141.949862][ T1208] usb 7-1: Manufacturer: syz
[ 1141.967486][ T1208] usb 7-1: config 0 descriptor??
[ 1142.120664][ T1208] usb 7-1: Can not set alternate setting to 1, error: -71
[ 1142.195903][ T1208] synaptics_usb 7-1:0.52: probe with driver synaptics_usb failed with error -71
[ 1142.320569][ T1208] usb 7-1: USB disconnect, device number 2
[ 1143.428062][T10036] pimreg3 (unregistering): left allmulticast mode
[ 1145.441034][T15100] Bluetooth: MGMT ver 1.23
[ 1146.025097][T15090] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1150.349679][T15131] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2250'.
[ 1150.358807][T15131] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2250'.
[ 1150.367961][T15131] netlink: 'syz.5.2250': attribute type 10 has an invalid length.
[ 1151.954785][T10036] team0 (unregistering): Port device team_slave_1 removed
[ 1152.296896][T10036] team0 (unregistering): Port device team_slave_0 removed
[ 1154.965381][T14828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1156.362614][T15179] fuse: Bad value for 'fd'
[ 1156.402829][T15179] fuseblk: Bad value for 'fd'
[ 1156.419706][T15171] xt_CT: No such helper "snmp"
[ 1156.550256][T14828] team0: Port device team_slave_0 added
[ 1156.585643][T14828] team0: Port device team_slave_1 added
[ 1157.767115][T14828] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1157.841799][T14828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1158.135801][T14828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1158.358505][T14828] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1158.881655][   T30] audit: type=1326 audit(1747387677.455:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15193 comm="syz.3.2266" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7738b8e969 code=0x0
[ 1159.389668][T14828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1159.559394][T14828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1160.170818][T10036] IPVS: stop unused estimator thread 0...
[ 1161.149009][T14828] hsr_slave_0: entered promiscuous mode
[ 1161.505643][T14828] hsr_slave_1: entered promiscuous mode
[ 1162.873303][T15239] netlink: 'syz.6.2277': attribute type 1 has an invalid length.
[ 1162.881184][T15239] netlink: 240 bytes leftover after parsing attributes in process `syz.6.2277'.
[ 1165.166497][T15251] xt_CT: No such helper "snmp"
[ 1167.755313][T15273] Bluetooth: hci1: Opcode 0x0401 failed: -4
[ 1168.465663][T15276] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2285'.
[ 1168.838821][T15281] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1169.832307][ T5831] Bluetooth: hci1: command 0x0401 tx timeout
[ 1171.125162][ T5826] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1171.238866][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1171.251991][ T5826] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1171.262670][ T5826] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1171.270689][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1171.799293][ T5909] bridge_slave_1: left allmulticast mode
[ 1171.831731][ T5909] bridge_slave_1: left promiscuous mode
[ 1171.889299][ T5909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1172.354268][ T5909] bridge_slave_0: left allmulticast mode
[ 1172.695993][ T5909] bridge_slave_0: left promiscuous mode
[ 1172.811097][ T5826] Bluetooth: hci1: unexpected event for opcode 0x0c7b
[ 1172.945614][ T5909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1173.444457][ T5826] Bluetooth: hci4: command tx timeout
[ 1173.989043][T15293] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1174.562676][T15339] xt_socket: unknown flags 0x8
[ 1175.511986][ T5831] Bluetooth: hci4: command tx timeout
[ 1175.691416][ T5909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1175.718232][T15346] NILFS (nullb0): couldn't find nilfs on the device
[ 1175.785350][ T5909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1175.820693][ T5909] bond0 (unregistering): Released all slaves
[ 1176.065081][ T5909] hsr_slave_0: left promiscuous mode
[ 1176.101569][ T5909] hsr_slave_1: left promiscuous mode
[ 1176.137769][ T5909] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1176.235709][ T5909] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1176.391041][T15350] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2301'.
[ 1177.423389][ T5909] team0 (unregistering): Port device team_slave_1 removed
[ 1177.549687][ T5909] team0 (unregistering): Port device team_slave_0 removed
[ 1177.592597][ T5831] Bluetooth: hci4: command tx timeout
[ 1179.430459][T15355] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1179.685142][ T5831] Bluetooth: hci4: command tx timeout
[ 1180.491145][T15386] hub 8-0:1.0: USB hub found
[ 1180.522245][T15386] hub 8-0:1.0: 1 port detected
[ 1181.495794][T15355] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.519975][T15391] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2315'.
[ 1182.496877][T15355] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1182.863935][T15355] netdevsim netdevsim7 netdevsim0 (unregistering): left allmulticast mode
[ 1182.900422][T15355] netdevsim netdevsim7 netdevsim0 (unregistering): left promiscuous mode
[ 1182.955898][T15355] bridge0: port 3(netdevsim0) entered disabled state
[ 1183.140982][T15355] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1184.441881][T15440] random: crng reseeded on system resumption
[ 1184.575673][T15399] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1184.693990][T15355] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1184.772786][T15355] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1184.866474][T15355] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1184.938009][T15355] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1184.990486][T15302] chnl_net:caif_netlink_parms(): no params data found
[ 1185.922489][T15302] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1185.940094][T15302] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1185.962546][T15302] bridge_slave_0: entered allmulticast mode
[ 1186.302026][T15302] bridge_slave_0: entered promiscuous mode
[ 1186.329194][T15302] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1186.361569][T15302] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1186.380577][T15302] bridge_slave_1: entered allmulticast mode
[ 1186.413052][T15302] bridge_slave_1: entered promiscuous mode
[ 1186.436017][T15466] qnx4: no qnx4 filesystem (no root dir).
[ 1186.449471][T15466] ubi: mtd0 is already attached to ubi31
[ 1186.879184][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1187.394253][T15302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1187.614690][T15302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1188.017294][T15302] team0: Port device team_slave_0 added
[ 1188.076462][T15302] team0: Port device team_slave_1 added
[ 1189.073060][T15302] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1189.082957][T15302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1189.156037][T15302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1189.655921][T15302] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1190.171871][T15302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1190.234842][T15302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1190.677009][T15302] hsr_slave_0: entered promiscuous mode
[ 1190.727991][T15302] hsr_slave_1: entered promiscuous mode
[ 1192.022888][T15512] xt_CT: No such helper "snmp"
[ 1195.896953][T15551] netlink: 20 bytes leftover after parsing attributes in process `syz.7.2348'.
[ 1195.967871][T15302] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1196.063305][T15302] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1196.122238][   T30] audit: type=1326 audit(1747387715.115:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15554 comm="syz.5.2351" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe26398e969 code=0x0
[ 1196.278488][T15302] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1196.474429][T15302] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1198.075861][T15302] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1198.343452][T15302] 8021q: adding VLAN 0 to HW filter on device team0
[ 1199.353786][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1199.361008][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1200.345119][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1200.352335][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1200.621723][ T9962] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[ 1200.647272][T15302] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1200.834659][ T9962] usb 7-1: config 0 has an invalid interface number: 23 but max is 0
[ 1200.862933][ T9962] usb 7-1: config 0 has no interface number 0
[ 1200.911724][ T9962] usb 7-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1200.920949][ T9962] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1201.000380][ T9962] usb 7-1: Product: syz
[ 1201.081451][ T9962] usb 7-1: Manufacturer: syz
[ 1201.637619][ T9962] usb 7-1: SerialNumber: syz
[ 1202.155975][ T9962] usb 7-1: config 0 descriptor??
[ 1202.218073][ T9962] usb 7-1: can't set config #0, error -71
[ 1202.713348][ T9962] usb 7-1: USB disconnect, device number 3
[ 1203.644564][T15610] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2364'.
[ 1204.385618][T15302] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1205.877804][T15626] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.641822][T14806] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[ 1206.821651][T14806] usb 7-1: config 0 has an invalid interface number: 23 but max is 0
[ 1206.877336][T14806] usb 7-1: config 0 has no interface number 0
[ 1206.982883][T14806] usb 7-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1207.093039][T14806] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.173631][T14806] usb 7-1: Product: syz
[ 1207.178287][T14806] usb 7-1: Manufacturer: syz
[ 1207.231057][T14806] usb 7-1: SerialNumber: syz
[ 1207.252718][T14806] usb 7-1: config 0 descriptor??
[ 1207.284208][T14806] ftdi_sio 7-1:0.23: FTDI USB Serial Device converter detected
[ 1207.288910][T15626] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.307691][T14806] usb 7-1: Detected SIO
[ 1207.330811][T14806] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1207.966394][T15626] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1209.109033][   T52] usb 7-1: USB disconnect, device number 4
[ 1209.154771][   T52] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1209.169881][   T52] ftdi_sio 7-1:0.23: device disconnected
[ 1209.533155][T15672] loop6: detected capacity change from 0 to 63
[ 1209.842029][T15672] support for the xor transformation has been removed.
[ 1209.928048][T15626] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[ 1209.957858][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.081513][T15626] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode
[ 1210.087932][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.108610][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.117975][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.133464][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.273776][T15626] bridge0: port 3(netdevsim0) entered disabled state
[ 1210.323232][T14876] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1210.353590][T14876] Buffer I/O error on dev loop6, logical block 3, async page read
[ 1210.771316][T15626] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1211.055193][T15680] syz.7.2383 (15680): drop_caches: 2
[ 1211.357379][T15680] syz.7.2383 (15680): drop_caches: 2
[ 1211.406590][T15680] netlink: 'syz.7.2383': attribute type 2 has an invalid length.
[ 1211.917486][T15302] veth0_vlan: entered promiscuous mode
[ 1212.159581][T15302] veth1_vlan: entered promiscuous mode
[ 1213.260651][T15626] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.431652][T15626] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.449291][T15302] veth0_macvtap: entered promiscuous mode
[ 1213.485095][T15302] veth1_macvtap: entered promiscuous mode
[ 1213.524333][T15626] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.582337][T15626] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.620511][T15302] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1213.694939][T15302] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1213.768039][T15302] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.786872][T15302] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.800561][T15302] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.922472][T15302] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1214.415523][T15712] random: crng reseeded on system resumption
[ 1216.410283][T15724] qnx4: no qnx4 filesystem (no root dir).
[ 1222.131267][T10517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1222.371728][T10517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1223.951697][T10517] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1224.049998][T10517] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1226.186562][T15763] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1226.221979][T15763] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1227.105417][T15763] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1227.159739][T15763] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1227.352206][T15790] qnx4: no qnx4 filesystem (no root dir).
[ 1227.361277][T15790] ubi: mtd0 is already attached to ubi31
[ 1227.656099][T15763] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1227.684944][T15763] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[ 1229.141790][    T9] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[ 1229.622328][ T5826] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1229.664312][    T9] usb 7-1: config 0 has an invalid interface number: 23 but max is 0
[ 1229.704897][ T5826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1229.714730][ T5826] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1229.725222][ T5826] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1229.733448][ T5826] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1229.746333][    T9] usb 7-1: config 0 has no interface number 0
[ 1229.759317][    T9] usb 7-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1229.805555][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1229.816540][ T5831] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1229.824715][ T5831] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1229.852051][ T5831] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1229.874953][    T9] usb 7-1: Product: syz
[ 1229.962827][    T9] usb 7-1: Manufacturer: syz
[ 1229.967489][    T9] usb 7-1: SerialNumber: syz
[ 1229.972408][ T5831] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1229.980615][ T5831] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1230.009139][    T9] usb 7-1: config 0 descriptor??
[ 1230.027646][    T9] ftdi_sio 7-1:0.23: FTDI USB Serial Device converter detected
[ 1230.107794][    T9] usb 7-1: Detected SIO
[ 1230.207075][    T9] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1230.332177][T15810] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2413'.
[ 1231.359284][T15815] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1231.516411][    T9] usb 7-1: USB disconnect, device number 5
[ 1231.582715][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1231.770147][    T9] ftdi_sio 7-1:0.23: device disconnected
[ 1232.076134][ T5826] Bluetooth: hci6: command tx timeout
[ 1233.136210][T10532] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1233.297941][T15831] Falling back ldisc for ptm0.
[ 1234.174572][ T5826] Bluetooth: hci6: command tx timeout
[ 1235.011777][   T30] audit: type=1326 audit(1747387753.625:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15852 comm="syz.6.2424" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x0
[ 1235.065730][T10532] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1235.975562][T15867] qnx4: no qnx4 filesystem (no root dir).
[ 1235.992266][T15867] ubi: mtd0 is already attached to ubi31
[ 1236.146078][T10532] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1236.231753][ T5826] Bluetooth: hci6: command tx timeout
[ 1236.478456][T15875] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2427'.
[ 1236.567307][T10532] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1237.971733][   T52] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[ 1238.183189][   T52] usb 8-1: config 0 has an invalid interface number: 23 but max is 0
[ 1238.191931][   T52] usb 8-1: config 0 has no interface number 0
[ 1238.212544][T15892] random: crng reseeded on system resumption
[ 1238.236270][   T52] usb 8-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1238.323439][ T5826] Bluetooth: hci6: command tx timeout
[ 1238.375301][   T52] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1238.383880][   T52] usb 8-1: Product: syz
[ 1238.388124][   T52] usb 8-1: Manufacturer: syz
[ 1238.393241][   T52] usb 8-1: SerialNumber: syz
[ 1238.408882][   T52] usb 8-1: config 0 descriptor??
