last executing test programs:

54.632517931s ago: executing program 0 (id=240):
mlock(&(0x7f0000ff9000/0x1000)=nil, 0x1000)
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, 0x8, &(0x7f0000000240)=[{}], 0x1, 0x1, 0x0, 0x2, 0x0, 0x2})

54.352206213s ago: executing program 0 (id=243):
mprotect(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000440), 0xa, 0x241)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000001480)={0xb73, 0xd, 0x5, "4c6bc09f5a156f1ee39b763ddcbb626052103c678ce02c7a8d4b2e9f978d936e8a9a8d0f9a91407364422c1d56a3e707f9c9f70834d1f8038e02de39c389c18c8876b10a4c8f557eec57bb5c8d195560a0faca27b9add7ae7b59194f00b8bc3044fa1280368bd07416af150ec7301dcb542e8a5ccdf5f2c329241f847af2830ebe128153212bd1c84e34b753d6dd973c2192996294aeb613b9de6742b061b16b7ca511e2345119fa2a3611f8372908e3d4f5458888de9a829ce21c0a6a02cc32040e169e7a198444211a4801892fe447a60d1bb278289d120dbdf4bc75a1d26ada1f7ffbe67e57c438e3d35e7e8a86acddcadf4013ad97b9447c2aedb83749edc15d2d1f7316d783d195388c5ae2e975dc9140b40401010a2ca1058bd6f50a51ac43a3efb27af73f54a4c611db0d464a55c4d071e8df9f30c85be8122afcc10a8a40bfd7d2ad4bacc6b89018054a9eb7d93db7d902cb32d6d1829b6dc725cb7e3eaede569e668f2847bd94667f734a652ac87243ed3bc7efbb3f0edfae2716699c27e250df98ea65b6c6c1c098de543434f38272e9389ec051f28c8ae45f2ef3bf8b36d9e9961e1fbd2261d0cbc7b6f3007d07bf3634faf96c8e10d546932c2a010d6805b7ca76536077b7f8883e588dcf9c908331c672660a2a5f993c9740385a457d44bd107ee958d8db85e06a3525e2921102dbbdb107f7f95a8d877b11329d892153ce210a90862c930613534cfbd534437bf38bc63bd72e046693ac1669c909f5a95b731b12ef02c2cb027db6d9574f09b88cb82b10840517b322a178b918807f4c85449558218c942631570c6fcb0de4be5895381a51d0a54a549276eb2399dc11ef71e9157147bf782829861d8f7a156b37cbe01d73755c2bf312e2d400b8d80cd42daf2c31e85d6583952f103394301622d79b786795ff844a596adcaae6fecf023eb68a180c4e19a339bfcfed89b3f086c1449a78d671628988f8faee13fe3d4b07a910a8829cd805645f81598c6a35fbaa8ea0787ffc32eb0b4d179f51efb1af038ec19bc17e3577d3d461caf4a712f2732437c8c01a8ce692d5b1cbf3754653f4b7db3e09f192b7905fe627e311aa3269a4a773a237fe08e085500aebd3bd9577cfe7561f2f8d9677f4bc77e4bb6ed2f98529d0e4be386cd5e890f9d64bef36e37c63f45764963da94e5583f7c192fa1dfed9d44b7a4c5e7a44cdcdf92c57d5301909af8a5c002d3d07537c634ee113f07c16b677d3966e337b3360336ac8e52e0a35c23a873839395d3799d029c0ec745d77881afa8761459fb950f36c03c46e836130f8ad05cfe811431a61c0009a3414880db47a153f6fb8fd7dcce0515616e98b570c3cf0d5d3ed23c26156eb7812f66550b7614a001ccdfba83cdc4acee50f4567394094103f40810a22c3d9ea4ec4dfb3274b6294a5c794ed01cd91a81192e25a2990e6539c85d62fd3b2ac7b4ded24694fdf3725e3ba61f390e9c975a8bc051e2a9bc03c606e54ed9a6f048308deda12b5b96c25d6b04e01f429797e50e2de01ac699fa2a1fbca230bd826ace7eb735d4ee4ec114edbebdea54b8fb405ae840568528ea0aa761a0110751fe29b6cf038b3f1f0ad43a6d15c710da9552f036b197942d613240dd2826aebf681103e8e3bd9eda9dab1f375b8181daf0581cc7e041c412bdf6eb46bc634b1c499fc88d532d642019746d335ddf673af72834a86cfcd2ca33fc58c48789337171c36345d00b4383003b7a7eedb9a6e2a19273e274dad1ce5e0302c018fd952ff216a5e77da66be8aee7b1bea6808f1c618a0d9dcec0241ef9c5475b41ea0f15452ecab0ab8cc8b196e4c9674e92d10feb3255d96a60628e59b846514ed5ec6e474044934841a5c86cc89770ea5dd4c1e0811c9799b