last executing test programs:

29m50.410295623s ago: executing program 1 (id=272):
r0 = fsopen(&(0x7f0000000080)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0xa)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x25, 0xa, 0x0, 0x0, 0x2, 0x61, 0x11, 0x60}, [@initr0]}, &(0x7f0000000000)='GPL\x00'}, 0x94)
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, r1})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100))
syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x20003, 0x1, 0x2, 0x31c}, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
io_uring_setup(0x669, &(0x7f00000002c0))
pipe(&(0x7f0000000080))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x42, 0x18)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @private=0xa010101}, {0x2, 0x0, @local}, {0x2, 0x4e24, @rand_addr=0x6}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)

29m50.021450243s ago: executing program 1 (id=274):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f00000000c0)=0x94a, 0x4)
syz_emit_ethernet(0x74, &(0x7f0000000340)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00\'$', 0x3e, 0x3a, 0xff, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], @dest_unreach={0x1, 0x4, 0x0, 0x0, '\x00', {0xd, 0x6, "310300", 0xf4e, 0x0, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private1={0xfc, 0x1, '\x00', 0x1}, [@fragment={0x3a, 0x0, 0xc, 0x0, 0x0, 0x1, 0x68}], '\r\x00\x00\x00\x00\x00'}}}}}}}, 0x0)

29m48.794639989s ago: executing program 1 (id=277):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f00000005c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
socket$inet6_mptcp(0xa, 0x1, 0x106)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendto$packet(r0, &(0x7f0000000480)="7eeb99b6f78c67515ea2f0d01d76", 0xac, 0x94, &(0x7f0000000140)={0x11, 0x86dd, r2, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)

29m48.074958798s ago: executing program 1 (id=280):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x2, @local}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61"], 0x10b8}, 0x0)
recvmsg(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x140)

29m47.991253583s ago: executing program 1 (id=281):
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0xce21, @loopback}, 0x10)
setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x0)
eventfd(0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x204100)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r4, &(0x7f0000000380)=ANY=[], 0xaf)
close(r4)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r2, 0xc05c5340, 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r6, 0x8916, &(0x7f0000000180)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x82})
ioctl$sock_inet6_SIOCDIFADDR(r5, 0x8936, &(0x7f0000000140)={@loopback, 0x80})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, 0x0, 0x0)

29m47.20766611s ago: executing program 1 (id=283):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006140)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r3}, 0x50)

29m30.539207543s ago: executing program 32 (id=283):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006140)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r3}, 0x50)

9m34.9037165s ago: executing program 0 (id=2690):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000000000014000000000000002900000034000000fdffffff"], 0x188}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
pwritev(0xffffffffffffffff, &(0x7f0000000d80)=[{&(0x7f0000000780)="42ebe7f5d8dde5f3e9c5c7e7bc09d8d80f373ae4dc85e6cb597bd322663b986ff272399bec41d811a763bcd2cdc221d2ac6cdeeca815ce250ce959444e7f296cb11433", 0x43}, {0x0}, {&(0x7f0000000540)}, {&(0x7f0000000580)="1ab9a1fec95331b4b1bb5f840b0a198cb5add980a1e5cd402aaabeb7a27d1418376394238ae0a1ca9cc4187957fdca8dfa1151a311e577e1461a24", 0x3b}, {&(0x7f0000000700)}, {&(0x7f0000000d00)="7cedc13b1cbf2308b2000d3d", 0xc}], 0x6, 0x4d9e, 0x8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000f80)=ANY=[], 0xd4}}, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_COPY(r4, 0x3b83, &(0x7f0000000080)={0x28, 0x6, 0x0, 0x0, 0x0, 0x3, 0xa61})
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9m33.330966138s ago: executing program 0 (id=2692):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
symlinkat(0x0, 0xffffffffffffff9c, 0x0)
recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)}, 0x1f00)
sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)

9m30.755771766s ago: executing program 0 (id=2694):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r0, 0x0)

9m30.228839462s ago: executing program 0 (id=2698):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x26020480)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r1, 0x4068aea3, &(0x7f0000000000)={0xdc, 0x0, 0x7fffffff})

9m29.024170515s ago: executing program 0 (id=2701):
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x86, 0x2, 0x0, 0x0, 0xfffffffc)
creat(&(0x7f0000000080)='./file0\x00', 0x248)
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40043d0d, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x40, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x40}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

9m26.09878468s ago: executing program 0 (id=2704):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x3a)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES2(0xffffffffffffffff, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001, 0x4}, 0x8)
connect$inet6(r4, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

9m10.490063769s ago: executing program 33 (id=2704):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x3a)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES2(0xffffffffffffffff, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001, 0x4}, 0x8)
connect$inet6(r4, &(0x7f0000002140)={0xa, 0x4e25, 0x1, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)

3m36.82537515s ago: executing program 4 (id=3261):
bpf$PROG_LOAD(0x5, &(0x7f0000001680)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x8002)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
r3 = getpgrp(r2)
sched_setaffinity(r3, 0x8, &(0x7f0000000040)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5c5d000)
r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FS_IOC_SETFLAGS(r1, 0x40186f40, &(0x7f0000000440)=0x1f)
setsockopt$inet6_int(r0, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

3m33.329740613s ago: executing program 4 (id=3266):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs$namespace(r1, 0x0)
unshare(0x8000400)
eventfd2(0x0, 0x0)
r3 = socket(0x28, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC=r3, @ANYBLOB='\x00'/18, @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x2b, 0x13, 0x0, 0x2, 0xb, 0xa9, 0x5, 0x2, 0x1})

3m30.458411048s ago: executing program 4 (id=3268):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004600)=""/102400, 0x19000)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38)

3m27.765841015s ago: executing program 4 (id=3270):
socket(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = add_key(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = semget$private(0x0, 0x6, 0x0)
semtimedop(r4, &(0x7f0000000080)=[{0x4, 0xff, 0x1800}, {0x4, 0x2, 0x800}, {0x1, 0x0, 0x1000}], 0x3, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, 0x0, 0x20000000)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000200"/16], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0xc15c})

3m26.001183608s ago: executing program 4 (id=3271):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(0x0, 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)

3m24.827541767s ago: executing program 4 (id=3272):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x4, @empty, 0x2, 0x3}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
r7 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0xa)
fchdir(r8)
open_by_handle_at(r7, &(0x7f0000000180)=@FILEID_NILFS_WITHOUT_PARENT={0x20, 0x61, {0x6b8, 0x22281a3c, 0x1b, 0x3, 0x9615}}, 0x400002)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x188000, 0x85)
getdents64(r9, 0x0, 0x4f)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
quotactl_fd$Q_SETINFO(r6, 0xffffffff80000601, r10, &(0x7f0000000140)={0x7, 0xffe2, 0x0, 0x2})
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000000514210626bd700000000000080001"], 0x20}}, 0x0)

3m9.348562799s ago: executing program 34 (id=3272):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x4, @empty, 0x2, 0x3}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfc409000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
r7 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0xa)
fchdir(r8)
open_by_handle_at(r7, &(0x7f0000000180)=@FILEID_NILFS_WITHOUT_PARENT={0x20, 0x61, {0x6b8, 0x22281a3c, 0x1b, 0x3, 0x9615}}, 0x400002)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x188000, 0x85)
getdents64(r9, 0x0, 0x4f)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
quotactl_fd$Q_SETINFO(r6, 0xffffffff80000601, r10, &(0x7f0000000140)={0x7, 0xffe2, 0x0, 0x2})
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000000514210626bd700000000000080001"], 0x20}}, 0x0)

20.311620855s ago: executing program 2 (id=3615):
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, 0x0, 0x0)
syz_open_procfs$namespace(r1, 0x0)
unshare(0x8000400)
eventfd2(0x0, 0x0)
r3 = socket(0x28, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYRESDEC=r3, @ANYBLOB='\x00'/18, @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50)
fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
socket$kcm(0xa, 0x3, 0x3a)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000140)={0xffff2369, 0x1, 0x2})
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_AIE_ON(r0, 0x7001)
ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x2b, 0x13, 0x0, 0x2, 0xb, 0xa9, 0x5, 0x2, 0x1})

19.770728198s ago: executing program 2 (id=3616):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r1=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r2, &(0x7f0000000300)=""/102400, 0x19000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000002, 0x12, 0xffffffffffffffff, 0x0)
setresuid(0xee01, 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r4=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r4, <r5=>0xffffffffffffffff})
ppoll(&(0x7f0000000000)=[{r5}], 0x1, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000080)={<r6=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@dfltgid}]}})
close_range(r0, r5, 0x0)

18.523014214s ago: executing program 2 (id=3622):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x8008550e)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1d, 0xffff, 0x9, 0x5059, 0x40000, r0, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x50)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)

12.210740131s ago: executing program 2 (id=3636):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x16)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x79af, 0x8, 0x0, 0x272}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00'})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r5, 0x0, &(0x7f0000000200)='(', 0x1, 0x10, 0x1})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x0)

12.183187106s ago: executing program 6 (id=3637):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40001, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000300)={0x48, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x80080, 0x0)
ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f0000000280)=r1)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, 0x0)
sched_setaffinity(0x0, 0xffffffffffffff3c, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000001a40)=""/102392, 0x18ff8)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/igmp\x00')
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$pppl2tp(r4, &(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x0, r7, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x2, 0x4}}, 0x2e)
r8 = syz_open_dev$vim2m(&(0x7f0000000240), 0x8000000000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @vbi={0x41, 0x3ff, 0xdd56, 0x4f424752, [0x81, 0x80], [0x40, 0x4], 0x2}}, 0x4})
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="4000000052db66bb4d793fc0ccd1f074524045c5eb80d68f428c4fde6dc8753afc5a487d8a9c4eab211a3b216c0af5844fc61f490e17f5db", @ANYRES16=r9, @ANYBLOB="01002abd7000fbdbdf252500000008000300", @ANYRES32=r10, @ANYBLOB="0400340008002600901500000a000600ffffffffffff000004000b000800350006000000"], 0x40}, 0x1, 0x0, 0x0, 0x400d1}, 0x4000)
read$FUSE(r4, &(0x7f0000001180)={0x2020}, 0x2020)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})

12.163408892s ago: executing program 5 (id=3638):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, <r2=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x3, 0x2], [0x0, 0x0, 0x3], [0x4000000, 0xc, 0x0, 0x4]})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000280)={r2, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x9], [0x0, 0x2, 0x8, 0x8000], [0x0, 0x3, 0x400000006]})

11.178135906s ago: executing program 5 (id=3639):
syz_usb_connect$uac3(0x3, 0x80, &(0x7f0000000040)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x103d, 0x100, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6e, 0x3, 0x1, 0xd8, 0x10, 0xc, {0x8, 0xb, 0x1, 0x2, 0x1, 0x1, 0x30, 0x2}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x30, 0x0, {{0xa, 0x24, 0x1, 0x10, 0xa, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x20, 0xe, 0x0, 0x3, {0xa, 0x25, 0x25, 0x7fffffff, 0xc, 0x180}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x30, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x7f, 0x4, 0x0, {0xa, 0x25, 0x25, 0x400, 0x8f, 0x2}}}}}}}}]}}, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000640)=[{0x0}], 0x1, 0x5, 0x2)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/key-users\x00', 0x0, 0x0)
preadv(r0, &(0x7f00000003c0)=[{&(0x7f00000000c0)=""/148, 0x94}], 0x1, 0x9, 0xe7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
syz_open_dev$tty1(0xc, 0x4, 0x1)

11.095344961s ago: executing program 6 (id=3640):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x2c}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)}, 0x60044084)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]})
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003)
ioctl$VIDIOC_SUBDEV_G_FMT(r3, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}})
chdir(&(0x7f0000000280)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
fsopen(&(0x7f0000000380)='udf\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00')
sendfile(r5, r5, &(0x7f0000000240)=0x3, 0x8f)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.193047049s ago: executing program 6 (id=3643):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x800000000000)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000153000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f00005fd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x303e, &(0x7f0000000040)={0x0, 0xc8a2, 0xc000, 0x80008, 0xc0})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600100004"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

9.186970258s ago: executing program 3 (id=3644):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x8008550e)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1d, 0xffff, 0x9, 0x5059, 0x40000, r0, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x50)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)

9.010615477s ago: executing program 2 (id=3645):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c0a1}, 0x4008000)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x2, 0x7ffffff7, 0x32435750, 0x2, 0x8, [{0x1000000, 0x40}, {0xc, 0x8}, {0x400000e, 0xa0}, {0x10000, 0xfffffff0}, {0x9, 0x3}, {0x7ffffffb, 0x8}, {0xfb60, 0xe}, {0x7, 0x80000000}], 0x6, 0x78, 0x0, 0x1, 0x6}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'veth0_to_bond\x00', 0x10})
socket$kcm(0x2, 0x3, 0x2)
write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfdef)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x800448d2, 0xfffffffffffffffe)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000780), 0x101, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x4, 0xff, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
bind$rds(0xffffffffffffffff, 0x0, 0x0)

9.010115607s ago: executing program 5 (id=3646):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x7, 0xfc, 0xe1, 0x0, 0x6, 0xd9, 0x40, 0x1, 0xfb, 0x0, 0xc, 0x0, 0x0, 0x40, 0x1, 0x5}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x6e, 0x0, 0x0, 0x21, 0x3, 0x4, 0x106c, 0x80000001, 0x8000000000000, 0x80000004000080, 0x0, 0xd, 0x0, 0x0, 0x0, 0x8004], 0x1, 0x3c4210})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.162576385s ago: executing program 3 (id=3647):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
r5 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r4, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, 0x0)

5.754070582s ago: executing program 3 (id=3648):
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x3, 0x2], [0x0, 0x0, 0x3], [0x4000000, 0xc, 0x0, 0x4]})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [0x0, 0x0, 0x8, 0x8000], [0x0, 0x3, 0x400000006]})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

5.609256957s ago: executing program 2 (id=3649):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
recvmmsg(r0, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}, 0xfffffff0}], 0x1, 0x2b, 0x0)
memfd_create(&(0x7f0000000000)='-&:{-\xaa]{\x00', 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x8054)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = dup(r3)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)}, 0x4048043)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000500)={0x0, 0x2, 0x10}, 0xc)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000006800010002000000fcffff7f0000000000000000040002000100000004000000"], 0x24}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001808dd8d000000000000000002001000fe0400010000002008001e0002000000"], 0x24}, 0x1, 0x0, 0x0, 0x4a044}, 0x4010)
sendmsg$nl_route(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x24}}, 0x20000000)
write$tcp_mem(r5, &(0x7f00000003c0)={0xff, 0x2d, 0x0, 0x3a, 0x1, 0x2c}, 0x48)
fanotify_mark(0xffffffffffffffff, 0x2, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x5, &(0x7f0000000040)=0x7, 0x4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)