[ 1238.411500][T15805] chnl_net:caif_netlink_parms(): no params data found
[ 1238.981207][   T52] ftdi_sio 8-1:0.23: FTDI USB Serial Device converter detected
[ 1239.030844][   T52] usb 8-1: Detected SIO
[ 1239.100393][   T52] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1239.806462][ T5839] usb 8-1: USB disconnect, device number 3
[ 1240.181900][ T5839] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1240.240717][ T5839] ftdi_sio 8-1:0.23: device disconnected
[ 1240.710565][T15909] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[ 1242.052160][T10532] bridge_slave_1: left allmulticast mode
[ 1242.065483][T10532] bridge_slave_1: left promiscuous mode
[ 1242.087753][T10532] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1242.173212][T10532] bridge_slave_0: left allmulticast mode
[ 1242.179344][T10532] bridge_slave_0: left promiscuous mode
[ 1242.203305][T10532] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1244.379974][T15938] NILFS (nullb0): couldn't find nilfs on the device
[ 1245.471755][ T1208] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[ 1245.611315][T15944] qnx4: no qnx4 filesystem (no root dir).
[ 1245.618428][T15944] ubi: mtd0 is already attached to ubi31
[ 1245.734681][ T1208] usb 2-1: config 0 has an invalid interface number: 23 but max is 0
[ 1245.809210][ T1208] usb 2-1: config 0 has no interface number 0
[ 1245.850041][ T1208] usb 2-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1245.869992][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1245.892203][ T1208] usb 2-1: Product: syz
[ 1245.901970][ T1208] usb 2-1: Manufacturer: syz
[ 1245.911617][ T1208] usb 2-1: SerialNumber: syz
[ 1245.943020][ T1208] usb 2-1: config 0 descriptor??
[ 1245.968973][ T1208] ftdi_sio 2-1:0.23: FTDI USB Serial Device converter detected
[ 1245.984424][ T1208] usb 2-1: Detected SIO
[ 1245.999785][ T1208] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1246.152159][ T1208] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[ 1246.317040][T10532] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1246.330513][T10532] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1246.442809][ T1208] usb 7-1: config 0 has an invalid interface number: 133 but max is 0
[ 1246.543143][ T1208] usb 7-1: config 0 has no interface number 0
[ 1246.668439][T10532] bond0 (unregistering): Released all slaves
[ 1246.724166][ T1208] usb 7-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[ 1246.733445][ T1208] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1246.741641][ T1208] usb 7-1: Product: syz
[ 1246.754474][ T1208] usb 7-1: Manufacturer: syz
[ 1246.760351][ T1208] usb 7-1: SerialNumber: syz
[ 1247.041471][ T1208] usb 7-1: config 0 descriptor??
[ 1247.101274][T15805] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1247.119183][T15805] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1247.155774][T15805] bridge_slave_0: entered allmulticast mode
[ 1247.350134][ T5839] usb 2-1: USB disconnect, device number 12
[ 1247.377062][T15805] bridge_slave_0: entered promiscuous mode
[ 1247.380715][ T5839] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1247.421032][ T5839] ftdi_sio 2-1:0.23: device disconnected
[ 1247.430738][ T1208] keyspan 7-1:0.133: Keyspan 1 port adapter converter detected
[ 1247.457148][T15805] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1247.482398][ T1208] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 81
[ 1247.490360][ T1208] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 1
[ 1247.500174][T15805] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1247.516497][ T1208] keyspan 7-1:0.133: found no endpoint descriptor for endpoint 2
[ 1247.532703][T15805] bridge_slave_1: entered allmulticast mode
[ 1247.536604][ T1208] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[ 1247.566571][T15805] bridge_slave_1: entered promiscuous mode
[ 1247.949660][T15963] random: crng reseeded on system resumption
[ 1248.249129][ T1208] usb 7-1: USB disconnect, device number 6
[ 1248.304004][ T1208] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[ 1248.320620][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1248.377013][ T1208] keyspan 7-1:0.133: device disconnected
[ 1249.146301][T15805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1249.227608][T15805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1250.464825][   T30] audit: type=1326 audit(1747387769.455:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15977 comm="syz.6.2454" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4c5cb8e969 code=0x0
[ 1250.925847][T15805] team0: Port device team_slave_0 added
[ 1251.000297][T10532] hsr_slave_0: left promiscuous mode
[ 1251.028564][T10532] hsr_slave_1: left promiscuous mode
[ 1251.051157][T10532] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1251.093040][T10532] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1251.129482][T10532] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1251.157253][T10532] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1251.273937][T10532] veth1_macvtap: left promiscuous mode
[ 1251.302020][T10532] veth0_macvtap: left promiscuous mode
[ 1251.317235][T10532] veth1_vlan: left promiscuous mode
[ 1251.336635][T10532] veth0_vlan: left promiscuous mode
[ 1252.316347][T16004] NILFS (nullb0): couldn't find nilfs on the device
[ 1253.250046][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2461'.
[ 1253.270967][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2461'.
[ 1253.311918][T16010] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2461'.
[ 1253.358864][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2461'.
[ 1253.398868][T16013] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2461'.
[ 1255.344638][T16029] vcan0: tx drop: invalid da for name 0xffffffffffffffff
[ 1258.013261][T10532] team0 (unregistering): Port device team_slave_1 removed
[ 1258.079370][T10532] team0 (unregistering): Port device team_slave_0 removed
[ 1258.655829][T16048] netlink: 'syz.1.2472': attribute type 1 has an invalid length.
[ 1258.703544][T16048] netlink: 240 bytes leftover after parsing attributes in process `syz.1.2472'.
[ 1259.116469][T16052] NILFS (nullb0): couldn't find nilfs on the device
[ 1260.313923][T15805] team0: Port device team_slave_1 added
[ 1260.341975][T15992] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2457'.
[ 1260.946319][T15805] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1261.078466][T15805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1261.528949][T15805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1261.747401][T15805] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1261.817846][T15805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1261.858781][T15805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1261.926637][T16072] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1262.212046][T16074] fuse: Bad value for 'group_id'
[ 1262.217052][T16074] fuse: Bad value for 'group_id'
[ 1263.556448][T15805] hsr_slave_0: entered promiscuous mode
[ 1264.404940][T15805] hsr_slave_1: entered promiscuous mode
[ 1264.589030][T16098] Driver unsupported XDP return value 0 on prog  (id 359) dev N/A, expect packet loss!
[ 1264.949224][T16103] netlink: 'syz.1.2487': attribute type 2 has an invalid length.
[ 1265.077790][T16105] hpfs: Bad magic ... probably not HPFS
[ 1265.770432][T16100] syz.1.2487 (16100): drop_caches: 2
[ 1265.881354][T16100] syz.1.2487 (16100): drop_caches: 2
[ 1265.939728][T16103] : entered promiscuous mode
[ 1266.028786][T16112] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2491'.
[ 1268.087012][T16135] IPVS: stopping master sync thread 16136 ...
[ 1268.103174][T16136] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[ 1268.356882][T16144] qnx4: no qnx4 filesystem (no root dir).
[ 1268.397370][T16144] ubi: mtd0 is already attached to ubi31
[ 1268.833698][T16149] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1270.637576][T15805] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1270.693153][T15805] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1270.973735][T15805] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1271.071663][T16168] NILFS (nullb0): couldn't find nilfs on the device
[ 1272.134873][T15805] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1272.639362][T16179] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2508'.
[ 1273.144641][T15805] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1273.191388][T15805] 8021q: adding VLAN 0 to HW filter on device team0
[ 1273.396590][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1273.403924][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1273.434004][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1273.441317][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1275.976719][T16200] qnx4: no qnx4 filesystem (no root dir).
[ 1276.003120][T16200] ubi: mtd0 is already attached to ubi31
[ 1277.115536][T16227] NILFS (nullb0): couldn't find nilfs on the device
[ 1278.487102][T15805] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1278.605339][T16234] syz.1.2520 (16234): drop_caches: 2
[ 1278.660335][T16241] netlink: 'syz.1.2520': attribute type 2 has an invalid length.
[ 1278.695030][T16234] syz.1.2520 (16234): drop_caches: 2
[ 1283.824096][T15805] veth0_vlan: entered promiscuous mode
[ 1283.902635][T15805] veth1_vlan: entered promiscuous mode
[ 1283.998138][T15805] veth0_macvtap: entered promiscuous mode
[ 1284.415390][T15805] veth1_macvtap: entered promiscuous mode
[ 1284.424879][T16297] netlink: 'syz.5.2535': attribute type 1 has an invalid length.
[ 1284.432842][T16297] netlink: 240 bytes leftover after parsing attributes in process `syz.5.2535'.
[ 1284.656095][T15805] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1284.977961][T16307] qnx4: no qnx4 filesystem (no root dir).
[ 1284.996697][T16303] syz.6.2537 (16303): drop_caches: 2
[ 1285.010050][T15805] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1285.111758][T16308] netlink: 'syz.6.2537': attribute type 2 has an invalid length.
[ 1285.115646][T16303] syz.6.2537 (16303): drop_caches: 2
[ 1285.137940][T15805] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1285.172221][T16307] ubi: mtd0 is already attached to ubi31
[ 1285.354645][T15805] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1285.364231][T15805] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1285.406581][T15805] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1285.458131][T16308] : entered promiscuous mode
[ 1286.324223][T10532] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1286.361738][T10532] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1287.671461][   T30] audit: type=1326 audit(1747387806.545:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16336 comm="syz.1.2545" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa1c1d8e969 code=0x0
[ 1290.696014][T16367] qnx4: no qnx4 filesystem (no root dir).
[ 1290.707156][T16367] ubi: mtd0 is already attached to ubi31
[ 1293.212495][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1293.221548][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1293.234361][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1293.243713][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1293.251475][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1293.272298][T16025] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1293.778494][T16399] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2560'.
[ 1293.894255][T16025] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1294.777563][T16025] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.277913][ T5831] Bluetooth: hci4: command tx timeout
[ 1295.400735][T16414] random: crng reseeded on system resumption
[ 1295.497594][T16025] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1297.351758][ T5831] Bluetooth: hci4: command tx timeout
[ 1298.474087][T16445] qnx4: no qnx4 filesystem (no root dir).
[ 1298.502124][T16445] ubi: mtd0 is already attached to ubi31
[ 1298.886036][T16025] bridge_slave_1: left allmulticast mode
[ 1298.906320][T16025] bridge_slave_1: left promiscuous mode
[ 1298.968830][T16025] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1299.126904][T16025] bridge_slave_0: left allmulticast mode
[ 1299.196511][T16025] bridge_slave_0: left promiscuous mode
[ 1299.229869][T16025] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1299.431659][ T5831] Bluetooth: hci4: command tx timeout
[ 1301.511825][ T5831] Bluetooth: hci4: command tx timeout
[ 1305.011728][T16025] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1305.026953][T16025] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1305.047376][T16025] bond0 (unregistering): Released all slaves
[ 1305.069143][T16394] chnl_net:caif_netlink_parms(): no params data found
[ 1305.099102][T16486] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2579'.
[ 1307.839729][T16530] qnx4: no qnx4 filesystem (no root dir).
[ 1307.871065][T16530] ubi: mtd0 is already attached to ubi31
[ 1308.065826][T16541] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2588'.
[ 1309.767461][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1309.981808][T16394] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1310.031118][T16394] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1310.367434][T16394] bridge_slave_0: entered allmulticast mode
[ 1311.364600][T16394] bridge_slave_0: entered promiscuous mode
[ 1314.863602][T16025] hsr_slave_0: left promiscuous mode
[ 1315.045005][T16025] hsr_slave_1: left promiscuous mode
[ 1315.134041][T16025] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1315.192553][T16025] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1315.268602][T16588] netlink: 'syz.7.2598': attribute type 2 has an invalid length.
[ 1315.278833][T16582] syz.7.2598 (16582): drop_caches: 2
[ 1315.432723][T16025] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1315.440187][T16025] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1315.647157][T16582] syz.7.2598 (16582): drop_caches: 2
[ 1315.806118][T16025] veth1_macvtap: left promiscuous mode
[ 1315.811867][T16025] veth0_macvtap: left promiscuous mode
[ 1315.817816][T16025] veth1_vlan: left promiscuous mode
[ 1315.823395][T16025] veth0_vlan: left promiscuous mode
[ 1318.138265][T16618] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2605'.
[ 1318.399471][T16025] team0 (unregistering): Port device team_slave_1 removed
[ 1318.438378][T16025] team0 (unregistering): Port device team_slave_0 removed
[ 1318.811017][T16394] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1318.818788][T16394] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1318.826929][T16394] bridge_slave_1: entered allmulticast mode
[ 1318.842795][T16394] bridge_slave_1: entered promiscuous mode
[ 1319.045856][T16394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1319.124338][T16394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1322.201200][T16394] team0: Port device team_slave_0 added
[ 1322.292879][T16394] team0: Port device team_slave_1 added
[ 1322.750664][T16394] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1322.924522][T16654] qnx4: no qnx4 filesystem (no root dir).