91ea303ff9387b43a9061beca388ab9e1c384f317853c7be99512c1a64c32a7d4ee09b7c703403cff0507ef858ac21273d665a6e25fb8005d4cd0a97b282c21067418767a1ff1db517dfdfa3db58d350d8b1afabfcb506a8ce5921dafd7432e69f702a532807766d79ab18cc035aa1ca7f699fa6243b8264f38c86f5b20637608ed66f3e9f9950982bd8869fef9a01fea3639bd7baf9ed7be25b1d46276bf69788ed716a60ef40bf045b5a9f779fc74147357e2a7fe97df4fcdc166da5cc8f70886c8d7300bf364c28098bfb2d29e6906717815e5552f281fef2476b3c780317f5bd61ed5c6f59d540188910aa8aae4d0851290169800e50caa894c98449b06ec5af6dc50c0b823069b6366dccf17da1e7f37fd6068e257c103aaf2d7f85e2d42f028cebb74f829a7045cc7908892d795c86067f37d22893b8bac527b55dcb4cc2fda3bbdd7ae91a75d95112768c9477c9d3665d18f00112de915e2f85b95a80b9775451a7c6d91181f40608c571d181cb8c81792e14e51bb9095f1d7b8860091c0d0a4a1c3e3d92d9136f2161a23feb517f83b2e570f5c1a6d52db5a35bb37a407977bfe48c7b5766d9dd2e85b6a6d08431c7235dd6a859ddb460db6bf6a4e4827315ecdeeab0b2a5c17513f57bfe65b28904d347359d2cc0d77b0f45b4f8b3bd0b5646eb9eca85b9160f7e9f9978b75026c019944a4af3436b32b14fd2d85b6aed31592e6a10e7a3c9caff27fb24172c509de9e1f7748b2230ced746a8de7fe3d790d34bbbacc66e648d9bd88a3eae604971d8822b38afab6ff9f1d79f3034a241228ae54cbf86599d2eca70eae2e6a848c92d33eb20c66793e162dbef282562fa1360959333aa19fa7e02b8305776b808a9cca46e857263ae0f6bccf0ef20626709f2ad32e3d66b3702b7c99cb09d70777c2f459d441260e4aa21a423b2a62cd8e724b202260da18578080e77ab8b2cef257375eb354ab187b3daa3b79c4640af85ef2ad3442104f58164360cc0234d221a3a28614fa43e2cb6271a2ddb8d3c22c7a36d97cec90547776aaa46b29c1658e2113fd819ade1d65d37ea953000a4c2902109d50a4f4f9e0aa95016132091e817b043ac5f0cc3b9366fcbb76bac83b9c49da917439c94ae2bfc002c3945976436e6253e3cabb9b5d0c913dba2346cc236cd48db0079c8357fa37c85ec3885cc438b0bf39c892eed66b2132158a895160ed639b61c8a7c9d00ad5359911019e1d11aeebb1043e4c827fd879a05867945f4611b2609f5b7302717f4f96a4ba768e741c4d6c59b90315eb71595e8729b14335aaa2fb8b9ebb2f620ae399b7c7a9336ff14b315059e00b5fec269f764038040cd3a4efcb73eb790794c753968d3c228b40310effe2a6312fced9616dc31586c367865f428b7ae4e17ca59182d0cbfd4ac146359749e33fd1ac55ec1f2168e18c79dbb307f86be04e2ed9066b5326ce6edf8b12ee703af79759ff5fa9694a6d5f69bf45e05cd39cd2cebca1c1e35878d0bd2464404740fbe71b0f9dff750edab2184f0c3f5c2c8346f638c93f35a2cdbcb1893cf44e4fbe6cf7555e15626b72572f61bda4052f9ec8eae383885f83300efcdad413fba4b75475631d874e7aab41dd59b827ea872640088c64965d0ea1e768c54d6b464b121ffb6252d0c8dc9f3cc8d845c1e39befccfa2f77b91bb65416745caf51f4dcd14d210d65ffd778ef3cc92475d2eff1d026d2f19e0af6cad4de43cbfc060654d235c693b959bcfdcb5d6e6e7e75b362c1bdc989d348654ad87b2d3bd77550d61cff23b7d004505f4e487af3a70fbfa163c0b9270eaede13c018db2d205e1073999a8998ad7a764b85b10c13dd333dc8514b082601848b9aee0fd57ea989d318360e759c7585840fd2afaa3a00f494bec7a68b76295f64f33feebfa9d9da4cc1f001e05938d37b5ea4ee4a122e21ee2eea437e68975733f3e68691f56279ef98968b8451ae4bb3fbcd1a907114ad5ede64775738f776fd91e91da5b12463b34783b77dc2afab52706b866518dcd9feae4549e85a35eb3d8d155febf2a0d8b0c9f710ff0fb9f11a8ca3b7b1d625572bd4e7b682ba2e678de49a8e287a28b42f7271a8a0834a059f5600e690b45b578908d651856d3873c04b61e7aacab83778d94e430718010d09a870732e18c77630703827e2cd6fa7ad83cf3f93ac53f0ffbaf15fe7489d4ed6e22093bdcaf89449997"})