5.596573734s ago: executing program 6 (id=3650):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r0, &(0x7f0000004b80)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)

5.378836725s ago: executing program 5 (id=3651):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x2c}}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)}, 0x60044084)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000000)={[{@upperdir, 0x5c}]})
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x1a1003)
ioctl$VIDIOC_SUBDEV_G_FMT(r3, 0xc0585604, &(0x7f00000000c0)={0x0, 0x0, {0xfffff001, 0x1, 0x2019, 0x5, 0x6, 0x4, 0x2, 0x3}})
chdir(&(0x7f0000000280)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
fsopen(&(0x7f0000000380)='udf\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x20, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0xfffe}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ip6_tables_matches\x00')
sendfile(r5, r5, &(0x7f0000000240)=0x3, 0x8f)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.376171285s ago: executing program 6 (id=3652):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = syz_io_uring_setup(0x111, &(0x7f0000000100)={0x0, 0x4413, 0x2, 0x1}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000180))
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x200, 0x0, 0x4)
io_uring_enter(r0, 0x7c00, 0x9409, 0xf, 0x0, 0x0)

3.492927827s ago: executing program 6 (id=3653):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2e)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x51, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
recvmmsg$unix(r4, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}, 0x4000}], 0x600, 0x0, 0x0)

3.268787126s ago: executing program 5 (id=3654):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x781281, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03", 0x3}], 0x1}, 0x0)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000300), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d80)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010426bd7000f8dbdf250200000008000100", @ANYRES32=r3], 0x1c}}, 0x4008054)
write$nci(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="5001"], 0x14)

2.870771275s ago: executing program 5 (id=3655):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50)
ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x8008550e)
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x1d, 0xffff, 0x9, 0x5059, 0x40000, r0, 0x200, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x50)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x48)

2.392386779s ago: executing program 3 (id=3656):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000100900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0)
timer_create(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1.718927218s ago: executing program 3 (id=3657):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0xdc, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff, 0x6})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
r5 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r5, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000380)={0x28, 0x7, r4, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, 0x0)

0s ago: executing program 3 (id=3658):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x1000, 0x80000100008a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c0a1}, 0x4008000)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x2, 0x7ffffff7, 0x32435750, 0x2, 0x8, [{0x1000000, 0x40}, {0xc, 0x8}, {0x400000e, 0xa0}, {0x10000, 0xfffffff0}, {0x9, 0x3}, {0x7ffffffb, 0x8}, {0xfb60, 0xe}, {0x7, 0x80000000}], 0x6, 0x78, 0x0, 0x1, 0x6}})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'veth0_to_bond\x00', 0x10})
socket$kcm(0x2, 0x3, 0x2)
write$tun(0xffffffffffffffff, &(0x7f0000000240)=ANY=[], 0xfdef)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r2, 0x800448d2, 0xfffffffffffffffe)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e22, @broadcast}, 0x2, 0x9800}}, 0x2e)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000780), 0x101, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x4, 0xff, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
bind$rds(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):