[ 1322.955304][T16394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1322.992880][T16654] ubi: mtd0 is already attached to ubi31
[ 1323.261517][T16394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1323.379768][T16394] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1323.379791][T16394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1323.379850][T16394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1323.899794][T16394] hsr_slave_0: entered promiscuous mode
[ 1323.943112][T16394] hsr_slave_1: entered promiscuous mode
[ 1324.085660][T16663] syz.3.2617 (16663): drop_caches: 2
[ 1324.138538][T16663] syz.3.2617 (16663): drop_caches: 2
[ 1324.220003][T16663] netlink: 'syz.3.2617': attribute type 2 has an invalid length.
[ 1326.163010][T16688] netlink: 48 bytes leftover after parsing attributes in process `syz.5.2620'.
[ 1328.769195][T16712] fuse: Unknown parameter 'grou00000000000000000000'
[ 1329.315548][T16725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1329.370318][T16727] NILFS (nullb0): couldn't find nilfs on the device
[ 1331.031688][T16394] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1331.043057][T16733] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1331.313178][T16394] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1331.442227][T16394] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1331.566391][T16394] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1332.382996][T16750] overlayfs: missing 'lowerdir'
[ 1332.978035][T16394] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1333.157655][T16394] 8021q: adding VLAN 0 to HW filter on device team0
[ 1334.552936][ T5826] Bluetooth: hci4: command 0x0405 tx timeout
[ 1335.062309][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1335.069490][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1335.117692][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1335.124921][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1335.353688][T16394] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1335.447262][T16394] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1336.148549][T16793] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1338.231841][ T5826] Bluetooth: hci1: command tx timeout
[ 1338.829941][T16801] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1342.079158][T16817] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1342.333721][T16394] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1343.002509][T16834] overlayfs: missing 'lowerdir'
[ 1345.375251][T16865] NILFS (nullb0): couldn't find nilfs on the device
[ 1345.668982][T16863] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1346.645761][T16394] veth0_vlan: entered promiscuous mode
[ 1346.736006][T16394] veth1_vlan: entered promiscuous mode
[ 1346.828205][T16876] xt_CT: No such helper "snmp"
[ 1348.458198][T16890] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1350.169006][ T5831] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1350.179458][ T5831] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1350.200745][T16915] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2669'.
[ 1350.210089][ T5831] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1350.235517][ T5831] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1350.269703][ T5831] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1350.488872][T16920] overlayfs: missing 'lowerdir'
[ 1351.395885][T16928] qnx4: no qnx4 filesystem (no root dir).
[ 1351.453516][T16928] ubi: mtd0 is already attached to ubi31
[ 1352.311746][ T5831] Bluetooth: hci4: command tx timeout
[ 1353.533606][T10517] bridge_slave_1: left allmulticast mode
[ 1353.551635][T10517] bridge_slave_1: left promiscuous mode
[ 1353.557442][T10517] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1353.671924][T16939] xt_CT: No such helper "snmp"
[ 1353.704894][T10517] bridge_slave_0: left allmulticast mode
[ 1353.734052][T10517] bridge_slave_0: left promiscuous mode
[ 1353.761497][T10517] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1353.971749][T16950] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1354.205192][T16969] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1354.401625][ T5831] Bluetooth: hci4: command 0x041b tx timeout
[ 1355.221991][T16976] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2683'.
[ 1356.231877][ T5831] Bluetooth: hci1: command tx timeout
[ 1356.471766][ T5831] Bluetooth: hci4: command 0x041b tx timeout
[ 1358.352380][T16997] overlayfs: missing 'lowerdir'
[ 1358.619207][ T5831] Bluetooth: hci4: command 0x041b tx timeout
[ 1358.942537][T10517] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1359.003207][T10517] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1359.026446][T10517] bond0 (unregistering): Released all slaves
[ 1359.637672][T17019] qnx4: no qnx4 filesystem (no root dir).
[ 1359.645001][T17019] ubi: mtd0 is already attached to ubi31
[ 1359.775705][T10517] hsr_slave_0: left promiscuous mode
[ 1360.175442][T10517] hsr_slave_1: left promiscuous mode
[ 1360.198359][T10517] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1360.516651][T10517] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1360.668514][ T5831] Bluetooth: hci4: command 0x041b tx timeout
[ 1361.575253][T10517] veth1_vlan: left promiscuous mode
[ 1361.589775][T10517] veth0_vlan: left promiscuous mode
[ 1362.661899][T17036] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1364.672777][T17051] NILFS (nullb0): couldn't find nilfs on the device
[ 1364.711664][ T5831] Bluetooth: hci1: command tx timeout
[ 1365.996346][T17057] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1366.178213][T10517] team0 (unregistering): Port device team_slave_1 removed
[ 1366.223708][T10517] team0 (unregistering): Port device team_slave_0 removed
[ 1366.650080][T17056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2698'.
[ 1366.692077][T16911] chnl_net:caif_netlink_parms(): no params data found
[ 1367.835147][T17075] overlayfs: missing 'lowerdir'
[ 1368.956367][T17090] qnx4: no qnx4 filesystem (no root dir).
[ 1369.052130][T17090] ubi: mtd0 is already attached to ubi31
[ 1369.094213][T16911] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1369.124549][T16911] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1369.396089][T16911] bridge_slave_0: entered allmulticast mode
[ 1369.417810][T16911] bridge_slave_0: entered promiscuous mode
[ 1370.248370][T16911] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1370.273140][T16911] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1370.298022][T16911] bridge_slave_1: entered allmulticast mode
[ 1370.316193][T16911] bridge_slave_1: entered promiscuous mode
[ 1371.057709][T17103] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1371.202191][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1373.122747][ T5831] Bluetooth: hci1: command tx timeout
[ 1373.177787][T16911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1373.193501][T17117] NILFS (nullb0): couldn't find nilfs on the device
[ 1373.351440][T16911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1374.663983][T17119] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1375.104058][T16911] team0: Port device team_slave_0 added
[ 1375.198972][T16911] team0: Port device team_slave_1 added
[ 1376.027335][T16911] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1376.052686][T16911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1376.120173][T16911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1376.204812][T16911] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1376.245379][T16911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1376.352847][T16911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1376.615022][T17142] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1378.774591][T16911] hsr_slave_0: entered promiscuous mode
[ 1378.856296][T16911] hsr_slave_1: entered promiscuous mode
[ 1378.879912][T17167] overlayfs: missing 'lowerdir'
[ 1379.477431][T17170] Bluetooth: hci1: Opcode 0x0401 failed: -4
[ 1381.761630][T17171] Bluetooth: hci1: command tx timeout
[ 1382.405887][T17178] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1384.444083][T17211] qnx4: no qnx4 filesystem (no root dir).
[ 1384.545535][T17214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1385.639595][T17211] ubi: mtd0 is already attached to ubi31
[ 1387.581658][T17238] Bluetooth: hci1: Opcode 0x0401 failed: -22
[ 1388.601941][T17241] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2737'.
[ 1389.513368][T16911] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1389.691628][T17171] Bluetooth: hci1: command tx timeout
[ 1389.819259][T16911] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1389.826742][T17252] overlayfs: missing 'lowerdir'
[ 1390.366641][T17248] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1390.573500][T16911] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1390.685057][T16911] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1392.070943][T16911] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1392.105321][T16911] 8021q: adding VLAN 0 to HW filter on device team0
[ 1393.215304][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1393.222555][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1393.360792][T16514] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1393.367960][T16514] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1395.951874][T15037] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[ 1396.144098][T15037] usb 7-1: config 0 has an invalid interface number: 23 but max is 0
[ 1396.171684][T15037] usb 7-1: config 0 has no interface number 0
[ 1396.185750][T15037] usb 7-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1396.215406][T15037] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1396.228095][T17295] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2751'.
[ 1396.270594][T15037] usb 7-1: Product: syz
[ 1396.292973][T15037] usb 7-1: Manufacturer: syz
[ 1396.307407][T15037] usb 7-1: SerialNumber: syz
[ 1396.418048][T15037] usb 7-1: config 0 descriptor??
[ 1396.587444][T15037] usb 7-1: can't set config #0, error -71
[ 1397.120350][T15037] usb 7-1: USB disconnect, device number 7
[ 1397.290954][T17302] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1397.663763][T17313] overlayfs: missing 'lowerdir'
[ 1398.160703][T16911] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1398.305881][T17322] fuse: Bad value for 'user_id'
[ 1398.351607][T17322] fuse: Bad value for 'user_id'
[ 1399.885743][T17171] Bluetooth: hci4: command 0x041b tx timeout
[ 1403.097261][T16911] veth0_vlan: entered promiscuous mode
[ 1403.145723][T16911] veth1_vlan: entered promiscuous mode
[ 1403.256462][T17364] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2766'.
[ 1403.321792][T16911] veth0_macvtap: entered promiscuous mode
[ 1403.368799][T16911] veth1_macvtap: entered promiscuous mode
[ 1403.760844][T16911] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1403.859316][T16911] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1403.953973][T16911] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.018482][T16911] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.081007][T16911] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.116122][T17365] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1404.125833][T16911] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1404.287579][T17374] xt_CT: No such helper "snmp"
[ 1404.663286][T10517] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1404.962776][T10517] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1405.179735][ T6192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1405.248649][ T6192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1406.939891][T17401] overlayfs: missing 'lowerdir'
[ 1408.268312][T17415] NILFS (nullb0): couldn't find nilfs on the device
[ 1411.641950][T17435] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿÿ0xf'
[ 1412.766529][ T5826] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1412.778894][ T5826] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1412.788380][ T5826] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1412.798987][ T5826] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1412.809194][T17448] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1413.038685][T17451] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2784'.
[ 1413.905152][ T5909] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1414.361995][T17460] xt_CT: No such helper "snmp"
[ 1414.414895][ T5909] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1414.962298][T17448] Bluetooth: hci6: command tx timeout
[ 1416.348950][ T5909] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1416.693550][T17488] overlayfs: missing 'lowerdir'
[ 1417.031956][T17448] Bluetooth: hci6: command tx timeout
[ 1417.985625][T17500] qnx4: no qnx4 filesystem (no root dir).
[ 1418.281624][T17502] ubi: mtd0 is already attached to ubi31
[ 1419.151983][T17171] Bluetooth: hci6: command tx timeout
[ 1419.268284][ T5909] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1420.171289][T17506] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿÿ0xf'
[ 1421.250763][T17171] Bluetooth: hci6: command 0x0419 tx timeout
[ 1421.297955][T17522] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2799'.
[ 1422.281713][T15037] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[ 1422.847609][T17446] chnl_net:caif_netlink_parms(): no params data found
[ 1423.282758][T17448] Bluetooth: hci6: command 0x0419 tx timeout
[ 1423.428968][T17539] xt_CT: No such helper "snmp"
[ 1423.521429][T15037] usb 6-1: config 0 has an invalid interface number: 23 but max is 0
[ 1423.521570][T15037] usb 6-1: config 0 has no interface number 0
[ 1423.521846][ T5909] bridge_slave_1: left allmulticast mode
[ 1423.522298][ T5909] bridge_slave_1: left promiscuous mode
[ 1423.522539][ T5909] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1423.525038][T15037] usb 6-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 1.7b
[ 1423.525081][T15037] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1423.525118][T15037] usb 6-1: Product: syz
[ 1423.525145][T15037] usb 6-1: Manufacturer: syz
[ 1423.525173][T15037] usb 6-1: SerialNumber: syz
[ 1423.546989][T15037] usb 6-1: config 0 descriptor??
[ 1423.560021][T15037] ftdi_sio 6-1:0.23: FTDI USB Serial Device converter detected
[ 1423.583883][ T5909] bridge_slave_0: left allmulticast mode
[ 1423.583913][ T5909] bridge_slave_0: left promiscuous mode
[ 1423.584148][ T5909] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1423.589709][T15037] usb 6-1: Detected SIO
[ 1423.602232][T15037] usb 6-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1423.625768][T17553] fuse: Bad value for 'fd'
[ 1425.571823][T10309] usb 6-1: USB disconnect, device number 9
[ 1425.597511][T10309] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1425.598168][T10309] ftdi_sio 6-1:0.23: device disconnected
[ 1426.509622][T17565] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿÿ0xf'
[ 1427.304686][T17581] qnx4: no qnx4 filesystem (no root dir).
[ 1427.307695][T17581] ubi: mtd0 is already attached to ubi31
[ 1428.459202][T17589] hpfs: Bad magic ... probably not HPFS
[ 1432.642675][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1432.703022][ T5909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1432.739914][ T5909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1432.838669][ T5909] bond0 (unregistering): Released all slaves
[ 1434.111788][T17619] xt_CT: No such helper "snmp"
[ 1435.321098][T17446] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1435.349110][T17446] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1435.594160][T17446] bridge_slave_0: entered allmulticast mode
[ 1436.564170][T17446] bridge_slave_0: entered promiscuous mode
[ 1436.621695][T17446] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1436.628957][T17446] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1436.684548][T17446] bridge_slave_1: entered allmulticast mode
[ 1436.720017][T17446] bridge_slave_1: entered promiscuous mode
[ 1438.870452][T17648] qnx4: no qnx4 filesystem (no root dir).