53.888267345s ago: executing program 0 (id=245):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ipc\x00')
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r1}]}, 0x3c}}, 0x0)

53.827301699s ago: executing program 0 (id=248):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="240000001a000100ffffffe700000000020000000007"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)

53.577257157s ago: executing program 0 (id=251):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@multicast2, @multicast2, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae", 0x1000000}, 0x3c)
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000080)={@multicast2, @multicast2, 0x0, "b18c89f8ec85752dace37a71e337f670bfac54f9a317850eaa73a3eb92f19456", 0x8, 0x8, 0x8, 0x1ff}, 0x3c)

53.146483949s ago: executing program 0 (id=257):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f00000001c0)=0x1, 0x4)

44.380793613s ago: executing program 4 (id=289):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000240)=0x42, 0x4)
sendmmsg$inet(r0, &(0x7f0000000f80)=[{{&(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}], 0x1, 0x4999fa8a21843244)

44.26236536s ago: executing program 1 (id=290):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@bridge_delneigh={0x28, 0x1c, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x80, 0x4a, 0x7}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x40095}, 0x0)

43.976579625s ago: executing program 4 (id=291):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r0 = getpgrp(0x0)
syz_pidfd_open(r0, 0x0)

43.88421392s ago: executing program 1 (id=292):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_GET_WIPHY(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0103000000000000000001000000080001"], 0x30}}, 0x44)

43.577542305s ago: executing program 4 (id=293):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_EEE_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000008c0)={0x2c, r1, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000090}, 0x80)

43.477882169s ago: executing program 1 (id=294):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x10, &(0x7f0000000080)={&(0x7f0000000100)={0x5, 0x400, 0x0, {0x77359400}, {0x77359400}, {0x0, 0x0, 0x1}, 0x1, @can={{0x0, 0x0, 0x1}, 0x0, 0x2, 0x0, 0x0, "8d416cfa6fc2313e"}}, 0x48}}, 0x0)

43.144799054s ago: executing program 4 (id=295):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = inotify_init1(0x800)
fcntl$setsig(r0, 0xa, 0xe)

42.922501477s ago: executing program 4 (id=296):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount_setattr(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8100, &(0x7f0000000000)={0x0, 0x0, 0x20000}, 0x20)

40.968794564s ago: executing program 4 (id=299):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'vxcan1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x5, 0x4, 0x7, 0x1, 0x8, 0x8}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x0)

40.565217749s ago: executing program 2 (id=301):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'dt2814\x00', [0xc6c1, 0x4, 0x10080, 0x10000004, 0x8, 0xcc7, 0xfff, 0x0, 0xffffffff, 0x100, 0x401, 0x1, 0x1, 0x1, 0x0, 0xe1cb, 0x0, 0x1a449, 0x5, 0x40000003, 0x89, 0xffdffffb, 0x0, 0x307, 0x2, 0xe69, 0x2003c, 0x4, 0x106, 0x8000000]})

39.262504595s ago: executing program 2 (id=302):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)=0x10000)

38.98792781s ago: executing program 2 (id=303):
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000002, 0x9132, 0xffffffffffffffff, 0x9aa9b000)
r0 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil)
shmat(r0, &(0x7f0000f62000/0x1000)=nil, 0x7000)

38.854469321s ago: executing program 2 (id=304):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r0, 0xc0105702, &(0x7f00000000c0))

38.019894613s ago: executing program 32 (id=257):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req={0x8000, 0xb4f, 0x300, 0x1daf6}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f00000001c0)=0x1, 0x4)