[ 1198.427133][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1198.466439][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1198.473705][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1200.577617][T14234] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1200.748758][T14234] veth0_vlan: entered promiscuous mode
[ 1200.789218][T14234] veth1_vlan: entered promiscuous mode
[ 1200.930098][T14234] veth0_macvtap: entered promiscuous mode
[ 1201.007744][T14234] veth1_macvtap: entered promiscuous mode
[ 1201.130667][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1201.199292][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.211883][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1201.223826][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.243683][T14234] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1201.278559][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1201.324010][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.388622][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1201.420968][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1201.440341][T14234] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1201.497732][T14234] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1201.519810][T14234] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1201.551002][T14234] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1201.599790][T14234] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1202.545754][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1202.566359][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.197221][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1203.208726][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1203.876973][T14496] overlayfs: missing 'lowerdir'
[ 1203.938429][T14497] ntfs3: nbd2: try to read out of volume at offset 0x0
[ 1204.017197][T14499] netlink: 'syz.3.2323': attribute type 4 has an invalid length.
[ 1204.025316][T14499] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2323'.
[ 1204.068396][T14499] .`: renamed from bond0 (while UP)
[ 1204.140852][T14500] overlayfs: empty lowerdir
[ 1204.658377][  T968] usb 1-1: USB disconnect, device number 2
[ 1207.366829][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.817451][T14235] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1207.829670][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1207.851882][T14235] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1207.863870][T14235] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1207.896616][T14235] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1207.905205][T14235] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1207.917114][T14235] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1208.604824][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1208.799105][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1210.031617][ T5082] Bluetooth: hci1: command tx timeout
[ 1212.111527][ T5082] Bluetooth: hci1: command tx timeout
[ 1212.764546][T14522] chnl_net:caif_netlink_parms(): no params data found
[ 1214.192053][ T5082] Bluetooth: hci1: command tx timeout
[ 1214.526070][T14522] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1214.583477][T14522] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1214.590882][T14522] bridge_slave_0: entered allmulticast mode
[ 1214.640072][T14522] bridge_slave_0: entered promiscuous mode
[ 1214.825613][T14522] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1214.872055][T14522] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1214.892638][T14522] bridge_slave_1: entered allmulticast mode
[ 1214.900190][T14522] bridge_slave_1: entered promiscuous mode
[ 1215.594576][T14522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1215.734681][T14605] bridge0: entered promiscuous mode
[ 1215.741282][T14605] macsec1: entered promiscuous mode
[ 1215.779605][T14522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1215.820894][T14612] overlayfs: missing 'lowerdir'
[ 1216.066397][T14614] overlayfs: empty lowerdir
[ 1216.282654][ T5082] Bluetooth: hci1: command tx timeout
[ 1216.437403][T14522] team0: Port device team_slave_0 added
[ 1216.484719][T14522] team0: Port device team_slave_1 added
[ 1216.567538][T14522] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1216.631480][T14522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1216.949540][T14522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1217.110602][T14615] netlink: 'syz.2.2404': attribute type 4 has an invalid length.
[ 1217.241641][T14615] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2404'.
[ 1217.293348][T14615] wlan1: mtu less than device minimum
[ 1217.437125][   T11] bond0: (slave wlan1): Releasing backup interface
[ 1217.467032][T14522] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1217.487959][T14522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1217.570503][T14522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1219.458843][T14633] kvm: pic: non byte write
[ 1219.672337][   T11] hsr_slave_0: left promiscuous mode
[ 1219.732066][   T11] hsr_slave_1: left promiscuous mode
[ 1219.738003][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1219.752639][   T11] bridge_slave_1: left allmulticast mode
[ 1219.770732][   T11] bridge_slave_1: left promiscuous mode
[ 1219.781825][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1219.814154][   T11] bridge_slave_0: left allmulticast mode
[ 1219.819840][   T11] bridge_slave_0: left promiscuous mode
[ 1219.846422][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1220.961983][   T11] bridge0: left promiscuous mode
[ 1221.124401][   T11] veth1_macvtap: left promiscuous mode
[ 1221.130107][   T11] veth0_macvtap: left promiscuous mode
[ 1221.143892][   T11] veth1_vlan: left promiscuous mode
[ 1221.149337][   T11] veth0_vlan: left promiscuous mode
[ 1226.630552][   T11] team0 (unregistering): Port device team_slave_1 removed
[ 1226.864211][   T11] team0 (unregistering): Port device team_slave_0 removed
[ 1227.031137][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1227.085047][T14673] kvm: pic: non byte write
[ 1227.176251][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1228.037762][   T11] bond0 (unregistering): (slave batadv0): Releasing backup interface
[ 1228.289080][   T11] bond0 (unregistering): Released all slaves
[ 1228.688494][T14656] bridge0: entered promiscuous mode
[ 1228.694995][T14656] macsec1: entered promiscuous mode
[ 1228.743954][T14522] hsr_slave_0: entered promiscuous mode
[ 1228.782174][T14522] hsr_slave_1: entered promiscuous mode
[ 1229.611937][   T11] IPVS: stop unused estimator thread 0...
[ 1230.391717][T14522] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1230.453692][T14522] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1230.520444][T14522] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1230.654843][T14522] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1231.076832][T14522] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1231.139344][T14522] 8021q: adding VLAN 0 to HW filter on device team0
[ 1231.183003][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1231.190154][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1231.343719][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1231.350985][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1232.280095][T14522] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1232.438891][T14522] veth0_vlan: entered promiscuous mode
[ 1232.484163][T14522] veth1_vlan: entered promiscuous mode
[ 1232.612559][T14522] veth0_macvtap: entered promiscuous mode
[ 1232.667305][T14522] veth1_macvtap: entered promiscuous mode
[ 1232.763816][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1232.815639][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1232.838619][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1232.857625][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1232.942967][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1233.005488][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1233.039845][T14522] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1233.106022][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1233.137283][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1233.239598][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1233.277687][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1233.335748][T14522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1233.401447][T14522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1233.444038][T14522] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1233.517538][T14522] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.591377][T14522] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.632068][T14522] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.812028][T14522] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1234.449059][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.461837][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1235.117592][T14775] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1238.189837][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1238.281160][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1238.561296][T14798] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2440'.
[ 1239.115604][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.122951][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1241.276390][T14235] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1241.286554][T14235] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1241.295150][T14235] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1241.303864][T14235] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1241.313718][T14235] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1241.321658][T14235] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1242.036165][T14833] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2451'.
[ 1243.285022][   T59] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1244.276045][ T5082] Bluetooth: hci2: command tx timeout
[ 1245.508318][   T59] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.729256][   T59] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1245.896069][   T59] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1246.190298][T14818] chnl_net:caif_netlink_parms(): no params data found
[ 1246.281827][ T6340] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[ 1246.351559][ T5082] Bluetooth: hci2: command tx timeout
[ 1246.516521][T14818] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1246.524614][T14818] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1246.531064][T14856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1246.532630][T14818] bridge_slave_0: entered allmulticast mode
[ 1246.549721][T14818] bridge_slave_0: entered promiscuous mode
[ 1246.558625][T14856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1246.621590][T14818] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1246.629060][T14818] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1246.630776][ T6340] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1246.641670][T14818] bridge_slave_1: entered allmulticast mode
[ 1246.657258][T14818] bridge_slave_1: entered promiscuous mode
[ 1246.702719][ T6340] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1246.728482][T14818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1246.747158][ T6340] usb 1-1: can't read configurations, error -71
[ 1246.824876][T14818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1246.966655][T14818] team0: Port device team_slave_0 added
[ 1246.985366][T14818] team0: Port device team_slave_1 added
[ 1247.082569][T14818] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1247.105471][T14818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1247.217265][T14818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1247.829237][T14818] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1247.857231][T14818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1248.001425][T14818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1248.367447][   T59] bond0: (slave wlan1): Releasing backup interface
[ 1248.431602][ T5082] Bluetooth: hci2: command tx timeout
[ 1248.594163][T14818] hsr_slave_0: entered promiscuous mode
[ 1248.658127][T14818] hsr_slave_1: entered promiscuous mode
[ 1248.757480][T14818] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1248.779495][T14818] Cannot create hsr debugfs directory
[ 1250.523291][ T5082] Bluetooth: hci2: command tx timeout
[ 1250.730015][   T59] hsr_slave_0: left promiscuous mode
[ 1250.871120][   T59] hsr_slave_1: left promiscuous mode
[ 1252.821544][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1252.829352][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1252.892656][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1252.900140][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1252.952199][   T59] bridge_slave_1: left allmulticast mode
[ 1252.957913][   T59] bridge_slave_1: left promiscuous mode
[ 1252.971629][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1253.032432][   T59] bridge_slave_0: left allmulticast mode
[ 1253.038153][   T59] bridge_slave_0: left promiscuous mode
[ 1253.066356][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1254.230903][   T59] bridge0: left promiscuous mode
[ 1254.272690][   T59] veth1_macvtap: left promiscuous mode
[ 1254.278957][   T59] veth0_macvtap: left promiscuous mode
[ 1254.285945][   T59] veth1_vlan: left promiscuous mode
[ 1254.291782][   T59] veth0_vlan: left promiscuous mode
[ 1257.006242][T14928] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1257.252623][ T6929] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[ 1257.478544][ T6929] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[ 1257.488390][ T6929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1257.496789][ T6929] usb 1-1: Product: syz
[ 1257.501474][ T6929] usb 1-1: Manufacturer: syz
[ 1257.506162][ T6929] usb 1-1: SerialNumber: syz
[ 1257.536990][ T6929] usb 1-1: config 0 descriptor??
[ 1257.617136][ T6929] gspca_main: sq905c-2.14.0 probing 2770:9052
[ 1258.248200][T14937] kAFS: No cell specified
[ 1260.054650][ T5805] usb 1-1: USB disconnect, device number 5
[ 1260.484578][   T59] team0 (unregistering): Port device team_slave_1 removed
[ 1260.637021][T14953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2485'.
[ 1261.351722][   T59] team0 (unregistering): Port device team_slave_0 removed
[ 1261.969540][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1262.185952][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1262.267103][T14961] kAFS: No cell specified
[ 1265.105336][T14981] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2494'.
[ 1266.514087][   T59] bond0 (unregistering): Released all slaves
[ 1268.065629][   T59] vcan0 (unregistering): left allmulticast mode
[ 1268.571542][ T6340] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[ 1268.596183][T15011] overlayfs: missing 'lowerdir'
[ 1268.789563][ T6340] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[ 1268.804256][ T6340] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1268.813338][ T6340] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1268.831783][ T6340] usb 1-1: config 220 has no interface number 2
[ 1268.838281][ T6340] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1269.105944][T15018] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2504'.
[ 1269.830947][ T6340] usb 1-1: config 220 interface 0 has no altsetting 0
[ 1269.921802][ T6340] usb 1-1: config 220 interface 76 has no altsetting 0
[ 1269.928748][ T6340] usb 1-1: config 220 interface 1 has no altsetting 0
[ 1269.938969][ T6340] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1269.961869][ T6340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1269.991514][ T6340] usb 1-1: Product: syz
[ 1269.995749][ T6340] usb 1-1: Manufacturer: syz
[ 1270.001600][ T6340] usb 1-1: SerialNumber: syz
[ 1270.121248][T15014] netlink: 'syz.4.2503': attribute type 4 has an invalid length.
[ 1270.129872][T15014] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2503'.
[ 1270.355256][T15014] wlan1: mtu less than device minimum
[ 1270.491188][ T6340] usb 1-1: selecting invalid altsetting 0
[ 1270.512646][ T6340] usb 1-1: Found UVC 7.01 device syz (8086:0b07)
[ 1270.519238][ T6340] usb 1-1: No valid video chain found.
[ 1270.569712][ T6340] usb 1-1: selecting invalid altsetting 0
[ 1270.579630][ T6340] usbtest: probe of 1-1:220.1 failed with error -22
[ 1270.604475][ T6340] usb 1-1: USB disconnect, device number 6
[ 1272.313817][   T59] IPVS: stop unused estimator thread 0...
[ 1272.785266][T15049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2512'.
[ 1273.674044][ T6929] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1275.304523][ T6929] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1275.321432][ T6929] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1275.348444][ T6929] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1275.373655][ T6929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.409379][ T6929] usb 4-1: Product: syz
[ 1275.427623][ T6929] usb 4-1: Manufacturer: syz
[ 1275.437647][ T6929] usb 4-1: SerialNumber: syz
[ 1275.478563][ T6929] usb 4-1: config 0 descriptor??
[ 1275.487742][T14818] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1275.493152][ T6929] usb 4-1: can't set config #0, error -71
[ 1275.515108][ T6929] usb 4-1: USB disconnect, device number 26
[ 1275.555114][T14818] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1275.693236][T14818] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1275.723792][T14818] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1275.993323][T14818] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1276.020673][T14818] 8021q: adding VLAN 0 to HW filter on device team0
[ 1276.053297][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1276.060400][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1276.080736][ T2906] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1276.087907][ T2906] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1277.818719][T14818] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1278.145641][T14818] veth0_vlan: entered promiscuous mode
[ 1278.194438][T14818] veth1_vlan: entered promiscuous mode
[ 1278.375223][T14818] veth0_macvtap: entered promiscuous mode
[ 1278.482988][T14818] veth1_macvtap: entered promiscuous mode
[ 1279.034769][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1279.071695][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.119261][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1279.136473][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.151358][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1279.198536][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.242046][T14818] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1279.351089][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1279.381364][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.401528][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1279.412483][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.432822][T14818] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1279.468427][T14818] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1279.522810][T14818] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1279.576631][T14818] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1279.591375][T14818] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1279.631379][T14818] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1280.615083][T14818] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1281.101051][   T38] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1281.125981][   T38] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1281.226820][T14357] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1281.272002][T14357] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1287.523426][T15194] overlayfs: failed to resolve './file1': -2
[ 1289.498148][T15221] kvm: pic: non byte write
[ 1290.889786][T15232] overlayfs: failed to resolve './file1': -2