[ 1439.064391][T17648] ubi: mtd0 is already attached to ubi31
[ 1440.221189][T17446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1440.358993][ T5909] hsr_slave_0: left promiscuous mode
[ 1440.363781][ T5909] hsr_slave_1: left promiscuous mode
[ 1440.365961][ T5909] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1440.366003][ T5909] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1440.618155][ T5909] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1440.618201][ T5909] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1441.240401][T17665] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1442.145478][ T5909] veth1_macvtap: left promiscuous mode
[ 1442.145583][ T5909] veth0_macvtap: left promiscuous mode
[ 1442.145806][ T5909] veth1_vlan: left promiscuous mode
[ 1442.145977][ T5909] veth0_vlan: left promiscuous mode
[ 1444.125166][T17693] xt_CT: No such helper "snmp"
[ 1444.311018][T17700] fuse: Bad value for 'fd'
[ 1444.549075][ T5909] team0 (unregistering): Port device team_slave_1 removed
[ 1444.677864][ T5909] team0 (unregistering): Port device team_slave_0 removed
[ 1445.740913][T17710] qnx4: no qnx4 filesystem (no root dir).
[ 1445.766492][T17710] ubi: mtd0 is already attached to ubi31
[ 1447.522719][T17446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1448.278912][T17446] team0: Port device team_slave_0 added
[ 1448.327895][T17446] team0: Port device team_slave_1 added
[ 1449.386639][T17733] random: crng reseeded on system resumption
[ 1450.335199][   T30] audit: type=1326 audit(1747387968.995:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17735 comm="syz.1.2844" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa1c1d8e969 code=0x0
[ 1450.384646][T17446] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1450.415049][T17446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1450.799272][T17446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1451.066191][T17446] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1451.076534][T17446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1451.103180][T17446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1451.419168][T17748] xt_CT: No such helper "snmp"
[ 1451.500130][T17446] hsr_slave_0: entered promiscuous mode
[ 1451.561370][T17446] hsr_slave_1: entered promiscuous mode
[ 1451.747721][T17758] qnx4: no qnx4 filesystem (no root dir).
[ 1451.761682][T17758] ubi: mtd0 is already attached to ubi31
[ 1454.616210][T17765] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1455.573458][T17788] block device autoloading is deprecated and will be removed.
[ 1457.093743][T17800] NILFS (nullb0): couldn't find nilfs on the device
[ 1459.947307][T17816] qnx4: no qnx4 filesystem (no root dir).
[ 1459.998192][T17816] ubi: mtd0 is already attached to ubi31
[ 1460.568438][T17819] random: crng reseeded on system resumption
[ 1461.979453][T17822] xt_CT: No such helper "snmp"
[ 1462.797818][T17835] ALSA: mixer_oss: invalid OSS volume '01777777777777777777777ÿÿÿÿ0xf'
[ 1465.484234][   T30] audit: type=1326 audit(1747387984.475:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17873 comm="syz.3.2871" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7738b8e969 code=0x0
[ 1466.092847][T17446] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1466.150955][T17888] fuse: Invalid rootmode
[ 1466.199921][T17446] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1466.240072][T17446] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1466.522541][T17446] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1466.937903][T17899] NILFS (nullb0): couldn't find nilfs on the device
[ 1467.866161][T17901] qnx4: no qnx4 filesystem (no root dir).
[ 1467.891446][T17901] ubi: mtd0 is already attached to ubi31
[ 1471.818817][T17912] ALSA: mixer_oss: invalid OSS volume ''
[ 1473.143260][T17937] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2885'.
[ 1473.387981][T17939] hpfs: Bad magic ... probably not HPFS
[ 1474.051737][T17926] xt_CT: No such helper "snmp"
[ 1477.003500][T17952] fuse: Bad value for 'rootmode'
[ 1477.383577][T17171] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1477.396356][T17171] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1477.421958][T17171] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1477.468708][T17171] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1477.478886][T17171] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1477.905432][T17964] qnx4: no qnx4 filesystem (no root dir).
[ 1477.945433][T17964] ubi: mtd0 is already attached to ubi31
[ 1478.348351][T17966] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2893'.
[ 1479.909276][T17171] Bluetooth: hci4: command tx timeout
[ 1480.874601][T17976] ALSA: mixer_oss: invalid OSS volume ''
[ 1481.900860][   T30] audit: type=1326 audit(1747388000.885:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17998 comm="syz.3.2901" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7738b8e969 code=0x0
[ 1482.005873][T17171] Bluetooth: hci4: command tx timeout
[ 1484.024342][T18021] fuse: Bad value for 'rootmode'
[ 1484.071629][T17171] Bluetooth: hci4: command tx timeout
[ 1486.112020][T17960] chnl_net:caif_netlink_parms(): no params data found
[ 1486.151623][T17171] Bluetooth: hci4: command tx timeout
[ 1486.468716][ T6192] bridge_slave_1: left allmulticast mode
[ 1486.476202][ T6192] bridge_slave_1: left promiscuous mode
[ 1486.561179][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1486.994972][T18039] ALSA: mixer_oss: invalid OSS volume ''
[ 1487.182886][ T6192] bridge_slave_0: left allmulticast mode
[ 1487.188573][ T6192] bridge_slave_0: left promiscuous mode
[ 1487.229640][ T6192] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1490.483174][T18081] NILFS (nullb0): couldn't find nilfs on the device
[ 1491.619327][ T6192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1491.694718][ T6192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1491.729803][ T6192] bond0 (unregistering): Released all slaves
[ 1493.079081][ T6192] hsr_slave_0: left promiscuous mode
[ 1493.106759][ T6192] hsr_slave_1: left promiscuous mode
[ 1493.807428][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1493.820048][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1493.829358][T18108] fuse: Bad value for 'rootmode'
[ 1494.079456][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1494.238631][ T6192] team0 (unregistering): Port device team_slave_1 removed
[ 1494.285236][ T6192] team0 (unregistering): Port device team_slave_0 removed
[ 1498.748124][T17960] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1498.757774][T17960] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1498.767738][T17960] bridge_slave_0: entered allmulticast mode
[ 1498.776097][T17960] bridge_slave_0: entered promiscuous mode
[ 1499.146020][T17960] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1499.185376][T17960] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1499.255296][T17960] bridge_slave_1: entered allmulticast mode
[ 1499.290971][T17960] bridge_slave_1: entered promiscuous mode
[ 1500.784351][T18157] input: syz1 as /devices/virtual/input/input12
[ 1501.805590][T18162] fuse: Unknown parameter 'use00000000000000000000'
[ 1501.845088][T17960] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1502.059401][T17960] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1502.075297][T18148] ALSA: mixer_oss: invalid OSS volume ''
[ 1502.701410][T17960] team0: Port device team_slave_0 added
[ 1503.306696][T17960] team0: Port device team_slave_1 added
[ 1504.399412][T17960] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1504.578098][T17960] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1504.858489][T17960] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1504.885275][T17960] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1504.917622][T17960] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1504.950135][T18193] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1504.998430][T17960] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1505.371257][T18197] qnx4: no qnx4 filesystem (no root dir).
[ 1505.406478][T18197] ubi: mtd0 is already attached to ubi31
[ 1506.025419][T17960] hsr_slave_0: entered promiscuous mode
[ 1506.060568][T17960] hsr_slave_1: entered promiscuous mode
[ 1508.872742][T18218] ALSA: mixer_oss: invalid OSS volume ''
[ 1509.136266][T18238] random: crng reseeded on system resumption
[ 1512.942866][T18271] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[ 1517.450693][T18288] ALSA: mixer_oss: invalid OSS volume ''
[ 1522.919352][T18330] random: crng reseeded on system resumption
[ 1523.497046][T17960] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1523.568771][T17960] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1523.731537][T13859] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[ 1524.204596][T17960] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1524.402837][T13859] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1524.425938][T13859] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1524.436358][T13859] usb 8-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[ 1524.460700][T13859] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1524.493913][T17960] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1524.516086][T13859] usb 8-1: config 0 descriptor??
[ 1525.212909][T13859] bigben 0003:146B:0902.0001: unexpected rdesc, please submit for review
[ 1525.282985][T13859] bigben 0003:146B:0902.0001: unknown main item tag 0x0
[ 1525.307897][T13859] bigben 0003:146B:0902.0001: unknown main item tag 0x0
[ 1525.615378][T13859] bigben 0003:146B:0902.0001: hidraw0: USB HID v0.01 Device [HID 146b:0902] on usb-dummy_hcd.7-1/input0
[ 1525.987060][T13859] bigben 0003:146B:0902.0001: not enough values in HID_OUTPUT_REPORT 0 field 0
[ 1526.012343][T13859] bigben 0003:146B:0902.0001: no output report found
[ 1526.133500][T13859] usb 8-1: USB disconnect, device number 4
[ 1526.592488][T17960] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1526.647231][T18350] fido_id[18350]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory
[ 1527.128895][T17960] 8021q: adding VLAN 0 to HW filter on device team0
[ 1527.265094][T18353] xt_CT: No such helper "snmp"
[ 1527.333522][ T6192] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1527.340757][ T6192] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1527.393164][ T6192] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1527.400473][ T6192] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1529.648003][T18392] vlan2: entered promiscuous mode
[ 1529.750838][T18397] qnx4: no qnx4 filesystem (no root dir).
[ 1529.781971][T18397] ubi: mtd0 is already attached to ubi31
[ 1530.474822][ T1208] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1530.644278][ T1208] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1530.681927][ T1208] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1530.731575][ T1208] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1530.779298][T17960] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1531.165945][ T1208] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1531.224375][ T1208] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1531.290280][ T1208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1531.333494][ T1208] usb 4-1: config 0 descriptor??
[ 1532.099880][ T1208] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[ 1532.208488][ T1208] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1532.358590][T18414] tipc: Started in network mode
[ 1532.363549][T18414] tipc: Node identity _, cluster identity 4711
[ 1532.966913][   T24] usb 4-1: USB disconnect, device number 3
[ 1536.118114][T18485] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3010'.
[ 1537.759158][T18493] bridge1: entered promiscuous mode
[ 1537.833597][T17448] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1537.842737][T17448] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1537.850460][T17448] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1537.860339][T17448] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1537.870626][T17448] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1539.931624][T17448] Bluetooth: hci4: command tx timeout
[ 1540.594013][T18526] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1540.838557][T18511] netlink: 2 bytes leftover after parsing attributes in process `syz.1.3017'.
[ 1540.899268][   T36] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1542.713770][T17171] Bluetooth: hci4: command tx timeout
[ 1543.038505][T17171] Bluetooth: hci6: command 0x1003 tx timeout
[ 1543.042255][T17448] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1544.791555][T17448] Bluetooth: hci4: command tx timeout
[ 1545.094466][T18561] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3028'.
[ 1545.941047][T18561] netlink: 9 bytes leftover after parsing attributes in process `syz.7.3028'.
[ 1545.950435][T18561] netlink: 9 bytes leftover after parsing attributes in process `syz.7.3028'.
[ 1545.962348][T18561] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1546.872297][T17448] Bluetooth: hci4: command tx timeout
[ 1548.874493][T18503] chnl_net:caif_netlink_parms(): no params data found
[ 1549.018561][T18581] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3032'.
[ 1549.745109][ T6192] bridge_slave_1: left allmulticast mode
[ 1549.909269][ T6192] bridge_slave_1: left promiscuous mode
[ 1550.531729][ T6192] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1550.664416][ T6192] bridge_slave_0: left allmulticast mode
[ 1550.670178][ T6192] bridge_slave_0: left promiscuous mode
[ 1550.751186][ T6192] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1550.925693][T18596] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1551.275408][T18607] random: crng reseeded on system resumption
[ 1554.591118][T18637] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3046'.
[ 1555.516978][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1555.795558][T18641] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1557.624186][ T6192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1557.914617][ T6192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1557.956326][ T6192] bond0 (unregistering): Released all slaves
[ 1559.386746][T18666] hub 8-0:1.0: USB hub found
[ 1559.393461][T18666] hub 8-0:1.0: 1 port detected
[ 1561.531996][T18681] netlink: 'syz.5.3057': attribute type 2 has an invalid length.
[ 1561.573647][T18677] syz.5.3057 (18677): drop_caches: 2
[ 1561.944845][T18677] syz.5.3057 (18677): drop_caches: 2
[ 1565.604615][ T6192] hsr_slave_0: left promiscuous mode
[ 1565.625203][ T6192] hsr_slave_1: left promiscuous mode
[ 1565.720256][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1565.758284][ T6192] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1567.478267][T18704] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3063'.
[ 1568.181250][T18713] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1571.190001][ T6192] team0 (unregistering): Port device team_slave_1 removed
[ 1571.240281][ T6192] team0 (unregistering): Port device team_slave_0 removed
[ 1571.752639][T18681] : entered promiscuous mode
[ 1572.166244][T18726] netlink: 'syz.1.3068': attribute type 10 has an invalid length.