37.826666723s ago: executing program 2 (id=306):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
writev(r0, &(0x7f0000019880)=[{&(0x7f0000000400)="fb", 0xffffff5c}, {&(0x7f00000197c0)="1902eb02d5e5f29e59e1a7caec33eb76d2430da474d87e367f6598d026438b65eda8341073b6752abdcee080c8e1e876b25227c37d7dd79886ce33f13e857c8eda1cecf6ac36c03dbf54e3cb5136da5a33fee76fb3113f8b6700e9e5fc006b8eed665fed48738d59395ad07438c3610ae3976aac75caf2facafa21c25be3c2", 0x7f}], 0x2)
poll(&(0x7f0000000480)=[{r0, 0x8080}], 0x1, 0x5)

35.854973786s ago: executing program 1 (id=307):
mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xf)

35.53756907s ago: executing program 2 (id=309):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x7)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000))

34.96063052s ago: executing program 1 (id=310):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'})

34.673271023s ago: executing program 1 (id=311):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, {[], @echo_request={0x80, 0x0, 0x0, 0x0, 0x9}}}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x5, 0xb68, 0xfffffffffffffeb9, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0xe}, 0x48)

24.658076473s ago: executing program 33 (id=299):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001880)={'vxcan1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x8, 0x5, 0x4, 0x7, 0x1, 0x8, 0x8}}, {0x4}}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x44}, 0x0)

24.360555479s ago: executing program 3 (id=318):
r0 = socket(0x25, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

20.005152577s ago: executing program 34 (id=309):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x7)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000))

19.493950206s ago: executing program 35 (id=311):
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x8, 0x3a, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @loopback, {[], @echo_request={0x80, 0x0, 0x0, 0x0, 0x9}}}}}}, 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x5, 0xb68, 0xfffffffffffffeb9, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe, 0xe}, 0x48)

16.064571536s ago: executing program 3 (id=321):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000052000100000000000000000002"], 0x20}}, 0x0)

15.78082967s ago: executing program 3 (id=322):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x200, 0x0, @mcast2}, {0xa, 0x4e20, 0xfffffffa, @loopback}, r1}}, 0x48)

15.585301305s ago: executing program 3 (id=323):
unshare(0x26000400)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x40040, 0x6ab858183a7ef6ba)
pidfd_getfd(r0, 0xffffffffffffffff, 0x0)

15.405565744s ago: executing program 3 (id=324):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_START_REQ(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000d0000000500070012000000050018007f00000006000800feff0000050017000000000005001a000000000006000a00ffff00000500190004000000050007000700000005001b00ff000000050001000100000006000800"], 0x6c}, 0x1, 0x0, 0x0, 0x18000}, 0x0)

15.193271256s ago: executing program 3 (id=325):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c40)=@delchain={0x20c, 0x65, 0x8, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x1cc, 0x2, [@TCA_FLOW_ADDEND={0x8}, @TCA_FLOW_XOR={0x8, 0x7, 0xfffffff9}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x1a8, 0x9, 0x0, 0x1, [@m_mpls={0x100, 0x1e, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_TTL={0x5, 0x7, 0x9}]}, {0xc1, 0x6, "38a86b2ea57c2ab9fc6990b590e2cf10b4525acddaa1a21554b3536689e103f92b2b35d2340847a99750261d33b226164f17bc0e5e17b66b648a19530fd437c23b32848120ccc8079c0d909366fa5c7c6e0772fffd9471a08bf86ffeeb3ef13d084c83ed13433f29d53d9b8409105aba551cdd294c04e6c19f9e1db7d4d3ea87db657398cb522b988f05fe8b7fce9e3ec4fd4dfd000eb1a441abc984bc7b225f2fdfbcde1f80644cae7c230ed7b6935867ddbe13255fd06217f59bdcaf"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_nat={0xa4, 0x2, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x80000001, 0x7, 0x6, 0x6, 0x4}, @multicast2, @broadcast, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x6, 0x3, 0x5, 0xff}, @remote, @rand_addr=0x64010100, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x5, 0x3, 0x5, 0x5}, @empty, @multicast1, 0xff000000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x2}}, @TCA_CHAIN={0x8, 0xb, 0x441d}]}, 0x20c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