[ 1291.633617][ T6340] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[ 1291.874718][ T6340] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[ 1291.894636][ T6340] usb 1-1: config 0 has no interface number 0
[ 1291.921482][ T6340] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[ 1291.936535][ T6340] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1291.978330][ T6340] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 1291.995416][ T6340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1292.014295][ T6340] usb 1-1: Product: syz
[ 1292.018645][ T6340] usb 1-1: Manufacturer: syz
[ 1292.026143][ T6340] usb 1-1: SerialNumber: syz
[ 1292.043548][ T6340] usb 1-1: config 0 descriptor??
[ 1292.058073][T15237] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1292.072543][ T6340] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[ 1292.109516][ T6340] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1292.296513][    C1] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22
[ 1293.794100][ T6340] usb 1-1: USB disconnect, device number 7
[ 1293.833141][ T6340] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1293.870598][ T6340] cyberjack 1-1:0.69: device disconnected
[ 1300.526614][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.541518][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.471027][T15305] afs: Unknown parameter 'dy'
[ 1303.410109][T14235] Bluetooth: hci4: command 0x0406 tx timeout
[ 1304.241517][ T6340] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1304.463776][ T6340] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1304.489262][ T6340] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1305.574380][ T6340] usb 4-1: config 220 has no interface number 2
[ 1305.626008][ T6340] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1305.672636][ T6340] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1305.679584][ T6340] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1305.708475][ T6340] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1305.734882][ T6340] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1305.747825][ T6340] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1305.773675][ T6340] usb 4-1: Product: syz
[ 1305.790110][ T6340] usb 4-1: Manufacturer: syz
[ 1305.810486][ T6340] usb 4-1: SerialNumber: syz
[ 1306.048454][ T6340] usb 4-1: selecting invalid altsetting 0
[ 1306.087375][ T6340] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1306.106054][ T6340] usb 4-1: No valid video chain found.
[ 1306.160842][ T6340] usb 4-1: selecting invalid altsetting 0
[ 1306.174894][ T6340] usbtest: probe of 4-1:220.1 failed with error -22
[ 1306.210665][ T6340] usb 4-1: USB disconnect, device number 27
[ 1306.695907][T15330] kvm: pic: non byte write
[ 1307.798897][T15337] afs: Unknown parameter 'dy'
[ 1308.036590][T15346] ntfs3: nbd0: try to read out of volume at offset 0x0
[ 1309.847454][T15365] overlayfs: missing 'lowerdir'
[ 1309.888925][T15365] netlink: 'syz.3.2587': attribute type 4 has an invalid length.
[ 1309.896738][T15365] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2587'.
[ 1309.913743][T15365] overlayfs: empty lowerdir
[ 1312.882454][T15383] afs: Unknown parameter 'dy'
[ 1313.384423][T15388] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1314.100624][T15393] overlayfs: missing 'lowerdir'
[ 1314.137345][T15393] netlink: 'syz.2.2597': attribute type 4 has an invalid length.
[ 1314.145206][T15393] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2597'.
[ 1314.158360][T15393] .`: renamed from bond0 (while UP)
[ 1314.225744][T15395] overlayfs: empty lowerdir
[ 1325.699753][T15465] ntfs3: nbd3: try to read out of volume at offset 0x0
[ 1331.677487][T15501] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1335.185233][T15519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2632'.
[ 1335.623056][T15516] bridge0: entered promiscuous mode
[ 1335.628343][T15516] macsec1: entered promiscuous mode
[ 1339.124119][T15537] ubi31: attaching mtd0
[ 1339.132772][T15537] ubi31: scanning is finished
[ 1339.583017][T15537] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[ 1339.732190][T15533] overlayfs: missing 'lowerdir'
[ 1341.424825][T15542] netlink: 'syz.3.2634': attribute type 4 has an invalid length.
[ 1341.446414][T15542] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2634'.
[ 1341.557541][T15533] overlayfs: empty lowerdir
[ 1342.616457][T15558] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[ 1342.625841][T15558] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[ 1342.634975][T15558] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[ 1342.644092][T15558] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[ 1342.741715][T15558] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1342.805192][T15558] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1342.835442][T15558] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1342.874695][T15558] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[ 1342.945848][T15558] geneve2: entered promiscuous mode
[ 1343.122289][T15558] geneve2: entered allmulticast mode
[ 1343.761563][   T28] audit: type=1804 audit(1772865514.950:17): pid=15563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2646" name="/newroot/56/file1" dev="fuse" ino=1 res=1 errno=0
[ 1344.047699][T15568] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1348.756465][T15588] overlayfs: missing 'lowerdir'
[ 1349.022632][T15589] netlink: 'syz.4.2652': attribute type 4 has an invalid length.
[ 1349.030619][T15589] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2652'.
[ 1349.131226][T15589] wlan1: mtu less than device minimum
[ 1349.563706][T15588] overlayfs: empty lowerdir
[ 1349.786979][   T28] audit: type=1804 audit(1772865521.010:18): pid=15597 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2656" name="/newroot/576/file1" dev="fuse" ino=1 res=1 errno=0
[ 1351.669337][T15610] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1358.921979][T14235] Bluetooth: hci1: command 0x0406 tx timeout
[ 1359.266991][   T28] audit: type=1804 audit(1772865530.490:19): pid=15675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2678" name="/newroot/66/file1" dev="fuse" ino=1 res=1 errno=0
[ 1361.956720][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.971626][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1364.241562][ T5769] Bluetooth: hci2: command 0x0406 tx timeout
[ 1373.279102][T15751] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1379.860376][T15788] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2714'.
[ 1385.924794][T15819] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2723'.
[ 1391.762808][ T5769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1391.776224][ T5769] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1391.784625][ T5769] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1392.788940][ T5769] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1392.823935][ T5769] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1392.831838][ T5769] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1394.322573][T15839] chnl_net:caif_netlink_parms(): no params data found
[ 1395.301371][ T5082] Bluetooth: hci1: command tx timeout
[ 1397.381523][ T5082] Bluetooth: hci1: command tx timeout
[ 1397.807929][ T2906] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1398.777551][ T2906] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1399.581535][ T5082] Bluetooth: hci1: command tx timeout
[ 1399.944091][T15839] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1399.985584][T15839] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1400.006345][T15839] bridge_slave_0: entered allmulticast mode
[ 1400.053414][T15839] bridge_slave_0: entered promiscuous mode
[ 1400.172940][T15839] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1400.357825][T15839] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1400.643541][T15839] bridge_slave_1: entered allmulticast mode
[ 1400.868512][T15839] bridge_slave_1: entered promiscuous mode
[ 1401.018755][ T2906] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1401.543638][T15886] ubi31: attaching mtd0
[ 1401.556144][T15886] ubi31: scanning is finished
[ 1402.421354][ T5082] Bluetooth: hci1: command tx timeout
[ 1402.427414][T15886] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[ 1402.762739][ T2906] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1402.817979][T15839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1402.898758][T15839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1405.846637][T15839] team0: Port device team_slave_0 added
[ 1405.874218][T15839] team0: Port device team_slave_1 added
[ 1407.123874][T15839] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1407.227529][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1407.309028][   T28] audit: type=1804 audit(1772865578.530:20): pid=15917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2745" name="/newroot/603/file1" dev="fuse" ino=1 res=1 errno=0
[ 1407.341418][T15839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1407.403354][T15839] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1407.431604][T15839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1407.511557][T15839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1407.876006][T15839] hsr_slave_0: entered promiscuous mode
[ 1407.948660][T15839] hsr_slave_1: entered promiscuous mode
[ 1407.971885][T15839] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1407.979507][T15839] Cannot create hsr debugfs directory
[ 1410.213208][T15943] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[ 1410.262943][T15943] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1410.565478][T15839] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1411.488896][T15839] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1411.515695][T15839] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1411.535585][T15839] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1411.672719][   T28] audit: type=1804 audit(1772865582.900:21): pid=15961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2753" name="/newroot/608/file1" dev="fuse" ino=1 res=1 errno=0
[ 1412.374564][T15839] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1412.544278][T15839] 8021q: adding VLAN 0 to HW filter on device team0
[ 1412.691133][ T2906] hsr_slave_0: left promiscuous mode
[ 1412.713651][ T2906] hsr_slave_1: left promiscuous mode
[ 1412.819176][ T2906] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1412.935213][ T2906] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1413.091933][ T2906] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1413.541890][ T2906] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1413.574457][T15981] overlayfs: missing 'lowerdir'
[ 1413.602462][ T2906] bridge_slave_1: left allmulticast mode
[ 1413.608275][ T2906] bridge_slave_1: left promiscuous mode
[ 1413.664105][ T2906] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1413.680913][ T2906] bridge_slave_0: left allmulticast mode
[ 1413.692578][ T2906] bridge_slave_0: left promiscuous mode
[ 1413.698488][ T2906] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1413.981597][    T8] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1414.233520][ T2906] veth1_macvtap: left promiscuous mode
[ 1414.239116][ T2906] veth0_macvtap: left promiscuous mode
[ 1414.253931][    T8] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1414.262677][    T8] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1414.282319][ T2906] veth1_vlan: left promiscuous mode
[ 1414.298525][ T2906] veth0_vlan: left promiscuous mode
[ 1414.306916][    T8] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1414.347044][    T8] usb 3-1: config 220 has no interface number 2
[ 1414.369991][    T8] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1414.419651][    T8] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1414.468624][    T8] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1414.489405][    T8] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1414.507549][    T8] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1414.519929][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1414.535461][    T8] usb 3-1: Product: syz
[ 1414.540104][    T8] usb 3-1: Manufacturer: syz
[ 1414.549170][    T8] usb 3-1: SerialNumber: syz
[ 1414.853835][    T8] usb 3-1: selecting invalid altsetting 0
[ 1415.404468][    T8] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1415.410953][    T8] usb 3-1: No valid video chain found.
[ 1415.436656][    T8] usb 3-1: selecting invalid altsetting 0
[ 1415.442512][    T8] usbtest: probe of 3-1:220.1 failed with error -22
[ 1415.454617][    T8] usb 3-1: USB disconnect, device number 21
[ 1415.740652][T15999] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2761'.
[ 1415.987088][   T28] audit: type=1804 audit(1772865587.210:22): pid=16007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2763" name="/newroot/612/file1" dev="fuse" ino=1 res=1 errno=0
[ 1416.241689][T16014] overlayfs: missing 'lowerdir'
[ 1416.752113][T14998] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1416.951472][T14998] usb 4-1: Using ep0 maxpacket: 32
[ 1417.170367][ T2906] team0 (unregistering): Port device team_slave_1 removed
[ 1417.561443][T14998] usb 4-1: config 0 has an invalid interface number: 85 but max is 0
[ 1417.569767][T14998] usb 4-1: config 0 has no interface number 0
[ 1417.951819][T14998] usb 4-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1417.963006][T14998] usb 4-1: config 0 interface 85 has no altsetting 0
[ 1417.981461][T14998] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1417.990975][T14998] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1418.000577][T14998] usb 4-1: Product: syz
[ 1418.010788][T14998] usb 4-1: Manufacturer: syz
[ 1418.020999][T14998] usb 4-1: SerialNumber: syz
[ 1418.061075][ T2906] team0 (unregistering): Port device team_slave_0 removed
[ 1418.132026][T14998] usb 4-1: config 0 descriptor??
[ 1418.205925][ T2906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1419.219402][ T2906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1419.649923][T16027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2770'.
[ 1419.787007][T14998] appletouch 4-1:0.85: Geyser mode initialized.
[ 1419.797189][T14998] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.85/input/input25
[ 1420.314714][  T968] usb 4-1: USB disconnect, device number 28
[ 1420.420857][  T968] appletouch 4-1:0.85: input: appletouch disconnected
[ 1420.496239][T16037] overlayfs: missing 'lowerdir'
[ 1420.563217][   T28] audit: type=1804 audit(1772865591.790:23): pid=16040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.2775" name="/newroot/74/file1" dev="fuse" ino=1 res=1 errno=0
[ 1422.692912][ T2906] bond0 (unregistering): Released all slaves
[ 1422.975386][T16054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2779'.
[ 1423.412024][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.418474][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.452738][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1423.459926][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1423.612738][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1423.619926][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1426.559712][T15839] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1426.652870][   T28] audit: type=1804 audit(1772865597.880:24): pid=16091 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2786" name="/newroot/621/file1" dev="fuse" ino=1 res=1 errno=0
[ 1428.130308][T15839] veth0_vlan: entered promiscuous mode
[ 1428.199253][T15839] veth1_vlan: entered promiscuous mode
[ 1428.317957][T15839] veth0_macvtap: entered promiscuous mode
[ 1429.794581][T15839] veth1_macvtap: entered promiscuous mode
[ 1429.975267][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1430.001352][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.031315][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1430.061346][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.204465][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1430.215642][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.230017][T15839] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1430.256009][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1430.276033][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.381287][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1430.406910][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.420592][T15839] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1430.443699][T15839] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1430.471181][T15839] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1430.634436][T15839] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.669399][T15839] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.700036][T15839] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1430.734757][T15839] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1431.262151][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.300281][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1431.522591][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1431.592304][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1433.123911][   T28] audit: type=1804 audit(1772865604.340:25): pid=16159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.2797" name="/newroot/1/file1" dev="fuse" ino=1 res=1 errno=0
[ 1436.711481][ T5769] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1436.733931][T16194] GUP no longer grows the stack in syz.5.2804 (16194): 200000006000-200000008000 (200000004000)
[ 1436.745266][T16194] CPU: 0 PID: 16194 Comm: syz.5.2804 Not tainted syzkaller #0
[ 1436.752783][T16194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1436.762886][T16194] Call Trace:
[ 1436.766217][T16194]  <TASK>
[ 1436.769169][T16194]  dump_stack_lvl+0x18c/0x250
[ 1436.773931][T16194]  ? show_regs_print_info+0x20/0x20
[ 1436.779135][T16194]  ? load_image+0x400/0x400
[ 1436.783755][T16194]  ? find_vma+0x134/0x1b0
[ 1436.788120][T16194]  fixup_user_fault+0x642/0x700
[ 1436.792977][T16194]  fault_in_user_writeable+0x71/0xd0
[ 1436.798375][T16194]  futex_lock_pi+0x274/0x9a0
[ 1436.802973][T16194]  ? fixup_pi_state_owner+0x5e0/0x5e0
[ 1436.808363][T16194]  ? up_read+0x20/0x20
[ 1436.812441][T16194]  ? userfaultfd_unmap_complete+0x29f/0x320
[ 1436.818374][T16194]  do_futex+0x23d/0x3e0
[ 1436.822529][T16194]  ? __ia32_sys_get_robust_list+0x110/0x110
[ 1436.828423][T16194]  __se_sys_futex+0x3a9/0x440
[ 1436.833103][T16194]  ? __x64_sys_futex+0xf0/0xf0
[ 1436.837872][T16194]  ? __x64_sys_futex+0x21/0xf0
[ 1436.842720][T16194]  do_syscall_64+0x55/0xa0
[ 1436.847133][T16194]  ? clear_bhb_loop+0x40/0x90
[ 1436.851899][T16194]  ? clear_bhb_loop+0x40/0x90
[ 1436.856652][T16194]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1436.862584][T16194] RIP: 0033:0x7fcaee39c799
[ 1436.867024][T16194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1436.886664][T16194] RSP: 002b:00007fcaec5d5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1436.895078][T16194] RAX: ffffffffffffffda RBX: 00007fcaee616090 RCX: 00007fcaee39c799
[ 1436.903047][T16194] RDX: 00000000fffff7fc RSI: 000000000000008d RDI: 0000200000004000
[ 1436.911013][T16194] RBP: 00007fcaee432bd9 R08: 0000000000000000 R09: 0000000000000000
[ 1436.919079][T16194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1436.927042][T16194] R13: 00007fcaee616128 R14: 00007fcaee616090 R15: 00007fffa5c0f8a8
[ 1436.935020][T16194]  </TASK>
[ 1437.491941][ T5769] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1437.500577][ T5769] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1437.523344][ T5769] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1437.531202][ T5769] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1437.551799][ T5769] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1437.666609][T16202] binder: BINDER_SET_CONTEXT_MGR already set
[ 1437.684076][T15862] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1437.842682][T16202] binder: 16196:16202 ioctl 4018620d 200000004a80 returned -16