[ 1572.200269][T18729] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[ 1572.227548][T18729] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[ 1572.330590][T18503] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1572.341094][T18503] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1572.348569][T18503] bridge_slave_0: entered allmulticast mode
[ 1572.356773][T18503] bridge_slave_0: entered promiscuous mode
[ 1572.365814][T18503] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1572.373082][T18503] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1572.380425][T18503] bridge_slave_1: entered allmulticast mode
[ 1572.388960][T18503] bridge_slave_1: entered promiscuous mode
[ 1572.977138][T18726] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1572.984410][T18726] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1572.992434][T18726] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1573.000288][T18726] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1573.122939][T18726] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1573.181411][T18733] bridge_slave_1: left allmulticast mode
[ 1573.251708][T18733] bridge_slave_1: left promiscuous mode
[ 1573.258087][T18733] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1573.331750][T13158] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[ 1573.393811][T18733] bridge_slave_0: left allmulticast mode
[ 1573.400156][T18733] bridge_slave_0: left promiscuous mode
[ 1573.412102][T18733] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1573.511903][T13158] usb 7-1: device descriptor read/64, error -71
[ 1574.038497][T13158] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[ 1574.405675][T18744] NILFS (nullb0): couldn't find nilfs on the device
[ 1575.016323][T18733] bond0: (slave bridge0): Releasing backup interface
[ 1575.041695][T13158] usb 7-1: device descriptor read/64, error -71
[ 1575.295962][T13158] usb usb7-port1: attempt power cycle
[ 1575.932727][T18753] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3076'.
[ 1575.942321][T18753] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3076'.
[ 1577.190151][T18503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1577.205738][T18758] fuse: Bad value for 'fd'
[ 1577.267058][T18503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1577.954492][T18770] syz.1.3082 (18770): drop_caches: 2
[ 1578.029411][T18770] syz.1.3082 (18770): drop_caches: 2
[ 1578.137005][T18770] netlink: 'syz.1.3082': attribute type 2 has an invalid length.
[ 1578.880116][T18777] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3083'.
[ 1579.730004][T18503] team0: Port device team_slave_0 added
[ 1580.681742][T18503] team0: Port device team_slave_1 added
[ 1582.766658][T18813] hpfs: Bad magic ... probably not HPFS
[ 1582.783893][T15037] usb 7-1: new full-speed USB device number 11 using dummy_hcd
[ 1583.041401][T18503] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1583.085461][T18503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1583.372531][T18503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1583.385580][T18503] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1583.392656][T18503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1583.438816][T18503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1583.931995][T15037] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1583.951786][T15037] usb 7-1: can't read configurations, error -71
[ 1585.275073][T18503] hsr_slave_0: entered promiscuous mode
[ 1585.303213][T18503] hsr_slave_1: entered promiscuous mode
[ 1588.338006][T18849] netlink: 'syz.7.3099': attribute type 2 has an invalid length.
[ 1588.438756][T16514] Bluetooth: hci6: Frame reassembly failed (-84)
[ 1590.391967][T17171] Bluetooth: hci6: command 0x1003 tx timeout
[ 1590.398736][T17448] Bluetooth: hci6: Opcode 0x1003 failed: -110
[ 1591.651543][ T9962] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[ 1592.021526][ T9962] usb 4-1: device descriptor read/64, error -71
[ 1592.912034][ T9962] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[ 1593.242001][ T9962] usb 4-1: device descriptor read/64, error -71
[ 1593.435153][ T9962] usb usb4-port1: attempt power cycle
[ 1596.327516][T18910] hub 8-0:1.0: USB hub found
[ 1596.334414][T18910] hub 8-0:1.0: 1 port detected
[ 1598.292344][T18919] netlink: 'syz.6.3116': attribute type 2 has an invalid length.
[ 1601.679646][T17171] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1601.688606][T17171] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1601.698693][T17171] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1601.706832][T17171] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1601.714522][T17171] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1601.805926][T18954] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.3125'.
[ 1604.575901][T17171] Bluetooth: hci6: command tx timeout
[ 1605.114976][T18976] =======================================================
[ 1605.114976][T18976] WARNING: The mand mount option has been deprecated and
[ 1605.114976][T18976]          and is ignored by this kernel. Remove the mand
[ 1605.114976][T18976]          option from the mount to silence this warning.
[ 1605.114976][T18976] =======================================================
[ 1605.189743][T18976] xt_hashlimit: size too large, truncated to 1048576
[ 1606.631552][T17171] Bluetooth: hci6: command tx timeout
[ 1608.721540][T17171] Bluetooth: hci6: command tx timeout
[ 1610.547409][T19000] syz.6.3134 (19000): drop_caches: 2
[ 1610.791699][T17171] Bluetooth: hci6: command tx timeout
[ 1612.577432][T18948] chnl_net:caif_netlink_parms(): no params data found
[ 1612.836027][T10528] bridge_slave_1: left allmulticast mode
[ 1613.252143][T10528] bridge_slave_1: left promiscuous mode
[ 1613.633323][T10528] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1613.695578][T19024] netlink: 'syz.7.3138': attribute type 2 has an invalid length.
[ 1614.146231][T10528] bridge_slave_0: left allmulticast mode
[ 1614.176947][T10528] bridge_slave_0: left promiscuous mode
[ 1614.186650][T10528] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1616.390608][T10528] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1616.471735][T10528] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1616.521189][T10528] bond0 (unregistering): Released all slaves
[ 1616.958151][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1618.319903][T10528] hsr_slave_0: left promiscuous mode
[ 1618.344201][T10528] hsr_slave_1: left promiscuous mode
[ 1618.363249][T10528] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1618.468943][T19054] random: crng reseeded on system resumption
[ 1618.908173][T10528] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1619.670113][T10528] team0 (unregistering): Port device team_slave_1 removed
[ 1619.784732][T10528] team0 (unregistering): Port device team_slave_0 removed
[ 1623.868403][T19086] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1627.314947][T19102] netlink: 'syz.5.3156': attribute type 2 has an invalid length.
[ 1628.369977][T18948] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1628.500913][T18948] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1628.861744][T18948] bridge_slave_0: entered allmulticast mode
[ 1628.913774][T18948] bridge_slave_0: entered promiscuous mode
[ 1629.759175][T19119] fuse: Unknown parameter '0x0000000000000003'
[ 1630.075079][T18948] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1630.386653][T18948] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1630.394425][T18948] bridge_slave_1: entered allmulticast mode
[ 1630.402820][T18948] bridge_slave_1: entered promiscuous mode
[ 1632.536580][T18948] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1632.586683][T18948] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1632.725691][T19142] qnx4: no qnx4 filesystem (no root dir).
[ 1634.308914][T10517] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1635.551811][T19152] ALSA: mixer_oss: invalid OSS volume '017777777777777777777770xfffff'
[ 1635.733920][T18948] team0: Port device team_slave_0 added
[ 1635.792858][T18948] team0: Port device team_slave_1 added
[ 1636.311694][T17171] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1636.558511][T19168] hpfs: Bad magic ... probably not HPFS
[ 1638.239455][T18948] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1638.264036][T18948] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1638.564575][T19180] random: crng reseeded on system resumption
[ 1638.691555][T18948] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1639.002207][T18948] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1639.867569][T18948] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1640.264093][T18948] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1641.207591][T18948] hsr_slave_0: entered promiscuous mode
[ 1641.277200][T18948] hsr_slave_1: entered promiscuous mode
[ 1642.413132][T19210] qnx4: no qnx4 filesystem (no root dir).
[ 1643.105552][T19213] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1644.029608][T19214] ALSA: mixer_oss: invalid OSS volume '017777777777777777777770xfffff'
[ 1644.179365][T18948] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1644.373183][T18948] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1644.455676][T18948] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1644.540064][T18948] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1647.273662][T18948] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1647.423695][T10528] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1647.819664][T18948] 8021q: adding VLAN 0 to HW filter on device team0
[ 1648.132582][T10528] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1648.139723][T10528] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1649.107334][T10528] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1649.114533][T10528] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1649.442321][T17448] Bluetooth: hci4: command 0x1003 tx timeout
[ 1649.449935][T17171] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1651.065991][T19269] qnx4: no qnx4 filesystem (no root dir).
[ 1654.535485][ T5824] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[ 1654.976819][ T5824] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1655.043849][ T5824] usb 4-1: can't read configurations, error -71
[ 1655.406606][T18948] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1656.334259][T19314] random: crng reseeded on system resumption
[ 1658.274395][T19331] netlink: 'syz.3.3213': attribute type 2 has an invalid length.
[ 1660.823167][T19340] qnx4: no qnx4 filesystem (no root dir).
[ 1660.921680][T19340] ubi: mtd0 is already attached to ubi31
[ 1660.937770][T19342] tipc: Can't bind to reserved service type 0
[ 1661.027769][T19342] sctp: [Deprecated]: syz.1.3215 (pid 19342) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1661.027769][T19342] Use struct sctp_sack_info instead
[ 1662.382308][T19351] ==================================================================
[ 1662.390421][T19351] BUG: KASAN: slab-use-after-free in cfusbl_device_notify+0x883/0x900
[ 1662.398631][T19351] Read of size 8 at addr ffff888062d44c50 by task syz.1.3215/19351
[ 1662.406538][T19351] 
[ 1662.408866][T19351] CPU: 1 UID: 0 PID: 19351 Comm: syz.1.3215 Not tainted 6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[ 1662.408908][T19351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1662.408928][T19351] Call Trace:
[ 1662.408938][T19351]  <TASK>
[ 1662.408950][T19351]  dump_stack_lvl+0x116/0x1f0
[ 1662.409003][T19351]  print_report+0xc3/0x670
[ 1662.409053][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.409093][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.409132][T19351]  ? __phys_addr+0xc6/0x150
[ 1662.409180][T19351]  ? cfusbl_device_notify+0x883/0x900
[ 1662.409229][T19351]  kasan_report+0xe0/0x110
[ 1662.409281][T19351]  ? cfusbl_device_notify+0x883/0x900
[ 1662.409337][T19351]  cfusbl_device_notify+0x883/0x900
[ 1662.409386][T19351]  ? net_generic+0xf4/0x2a0
[ 1662.409431][T19351]  ? __pfx_cfusbl_device_notify+0x10/0x10
[ 1662.409480][T19351]  ? caif_device_notify+0x21b/0x12c0
[ 1662.409537][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.409576][T19351]  ? smc_pnet_netdev_event+0x8a/0x7c0
[ 1662.409624][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.409663][T19351]  ? lockdep_rtnl_is_held+0x26/0x40
[ 1662.409720][T19351]  notifier_call_chain+0xbc/0x410
[ 1662.409768][T19351]  ? __pfx_cfusbl_device_notify+0x10/0x10
[ 1662.409824][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1662.409877][T19351]  register_netdevice+0xe02/0x2270