0s ago: executing program 36 (id=325):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c40)=@delchain={0x20c, 0x65, 0x8, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x1cc, 0x2, [@TCA_FLOW_ADDEND={0x8}, @TCA_FLOW_XOR={0x8, 0x7, 0xfffffff9}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x1a8, 0x9, 0x0, 0x1, [@m_mpls={0x100, 0x1e, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_MPLS_TC={0x5, 0x6, 0x6}, @TCA_MPLS_TTL={0x5, 0x7, 0x9}]}, {0xc1, 0x6, "38a86b2ea57c2ab9fc6990b590e2cf10b4525acddaa1a21554b3536689e103f92b2b35d2340847a99750261d33b226164f17bc0e5e17b66b648a19530fd437c23b32848120ccc8079c0d909366fa5c7c6e0772fffd9471a08bf86ffeeb3ef13d084c83ed13433f29d53d9b8409105aba551cdd294c04e6c19f9e1db7d4d3ea87db657398cb522b988f05fe8b7fce9e3ec4fd4dfd000eb1a441abc984bc7b225f2fdfbcde1f80644cae7c230ed7b6935867ddbe13255fd06217f59bdcaf"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_nat={0xa4, 0x2, 0x0, 0x0, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x80000001, 0x7, 0x6, 0x6, 0x4}, @multicast2, @broadcast, 0xffffff00, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x8, 0x6, 0x3, 0x5, 0xff}, @remote, @rand_addr=0x64010100, 0xff, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x5, 0x3, 0x5, 0x5}, @empty, @multicast1, 0xff000000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x2}}, @TCA_CHAIN={0x8, 0xb, 0x441d}]}, 0x20c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.174' (ED25519) to the list of known hosts.
[   92.154822][  T981] cfg80211: failed to load regulatory.db
[   92.888081][ T5825] cgroup: Unknown subsys name 'net'
[   93.165544][ T5825] cgroup: Unknown subsys name 'cpuset'
[   93.200578][ T5825] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   95.167508][ T5825] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   99.605894][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   99.607160][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   99.608260][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   99.621677][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   99.622797][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   99.626326][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   99.627264][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   99.630085][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   99.630992][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   99.633046][ T5855] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   99.634000][ T5855] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   99.635132][ T5855] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   99.640761][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   99.644324][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   99.645745][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   99.685807][ T5851] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   99.690634][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   99.694185][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   99.695391][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   99.696128][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   99.775074][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   99.780301][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   99.783364][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   99.810192][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   99.811283][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  100.758278][ T5840] chnl_net:caif_netlink_parms(): no params data found
[  100.825476][ T5847] chnl_net:caif_netlink_parms(): no params data found
[  101.071591][ T5839] chnl_net:caif_netlink_parms(): no params data found
[  101.205912][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  101.236819][ T5856] chnl_net:caif_netlink_parms(): no params data found
[  101.671227][ T5155] Bluetooth: hci3: command tx timeout
[  101.671352][ T5155] Bluetooth: hci1: command tx timeout
[  101.749943][ T5848] Bluetooth: hci0: command tx timeout
[  101.750142][ T5848] Bluetooth: hci2: command tx timeout
[  101.851929][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.853518][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.854124][ T5840] bridge_slave_0: entered allmulticast mode
[  101.857228][ T5840] bridge_slave_0: entered promiscuous mode
[  101.909427][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[  101.909534][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[  101.910450][ T5155] Bluetooth: hci4: command tx timeout
[  101.910918][ T5847] bridge_slave_0: entered allmulticast mode
[  101.914078][ T5847] bridge_slave_0: entered promiscuous mode
[  101.953783][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[  101.953926][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[  101.954112][ T5840] bridge_slave_1: entered allmulticast mode
[  101.956425][ T5840] bridge_slave_1: entered promiscuous mode
[  102.062531][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.062686][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.062883][ T5847] bridge_slave_1: entered allmulticast mode
[  102.065887][ T5847] bridge_slave_1: entered promiscuous mode
[  102.521450][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.521638][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.521833][ T5839] bridge_slave_0: entered allmulticast mode
[  102.524798][ T5839] bridge_slave_0: entered promiscuous mode
[  102.717643][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.802278][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.802432][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.802640][ T5839] bridge_slave_1: entered allmulticast mode
[  102.805565][ T5839] bridge_slave_1: entered promiscuous mode
[  102.820831][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.966225][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.966701][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.966845][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.967015][ T5846] bridge_slave_0: entered allmulticast mode
[  102.970769][ T5846] bridge_slave_0: entered promiscuous mode
[  103.054792][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.055119][ T5856] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.055322][ T5856] bridge0: port 1(bridge_slave_0) entered disabled state
[  103.055503][ T5856] bridge_slave_0: entered allmulticast mode
[  103.058327][ T5856] bridge_slave_0: entered promiscuous mode
[  103.161428][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.161545][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.161688][ T5846] bridge_slave_1: entered allmulticast mode
[  103.163654][ T5846] bridge_slave_1: entered promiscuous mode
[  103.351305][ T5856] bridge0: port 2(bridge_slave_1) entered blocking state