[ 1438.470486][T15862] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1438.775508][T15862] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1438.976759][   T28] audit: type=1804 audit(1772865610.200:26): pid=16211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2808" name="/newroot/86/file1" dev="fuse" ino=1 res=1 errno=0
[ 1438.997755][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1439.102048][T15862] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1439.632626][ T5769] Bluetooth: hci0: command tx timeout
[ 1440.932040][T16197] chnl_net:caif_netlink_parms(): no params data found
[ 1441.057281][T15862] tipc: Left network mode
[ 1441.711618][ T5769] Bluetooth: hci0: command tx timeout
[ 1442.611996][T16197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1442.781449][T16197] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1442.819477][T16197] bridge_slave_0: entered allmulticast mode
[ 1442.881663][T16197] bridge_slave_0: entered promiscuous mode
[ 1443.078046][T16197] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1443.121399][T16197] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1443.251404][T16197] bridge_slave_1: entered allmulticast mode
[ 1443.258361][T16197] bridge_slave_1: entered promiscuous mode
[ 1443.474600][T16197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1443.730487][T16197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1443.820440][ T5769] Bluetooth: hci0: command tx timeout
[ 1444.954349][T16197] team0: Port device team_slave_0 added
[ 1445.171561][T16197] team0: Port device team_slave_1 added
[ 1445.871552][ T5769] Bluetooth: hci0: command tx timeout
[ 1446.557330][T16197] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1446.604724][T16197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1446.701392][T16197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1449.165336][T16197] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1449.196797][T16197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1449.314013][T16197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1449.657854][T16197] hsr_slave_0: entered promiscuous mode
[ 1449.756661][T16297] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1450.409457][T16197] hsr_slave_1: entered promiscuous mode
[ 1461.206829][T16361] blktrace: Concurrent blktraces are not allowed on loop4
[ 1461.372092][T15862] bond0: (slave wlan1): Releasing backup interface
[ 1461.384294][T16364] relay: one or more items not logged [item size (56) > sub-buffer size (14)]
[ 1465.284998][T16205] syz.3.2806 (16205) used greatest stack depth: 18384 bytes left
[ 1466.150555][T15862] hsr_slave_0: left promiscuous mode
[ 1466.962766][T15862] hsr_slave_1: left promiscuous mode
[ 1467.243524][T15862] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1467.251011][T15862] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1467.272953][T15862] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1467.300872][T15862] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1471.102258][T15862] veth1_macvtap: left promiscuous mode
[ 1471.107855][T15862] veth0_macvtap: left promiscuous mode
[ 1471.131500][T15862] veth1_vlan: left promiscuous mode
[ 1471.191450][T15862] veth0_vlan: left promiscuous mode
[ 1475.018340][T15862] team0 (unregistering): Port device team_slave_1 removed
[ 1475.326897][T15862] team0 (unregistering): Port device team_slave_0 removed
[ 1475.585350][T15862] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1475.722802][T15862] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1478.870391][T15862] bond0 (unregistering): Released all slaves
[ 1478.982150][T15862] vcan0 (unregistering): left allmulticast mode
[ 1480.264131][T16197] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1480.374863][T16197] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1480.445538][T16197] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1480.873874][T16197] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1481.613227][T16197] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1481.724977][T16197] 8021q: adding VLAN 0 to HW filter on device team0
[ 1481.816742][ T2906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1481.823952][ T2906] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1481.907017][T14968] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1481.914234][T14968] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1482.011139][T15862] IPVS: stop unused estimator thread 0...
[ 1482.203632][T16197] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1482.263680][T16473] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2860'.
[ 1482.722651][T16197] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1483.721425][T16470] ubi31: attaching mtd0
[ 1483.726504][T16470] ubi31: scanning is finished
[ 1483.800691][T16470] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1483.808386][T16470] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1483.816011][T16470] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1483.823084][T16470] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1483.830619][T16470] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1483.837487][T16470] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1483.845667][T16470] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1567157915
[ 1483.855981][T16470] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1483.872105][T16480] ubi31: background thread "ubi_bgt31d" started, PID 16480
[ 1484.870315][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1485.062580][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1487.748535][T16197] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1489.183236][T16528] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2870'.
[ 1490.223217][T16535] ubi: mtd0 is already attached to ubi31
[ 1490.998751][T16197] veth0_vlan: entered promiscuous mode
[ 1491.082080][T16197] veth1_vlan: entered promiscuous mode
[ 1491.196461][T16197] veth0_macvtap: entered promiscuous mode
[ 1491.205531][T16197] veth1_macvtap: entered promiscuous mode
[ 1491.238446][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1491.261371][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.291352][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1491.378031][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.422627][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1491.456970][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.488169][T16197] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1491.530577][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1491.571267][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.598271][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1491.642092][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.701721][T16197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1491.722603][T16197] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1491.753912][T16197] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1491.785708][T16197] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1491.822439][T16197] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1491.832846][T16197] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1491.841970][T16197] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1492.340337][T14968] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1492.656476][T14968] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1496.808756][T16581] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2879'.
[ 1497.461390][ T5082] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1497.483908][ T5082] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1497.494549][ T5082] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1497.514216][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1497.522268][ T5082] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1497.531809][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1499.303874][T16598] ubi: mtd0 is already attached to ubi31
[ 1499.687280][ T5082] Bluetooth: hci3: command tx timeout
[ 1499.839236][T16584] chnl_net:caif_netlink_parms(): no params data found
[ 1500.161640][   T23] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1500.410343][   T23] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1500.420005][   T23] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1500.581394][   T23] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1500.591856][   T23] usb 3-1: config 220 has no interface number 2
[ 1500.601475][   T23] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1500.614988][   T23] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1500.628151][   T23] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1500.661619][   T23] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1500.697625][   T23] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1500.712997][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1500.721089][   T23] usb 3-1: Product: syz
[ 1500.727149][   T23] usb 3-1: Manufacturer: syz
[ 1500.732107][   T23] usb 3-1: SerialNumber: syz
[ 1500.933722][   T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1500.966992][   T23] usb 3-1: selecting invalid altsetting 0
[ 1501.006991][   T23] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1501.030869][   T23] usb 3-1: No valid video chain found.
[ 1501.072676][   T23] usb 3-1: selecting invalid altsetting 0
[ 1501.089155][   T23] usbtest: probe of 3-1:220.1 failed with error -22
[ 1501.116738][   T23] usb 3-1: USB disconnect, device number 22
[ 1501.502815][T16584] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1501.537937][T16584] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.580118][T16584] bridge_slave_0: entered allmulticast mode
[ 1501.600274][T16626] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2887'.
[ 1501.795902][ T5082] Bluetooth: hci3: command tx timeout
[ 1501.903836][T16584] bridge_slave_0: entered promiscuous mode
[ 1501.956924][   T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1502.070881][T16584] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1502.091487][T16584] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1502.122552][T16584] bridge_slave_1: entered allmulticast mode
[ 1502.139706][T16584] bridge_slave_1: entered promiscuous mode
[ 1502.293417][   T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1502.386628][T16584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1502.583197][   T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1502.655862][T16584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1502.765090][    T8] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1502.846044][T16584] team0: Port device team_slave_0 added
[ 1502.885617][T16584] team0: Port device team_slave_1 added
[ 1503.046823][T16633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1503.101783][T16633] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1503.159427][    T8] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1503.170495][    T8] usb 4-1: unable to read config index 0 descriptor/start: -71
[ 1503.181776][T16584] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1503.188731][T16584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1503.232168][    T8] usb 4-1: can't read configurations, error -71
[ 1503.340440][T16584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1503.541958][T16584] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1503.587544][T16584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1503.711644][T16584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1503.871477][ T5082] Bluetooth: hci3: command tx timeout
[ 1504.889456][T16584] hsr_slave_0: entered promiscuous mode
[ 1504.959085][T16584] hsr_slave_1: entered promiscuous mode
[ 1505.004701][T16584] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1505.049590][T16584] Cannot create hsr debugfs directory
[ 1505.117431][T16655] overlayfs: missing 'lowerdir'
[ 1505.348496][T16662] overlayfs: empty lowerdir
[ 1505.890526][T16658] netlink: 'syz.2.2892': attribute type 4 has an invalid length.
[ 1505.921269][T16658] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2892'.
[ 1505.955378][ T5082] Bluetooth: hci3: command tx timeout
[ 1507.591442][T16680] ubi: mtd0 is already attached to ubi31
[ 1509.324148][T16696] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2897'.
[ 1510.303042][T16707] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2896'.
[ 1511.121982][   T11] hsr_slave_0: left promiscuous mode
[ 1511.191307][   T11] hsr_slave_1: left promiscuous mode
[ 1511.210054][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1511.254696][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1511.554071][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1511.562345][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1511.603076][   T11] bridge_slave_1: left allmulticast mode
[ 1511.653805][   T11] bridge_slave_1: left promiscuous mode
[ 1511.749573][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1511.976574][   T11] bridge_slave_0: left allmulticast mode
[ 1511.985254][   T11] bridge_slave_0: left promiscuous mode
[ 1511.990965][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1512.172449][   T11] veth1_macvtap: left promiscuous mode
[ 1512.178083][   T11] veth0_macvtap: left promiscuous mode
[ 1512.195140][T16718] 9pnet_fd: Insufficient options for proto=fd
[ 1512.207440][   T11] veth1_vlan: left promiscuous mode
[ 1512.241468][   T11] veth0_vlan: left promiscuous mode
[ 1512.439919][T16722] overlayfs: missing 'lowerdir'
[ 1512.840523][T16724] overlayfs: empty lowerdir
[ 1513.841409][T16727] ubi: mtd0 is already attached to ubi31
[ 1517.618293][T16742] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2907'.
[ 1517.631352][ T5082] Bluetooth: hci1: command 0x0406 tx timeout
[ 1520.962494][   T11] team0 (unregistering): Port device team_slave_1 removed
[ 1521.207816][   T11] team0 (unregistering): Port device team_slave_0 removed
[ 1521.353755][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1521.476863][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1522.265519][   T11] bond0 (unregistering): Released all slaves
[ 1522.423418][T16723] netlink: 'syz.2.2902': attribute type 4 has an invalid length.
[ 1522.480068][T16723] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2902'.
[ 1522.836738][T16584] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1522.912565][T16584] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1523.527797][T16584] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1523.626932][T16584] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1523.975814][T16584] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1524.069655][T16788] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1524.547212][T16584] 8021q: adding VLAN 0 to HW filter on device team0
[ 1524.618760][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1524.626097][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1524.697057][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1524.704210][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1525.016905][T16584] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1526.250738][T16584] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1526.406568][T16804] block device autoloading is deprecated and will be removed.
[ 1526.643425][T16822] netlink: 'syz.3.2921': attribute type 4 has an invalid length.
[ 1526.652966][T16822] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2921'.
[ 1526.703223][T16822] overlayfs: empty lowerdir
[ 1528.381960][T16584] veth0_vlan: entered promiscuous mode
[ 1528.429375][T16584] veth1_vlan: entered promiscuous mode
[ 1529.593093][T16584] veth0_macvtap: entered promiscuous mode
[ 1529.634192][T16584] veth1_macvtap: entered promiscuous mode
[ 1529.794272][T16849] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1530.293628][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1530.331267][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1530.341162][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1530.416835][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1530.483703][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1530.592860][T16855] 9pnet_fd: Insufficient options for proto=fd
[ 1530.751481][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1530.804535][T16584] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1531.033847][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1531.223135][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1531.252274][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1531.371543][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1531.391991][T16584] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1531.441969][T16584] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1531.533102][T16584] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1531.578052][T16584] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1531.640292][T16584] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1531.685838][T16584] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1531.701883][T16584] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1532.677101][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1532.742176][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1532.806992][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1532.828476][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1533.215741][T16878] netlink: 'syz.5.2932': attribute type 4 has an invalid length.
[ 1533.223915][T16878] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2932'.
[ 1533.278036][T16879] overlayfs: empty lowerdir
[ 1533.284774][T16878] .`: renamed from bond0 (while UP)
[ 1539.032754][T16911] ubi: mtd0 is already attached to ubi31
[ 1542.199256][T16930] vivid-000: disconnect
[ 1544.602500][T16925] vivid-000: reconnect
[ 1546.279628][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.286120][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1547.401499][T14998] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1547.613659][T14998] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1547.634326][T14998] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1547.664271][T14998] usb 4-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1547.674195][T14998] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1547.700858][T14998] usb 4-1: Product: syz
[ 1547.710964][T14998] usb 4-1: Manufacturer: syz
[ 1547.722560][T14998] usb 4-1: SerialNumber: syz
[ 1547.770299][T14998] usb 4-1: config 0 descriptor??
[ 1548.159961][T14998] usb 4-1: USB disconnect, device number 31
[ 1556.063696][   T27] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[ 1556.286295][   T27] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1556.331407][   T27] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1556.350766][   T27] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1556.361687][   T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1556.369818][   T27] usb 5-1: Product: syz
[ 1556.380520][   T27] usb 5-1: Manufacturer: syz
[ 1556.436177][   T27] usb 5-1: SerialNumber: syz
[ 1556.453868][   T27] usb 5-1: config 0 descriptor??
[ 1556.816888][   T27] usb 5-1: USB disconnect, device number 19
[ 1556.852786][T17003] random: crng reseeded on system resumption
[ 1561.945410][T11940] libceph: connect (1)[c::]:6789 error -101
[ 1561.999733][T11940] libceph: mon0 (1)[c::]:6789 connect error
[ 1562.027711][T17029] ceph: No mds server is up or the cluster is laggy
[ 1562.037056][T11940] libceph: connect (1)[c::]:6789 error -101
[ 1562.062146][T11940] libceph: mon0 (1)[c::]:6789 connect error
[ 1563.641564][T17034] bridge0: entered promiscuous mode
[ 1563.659121][T17034] macsec1: entered promiscuous mode
[ 1565.399687][T17054] binder: BINDER_SET_CONTEXT_MGR already set
[ 1565.425807][T17054] binder: 17053:17054 ioctl 4018620d 200000004a80 returned -16
[ 1570.171722][T11940] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1570.220521][T17100] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1570.592314][T11940] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1570.613553][T11940] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1570.679338][T11940] usb 4-1: config 220 has no interface number 2