[ 1662.409925][T19351]  ? __pfx_register_netdevice+0x10/0x10
[ 1662.409976][T19351]  register_netdev+0x34/0x50
[ 1662.410018][T19351]  bnep_add_connection+0x71c/0xd20
[ 1662.410065][T19351]  ? __pfx_bnep_add_connection+0x10/0x10
[ 1662.410109][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410148][T19351]  ? __fget_files+0x20e/0x3c0
[ 1662.410201][T19351]  do_bnep_sock_ioctl.constprop.0+0x496/0x590
[ 1662.410249][T19351]  ? __pfx_do_bnep_sock_ioctl.constprop.0+0x10/0x10
[ 1662.410300][T19351]  ? find_held_lock+0x2b/0x80
[ 1662.410341][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410387][T19351]  ? do_raw_spin_unlock+0x144/0x230
[ 1662.410424][T19351]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1662.410466][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410511][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1662.410546][T19351]  sock_do_ioctl+0x118/0x280
[ 1662.410598][T19351]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1662.410647][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410695][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410738][T19351]  sock_ioctl+0x227/0x6b0
[ 1662.410789][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1662.410839][T19351]  ? hook_file_ioctl_common+0x145/0x410
[ 1662.410881][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1662.410920][T19351]  ? __fget_files+0x20e/0x3c0
[ 1662.410964][T19351]  ? __entry_text_end+0x1020b5/0x1020b9
[ 1662.411007][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1662.411059][T19351]  __x64_sys_ioctl+0x193/0x200
[ 1662.411099][T19351]  do_syscall_64+0xcd/0x260
[ 1662.411152][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.411185][T19351] RIP: 0033:0x7fa1c1d8e969
[ 1662.411209][T19351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1662.411242][T19351] RSP: 002b:00007fa1c2bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1662.411272][T19351] RAX: ffffffffffffffda RBX: 00007fa1c1fb6080 RCX: 00007fa1c1d8e969
[ 1662.411294][T19351] RDX: 0000200000000540 RSI: 00000000400442c8 RDI: 000000000000000e
[ 1662.411315][T19351] RBP: 00007fa1c1e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1662.411335][T19351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1662.411355][T19351] R13: 0000000000000000 R14: 00007fa1c1fb6080 R15: 00007ffe519f7948
[ 1662.411389][T19351]  </TASK>
[ 1662.411401][T19351] 
[ 1662.768547][T19351] Allocated by task 17171:
[ 1662.772958][T19351]  kasan_save_stack+0x33/0x60
[ 1662.777664][T19351]  kasan_save_track+0x14/0x30
[ 1662.782364][T19351]  __kasan_kmalloc+0xaa/0xb0
[ 1662.786975][T19351]  __hci_conn_add+0x130/0x1b70
[ 1662.791753][T19351]  hci_conn_add_unset+0x6d/0x100
[ 1662.796702][T19351]  hci_conn_request_evt+0x888/0xae0
[ 1662.801932][T19351]  hci_event_packet+0x9f1/0x1190
[ 1662.806898][T19351]  hci_rx_work+0x2c5/0x16b0
[ 1662.811413][T19351]  process_one_work+0x9cf/0x1b70
[ 1662.816366][T19351]  worker_thread+0x6c8/0xf10
[ 1662.820966][T19351]  kthread+0x3c5/0x780
[ 1662.825043][T19351]  ret_from_fork+0x48/0x80
[ 1662.829467][T19351]  ret_from_fork_asm+0x1a/0x30
[ 1662.834258][T19351] 
[ 1662.836576][T19351] Freed by task 18948:
[ 1662.840639][T19351]  kasan_save_stack+0x33/0x60
[ 1662.845341][T19351]  kasan_save_track+0x14/0x30
[ 1662.850042][T19351]  kasan_save_free_info+0x3b/0x60
[ 1662.855081][T19351]  __kasan_slab_free+0x51/0x70
[ 1662.859871][T19351]  kfree+0x2b6/0x4d0
[ 1662.863799][T19351]  device_release+0xa4/0x240
[ 1662.868415][T19351]  kobject_put+0x1e7/0x5a0
[ 1662.872840][T19351]  device_unregister+0x2f/0xc0
[ 1662.877620][T19351]  hci_conn_del_sysfs+0xb4/0x180
[ 1662.882573][T19351]  hci_conn_del+0x55f/0xdc0
[ 1662.887090][T19351]  hci_conn_hash_flush+0x186/0x260
[ 1662.892221][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1662.897348][T19351]  hci_dev_do_close+0x2e/0x90
[ 1662.902039][T19351]  hci_unregister_dev+0x213/0x620
[ 1662.907078][T19351]  vhci_release+0x79/0xf0
[ 1662.911429][T19351]  __fput+0x402/0xb70
[ 1662.915419][T19351]  task_work_run+0x150/0x240
[ 1662.920024][T19351]  do_exit+0xafb/0x2c30
[ 1662.924205][T19351]  do_group_exit+0xd3/0x2a0
[ 1662.928735][T19351]  get_signal+0x2673/0x26d0
[ 1662.933256][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1662.938824][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1662.944488][T19351]  do_syscall_64+0xda/0x260
[ 1662.949021][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1662.954936][T19351] 
[ 1662.957256][T19351] Last potentially related work creation:
[ 1662.962964][T19351]  kasan_save_stack+0x33/0x60
[ 1662.967664][T19351]  kasan_record_aux_stack+0xb8/0xd0
[ 1662.972876][T19351]  insert_work+0x36/0x230
[ 1662.977215][T19351]  __queue_work+0x97e/0x10f0
[ 1662.981819][T19351]  __queue_delayed_work+0x35b/0x460
[ 1662.987031][T19351]  queue_delayed_work_on+0x1b5/0x200
[ 1662.992332][T19351]  l2cap_chan_del+0x5a0/0x8f0
[ 1662.997032][T19351]  l2cap_conn_del+0x37a/0x730
[ 1663.001750][T19351]  l2cap_disconn_cfm+0x96/0xd0
[ 1663.006539][T19351]  hci_conn_hash_flush+0x10e/0x260
[ 1663.011672][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1663.016798][T19351]  hci_dev_do_close+0x2e/0x90
[ 1663.021493][T19351]  hci_unregister_dev+0x213/0x620
[ 1663.026532][T19351]  vhci_release+0x79/0xf0
[ 1663.030881][T19351]  __fput+0x402/0xb70
[ 1663.034873][T19351]  task_work_run+0x150/0x240
[ 1663.039475][T19351]  do_exit+0xafb/0x2c30
[ 1663.043680][T19351]  do_group_exit+0xd3/0x2a0
[ 1663.048212][T19351]  get_signal+0x2673/0x26d0
[ 1663.052731][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1663.058299][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1663.063960][T19351]  do_syscall_64+0xda/0x260
[ 1663.068497][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.074401][T19351] 
[ 1663.076718][T19351] The buggy address belongs to the object at ffff888062d44000
[ 1663.076718][T19351]  which belongs to the cache kmalloc-8k of size 8192
[ 1663.090781][T19351] The buggy address is located 3152 bytes inside of
[ 1663.090781][T19351]  freed 8192-byte region [ffff888062d44000, ffff888062d46000)
[ 1663.104764][T19351] 
[ 1663.107085][T19351] The buggy address belongs to the physical page:
[ 1663.113494][T19351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62d40
[ 1663.122261][T19351] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1663.130763][T19351] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1663.138312][T19351] page_type: f5(slab)
[ 1663.142306][T19351] raw: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1663.150900][T19351] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1663.159497][T19351] head: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1663.168177][T19351] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1663.176860][T19351] head: 00fff00000000003 ffffea00018b5001 00000000ffffffff 00000000ffffffff
[ 1663.185540][T19351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1663.194210][T19351] page dumped because: kasan: bad access detected
[ 1663.200618][T19351] page_owner tracks the page as allocated
[ 1663.206327][T19351] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18118, tgid 18111 (syz.1.2926), ts 1495257210092, free_ts 1463092605682
[ 1663.228069][T19351]  post_alloc_hook+0x181/0x1b0
[ 1663.232857][T19351]  get_page_from_freelist+0x135c/0x3920
[ 1663.238439][T19351]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1663.244363][T19351]  alloc_pages_mpol+0x1fb/0x550
[ 1663.249241][T19351]  new_slab+0x244/0x340
[ 1663.253415][T19351]  ___slab_alloc+0xd9c/0x1940
[ 1663.258116][T19351]  __slab_alloc.constprop.0+0x56/0xb0
[ 1663.263516][T19351]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 1663.269961][T19351]  krealloc_noprof+0x1fb/0x380
[ 1663.274752][T19351]  copy_array.constprop.0+0x88/0x110
[ 1663.280069][T19351]  copy_verifier_state+0xaa3/0xfa0
[ 1663.285190][T19351]  do_check_common+0x525b/0xc2a0
[ 1663.290151][T19351]  bpf_check+0x7f51/0xb460
[ 1663.294591][T19351]  bpf_prog_load+0xe41/0x2490
[ 1663.299280][T19351]  __sys_bpf+0x433c/0x4d80
[ 1663.303705][T19351]  __x64_sys_bpf+0x78/0xc0
[ 1663.308136][T19351] page last free pid 17446 tgid 17446 stack trace:
[ 1663.314635][T19351]  __free_frozen_pages+0x69d/0xff0
[ 1663.319768][T19351]  __put_partials+0x16d/0x1c0
[ 1663.324468][T19351]  qlist_free_all+0x4e/0x120
[ 1663.329083][T19351]  kasan_quarantine_reduce+0x195/0x1e0
[ 1663.334569][T19351]  __kasan_slab_alloc+0x69/0x90
[ 1663.339448][T19351]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 1663.345370][T19351]  __alloc_skb+0x2b2/0x380
[ 1663.349799][T19351]  mpls_netconf_notify_devconf+0x4a/0x110
[ 1663.355548][T19351]  mpls_dev_notify+0x726/0xa20
[ 1663.360318][T19351]  notifier_call_chain+0xbc/0x410
[ 1663.365369][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1663.371290][T19351]  unregister_netdevice_many_notify+0xf9a/0x26f0
[ 1663.377641][T19351]  unregister_netdevice_queue+0x305/0x3f0
[ 1663.383383][T19351]  bpq_device_event+0x550/0x840
[ 1663.388244][T19351]  notifier_call_chain+0xbc/0x410
[ 1663.393293][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1663.399214][T19351] 
[ 1663.401535][T19351] Memory state around the buggy address:
[ 1663.407160][T19351]  ffff888062d44b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1663.415225][T19351]  ffff888062d44b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1663.423304][T19351] >ffff888062d44c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1663.431363][T19351]                                                  ^
[ 1663.438035][T19351]  ffff888062d44c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1663.446104][T19351]  ffff888062d44d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1663.454165][T19351] ==================================================================
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1663.728126][T17448] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1663.760883][T17448] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1663.771707][T17448] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1663.793923][T17448] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1663.805107][T17448] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1663.845689][T19351] Disabling lock debugging due to kernel taint
[ 1663.852082][T19351] ==================================================================
[ 1663.860152][T19351] BUG: KASAN: slab-use-after-free in kobject_get+0x13f/0x150
[ 1663.867545][T19351] Read of size 1 at addr ffff888062d44c24 by task syz.1.3215/19351
[ 1663.875449][T19351] 
[ 1663.877780][T19351] CPU: 1 UID: 0 PID: 19351 Comm: syz.1.3215 Tainted: G    B               6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[ 1663.877832][T19351] Tainted: [B]=BAD_PAGE
[ 1663.877843][T19351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1663.877863][T19351] Call Trace:
[ 1663.877873][T19351]  <TASK>
[ 1663.877885][T19351]  dump_stack_lvl+0x116/0x1f0
[ 1663.877939][T19351]  print_report+0xc3/0x670
[ 1663.877990][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878031][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878071][T19351]  ? __phys_addr+0xc6/0x150
[ 1663.878120][T19351]  ? kobject_get+0x13f/0x150
[ 1663.878149][T19351]  kasan_report+0xe0/0x110
[ 1663.878201][T19351]  ? kobject_get+0x13f/0x150
[ 1663.878236][T19351]  kobject_get+0x13f/0x150
[ 1663.878265][T19351]  device_add+0x19f/0x1a70
[ 1663.878312][T19351]  ? __pfx_dev_set_name+0x10/0x10
[ 1663.878362][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1663.878396][T19351]  ? __pfx_device_add+0x10/0x10
[ 1663.878452][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878492][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878532][T19351]  ? lockdep_init_map_type+0x5c/0x280
[ 1663.878589][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878628][T19351]  ? __init_waitqueue_head+0xca/0x150
[ 1663.878667][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.878712][T19351]  netdev_register_kobject+0x182/0x3a0
[ 1663.878767][T19351]  register_netdevice+0x13dc/0x2270
[ 1663.878817][T19351]  ? __pfx_register_netdevice+0x10/0x10
[ 1663.878868][T19351]  register_netdev+0x34/0x50
[ 1663.878912][T19351]  bnep_add_connection+0x71c/0xd20
[ 1663.878958][T19351]  ? __pfx_bnep_add_connection+0x10/0x10
[ 1663.879003][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879043][T19351]  ? __fget_files+0x20e/0x3c0
[ 1663.879098][T19351]  do_bnep_sock_ioctl.constprop.0+0x496/0x590
[ 1663.879147][T19351]  ? __pfx_do_bnep_sock_ioctl.constprop.0+0x10/0x10
[ 1663.879199][T19351]  ? find_held_lock+0x2b/0x80