[  103.351467][ T5856] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.351680][ T5856] bridge_slave_1: entered allmulticast mode
[  103.354628][ T5856] bridge_slave_1: entered promiscuous mode
[  103.533947][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.694796][ T5840] team0: Port device team_slave_0 added
[  103.749985][ T5155] Bluetooth: hci1: command tx timeout
[  103.750019][ T5155] Bluetooth: hci3: command tx timeout
[  103.771435][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.773392][ T5847] team0: Port device team_slave_0 added
[  103.830012][ T5848] Bluetooth: hci2: command tx timeout
[  103.830059][ T5848] Bluetooth: hci0: command tx timeout
[  103.847145][ T5840] team0: Port device team_slave_1 added
[  103.858917][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.943510][ T5847] team0: Port device team_slave_1 added
[  103.989969][ T5155] Bluetooth: hci4: command tx timeout
[  104.125929][ T5856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  104.194680][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.341657][ T5856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  104.493712][ T5839] team0: Port device team_slave_0 added
[  104.622550][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.622568][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.622595][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.737200][ T5839] team0: Port device team_slave_1 added
[  104.739375][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[  104.739388][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.739406][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  104.833085][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.833107][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.833136][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.836537][ T5846] team0: Port device team_slave_0 added
[  104.952193][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[  104.952211][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  104.952245][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  104.955335][ T5856] team0: Port device team_slave_0 added
[  104.958870][ T5846] team0: Port device team_slave_1 added
[  105.216025][ T5856] team0: Port device team_slave_1 added
[  105.305680][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.305700][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.305724][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.504992][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.505011][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.505031][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  105.708292][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.708306][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.708324][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.812039][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_0
[  105.812056][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.812081][ T5856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  105.829826][ T5155] Bluetooth: hci3: command tx timeout
[  105.829857][ T5155] Bluetooth: hci1: command tx timeout
[  105.915030][ T5848] Bluetooth: hci0: command tx timeout
[  105.915066][ T5848] Bluetooth: hci2: command tx timeout
[  105.936727][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  105.936743][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  105.936770][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.021723][ T5856] batman_adv: batadv0: Adding interface: batadv_slave_1
[  106.021741][ T5856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  106.021770][ T5856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  106.052305][ T5840] hsr_slave_0: entered promiscuous mode
[  106.060699][ T5840] hsr_slave_1: entered promiscuous mode
[  106.069816][ T5155] Bluetooth: hci4: command tx timeout
[  106.084773][ T5847] hsr_slave_0: entered promiscuous mode
[  106.090880][ T5847] hsr_slave_1: entered promiscuous mode
[  106.092156][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[  106.092294][ T5847] Cannot create hsr debugfs directory
[  106.292861][ T5839] hsr_slave_0: entered promiscuous mode
[  106.293827][ T5839] hsr_slave_1: entered promiscuous mode
[  106.294434][ T5839] debugfs: 'hsr0' already exists in 'hsr'
[  106.294454][ T5839] Cannot create hsr debugfs directory
[  106.793354][ T5846] hsr_slave_0: entered promiscuous mode
[  106.794788][ T5846] hsr_slave_1: entered promiscuous mode
[  106.795611][ T5846] debugfs: 'hsr0' already exists in 'hsr'
[  106.795636][ T5846] Cannot create hsr debugfs directory
[  106.969347][ T5856] hsr_slave_0: entered promiscuous mode
[  106.972875][ T5856] hsr_slave_1: entered promiscuous mode
[  106.973915][ T5856] debugfs: 'hsr0' already exists in 'hsr'
[  106.973943][ T5856] Cannot create hsr debugfs directory
[  107.909870][ T5155] Bluetooth: hci1: command tx timeout
[  107.909902][ T5155] Bluetooth: hci3: command tx timeout
[  107.989954][ T5848] Bluetooth: hci2: command tx timeout
[  107.989987][ T5848] Bluetooth: hci0: command tx timeout
[  108.150088][ T5155] Bluetooth: hci4: command tx timeout
[  108.548772][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  108.580679][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  108.628091][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  108.690209][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  108.833919][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  108.860986][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  108.897163][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  108.958306][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  109.114658][ T5839] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  109.164293][ T5839] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  109.209121][ T5839] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  109.272649][ T5839] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  109.459273][ T5846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.508317][ T5846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.553023][ T5846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  109.615290][ T5846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  109.788277][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.814846][ T5856] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  109.880912][ T5856] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  109.923708][ T5856] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  109.965205][ T5856] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  110.066843][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[  110.123309][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.123931][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.156473][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.189130][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.189254][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.295129][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[  110.344275][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.355937][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.356209][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.418344][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.418511][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.511531][ T5839] 8021q: adding VLAN 0 to HW filter on device team0