[ 1570.696096][T11940] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1570.748214][T11940] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1570.756243][T11940] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1570.774588][T11940] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1570.810007][T11940] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1570.823407][T11940] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1570.858755][T11940] usb 4-1: Product: syz
[ 1570.951745][T11940] usb 4-1: Manufacturer: syz
[ 1570.999469][T11940] usb 4-1: SerialNumber: syz
[ 1571.438984][T11940] usb 4-1: selecting invalid altsetting 0
[ 1571.486074][T11940] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1571.492614][T11940] usb 4-1: No valid video chain found.
[ 1571.505411][T11940] usb 4-1: selecting invalid altsetting 0
[ 1571.538969][T11940] usbtest: probe of 4-1:220.1 failed with error -22
[ 1571.594437][T11940] usb 4-1: USB disconnect, device number 32
[ 1574.451985][T17138] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1577.008280][T17147] fuse: Bad value for 'fd'
[ 1578.813353][    T8] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 1579.234547][    T8] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[ 1579.243660][    T8] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1579.266322][    T8] usb 5-1: config 220 has no interface number 2
[ 1579.283694][    T8] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1579.362960][    T8] usb 5-1: config 220 interface 0 has no altsetting 0
[ 1579.398603][    T8] usb 5-1: config 220 interface 76 has no altsetting 0
[ 1579.421503][    T8] usb 5-1: config 220 interface 1 has no altsetting 0
[ 1579.452270][    T8] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1579.470130][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1579.500310][    T8] usb 5-1: Product: syz
[ 1579.541628][    T8] usb 5-1: Manufacturer: syz
[ 1579.569619][    T8] usb 5-1: SerialNumber: syz
[ 1579.841070][    T8] usb 5-1: selecting invalid altsetting 0
[ 1579.887905][    T8] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[ 1579.924838][    T8] usb 5-1: No valid video chain found.
[ 1579.964759][    T8] usb 5-1: selecting invalid altsetting 0
[ 1579.982500][    T8] usbtest: probe of 5-1:220.1 failed with error -22
[ 1579.995076][    T8] usb 5-1: USB disconnect, device number 20
[ 1581.893220][T17169] netlink: 'syz.5.3004': attribute type 4 has an invalid length.
[ 1581.901095][T17169] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3004'.
[ 1582.001800][T17169] overlayfs: empty lowerdir
[ 1582.134090][T17174] fuse: Bad value for 'group_id'
[ 1586.424581][T17203] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1590.668388][T17225] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1599.291721][T17271] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3032'.
[ 1601.583555][T17287] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1605.251475][ T5805] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 1605.621355][ T5805] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1605.721780][ T5805] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1605.798896][ T5805] usb 5-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1605.823498][ T5805] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1605.853736][ T5805] usb 5-1: Product: syz
[ 1605.871347][ T5805] usb 5-1: Manufacturer: syz
[ 1605.894890][ T5805] usb 5-1: SerialNumber: syz
[ 1605.904380][ T5805] usb 5-1: config 0 descriptor??
[ 1606.283513][ T5805] usb 5-1: USB disconnect, device number 21
[ 1607.714892][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.721350][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1612.931308][  T788] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1613.151260][   T28] audit: type=1804 audit(1772865784.370:27): pid=17384 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3061" name="/newroot/43/file1" dev="fuse" ino=1 res=1 errno=0
[ 1613.156950][  T788] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1613.182594][  T788] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1613.211473][  T788] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[ 1613.259345][  T788] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1613.329871][  T788] usb 6-1: Product: syz
[ 1613.345222][  T788] usb 6-1: Manufacturer: syz
[ 1613.376642][  T788] usb 6-1: SerialNumber: syz
[ 1613.420962][  T788] usb 6-1: config 0 descriptor??
[ 1613.736945][   T27] usb 6-1: USB disconnect, device number 2
[ 1620.041665][ T5769] Bluetooth: hci3: command 0x0406 tx timeout
[ 1621.630035][T17458] overlayfs: missing 'lowerdir'
[ 1621.890381][T17461] netlink: 'syz.5.3080': attribute type 4 has an invalid length.
[ 1621.900039][T17461] netlink: 152 bytes leftover after parsing attributes in process `syz.5.3080'.
[ 1621.996207][T17461] overlayfs: empty lowerdir
[ 1622.432088][T17465] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1627.476256][T17503] fuse: Unknown parameter 'grou00000000000000000000'
[ 1631.692025][T17536] fuse: Unknown parameter 'grou00000000000000000000'
[ 1632.542311][T17543] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1638.722301][T17597] vivid-004: disconnect
[ 1638.748846][T17595] vivid-004: reconnect
[ 1638.821421][T13275] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1639.053570][T13275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1639.771255][T13275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1639.781251][T13275] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1640.557618][T13275] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1640.566777][T13275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1640.635713][T13275] usb 3-1: config 0 descriptor??
[ 1641.218591][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.476823][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.507358][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.540624][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.575976][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.731659][T13275] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[ 1642.791680][T13275] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[ 1642.886870][T13275] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1642.929768][T17612] bridge0: entered promiscuous mode
[ 1642.935190][T17612] macsec1: entered promiscuous mode
[ 1642.991662][T13275] usb 3-1: USB disconnect, device number 23
[ 1643.168621][T17615] fido_id[17615]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[ 1643.933149][T17622] ubi: mtd0 is already attached to ubi31
[ 1651.273121][T17664] ubi: mtd0 is already attached to ubi31
[ 1658.263158][T17703] ubi: mtd0 is already attached to ubi31
[ 1659.561368][T17677] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1659.766810][T17677] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1659.783389][T17677] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1659.807787][T17677] usb 4-1: config 220 has no interface number 2
[ 1659.819523][T17677] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1660.642309][T17699] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3146'.
[ 1660.646736][T17677] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1660.658471][T17677] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1660.665487][T17677] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1660.676048][T17677] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1660.692288][T17677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1660.710586][T17677] usb 4-1: Product: syz
[ 1660.720705][T17677] usb 4-1: Manufacturer: syz
[ 1660.730577][T17677] usb 4-1: SerialNumber: syz
[ 1660.981754][T17677] usb 4-1: selecting invalid altsetting 0
[ 1661.008317][T17677] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1661.015558][T17677] usb 4-1: No valid video chain found.
[ 1661.035325][T17677] usb 4-1: selecting invalid altsetting 0
[ 1661.050197][T17677] usbtest: probe of 4-1:220.1 failed with error -22
[ 1661.078431][T17677] usb 4-1: USB disconnect, device number 33
[ 1666.461547][    T8] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1666.667554][    T8] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1666.691190][    T8] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1666.734159][    T8] usb 3-1: config 220 has no interface number 2
[ 1666.740541][    T8] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1666.769087][    T8] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1666.796769][    T8] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1666.807034][    T8] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1666.828122][    T8] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1667.877155][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1667.898289][    T8] usb 3-1: Product: syz
[ 1667.921429][    T8] usb 3-1: Manufacturer: syz
[ 1667.937968][    T8] usb 3-1: SerialNumber: syz
[ 1668.202158][    T8] usb 3-1: selecting invalid altsetting 0
[ 1668.223255][T17772] overlayfs: missing 'lowerdir'
[ 1668.231772][    T8] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1668.281655][    T8] usb 3-1: No valid video chain found.
[ 1668.315664][    T8] usb 3-1: selecting invalid altsetting 0
[ 1668.392535][T17774] netlink: 'syz.4.3167': attribute type 4 has an invalid length.
[ 1668.400722][T17774] netlink: 152 bytes leftover after parsing attributes in process `syz.4.3167'.
[ 1668.445326][T17774] .`: renamed from bond0 (while UP)
[ 1668.469844][T17775] overlayfs: empty lowerdir
[ 1668.577584][    T8] usbtest: probe of 3-1:220.1 failed with error -22
[ 1668.639164][    T8] usb 3-1: USB disconnect, device number 24
[ 1669.182527][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1669.188905][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1673.891234][   T27] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[ 1674.103373][   T27] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1674.111740][   T27] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1674.151261][   T27] usb 3-1: config 220 has no interface number 2
[ 1674.158650][   T27] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1674.215491][   T27] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1674.251218][   T27] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1674.277878][   T27] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1674.303658][   T27] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1674.323858][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1674.350762][   T27] usb 3-1: Product: syz
[ 1674.367628][   T27] usb 3-1: Manufacturer: syz
[ 1674.392655][   T27] usb 3-1: SerialNumber: syz
[ 1674.653591][   T27] usb 3-1: selecting invalid altsetting 0
[ 1674.674800][   T27] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1674.700438][   T27] usb 3-1: No valid video chain found.
[ 1674.735089][   T27] usb 3-1: selecting invalid altsetting 0
[ 1674.775670][   T27] usbtest: probe of 3-1:220.1 failed with error -22
[ 1674.796802][   T27] usb 3-1: USB disconnect, device number 25
[ 1675.182621][T17827] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1685.258038][T17907] netlink: 'syz.2.3197': attribute type 10 has an invalid length.
[ 1686.546520][T17907] 8021q: adding VLAN 0 to HW filter on device team0
[ 1686.593746][T17907] .`: (slave team0): Enslaving as an active interface with an up link
[ 1688.436696][T17930] kvm: pic: non byte write
[ 1692.131320][ T6929] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[ 1692.335707][ T6929] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[ 1692.372752][ T6929] usb 4-1: config 0 has no interface number 0
[ 1692.393727][ T6929] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[ 1692.426146][ T6929] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1692.471593][ T6929] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[ 1692.501235][ T6929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1692.509383][ T6929] usb 4-1: Product: syz
[ 1692.541225][ T6929] usb 4-1: Manufacturer: syz
[ 1692.550692][ T6929] usb 4-1: SerialNumber: syz
[ 1692.572182][ T6929] usb 4-1: config 0 descriptor??
[ 1692.578054][T17949] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1692.596797][ T6929] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[ 1692.647474][ T6929] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[ 1694.493974][ T6929] usb 4-1: USB disconnect, device number 34
[ 1694.563501][ T6929] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[ 1694.658778][ T6929] cyberjack 4-1:0.69: device disconnected
[ 1717.181201][T18089] vivid-001: disconnect
[ 1717.212813][T18088] vivid-001: reconnect
[ 1721.456226][ T5082] Bluetooth: hci3: unexpected event for opcode 0x0000
[ 1725.434910][T18116] ubi: mtd0 is already attached to ubi31
[ 1725.475625][ T5082] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[ 1725.484461][ T5082] Bluetooth: hci3: Injecting HCI hardware error event
[ 1725.493927][ T5082] Bluetooth: hci3: hardware error 0x00
[ 1727.791329][ T5082] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[ 1730.603933][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1730.610593][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[ 1734.651458][  T788] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[ 1735.168387][  T788] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1735.438194][  T788] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1735.510899][  T788] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1735.552723][  T788] usb 4-1: config 220 has no interface number 2
[ 1735.571303][  T788] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1735.631186][  T788] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1735.661174][  T788] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1735.668113][  T788] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1735.833423][  T788] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1735.871153][  T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1735.897378][  T788] usb 4-1: Product: syz
[ 1735.921159][  T788] usb 4-1: Manufacturer: syz
[ 1735.925828][  T788] usb 4-1: SerialNumber: syz
[ 1736.664303][T13275] libceph: connect (1)[c::]:6789 error -101
[ 1736.782130][T13275] libceph: mon0 (1)[c::]:6789 connect error
[ 1736.802880][T13275] libceph: connect (1)[c::]:6789 error -101
[ 1736.809006][T13275] libceph: mon0 (1)[c::]:6789 connect error
[ 1736.815119][T18169] ceph: No mds server is up or the cluster is laggy
[ 1736.898869][  T788] usb 4-1: selecting invalid altsetting 0
[ 1736.922648][  T788] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1738.404346][T13275] libceph: connect (1)[c::]:6789 error -101
[ 1738.410433][T13275] libceph: mon0 (1)[c::]:6789 connect error
[ 1738.441623][  T788] usb 4-1: No valid video chain found.
[ 1738.502100][  T788] usb 4-1: selecting invalid altsetting 0
[ 1738.507874][  T788] usbtest: probe of 4-1:220.1 failed with error -22
[ 1738.639331][  T788] usb 4-1: USB disconnect, device number 35
[ 1739.882498][  T788] libceph: connect (1)[c::]:6789 error -101
[ 1739.888611][  T788] libceph: mon0 (1)[c::]:6789 connect error
[ 1739.991175][T18177] ceph: No mds server is up or the cluster is laggy
[ 1740.161552][  T788] libceph: connect (1)[c::]:6789 error -101
[ 1740.168930][  T788] libceph: mon0 (1)[c::]:6789 connect error
[ 1742.127037][T18206] overlayfs: missing 'lowerdir'
[ 1742.327606][T18209] overlayfs: empty lowerdir
[ 1742.669765][T18205] team0: Port device team_slave_0 removed
[ 1742.859659][T18207] netlink: 'syz.3.3284': attribute type 4 has an invalid length.
[ 1742.870293][T18207] netlink: 152 bytes leftover after parsing attributes in process `syz.3.3284'.
[ 1745.866845][T18226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3272'.
[ 1746.899420][  T788] libceph: connect (1)[c::]:6789 error -101
[ 1746.907753][  T788] libceph: mon0 (1)[c::]:6789 connect error
[ 1746.970231][T18230] ceph: No mds server is up or the cluster is laggy
[ 1750.129660][T18248] fuse: Unknown parameter 'use00000000000000000000'
[ 1750.672675][ T5769] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1752.097768][ T5082] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[ 1752.121548][ T5769] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1752.130302][ T5769] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1752.139126][ T5769] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1752.149366][ T5769] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1752.161512][ T5769] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1754.707693][ T5769] Bluetooth: hci5: command tx timeout
[ 1755.093521][ T2915] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.406413][  T788] libceph: connect (1)[c::]:6789 error -101
[ 1755.430663][  T788] libceph: mon0 (1)[c::]:6789 connect error
[ 1755.467997][T18252] chnl_net:caif_netlink_parms(): no params data found
[ 1755.502245][T18271] ceph: No mds server is up or the cluster is laggy
[ 1755.596513][ T2915] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.813360][ T2915] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1755.961629][ T2915] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1756.009374][T18252] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1756.018826][T18252] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1756.027005][T18252] bridge_slave_0: entered allmulticast mode
[ 1756.042819][T18252] bridge_slave_0: entered promiscuous mode
[ 1756.070951][T18252] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1756.089571][T18252] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1756.109920][T18252] bridge_slave_1: entered allmulticast mode
[ 1756.123831][T18252] bridge_slave_1: entered promiscuous mode
[ 1756.213128][T18252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1756.245333][T18252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1756.497801][T18252] team0: Port device team_slave_0 added
[ 1756.566434][T18252] team0: Port device team_slave_1 added
[ 1758.081176][ T5769] Bluetooth: hci5: command tx timeout
[ 1758.232870][T18252] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1758.239883][T18252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1758.283364][T18252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1758.490468][T18252] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1758.519921][T18252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1758.557716][T18299] vivid-001: disconnect
[ 1758.565503][T18297] vivid-001: reconnect
[ 1758.595206][T18252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1760.111699][ T5769] Bluetooth: hci5: command tx timeout
[ 1760.179325][T18252] hsr_slave_0: entered promiscuous mode
[ 1760.604526][T18252] hsr_slave_1: entered promiscuous mode
[ 1761.610060][   T28] audit: type=1400 audit(1772865932.830:28): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=18320 comm="syz.5.3310"
[ 1762.216317][ T5769] Bluetooth: hci5: command tx timeout
[ 1762.253740][T18321] binder: 18320:18321 ioctl 4018620d 0 returned -22
[ 1763.273250][T18252] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1763.297983][T18252] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1763.496408][T18348] fuse: Unknown parameter 'grou00000000000000000000'
[ 1763.516002][T18252] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1763.545038][T18252] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1765.872435][T11940] libceph: connect (1)[c::]:6789 error -101
[ 1765.878489][T11940] libceph: mon0 (1)[c::]:6789 connect error
[ 1765.918535][T18360] ceph: No mds server is up or the cluster is laggy
[ 1766.662929][ T2915] hsr_slave_0: left promiscuous mode
[ 1766.750419][ T2915] hsr_slave_1: left promiscuous mode
[ 1766.767518][ T2915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1766.821302][ T2915] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1766.854452][ T2915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1766.875201][ T2915] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1766.946344][ T2915] bridge_slave_1: left allmulticast mode