[ 1663.879240][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879286][T19351]  ? do_raw_spin_unlock+0x144/0x230
[ 1663.879323][T19351]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1663.879366][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879406][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1663.879440][T19351]  sock_do_ioctl+0x118/0x280
[ 1663.879491][T19351]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1663.879541][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879590][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879634][T19351]  sock_ioctl+0x227/0x6b0
[ 1663.879686][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1663.879740][T19351]  ? hook_file_ioctl_common+0x145/0x410
[ 1663.879784][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1663.879824][T19351]  ? __fget_files+0x20e/0x3c0
[ 1663.879869][T19351]  ? __entry_text_end+0x1020b5/0x1020b9
[ 1663.879912][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1663.879966][T19351]  __x64_sys_ioctl+0x193/0x200
[ 1663.880006][T19351]  do_syscall_64+0xcd/0x260
[ 1663.880061][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1663.880096][T19351] RIP: 0033:0x7fa1c1d8e969
[ 1663.880120][T19351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1663.880153][T19351] RSP: 002b:00007fa1c2bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1663.880184][T19351] RAX: ffffffffffffffda RBX: 00007fa1c1fb6080 RCX: 00007fa1c1d8e969
[ 1663.880206][T19351] RDX: 0000200000000540 RSI: 00000000400442c8 RDI: 000000000000000e
[ 1663.880227][T19351] RBP: 00007fa1c1e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1663.880249][T19351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1663.880270][T19351] R13: 0000000000000000 R14: 00007fa1c1fb6080 R15: 00007ffe519f7948
[ 1663.880302][T19351]  </TASK>
[ 1663.880313][T19351] 
[ 1664.245795][T19351] Allocated by task 17171:
[ 1664.250205][T19351]  kasan_save_stack+0x33/0x60
[ 1664.254908][T19351]  kasan_save_track+0x14/0x30
[ 1664.259609][T19351]  __kasan_kmalloc+0xaa/0xb0
[ 1664.264223][T19351]  __hci_conn_add+0x130/0x1b70
[ 1664.269001][T19351]  hci_conn_add_unset+0x6d/0x100
[ 1664.273952][T19351]  hci_conn_request_evt+0x888/0xae0
[ 1664.279182][T19351]  hci_event_packet+0x9f1/0x1190
[ 1664.284150][T19351]  hci_rx_work+0x2c5/0x16b0
[ 1664.288666][T19351]  process_one_work+0x9cf/0x1b70
[ 1664.293623][T19351]  worker_thread+0x6c8/0xf10
[ 1664.298226][T19351]  kthread+0x3c5/0x780
[ 1664.302303][T19351]  ret_from_fork+0x48/0x80
[ 1664.306730][T19351]  ret_from_fork_asm+0x1a/0x30
[ 1664.311529][T19351] 
[ 1664.313856][T19351] Freed by task 18948:
[ 1664.317923][T19351]  kasan_save_stack+0x33/0x60
[ 1664.322627][T19351]  kasan_save_track+0x14/0x30
[ 1664.327326][T19351]  kasan_save_free_info+0x3b/0x60
[ 1664.332367][T19351]  __kasan_slab_free+0x51/0x70
[ 1664.337157][T19351]  kfree+0x2b6/0x4d0
[ 1664.341066][T19351]  device_release+0xa4/0x240
[ 1664.345685][T19351]  kobject_put+0x1e7/0x5a0
[ 1664.350109][T19351]  device_unregister+0x2f/0xc0
[ 1664.354884][T19351]  hci_conn_del_sysfs+0xb4/0x180
[ 1664.359835][T19351]  hci_conn_del+0x55f/0xdc0
[ 1664.364352][T19351]  hci_conn_hash_flush+0x186/0x260
[ 1664.369479][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1664.374608][T19351]  hci_dev_do_close+0x2e/0x90
[ 1664.379301][T19351]  hci_unregister_dev+0x213/0x620
[ 1664.384340][T19351]  vhci_release+0x79/0xf0
[ 1664.388688][T19351]  __fput+0x402/0xb70
[ 1664.392678][T19351]  task_work_run+0x150/0x240
[ 1664.397282][T19351]  do_exit+0xafb/0x2c30
[ 1664.401468][T19351]  do_group_exit+0xd3/0x2a0
[ 1664.405998][T19351]  get_signal+0x2673/0x26d0
[ 1664.410519][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1664.416086][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1664.421752][T19351]  do_syscall_64+0xda/0x260
[ 1664.426283][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1664.432187][T19351] 
[ 1664.434508][T19351] Last potentially related work creation:
[ 1664.440214][T19351]  kasan_save_stack+0x33/0x60
[ 1664.444912][T19351]  kasan_record_aux_stack+0xb8/0xd0
[ 1664.450122][T19351]  insert_work+0x36/0x230
[ 1664.454460][T19351]  __queue_work+0x97e/0x10f0
[ 1664.459059][T19351]  __queue_delayed_work+0x35b/0x460
[ 1664.464272][T19351]  queue_delayed_work_on+0x1b5/0x200
[ 1664.469571][T19351]  l2cap_chan_del+0x5a0/0x8f0
[ 1664.474272][T19351]  l2cap_conn_del+0x37a/0x730
[ 1664.478971][T19351]  l2cap_disconn_cfm+0x96/0xd0
[ 1664.483762][T19351]  hci_conn_hash_flush+0x10e/0x260
[ 1664.488888][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1664.494014][T19351]  hci_dev_do_close+0x2e/0x90
[ 1664.498706][T19351]  hci_unregister_dev+0x213/0x620
[ 1664.503754][T19351]  vhci_release+0x79/0xf0
[ 1664.508103][T19351]  __fput+0x402/0xb70
[ 1664.512090][T19351]  task_work_run+0x150/0x240
[ 1664.516691][T19351]  do_exit+0xafb/0x2c30
[ 1664.520873][T19351]  do_group_exit+0xd3/0x2a0
[ 1664.525405][T19351]  get_signal+0x2673/0x26d0
[ 1664.529926][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1664.535496][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1664.541155][T19351]  do_syscall_64+0xda/0x260
[ 1664.545689][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1664.551597][T19351] 
[ 1664.553916][T19351] The buggy address belongs to the object at ffff888062d44000
[ 1664.553916][T19351]  which belongs to the cache kmalloc-8k of size 8192
[ 1664.567977][T19351] The buggy address is located 3108 bytes inside of
[ 1664.567977][T19351]  freed 8192-byte region [ffff888062d44000, ffff888062d46000)
[ 1664.581957][T19351] 
[ 1664.584274][T19351] The buggy address belongs to the physical page:
[ 1664.590677][T19351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62d40
[ 1664.599440][T19351] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1664.607941][T19351] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1664.615490][T19351] page_type: f5(slab)
[ 1664.619478][T19351] raw: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1664.628070][T19351] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1664.636662][T19351] head: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1664.645343][T19351] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1664.654021][T19351] head: 00fff00000000003 ffffea00018b5001 00000000ffffffff 00000000ffffffff
[ 1664.662706][T19351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1664.671380][T19351] page dumped because: kasan: bad access detected
[ 1664.677795][T19351] page_owner tracks the page as allocated
[ 1664.683506][T19351] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18118, tgid 18111 (syz.1.2926), ts 1495257210092, free_ts 1463092605682
[ 1664.705237][T19351]  post_alloc_hook+0x181/0x1b0
[ 1664.710023][T19351]  get_page_from_freelist+0x135c/0x3920
[ 1664.715596][T19351]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1664.721519][T19351]  alloc_pages_mpol+0x1fb/0x550
[ 1664.726417][T19351]  new_slab+0x244/0x340
[ 1664.730589][T19351]  ___slab_alloc+0xd9c/0x1940
[ 1664.735283][T19351]  __slab_alloc.constprop.0+0x56/0xb0
[ 1664.740673][T19351]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 1664.747121][T19351]  krealloc_noprof+0x1fb/0x380
[ 1664.751912][T19351]  copy_array.constprop.0+0x88/0x110
[ 1664.757226][T19351]  copy_verifier_state+0xaa3/0xfa0
[ 1664.762363][T19351]  do_check_common+0x525b/0xc2a0
[ 1664.767323][T19351]  bpf_check+0x7f51/0xb460
[ 1664.771762][T19351]  bpf_prog_load+0xe41/0x2490
[ 1664.776447][T19351]  __sys_bpf+0x433c/0x4d80
[ 1664.780874][T19351]  __x64_sys_bpf+0x78/0xc0
[ 1664.785304][T19351] page last free pid 17446 tgid 17446 stack trace:
[ 1664.791801][T19351]  __free_frozen_pages+0x69d/0xff0
[ 1664.796931][T19351]  __put_partials+0x16d/0x1c0
[ 1664.801634][T19351]  qlist_free_all+0x4e/0x120
[ 1664.806244][T19351]  kasan_quarantine_reduce+0x195/0x1e0
[ 1664.811724][T19351]  __kasan_slab_alloc+0x69/0x90
[ 1664.816603][T19351]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 1664.822522][T19351]  __alloc_skb+0x2b2/0x380
[ 1664.826951][T19351]  mpls_netconf_notify_devconf+0x4a/0x110
[ 1664.832700][T19351]  mpls_dev_notify+0x726/0xa20
[ 1664.837473][T19351]  notifier_call_chain+0xbc/0x410
[ 1664.842527][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1664.848448][T19351]  unregister_netdevice_many_notify+0xf9a/0x26f0
[ 1664.854800][T19351]  unregister_netdevice_queue+0x305/0x3f0
[ 1664.860543][T19351]  bpq_device_event+0x550/0x840
[ 1664.865408][T19351]  notifier_call_chain+0xbc/0x410
[ 1664.870455][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1664.876378][T19351] 
[ 1664.878699][T19351] Memory state around the buggy address:
[ 1664.884326][T19351]  ffff888062d44b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1664.892392][T19351]  ffff888062d44b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1664.900457][T19351] >ffff888062d44c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1664.908518][T19351]                                ^
[ 1664.913627][T19351]  ffff888062d44c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1664.921695][T19351]  ffff888062d44d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1664.929761][T19351] ==================================================================
[ 1665.077895][T19351] ==================================================================
[ 1665.085973][T19351] BUG: KASAN: slab-use-after-free in kobject_get+0x79/0x150
[ 1665.093256][T19351] Write of size 4 at addr ffff888062d44c20 by task syz.1.3215/19351
[ 1665.101243][T19351] 
[ 1665.103566][T19351] CPU: 0 UID: 0 PID: 19351 Comm: syz.1.3215 Tainted: G    B               6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[ 1665.103609][T19351] Tainted: [B]=BAD_PAGE
[ 1665.103619][T19351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1665.103635][T19351] Call Trace:
[ 1665.103644][T19351]  <TASK>
[ 1665.103655][T19351]  dump_stack_lvl+0x116/0x1f0
[ 1665.103698][T19351]  print_report+0xc3/0x670
[ 1665.103740][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.103773][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.103806][T19351]  ? __phys_addr+0xc6/0x150
[ 1665.103846][T19351]  ? kobject_get+0x79/0x150
[ 1665.103869][T19351]  kasan_report+0xe0/0x110
[ 1665.103912][T19351]  ? kobject_get+0x79/0x150
[ 1665.103941][T19351]  kasan_check_range+0xef/0x1a0
[ 1665.103970][T19351]  kobject_get+0x79/0x150
[ 1665.103994][T19351]  device_add+0x19f/0x1a70
[ 1665.104033][T19351]  ? __pfx_dev_set_name+0x10/0x10
[ 1665.104074][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1665.104101][T19351]  ? __pfx_device_add+0x10/0x10
[ 1665.104138][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104171][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104204][T19351]  ? lockdep_init_map_type+0x5c/0x280
[ 1665.104249][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104281][T19351]  ? __init_waitqueue_head+0xca/0x150
[ 1665.104313][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104356][T19351]  netdev_register_kobject+0x182/0x3a0
[ 1665.104402][T19351]  register_netdevice+0x13dc/0x2270
[ 1665.104443][T19351]  ? __pfx_register_netdevice+0x10/0x10
[ 1665.104493][T19351]  register_netdev+0x34/0x50
[ 1665.104529][T19351]  bnep_add_connection+0x71c/0xd20
[ 1665.104567][T19351]  ? __pfx_bnep_add_connection+0x10/0x10
[ 1665.104604][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104637][T19351]  ? __fget_files+0x20e/0x3c0
[ 1665.104682][T19351]  do_bnep_sock_ioctl.constprop.0+0x496/0x590
[ 1665.104722][T19351]  ? __pfx_do_bnep_sock_ioctl.constprop.0+0x10/0x10
[ 1665.104766][T19351]  ? find_held_lock+0x2b/0x80
[ 1665.104799][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104837][T19351]  ? do_raw_spin_unlock+0x144/0x230
[ 1665.104867][T19351]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1665.104902][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.104935][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1665.104964][T19351]  sock_do_ioctl+0x118/0x280
[ 1665.105005][T19351]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1665.105047][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.105087][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.105123][T19351]  sock_ioctl+0x227/0x6b0
[ 1665.105166][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1665.105207][T19351]  ? hook_file_ioctl_common+0x145/0x410
[ 1665.105243][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1665.105276][T19351]  ? __fget_files+0x20e/0x3c0
[ 1665.105314][T19351]  ? __entry_text_end+0x1020b5/0x1020b9
[ 1665.105356][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1665.105402][T19351]  __x64_sys_ioctl+0x193/0x200