[  110.552321][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.575761][ T3552] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.575987][ T3552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.644015][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.649915][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.785274][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  110.836074][ T5856] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.856105][ T1175] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.856336][ T1175] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.938778][ T3552] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.938945][ T3552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.062127][ T5856] 8021q: adding VLAN 0 to HW filter on device team0
[  111.123346][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  111.123574][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  111.197542][   T67] bridge0: port 2(bridge_slave_1) entered blocking state
[  111.197916][   T67] bridge0: port 2(bridge_slave_1) entered forwarding state
[  111.475032][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.641065][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.776595][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.917689][ T5840] veth0_vlan: entered promiscuous mode
[  111.972562][ T5840] veth1_vlan: entered promiscuous mode
[  112.002026][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.072847][ T5847] veth0_vlan: entered promiscuous mode
[  112.136269][ T5847] veth1_vlan: entered promiscuous mode
[  112.301815][ T5840] veth0_macvtap: entered promiscuous mode
[  112.347700][ T5840] veth1_macvtap: entered promiscuous mode
[  112.412306][ T5846] veth0_vlan: entered promiscuous mode
[  112.435695][ T5856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.471713][ T5847] veth0_macvtap: entered promiscuous mode
[  112.488029][ T5846] veth1_vlan: entered promiscuous mode
[  112.494460][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.516592][ T5847] veth1_macvtap: entered promiscuous mode
[  112.543860][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.604155][   T57] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.620293][   T57] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.633065][   T57] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.656778][   T57] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.681316][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.763955][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.872451][ T5839] veth0_vlan: entered promiscuous mode
[  112.892520][ T5846] veth0_macvtap: entered promiscuous mode
[  112.957079][ T1175] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.987940][ T1175] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.996600][ T5856] veth0_vlan: entered promiscuous mode
[  112.997140][ T1175] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.998264][ T5846] veth1_macvtap: entered promiscuous mode
[  113.014226][ T1175] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.044287][ T5839] veth1_vlan: entered promiscuous mode
[  113.151887][ T5856] veth1_vlan: entered promiscuous mode
[  113.157296][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.288321][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  113.307540][ T1006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.307568][ T1006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.426086][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  113.472913][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  113.490489][ T1006] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  113.517892][ T1006] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  113.547824][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.547846][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.632908][ T5839] veth0_macvtap: entered promiscuous mode
[  113.646339][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.646366][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.770188][ T5839] veth1_macvtap: entered promiscuous mode
[  113.782643][ T5856] veth0_macvtap: entered promiscuous mode
[  113.904786][ T5856] veth1_macvtap: entered promiscuous mode
[  113.969970][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.969992][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.036516][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.102131][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.103755][ T1175] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.103775][ T1175] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.203684][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.234758][  T159] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.253008][   T67] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.286255][ T5856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.287228][   T67] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.349577][   T67] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.508817][ T1175] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.508899][ T1006] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.508916][ T1006] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.544304][ T1175] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.553079][ T1175] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.554715][ T1175] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.623915][ T5962] warning: `syz.1.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  114.882147][ T5965] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (22)
[  115.260141][ T1029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.260164][ T1029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.735308][ T5984] capability: warning: `syz.1.13' uses deprecated v2 capabilities in a way that may be insecure