[ 1766.973817][T18374] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1766.981372][ T2915] bridge_slave_1: left promiscuous mode
[ 1767.011674][ T2915] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1767.077263][ T2915] bridge_slave_0: left allmulticast mode
[ 1767.111241][ T2915] bridge_slave_0: left promiscuous mode
[ 1767.117260][ T2915] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1767.336782][ T2915] bridge0: left promiscuous mode
[ 1767.364172][ T2915] veth1_macvtap: left promiscuous mode
[ 1767.369819][ T2915] veth0_macvtap: left promiscuous mode
[ 1767.411616][ T2915] veth1_vlan: left promiscuous mode
[ 1767.417080][ T2915] veth0_vlan: left promiscuous mode
[ 1771.841834][T18413] fuse: Bad value for 'fd'
[ 1773.903418][ T2915] team0 (unregistering): Port device team_slave_1 removed
[ 1775.045421][ T2915] team0 (unregistering): Port device team_slave_0 removed
[ 1775.667461][T18434] ceph: No mds server is up or the cluster is laggy
[ 1775.676539][T17677] libceph: connect (1)[c::]:6789 error -101
[ 1775.709416][T17677] libceph: mon0 (1)[c::]:6789 connect error
[ 1775.709663][ T2915] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1775.919490][ T2915] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1778.825308][T18456] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1779.289531][ T2915] .` (unregistering): Released all slaves
[ 1780.928848][T18465] fuse: Bad value for 'fd'
[ 1781.169048][T18252] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1781.294188][T18252] 8021q: adding VLAN 0 to HW filter on device team0
[ 1781.632280][T14968] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1781.639505][T14968] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1781.786566][T14968] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1781.793811][T14968] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1784.051001][T18252] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1784.246994][T18507] input: syz1 as /devices/virtual/input/input26
[ 1785.024117][T18252] veth0_vlan: entered promiscuous mode
[ 1785.050105][T18252] veth1_vlan: entered promiscuous mode
[ 1785.188707][T18252] veth0_macvtap: entered promiscuous mode
[ 1785.218706][T18252] veth1_macvtap: entered promiscuous mode
[ 1785.422694][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1785.760767][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1785.896458][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1785.925289][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1785.966731][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1785.987357][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1786.366980][T18252] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1786.507702][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1786.565273][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1786.591281][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1786.629569][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1786.644850][T18252] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1786.658563][T18252] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1787.586213][T18252] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1787.624059][T18252] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1787.671183][T18252] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1787.863914][T18252] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1787.874966][T18252] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1788.155696][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1788.184885][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1789.025587][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1789.061410][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1789.528119][T18560] (null): rxe_set_mtu: Set mtu to 1024
[ 1790.478141][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1790.549015][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1790.609942][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1791.686371][T18560] infiniband syz2: set active
[ 1791.694972][    T8] ip6_vti0 speed is unknown, defaulting to 1000
[ 1792.640867][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1792.651527][T18560] infiniband syz2: added ip6_vti0
[ 1792.660653][T18560] syz2: rxe_create_cq: returned err = -12
[ 1792.703083][T18560] infiniband syz2: Couldn't create ib_mad CQ
[ 1792.709687][T18560] infiniband syz2: Couldn't open port 1
[ 1792.769522][T18560] RDS/IB: syz2: added
[ 1792.779856][T18560] smc: adding ib device syz2 with port count 1
[ 1792.791581][T18560] smc:    ib device syz2 port 1 has pnetid 
[ 1792.808142][T11940] ip6_vti0 speed is unknown, defaulting to 1000
[ 1792.890146][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1793.324390][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1794.372115][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1794.711869][T18612] fuse: Bad value for 'fd'
[ 1794.854029][T18560] ip6_vti0 speed is unknown, defaulting to 1000
[ 1795.133018][   T27] libceph: connect (1)[c::]:6789 error -101
[ 1795.139076][T18620] ceph: No mds server is up or the cluster is laggy
[ 1795.147114][   T27] libceph: mon0 (1)[c::]:6789 connect error
[ 1795.241672][  T788] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1796.391452][  T788] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1796.444979][  T788] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1796.456442][  T788] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1796.470851][  T788] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1796.480508][  T788] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1796.548717][  T788] usb 7-1: config 0 descriptor??
[ 1797.851392][  T788] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[ 1797.905908][  T788] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1798.060590][T11940] usb 7-1: USB disconnect, device number 2
[ 1798.244549][T18639] fido_id[18639]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 1798.278514][T18642] overlayfs: missing 'lowerdir'
[ 1798.299605][T18642] netlink: 'syz.6.3373': attribute type 4 has an invalid length.
[ 1798.307619][T18642] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3373'.
[ 1798.320971][T18642] .`: renamed from bond0 (while UP)
[ 1798.358259][T18644] overlayfs: empty lowerdir
[ 1799.782921][T18650] fuse: Bad value for 'fd'
[ 1800.941314][T11940] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1801.145355][T11940] usb 7-1: Using ep0 maxpacket: 16
[ 1801.171728][T11940] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1801.201442][T11940] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1801.236087][T11940] usb 7-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00
[ 1801.251268][T11940] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1801.279027][T11940] usb 7-1: config 0 descriptor??
[ 1801.556387][T14998] libceph: connect (1)[c::]:6789 error -101
[ 1801.565204][T14998] libceph: mon0 (1)[c::]:6789 connect error
[ 1801.581722][T18672] ceph: No mds server is up or the cluster is laggy
[ 1802.235272][T11940] hid (null): bogus close delimiter
[ 1803.687442][T11940] wacom 0003:056A:0084.0003: bogus close delimiter
[ 1804.365774][T11940] wacom 0003:056A:0084.0003: item 0 4 2 10 parsing failed
[ 1804.441466][T11940] wacom 0003:056A:0084.0003: parse failed
[ 1804.658750][T11940] wacom: probe of 0003:056A:0084.0003 failed with error -22
[ 1805.983399][T14998] usb 7-1: USB disconnect, device number 3
[ 1807.485649][T18703] fuse: Unknown parameter '0x0000000000000004'
[ 1812.372023][T17963] libceph: connect (1)[c::]:6789 error -101
[ 1812.386011][T17963] libceph: mon0 (1)[c::]:6789 connect error
[ 1812.402367][T18745] ceph: No mds server is up or the cluster is laggy
[ 1814.732540][T18761] fuse: Unknown parameter '0x0000000000000004'
[ 1815.625094][   T27] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 1815.937235][   T27] usb 4-1: too many configurations: 9, using maximum allowed: 8
[ 1815.951012][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.021850][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.120966][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.182450][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.200661][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.229065][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.291043][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.300065][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.409731][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.473082][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.485329][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.553513][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.585989][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.598030][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.616082][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.644642][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.657549][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.731145][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.769453][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.796576][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1816.895924][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1816.937697][   T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[ 1816.957093][   T27] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[ 1817.033008][   T27] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1817.065824][   T27] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[ 1817.078925][   T27] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[ 1817.209195][   T27] usb 4-1: Product: syz
[ 1817.221575][   T27] usb 4-1: Manufacturer: syz
[ 1817.226295][   T27] usb 4-1: SerialNumber: syz
[ 1817.236582][   T27] usb 4-1: config 0 descriptor??
[ 1817.302214][   T27] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[ 1818.099086][   T27] usb 4-1: USB disconnect, device number 36
[ 1818.177093][T14998] libceph: connect (1)[c::]:6789 error -101
[ 1818.185866][T14998] libceph: mon0 (1)[c::]:6789 connect error
[ 1818.192768][   T27] yurex 4-1:0.0: USB YUREX #0 now disconnected
[ 1818.223340][T18809] ceph: No mds server is up or the cluster is laggy
[ 1820.616376][T18827] fuse: Bad value for 'user_id'
[ 1821.107006][T18834] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1821.504579][T11940] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1821.747675][T11940] usb 3-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config
[ 1821.760909][T11940] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3
[ 1823.231839][T11940] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1823.243035][T11940] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1823.265712][T11940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1823.330157][T11940] usb 3-1: Product: syz
[ 1823.343070][T11940] usb 3-1: Manufacturer: syz
[ 1823.351430][T11940] usb 3-1: SerialNumber: syz
[ 1823.545600][T18857] fuse: Unknown parameter '0x0000000000000004'
[ 1823.590784][T11940] usb 3-1: Found UVC 0.00 device syz (8086:0b07)
[ 1823.597932][T18859] vivid-003: disconnect
[ 1823.610957][T11940] usb 3-1: No valid video chain found.
[ 1823.612073][T18855] vivid-003: reconnect
[ 1823.632101][T11940] usb 3-1: USB disconnect, device number 26
[ 1823.748628][T18861] fuse: Bad value for 'fd'
[ 1826.528448][T18887] fuse: Unknown parameter '0x0000000000000004'
[ 1828.027488][T18895] fuse: Bad value for 'fd'
[ 1834.426855][T18946] fuse: Bad value for 'fd'
[ 1834.549811][ T5769] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1834.574384][ T5769] CPU: 0 PID: 5769 Comm: kworker/u5:2 Not tainted syzkaller #0
[ 1834.582012][ T5769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1834.592111][ T5769] Workqueue: hci2 hci_rx_work
[ 1834.596992][ T5769] Call Trace:
[ 1834.600305][ T5769]  <TASK>
[ 1834.603271][ T5769]  dump_stack_lvl+0x18c/0x250
[ 1834.608047][ T5769]  ? show_regs_print_info+0x20/0x20
[ 1834.613295][ T5769]  ? load_image+0x400/0x400
[ 1834.617954][ T5769]  sysfs_create_dir_ns+0x26e/0x2a0
[ 1834.623216][ T5769]  ? sysfs_warn_dup+0xa0/0xa0
[ 1834.627956][ T5769]  ? do_raw_spin_unlock+0x121/0x230
[ 1834.633215][ T5769]  kobject_add_internal+0x61c/0xcc0
[ 1834.638498][ T5769]  kobject_add+0x164/0x240
[ 1834.643051][ T5769]  ? __rwlock_init+0x150/0x150
[ 1834.647860][ T5769]  ? kobject_init+0x1e0/0x1e0
[ 1834.652616][ T5769]  ? _raw_spin_unlock+0x28/0x40
[ 1834.657623][ T5769]  ? get_device_parent+0x366/0x390
[ 1834.662822][ T5769]  device_add+0x408/0xc20
[ 1834.667198][ T5769]  hci_conn_add_sysfs+0xd5/0x1e0
[ 1834.672256][ T5769]  le_conn_complete_evt+0xf5d/0x1540
[ 1834.677596][ T5769]  ? hci_event_packet+0x4cb/0x1270
[ 1834.682773][ T5769]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[ 1834.689066][ T5769]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[ 1834.694761][ T5769]  ? skb_pull_data+0xfb/0x200
[ 1834.699562][ T5769]  hci_le_conn_complete_evt+0x187/0x440
[ 1834.705164][ T5769]  ? hci_remote_host_features_evt+0x150/0x150
[ 1834.711311][ T5769]  hci_event_packet+0x7ba/0x1270
[ 1834.716296][ T5769]  ? bis_list+0x290/0x290
[ 1834.720667][ T5769]  ? lockdep_hardirqs_on+0x98/0x150
[ 1834.725962][ T5769]  ? hci_send_to_monitor+0xd7/0x4f0
[ 1834.731208][ T5769]  hci_rx_work+0x43a/0xd60
[ 1834.735781][ T5769]  ? process_scheduled_works+0x96f/0x15d0
[ 1834.741665][ T5769]  process_scheduled_works+0xa5d/0x15d0
[ 1834.747288][ T5769]  ? worker_attach_to_pool+0x380/0x380
[ 1834.752813][ T5769]  ? assign_work+0x3d2/0x5d0
[ 1834.757450][ T5769]  worker_thread+0xa55/0xfc0
[ 1834.762111][ T5769]  kthread+0x2fa/0x390
[ 1834.766218][ T5769]  ? pr_cont_work+0x560/0x560
[ 1834.770933][ T5769]  ? kthread_blkcg+0xd0/0xd0
[ 1834.775555][ T5769]  ret_from_fork+0x48/0x80
[ 1834.780034][ T5769]  ? kthread_blkcg+0xd0/0xd0
[ 1834.784674][ T5769]  ret_from_fork_asm+0x11/0x20
[ 1834.789537][ T5769]  </TASK>
[ 1834.824723][ T5769] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1834.841250][ T5769] Bluetooth: hci2: failed to register connection device
[ 1834.956442][T18951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3441'.
[ 1835.177312][T18951] nbd: socks must be embedded in a SOCK_ITEM attr
[ 1835.927797][T18514] udevd[18514]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1836.904168][T18342] udevd[18342]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1841.121701][T18974] 9pnet_fd: Insufficient options for proto=fd
[ 1844.143536][T18999] fuse: Unknown parameter 'fd0x0000000000000004'
[ 1844.251242][T17677] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1844.512173][T18125] Bluetooth: hci2: command 0x0406 tx timeout
[ 1844.594833][T17677] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1844.668506][T19005] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[ 1844.816131][T17677] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1845.067936][T17677] usb 7-1: can't read configurations, error -71
[ 1847.934594][T19028] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1848.507412][T19030] fuse: Bad value for 'fd'
[ 1850.943336][    T8] libceph: connect (1)[c::]:6789 error -101
[ 1850.949458][    T8] libceph: mon0 (1)[c::]:6789 connect error
[ 1851.268483][T19049] ceph: No mds server is up or the cluster is laggy
[ 1851.286381][    T8] libceph: connect (1)[c::]:6789 error -101
[ 1851.315455][    T8] libceph: mon0 (1)[c::]:6789 connect error
[ 1851.674380][T19064] vxfs: WRONG superblock magic 00000000 at 1
[ 1851.713089][T19064] vxfs: WRONG superblock magic 00000000 at 8
[ 1851.719145][T19064] vxfs: can't find superblock.
[ 1853.481997][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1857.475058][  T968] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1857.672747][  T968] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[ 1857.705312][  T968] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1857.756702][  T968] usb 7-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[ 1857.786423][  T968] usb 7-1: config 220 has no interface number 1
[ 1857.805548][T19128] vivid-000: disconnect
[ 1857.806693][  T968] usb 7-1: config 220 interface 0 has no altsetting 0
[ 1857.848782][  T968] usb 7-1: config 220 interface 76 has no altsetting 0
[ 1857.903529][  T968] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1857.921304][  T968] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1857.943502][  T968] usb 7-1: Product: syz
[ 1857.947724][  T968] usb 7-1: Manufacturer: syz
[ 1857.980992][  T968] usb 7-1: SerialNumber: syz
[ 1858.587468][T19126] vivid-000: reconnect
[ 1858.787186][  T968] usb 7-1: Found UVC 7.01 device syz (8086:0b07)
[ 1858.827712][  T968] usb 7-1: No valid video chain found.
[ 1858.888656][  T968] usb 7-1: USB disconnect, device number 6
[ 1862.408560][T19178] fuse: Invalid rootmode
[ 1862.816007][T19186] vivid-003: disconnect
[ 1863.512943][T19181] vivid-003: reconnect
[ 1871.805240][T19240] ceph: No mds server is up or the cluster is laggy
[ 1871.813285][T17677] libceph: connect (1)[c::]:6789 error -101
[ 1871.819760][T17677] libceph: mon0 (1)[c::]:6789 connect error
[ 1872.670093][T19252] overlayfs: missing 'lowerdir'
[ 1872.825845][T19254] netlink: 'syz.2.3501': attribute type 4 has an invalid length.
[ 1872.834008][T19254] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3501'.
[ 1872.860491][T19254] overlayfs: empty lowerdir
[ 1877.415329][T19289] overlayfs: missing 'lowerdir'
[ 1877.539213][T19290] netlink: 'syz.6.3511': attribute type 4 has an invalid length.
[ 1877.547452][T19290] netlink: 152 bytes leftover after parsing attributes in process `syz.6.3511'.
[ 1877.562431][T19290] overlayfs: empty lowerdir
[ 1878.361369][  T788] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[ 1878.649682][  T788] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1878.659817][  T788] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1878.681625][  T788] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1878.711383][  T788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1879.111272][  T788] usb 4-1: usb_control_msg returned -71
[ 1879.171693][  T788] usbtmc 4-1:16.0: can't read capabilities
[ 1879.226075][  T788] usb 4-1: USB disconnect, device number 37
[ 1894.421969][T19411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3544'.
[ 1896.313528][  T968] libceph: connect (1)[c::]:6789 error -101
[ 1896.319723][  T968] libceph: mon0 (1)[c::]:6789 connect error
[ 1896.387381][  T968] libceph: connect (1)[c::]:6789 error -101
[ 1896.406883][  T968] libceph: mon0 (1)[c::]:6789 connect error
[ 1896.681511][  T968] libceph: connect (1)[c::]:6789 error -101
[ 1896.724139][  T968] libceph: mon0 (1)[c::]:6789 connect error
[ 1896.974019][T19433] ceph: No mds server is up or the cluster is laggy
[ 1898.845791][T19454] loop6: detected capacity change from 0 to 8
[ 1898.907562][    C1] blk_print_req_error: 15 callbacks suppressed
[ 1898.907584][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1898.962456][T19454] loop6: detected capacity change from 8 to 7
[ 1898.975112][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1898.984628][    C0] buffer_io_error: 15 callbacks suppressed
[ 1898.984643][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.011187][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.020382][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.035567][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.044783][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.055690][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.064934][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.092214][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.101452][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.110510][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.119748][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.128229][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.137470][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.148858][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.158072][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.171080][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1899.180288][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.188401][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1899.205793][T19454] ldm_validate_partition_table(): Disk read failed.