[ 1665.105436][T19351]  do_syscall_64+0xcd/0x260
[ 1665.105481][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1665.105513][T19351] RIP: 0033:0x7fa1c1d8e969
[ 1665.105534][T19351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1665.105561][T19351] RSP: 002b:00007fa1c2bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1665.105587][T19351] RAX: ffffffffffffffda RBX: 00007fa1c1fb6080 RCX: 00007fa1c1d8e969
[ 1665.105606][T19351] RDX: 0000200000000540 RSI: 00000000400442c8 RDI: 000000000000000e
[ 1665.105624][T19351] RBP: 00007fa1c1e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1665.105642][T19351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1665.105659][T19351] R13: 0000000000000000 R14: 00007fa1c1fb6080 R15: 00007ffe519f7948
[ 1665.105687][T19351]  </TASK>
[ 1665.105696][T19351] 
[ 1665.475622][T19351] Allocated by task 17171:
[ 1665.480036][T19351]  kasan_save_stack+0x33/0x60
[ 1665.484742][T19351]  kasan_save_track+0x14/0x30
[ 1665.489441][T19351]  __kasan_kmalloc+0xaa/0xb0
[ 1665.494055][T19351]  __hci_conn_add+0x130/0x1b70
[ 1665.498832][T19351]  hci_conn_add_unset+0x6d/0x100
[ 1665.503782][T19351]  hci_conn_request_evt+0x888/0xae0
[ 1665.509009][T19351]  hci_event_packet+0x9f1/0x1190
[ 1665.513975][T19351]  hci_rx_work+0x2c5/0x16b0
[ 1665.518493][T19351]  process_one_work+0x9cf/0x1b70
[ 1665.523442][T19351]  worker_thread+0x6c8/0xf10
[ 1665.528046][T19351]  kthread+0x3c5/0x780
[ 1665.532121][T19351]  ret_from_fork+0x48/0x80
[ 1665.536548][T19351]  ret_from_fork_asm+0x1a/0x30
[ 1665.541339][T19351] 
[ 1665.543657][T19351] Freed by task 18948:
[ 1665.547718][T19351]  kasan_save_stack+0x33/0x60
[ 1665.552418][T19351]  kasan_save_track+0x14/0x30
[ 1665.557116][T19351]  kasan_save_free_info+0x3b/0x60
[ 1665.562154][T19351]  __kasan_slab_free+0x51/0x70
[ 1665.566942][T19351]  kfree+0x2b6/0x4d0
[ 1665.570852][T19351]  device_release+0xa4/0x240
[ 1665.575472][T19351]  kobject_put+0x1e7/0x5a0
[ 1665.579903][T19351]  device_unregister+0x2f/0xc0
[ 1665.584683][T19351]  hci_conn_del_sysfs+0xb4/0x180
[ 1665.589636][T19351]  hci_conn_del+0x55f/0xdc0
[ 1665.594152][T19351]  hci_conn_hash_flush+0x186/0x260
[ 1665.599278][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1665.604405][T19351]  hci_dev_do_close+0x2e/0x90
[ 1665.609097][T19351]  hci_unregister_dev+0x213/0x620
[ 1665.614136][T19351]  vhci_release+0x79/0xf0
[ 1665.618485][T19351]  __fput+0x402/0xb70
[ 1665.622480][T19351]  task_work_run+0x150/0x240
[ 1665.627094][T19351]  do_exit+0xafb/0x2c30
[ 1665.631277][T19351]  do_group_exit+0xd3/0x2a0
[ 1665.635810][T19351]  get_signal+0x2673/0x26d0
[ 1665.640332][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1665.645905][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1665.651567][T19351]  do_syscall_64+0xda/0x260
[ 1665.656099][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1665.662002][T19351] 
[ 1665.664320][T19351] Last potentially related work creation:
[ 1665.670048][T19351]  kasan_save_stack+0x33/0x60
[ 1665.674748][T19351]  kasan_record_aux_stack+0xb8/0xd0
[ 1665.679962][T19351]  insert_work+0x36/0x230
[ 1665.684301][T19351]  __queue_work+0x97e/0x10f0
[ 1665.688903][T19351]  __queue_delayed_work+0x35b/0x460
[ 1665.694116][T19351]  queue_delayed_work_on+0x1b5/0x200
[ 1665.699416][T19351]  l2cap_chan_del+0x5a0/0x8f0
[ 1665.704116][T19351]  l2cap_conn_del+0x37a/0x730
[ 1665.708816][T19351]  l2cap_disconn_cfm+0x96/0xd0
[ 1665.713603][T19351]  hci_conn_hash_flush+0x10e/0x260
[ 1665.718733][T19351]  hci_dev_close_sync+0x602/0x11d0
[ 1665.723859][T19351]  hci_dev_do_close+0x2e/0x90
[ 1665.728551][T19351]  hci_unregister_dev+0x213/0x620
[ 1665.733589][T19351]  vhci_release+0x79/0xf0
[ 1665.737938][T19351]  __fput+0x402/0xb70
[ 1665.741925][T19351]  task_work_run+0x150/0x240
[ 1665.746524][T19351]  do_exit+0xafb/0x2c30
[ 1665.750705][T19351]  do_group_exit+0xd3/0x2a0
[ 1665.755235][T19351]  get_signal+0x2673/0x26d0
[ 1665.759754][T19351]  arch_do_signal_or_restart+0x8f/0x7d0
[ 1665.765322][T19351]  syscall_exit_to_user_mode+0x150/0x2a0
[ 1665.770984][T19351]  do_syscall_64+0xda/0x260
[ 1665.775519][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1665.781420][T19351] 
[ 1665.783737][T19351] The buggy address belongs to the object at ffff888062d44000
[ 1665.783737][T19351]  which belongs to the cache kmalloc-8k of size 8192
[ 1665.797794][T19351] The buggy address is located 3104 bytes inside of
[ 1665.797794][T19351]  freed 8192-byte region [ffff888062d44000, ffff888062d46000)
[ 1665.811771][T19351] 
[ 1665.814090][T19351] The buggy address belongs to the physical page:
[ 1665.820500][T19351] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62d40
[ 1665.829267][T19351] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1665.837770][T19351] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1665.845319][T19351] page_type: f5(slab)
[ 1665.849307][T19351] raw: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1665.857900][T19351] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1665.866501][T19351] head: 00fff00000000040 ffff88801b442280 ffffea0000d0d000 dead000000000002
[ 1665.875181][T19351] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[ 1665.883860][T19351] head: 00fff00000000003 ffffea00018b5001 00000000ffffffff 00000000ffffffff
[ 1665.892537][T19351] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1665.901206][T19351] page dumped because: kasan: bad access detected
[ 1665.907615][T19351] page_owner tracks the page as allocated
[ 1665.913324][T19351] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 18118, tgid 18111 (syz.1.2926), ts 1495257210092, free_ts 1463092605682
[ 1665.935054][T19351]  post_alloc_hook+0x181/0x1b0
[ 1665.939840][T19351]  get_page_from_freelist+0x135c/0x3920
[ 1665.945409][T19351]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1665.951325][T19351]  alloc_pages_mpol+0x1fb/0x550
[ 1665.956206][T19351]  new_slab+0x244/0x340
[ 1665.960379][T19351]  ___slab_alloc+0xd9c/0x1940
[ 1665.965074][T19351]  __slab_alloc.constprop.0+0x56/0xb0
[ 1665.970464][T19351]  __kmalloc_node_track_caller_noprof+0x2ee/0x510
[ 1665.976912][T19351]  krealloc_noprof+0x1fb/0x380
[ 1665.981700][T19351]  copy_array.constprop.0+0x88/0x110
[ 1665.987015][T19351]  copy_verifier_state+0xaa3/0xfa0
[ 1665.992134][T19351]  do_check_common+0x525b/0xc2a0
[ 1665.997091][T19351]  bpf_check+0x7f51/0xb460
[ 1666.001529][T19351]  bpf_prog_load+0xe41/0x2490
[ 1666.006216][T19351]  __sys_bpf+0x433c/0x4d80
[ 1666.010645][T19351]  __x64_sys_bpf+0x78/0xc0
[ 1666.015073][T19351] page last free pid 17446 tgid 17446 stack trace:
[ 1666.021573][T19351]  __free_frozen_pages+0x69d/0xff0
[ 1666.026712][T19351]  __put_partials+0x16d/0x1c0
[ 1666.031409][T19351]  qlist_free_all+0x4e/0x120
[ 1666.036019][T19351]  kasan_quarantine_reduce+0x195/0x1e0
[ 1666.041504][T19351]  __kasan_slab_alloc+0x69/0x90
[ 1666.046379][T19351]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[ 1666.052296][T19351]  __alloc_skb+0x2b2/0x380
[ 1666.056726][T19351]  mpls_netconf_notify_devconf+0x4a/0x110
[ 1666.062475][T19351]  mpls_dev_notify+0x726/0xa20
[ 1666.067248][T19351]  notifier_call_chain+0xbc/0x410
[ 1666.072315][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1666.078240][T19351]  unregister_netdevice_many_notify+0xf9a/0x26f0
[ 1666.084592][T19351]  unregister_netdevice_queue+0x305/0x3f0
[ 1666.090336][T19351]  bpq_device_event+0x550/0x840
[ 1666.095201][T19351]  notifier_call_chain+0xbc/0x410
[ 1666.100249][T19351]  call_netdevice_notifiers_info+0xbe/0x140
[ 1666.106169][T19351] 
[ 1666.108486][T19351] Memory state around the buggy address:
[ 1666.114117][T19351]  ffff888062d44b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1666.122181][T19351]  ffff888062d44b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1666.130246][T19351] >ffff888062d44c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1666.138305][T19351]                                ^
[ 1666.143413][T19351]  ffff888062d44c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1666.151485][T19351]  ffff888062d44d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1666.159553][T19351] ==================================================================
[ 1666.281673][T19351] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[ 1666.289433][T19351] CPU: 1 UID: 0 PID: 19351 Comm: syz.1.3215 Tainted: G    B               6.15.0-rc6-syzkaller-00188-gfee3e843b309 #0 PREEMPT(full) 
[ 1666.303085][T19351] Tainted: [B]=BAD_PAGE
[ 1666.307232][T19351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1666.317296][T19351] Call Trace:
[ 1666.320580][T19351]  <TASK>
[ 1666.323515][T19351]  dump_stack_lvl+0x3d/0x1f0
[ 1666.328139][T19351]  panic+0x71c/0x800
[ 1666.332067][T19351]  ? rcu_is_watching+0x12/0xc0
[ 1666.336850][T19351]  ? __pfx_panic+0x10/0x10
[ 1666.341295][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.346954][T19351]  ? kobject_get+0x79/0x150
[ 1666.351475][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.357125][T19351]  ? preempt_schedule_common+0x44/0xc0
[ 1666.362615][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.368265][T19351]  ? preempt_schedule_thunk+0x16/0x30
[ 1666.373677][T19351]  ? kobject_get+0x79/0x150
[ 1666.378188][T19351]  end_report+0x159/0x170
[ 1666.382549][T19351]  kasan_report+0xee/0x110
[ 1666.386999][T19351]  ? kobject_get+0x79/0x150
[ 1666.391520][T19351]  kasan_check_range+0xef/0x1a0
[ 1666.396390][T19351]  kobject_get+0x79/0x150
[ 1666.400727][T19351]  device_add+0x19f/0x1a70
[ 1666.405172][T19351]  ? __pfx_dev_set_name+0x10/0x10
[ 1666.410227][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1666.416133][T19351]  ? __pfx_device_add+0x10/0x10
[ 1666.421011][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.426664][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.432315][T19351]  ? lockdep_init_map_type+0x5c/0x280
[ 1666.437720][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.443374][T19351]  ? __init_waitqueue_head+0xca/0x150
[ 1666.448768][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.454424][T19351]  netdev_register_kobject+0x182/0x3a0
[ 1666.459912][T19351]  register_netdevice+0x13dc/0x2270
[ 1666.465139][T19351]  ? __pfx_register_netdevice+0x10/0x10
[ 1666.470716][T19351]  register_netdev+0x34/0x50
[ 1666.475387][T19351]  bnep_add_connection+0x71c/0xd20
[ 1666.480528][T19351]  ? __pfx_bnep_add_connection+0x10/0x10
[ 1666.486185][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.491837][T19351]  ? __fget_files+0x20e/0x3c0
[ 1666.496549][T19351]  do_bnep_sock_ioctl.constprop.0+0x496/0x590
[ 1666.502645][T19351]  ? __pfx_do_bnep_sock_ioctl.constprop.0+0x10/0x10
[ 1666.509264][T19351]  ? find_held_lock+0x2b/0x80
[ 1666.513961][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.519620][T19351]  ? do_raw_spin_unlock+0x144/0x230
[ 1666.524836][T19351]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1666.530839][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.536493][T19351]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1666.542402][T19351]  sock_do_ioctl+0x118/0x280
[ 1666.547021][T19351]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1666.552163][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.557824][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.563479][T19351]  sock_ioctl+0x227/0x6b0
[ 1666.567844][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1666.572724][T19351]  ? hook_file_ioctl_common+0x145/0x410
[ 1666.578297][T19351]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1666.583948][T19351]  ? __fget_files+0x20e/0x3c0
[ 1666.588651][T19351]  ? __entry_text_end+0x1020b5/0x1020b9
[ 1666.594219][T19351]  ? __pfx_sock_ioctl+0x10/0x10
[ 1666.599102][T19351]  __x64_sys_ioctl+0x193/0x200
[ 1666.603886][T19351]  do_syscall_64+0xcd/0x260
[ 1666.608423][T19351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1666.614328][T19351] RIP: 0033:0x7fa1c1d8e969
[ 1666.618754][T19351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1666.638375][T19351] RSP: 002b:00007fa1c2bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1666.646813][T19351] RAX: ffffffffffffffda RBX: 00007fa1c1fb6080 RCX: 00007fa1c1d8e969
[ 1666.654791][T19351] RDX: 0000200000000540 RSI: 00000000400442c8 RDI: 000000000000000e
[ 1666.662769][T19351] RBP: 00007fa1c1e10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1666.670752][T19351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1666.678727][T19351] R13: 0000000000000000 R14: 00007fa1c1fb6080 R15: 00007ffe519f7948
[ 1666.686720][T19351]  </TASK>
[ 1666.689942][T19351] Kernel Offset: disabled
[ 1666.694264][T19351] Rebooting in 86400 seconds..