[ 1899.214563][T19454] Dev loop6: unable to read RDB block 0
[ 1899.220584][T19454]  loop6: unable to read partition table
[ 1899.227336][T19454] loop6: partition table beyond EOD, truncated
[ 1899.254836][T19454] loop_reread_partitions: partition scan of loop6 (aQ¤"¸ÍAZD–Îå0�̹¨Š¾<wÁ?ÿûF4Ç"@/}©~ZÍ.ž-îØb	?›e9u×®/5¸êÅ) failed (rc=-5)
[ 1899.671703][T19464] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1900.891394][   T27] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[ 1901.131171][   T27] usb 4-1: New USB device found, idVendor=0c72, idProduct=0013, bcdDevice=ba.be
[ 1901.143834][   T27] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[ 1901.394893][   T27] usb 4-1: Product: syz
[ 1901.399202][   T27] usb 4-1: Manufacturer: syz
[ 1901.411174][   T27] usb 4-1: SerialNumber: syz
[ 1901.432587][   T27] usb 4-1: config 0 descriptor??
[ 1901.677240][   T27] peak_usb 4-1:0.0: PEAK-System PCAN-Chip USB v0 fw v0.0.0 (1 channels)
[ 1901.901791][   T27] peak_usb 4-1:0.0 can0: sending command failure: -22
[ 1901.930461][   T27] peak_usb 4-1:0.0 can0: sending command failure: -22
[ 1901.958930][   T27] peak_usb 4-1:0.0 can0: sending command failure: -22
[ 1902.192471][   T27] peak_usb: probe of 4-1:0.0 failed with error -22
[ 1902.237237][   T27] usb 4-1: USB disconnect, device number 38
[ 1906.751165][ T5769] Bluetooth: hci5: command 0x0406 tx timeout
[ 1907.224734][T19507] fuse: Unknown parameter 'user_i00000000000000000000'
[ 1909.831375][  T968] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1910.079575][  T968] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[ 1910.102240][  T968] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1910.250696][  T968] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1910.762291][  T968] usb 3-1: config 220 has no interface number 2
[ 1910.793316][  T968] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1910.839329][  T968] usb 3-1: config 220 interface 0 has no altsetting 0
[ 1910.848420][  T968] usb 3-1: config 220 interface 76 has no altsetting 0
[ 1910.858337][  T968] usb 3-1: config 220 interface 1 has no altsetting 0
[ 1910.865545][T19550] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1910.878836][  T968] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1910.896120][  T968] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1910.910107][  T968] usb 3-1: Product: syz
[ 1910.918279][  T968] usb 3-1: Manufacturer: syz
[ 1910.924400][  T968] usb 3-1: SerialNumber: syz
[ 1911.164271][  T968] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[ 1911.189691][  T968] usb 3-1: No valid video chain found.
[ 1911.247213][  T968] usb 3-1: USB disconnect, device number 27
[ 1911.547623][   T28] audit: type=1400 audit(1772866082.710:29): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=19553 comm="syz.3.3586"
[ 1911.574990][T19555] binder: 19553:19555 ioctl 4018620d 0 returned -22
[ 1912.430297][T19572] fuse: Unknown parameter 'user_id00000000000000000000'
[ 1914.916948][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[ 1917.217163][   T27] libceph: connect (1)[c::]:6789 error -101
[ 1917.235791][   T27] libceph: mon0 (1)[c::]:6789 connect error
[ 1917.585206][T19609] ceph: No mds server is up or the cluster is laggy
[ 1918.219963][T19634] netlink: 'syz.2.3611': attribute type 21 has an invalid length.
[ 1918.286757][T19634] ucma_write: process 977 (syz.2.3611) changed security contexts after opening file descriptor, this is not allowed.
[ 1919.247802][T19642] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3614'.
[ 1920.433712][T19656] ceph: No mds server is up or the cluster is laggy
[ 1920.445304][    T8] libceph: connect (1)[c::]:6789 error -101
[ 1920.541405][    T8] libceph: mon0 (1)[c::]:6789 connect error
[ 1922.303896][  T968] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[ 1922.522612][  T968] usb 6-1: Using ep0 maxpacket: 8
[ 1922.582912][  T968] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[ 1922.601241][  T968] usb 6-1: config 0 has no interface number 0
[ 1922.621914][  T968] usb 6-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x0, skipping
[ 1923.271346][  T968] usb 6-1: config 0 interface 186 altsetting 0 has an invalid endpoint with address 0x9A, skipping
[ 1923.299492][  T968] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[ 1923.354726][  T968] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[ 1923.401323][  T968] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1923.421221][  T968] usb 6-1: Product: syz
[ 1923.435445][  T968] usb 6-1: Manufacturer: syz
[ 1923.453941][  T968] usb 6-1: SerialNumber: syz
[ 1923.500229][  T968] usb 6-1: config 0 descriptor??
[ 1923.513565][  T968] iowarrior 6-1:0.186: no interrupt-in endpoint found
[ 1923.947030][   T28] audit: type=1400 audit(1772866095.170:30): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=19684 comm="syz.6.3630"
[ 1924.607255][T19692] overlayfs: missing 'lowerdir'
[ 1924.732311][T19693] overlayfs: empty lowerdir
[ 1925.567028][    T8] usb 6-1: USB disconnect, device number 3
[ 1926.613673][  T968] libceph: connect (1)[c::]:6789 error -101
[ 1926.658030][  T968] libceph: mon0 (1)[c::]:6789 connect error
[ 1926.773407][T19701] ceph: No mds server is up or the cluster is laggy
[ 1926.843360][T17677] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1927.089280][T17677] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[ 1927.101332][T17677] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1927.110377][T17677] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1927.121555][T17677] usb 4-1: config 220 has no interface number 2
[ 1927.127967][T17677] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1927.149657][T17677] usb 4-1: config 220 interface 0 has no altsetting 0
[ 1927.157088][T17677] usb 4-1: config 220 interface 76 has no altsetting 0
[ 1927.164429][T17677] usb 4-1: config 220 interface 1 has no altsetting 0
[ 1927.174854][T17677] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1927.187386][T17677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1927.197780][T17677] usb 4-1: Product: syz
[ 1927.205720][T17677] usb 4-1: Manufacturer: syz
[ 1927.234905][T17677] usb 4-1: SerialNumber: syz
[ 1927.252239][T19711] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1927.805305][T17677] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[ 1927.877243][T17677] usb 4-1: No valid video chain found.
[ 1927.967922][T17677] usb 4-1: USB disconnect, device number 39
[ 1928.205049][T19721] overlayfs: missing 'lowerdir'
[ 1928.297875][T19724] overlayfs: empty lowerdir
[ 1928.521328][T14998] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1928.761211][T14998] usb 6-1: Using ep0 maxpacket: 16
[ 1928.859294][T14998] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1928.874287][T14998] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[ 1928.928111][T14998] usb 6-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[ 1928.951090][T14998] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1928.975106][T14998] usb 6-1: Product: syz
[ 1928.979415][T14998] usb 6-1: Manufacturer: syz
[ 1929.031189][T14998] usb 6-1: SerialNumber: syz
[ 1929.332605][T18125] Bluetooth: hci1: Unknown advertising packet type: 0x30
[ 1929.332686][T18125] Bluetooth: hci1: adv larger than maximum supported
[ 1929.340371][T18125] Bluetooth: hci1: Malformed LE Event: 0x0d
[ 1929.487975][T14998] usb 6-1: Audio class v2/v3 interfaces need an interface association
[ 1929.581859][   T27] usb 7-1: new low-speed USB device number 7 using dummy_hcd
[ 1929.597064][T14998] snd-usb-audio: probe of 6-1:1.0 failed with error -22
[ 1929.618460][T14998] usb 6-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1929.689705][T14998] usb 6-1: USB disconnect, device number 4
[ 1929.778915][T19398] udevd[19398]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1929.824306][   T27] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[ 1929.838549][   T27] usb 7-1: config 0 has no interface number 0
[ 1929.846223][   T27] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1929.862875][   T27] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1929.920349][   T27] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1929.980444][   T27] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1930.006074][   T27] usb 7-1: config 0 descriptor??
[ 1930.022056][T19734] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1930.073722][   T27] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1933.567837][  T788] usb 7-1: USB disconnect, device number 7
[ 1933.741080][   T28] audit: type=1400 audit(1772866104.960:31): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=19750 comm="syz.6.3650"
[ 1933.933139][T19755] overlayfs: missing 'lowerdir'
[ 1935.259821][T19760] overlayfs: empty lowerdir
[ 1935.773809][T19766] kernel profiling enabled (shift: 63)
[ 1935.779978][T19766] profiling shift: 63 too large
[ 1939.206961][   T12] ------------[ cut here ]------------
[ 1939.212825][   T12] WARNING: CPU: 0 PID: 12 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[ 1939.223740][   T12] Modules linked in:
[ 1939.227640][   T12] CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0
[ 1939.231910][    C1] ------------[ cut here ]------------
[ 1939.235550][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1939.241109][    C1] WARNING: CPU: 1 PID: 0 at net/mac80211/tx.c:5031 __ieee80211_beacon_get+0x1233/0x1600
[ 1939.241201][    C1] Modules linked in:
[ 1939.251333][   T12] Workqueue: phy14 ieee80211_csa_finalize_work
[ 1939.261044][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 1939.261066][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1939.261078][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[ 1939.264995][   T12] 
[ 1939.265006][   T12] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[ 1939.271172][    C1] Code: 24 4c 89 e7 e8 2e a7 c1 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 09 ee 83 f7 0f 0b e9 f6 f7 ff ff e8 fd ed 83 f7 <0f> 0b e9 48 fb ff ff e8 f1 ed 83 f7 48 c7 c7 00 61 64 8e 4c 89 e6
[ 1939.271192][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[ 1939.271213][    C1] RAX: ffffffff8a032e63 RBX: ffffffff8a031c66 RCX: ffff88801b66bc00
[ 1939.271227][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1939.271239][    C1] RBP: 0000000000000000 R08: ffff88801b66bc00 R09: 0000000000000003
[ 1939.271251][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88807aeda3c0
[ 1939.271264][    C1] R13: dffffc0000000000 R14: ffff88807aeda8b0 R15: ffff88805feb1c24
[ 1939.271278][    C1] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1939.271294][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1939.271307][    C1] CR2: 0000555562288a28 CR3: 0000000047b2d000 CR4: 00000000003506e0
[ 1939.271326][    C1] Call Trace:
[ 1939.271336][    C1]  <IRQ>
[ 1939.271349][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[ 1939.278359][   T12] Code: 48 89 df e8 fa 70 d7 f7 e9 dc fc ff ff e8 20 42 7f f7 eb 24 e8 19 42 7f f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 08 42 7f f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 fa 41 7f f7 48 8b 7c 24 08 4c 8b 7c
[ 1939.278380][   T12] RSP: 0018:ffffc900001179c0 EFLAGS: 00010293
[ 1939.288482][    C1]  ieee80211_beacon_get_tim+0xbf/0x580
[ 1939.288512][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[ 1939.294884][   T12] RAX: ffffffff8a07d65e RBX: 0000000000000001 RCX: ffff88801a275a00
[ 1939.297221][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[ 1939.304542][   T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1939.324120][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1939.324196][    C1]  __iterate_interfaces+0x243/0x500
[ 1939.324225][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[ 1939.324250][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[ 1939.324281][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[ 1939.324305][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[ 1939.324339][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[ 1939.324366][    C1]  __hrtimer_run_queues+0x520/0xc40
[ 1939.324393][    C1]  ? ktime_get_update_offsets_now+0x99/0x3f0
[ 1939.324426][    C1]  ? hw_scan_work+0xf60/0xf60
[ 1939.324458][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[ 1939.324481][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[ 1939.324513][    C1]  hrtimer_run_softirq+0x187/0x2b0
[ 1939.324541][    C1]  handle_softirqs+0x280/0x820
[ 1939.324568][    C1]  ? __irq_exit_rcu+0xd3/0x190
[ 1939.324596][    C1]  ? do_softirq+0x1a0/0x1a0
[ 1939.324621][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[ 1939.330725][   T12] RBP: dffffc0000000000 R08: ffff88807aed95af R09: 1ffff1100f5db2b5
[ 1939.338678][    C1]  __irq_exit_rcu+0xd3/0x190
[ 1939.338702][    C1]  ? irq_exit_rcu+0x20/0x20
[ 1939.338730][    C1]  irq_exit_rcu+0x9/0x20
[ 1939.338749][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1939.338775][    C1]  </IRQ>
[ 1939.338784][    C1]  <TASK>
[ 1939.338794][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1939.338833][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 1939.338859][    C1] Code: 40 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d c3 29 43 00 fb f4 <c3> 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80
[ 1939.338886][    C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c6
[ 1939.338908][    C1] RAX: f106315e70ef5100 RBX: ffffffff8162ac40 RCX: f106315e70ef5100
[ 1939.338925][    C1] RDX: 0000000000000001 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0
[ 1939.338941][    C1] RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65
[ 1939.347023][   T12] R10: dffffc0000000000 R11: ffffed100f5db2b6 R12: 0000000000000001
[ 1939.354972][    C1] R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff110036cd780
[ 1939.354991][    C1] R13: 1ffff92000030fc8 R14: 0000000000000001 R15: dffffc0000000000
[ 1939.363013][   T12] R13: ffff88807aeda5d9 R14: ffff88802fe0ac70 R15: ffff88802fe0ace8
[ 1939.370966][    C1]  ? do_idle+0x1f0/0x4e0
[ 1939.380026][   T12] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1939.380049][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1939.386831][    C1]  default_idle+0x13/0x20
[ 1939.386858][    C1]  default_idle_call+0x6c/0xa0
[ 1939.394991][   T12] CR2: 00007fff24c5e060 CR3: 0000000041a65000 CR4: 00000000003506f0
[ 1939.398259][    C1]  do_idle+0x1f0/0x4e0
[ 1939.401162][   T12] Call Trace:
[ 1939.406788][    C1]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1939.426426][   T12]  <TASK>
[ 1939.432484][    C1]  ? idle_inject_timer_fn+0x60/0x60
[ 1939.438151][   T12]  ieee80211_link_use_reserved_context+0x383/0x5c0
[ 1939.444739][    C1]  ? do_idle+0x4c1/0x4e0
[ 1939.444768][    C1]  cpu_startup_entry+0x43/0x60
[ 1939.444791][    C1]  start_secondary+0xee/0xf0
[ 1939.452815][   T12]  ieee80211_csa_finalize+0x5a6/0xf20
[ 1939.458345][    C1]  secondary_startup_64_no_verify+0x179/0x17b
[ 1939.466349][   T12]  ? mutex_lock_nested+0x20/0x20
[ 1939.472416][    C1]  </TASK>
[ 1939.472429][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1939.472440][    C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0
[ 1939.472459][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1939.472470][    C1] Call Trace:
[ 1939.472476][    C1]  <IRQ>
[ 1939.472483][    C1]  dump_stack_lvl+0x18c/0x250
[ 1939.472516][    C1]  ? show_regs_print_info+0x20/0x20
[ 1939.472543][    C1]  ? load_image+0x400/0x400
[ 1939.472585][    C1]  panic+0x2dc/0x730
[ 1939.472613][    C1]  ? bpf_jit_dump+0xd0/0xd0
[ 1939.472645][    C1]  ? secondary_startup_64_no_verify+0x179/0x17b
[ 1939.472676][    C1]  __warn+0x2e0/0x470
[ 1939.472697][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.472723][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.472744][    C1]  report_bug+0x2be/0x4f0
[ 1939.472761][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.472783][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.472804][    C1]  ? __ieee80211_beacon_get+0x1235/0x1600
[ 1939.472824][    C1]  handle_bug+0xcf/0x120
[ 1939.472849][    C1]  exc_invalid_op+0x1a/0x50
[ 1939.472881][    C1]  asm_exc_invalid_op+0x1a/0x20
[ 1939.472901][    C1] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[ 1939.472923][    C1] Code: 24 4c 89 e7 e8 2e a7 c1 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 09 ee 83 f7 0f 0b e9 f6 f7 ff ff e8 fd ed 83 f7 <0f> 0b e9 48 fb ff ff e8 f1 ed 83 f7 48 c7 c7 00 61 64 8e 4c 89 e6
[ 1939.472938][    C1] RSP: 0018:ffffc900001f0a18 EFLAGS: 00010246
[ 1939.472956][    C1] RAX: ffffffff8a032e63 RBX: ffffffff8a031c66 RCX: ffff88801b66bc00
[ 1939.472970][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1939.472981][    C1] RBP: 0000000000000000 R08: ffff88801b66bc00 R09: 0000000000000003
[ 1939.472993][    C1] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88807aeda3c0
[ 1939.473006][    C1] R13: dffffc0000000000 R14: ffff88807aeda8b0 R15: ffff88805feb1c24
[ 1939.473023][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[ 1939.473046][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.473074][    C1]  ? __ieee80211_beacon_get+0x1233/0x1600
[ 1939.473097][    C1]  ? __ieee80211_beacon_get+0x36/0x1600
[ 1939.473126][    C1]  ieee80211_beacon_get_tim+0xbf/0x580
[ 1939.473152][    C1]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[ 1939.473184][    C1]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[ 1939.473212][    C1]  __iterate_interfaces+0x243/0x500
[ 1939.473236][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[ 1939.473257][    C1]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[ 1939.473283][    C1]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[ 1939.473303][    C1]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[ 1939.473333][    C1]  mac80211_hwsim_beacon+0xbb/0x1b0
[ 1939.473355][    C1]  __hrtimer_run_queues+0x520/0xc40
[ 1939.473374][    C1]  ? ktime_get_update_offsets_now+0x99/0x3f0
[ 1939.473403][    C1]  ? hw_scan_work+0xf60/0xf60
[ 1939.473435][    C1]  ? hrtimer_interrupt+0x9c0/0x9c0
[ 1939.473454][    C1]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[ 1939.473485][    C1]  hrtimer_run_softirq+0x187/0x2b0
[ 1939.473509][    C1]  handle_softirqs+0x280/0x820
[ 1939.473532][    C1]  ? __irq_exit_rcu+0xd3/0x190
[ 1939.473555][    C1]  ? do_softirq+0x1a0/0x1a0
[ 1939.473577][    C1]  ? irqtime_account_irq+0xb6/0x1c0
[ 1939.473603][    C1]  __irq_exit_rcu+0xd3/0x190
[ 1939.473621][    C1]  ? irq_exit_rcu+0x20/0x20
[ 1939.473648][    C1]  irq_exit_rcu+0x9/0x20
[ 1939.473664][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1939.473684][    C1]  </IRQ>
[ 1939.473690][    C1]  <TASK>
[ 1939.473698][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1939.473718][    C1] RIP: 0010:pv_native_safe_halt+0xf/0x10
[ 1939.473738][    C1] Code: 40 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d c3 29 43 00 fb f4 <c3> 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80
[ 1939.473753][    C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c6
[ 1939.473769][    C1] RAX: f106315e70ef5100 RBX: ffffffff8162ac40 RCX: f106315e70ef5100
[ 1939.473783][    C1] RDX: 0000000000000001 RSI: ffffffff8acac960 RDI: ffffffff8b1c85a0
[ 1939.473795][    C1] RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65
[ 1939.473808][    C1] R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff110036cd780
[ 1939.473821][    C1] R13: 1ffff92000030fc8 R14: 0000000000000001 R15: dffffc0000000000
[ 1939.473838][    C1]  ? do_idle+0x1f0/0x4e0
[ 1939.473876][    C1]  default_idle+0x13/0x20
[ 1939.473895][    C1]  default_idle_call+0x6c/0xa0
[ 1939.473915][    C1]  do_idle+0x1f0/0x4e0
[ 1939.473936][    C1]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1939.473961][    C1]  ? idle_inject_timer_fn+0x60/0x60
[ 1939.473993][    C1]  ? do_idle+0x4c1/0x4e0
[ 1939.474016][    C1]  cpu_startup_entry+0x43/0x60
[ 1939.474037][    C1]  start_secondary+0xee/0xf0
[ 1939.474056][    C1]  secondary_startup_64_no_verify+0x179/0x17b
[ 1939.474093][    C1]  </TASK>
[ 1939.478385][    C1] Kernel Offset: disabled