[  115.736914][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  115.736934][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.812829][ T5984] program syz.1.13 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  116.061241][ T3552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.061261][ T3552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.228745][ T5993] netlink: 8 bytes leftover after parsing attributes in process `syz.1.15'.
[  116.228772][ T5993] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15'.
[  116.228865][ T5993] netlink: 'syz.1.15': attribute type 14 has an invalid length.
[  116.228880][ T5993] netlink: 'syz.1.15': attribute type 11 has an invalid length.
[  116.422007][ T3552] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.422030][ T3552] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.393205][   T38] audit: type=1326 audit(1757614838.140:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.393407][   T38] audit: type=1326 audit(1757614838.140:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.481291][   T38] audit: type=1326 audit(1757614838.220:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.481348][   T38] audit: type=1326 audit(1757614838.230:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.481397][   T38] audit: type=1326 audit(1757614838.230:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.489887][   T38] audit: type=1326 audit(1757614838.240:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  117.489954][   T38] audit: type=1326 audit(1757614838.240:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6011 comm="syz.1.20" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7029e6eba9 code=0x7ffc0000
[  118.017462][ T6024] netlink: 96 bytes leftover after parsing attributes in process `syz.3.24'.
[  118.030338][ T6025] netlink: 8 bytes leftover after parsing attributes in process `syz.1.25'.
[  118.767973][ T6038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.29'.
[  119.291844][ T6052] [U] 
[  119.291860][ T6052] [U] K{�
[  119.291871][ T6052] [U] �t �1���F���fˊ�`G�J��g���������o��/�mC�
[  119.291899][ T6052] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  119.291921][ T6052] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  119.291960][ T6052] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  119.292023][ T6052] [U] 	+�w�G?]��'a:	��)�����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  119.292052][ T6052] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q�� ��3��q��N^HP*��$	�.�7yӱ�2�
[  119.292072][ T6052] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  119.292101][ T6052] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  119.292158][ T6052] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  119.292209][ T6052] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_���%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"���G�d���2@T8��������t8.Rc+�@�ꦇp�u�p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  119.292256][ T6052] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  119.292287][ T6052] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�[K@����2�Ǭ���p"^`���	��
[  119.292303][ T6052] [U] 22��Ʃ���x?0;3u�
[  119.292327][ T6052] [U] ޜ���sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�FP��Ș|$��)�KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  119.292355][ T6052] [U] [�['xn�'�����,mr��/����1D=!D�x91B�w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  119.292372][ T6052] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  119.292386][ T6052] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  119.292403][ T6052] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  119.292416][ T6052] [U] �ec�
[  119.292430][ T6052] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  119.294354][ T6050] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUdǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  120.216896][ T6070] netlink: 'syz.3.40': attribute type 2 has an invalid length.
[  121.043870][ T6092] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  121.220382][    T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  121.419786][    T9] usb 1-1: Using ep0 maxpacket: 8
[  121.441660][    T9] usb 1-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  121.441697][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  121.441737][    T9] usb 1-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.00
[  121.441762][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.597540][    T9] usb 1-1: config 0 descriptor??
[  122.172644][    T9] thrustmaster 0003:044F:B300.0001: hidraw0: USB HID v0.03 Device [HID 044f:b300] on usb-dummy_hcd.0-1/input0
[  122.172695][    T9] thrustmaster 0003:044F:B300.0001: no inputs found
[  122.373153][    T9] usb 1-1: USB disconnect, device number 2
[  122.540866][ T6118] fido_id[6118]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  122.900579][ T6131] Illegal XDP return value 4294967274 on prog  (id 7) dev N/A, expect packet loss!
[  123.963295][   T38] audit: type=1326 audit(1757614844.710:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  123.965515][   T38] audit: type=1326 audit(1757614844.720:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  124.040066][   T38] audit: type=1326 audit(1757614844.780:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  124.040127][   T38] audit: type=1326 audit(1757614844.780:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  124.040181][   T38] audit: type=1326 audit(1757614844.780:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  124.040227][   T38] audit: type=1326 audit(1757614844.790:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  124.040273][   T38] audit: type=1326 audit(1757614844.790:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6165 comm="syz.3.76" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3cb99aeba9 code=0x7ffc0000
[  125.275876][ T6204] Bluetooth: MGMT ver 1.23
[  125.590142][ T6211] netlink: 8 bytes leftover after parsing attributes in process `syz.4.92'.
[  125.590487][ T6216] netlink: 'syz.2.95': attribute type 1 has an invalid length.
[  125.590506][ T6216] netlink: 216 bytes leftover after parsing attributes in process `syz.2.95'.
[  125.660932][ T6214] netlink: 12 bytes leftover after parsing attributes in process `syz.1.94'.
[  126.982348][ T6256] Invalid source name
[  126.982367][ T6256] UBIFS error (pid: 6256): cannot open "usrquota", error -22
[  127.149775][ T5928] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  127.302469][ T5928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.302522][ T5928] usb 5-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[  127.302548][ T5928] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.404922][ T5928] usb 5-1: config 0 descriptor??
[  127.731647][ T6275] netlink: 'syz.2.119': attribute type 1 has an invalid length.
[  127.911787][ T5928] aquacomputer_d5next 0003:0C70:F00B.0002: unknown main item tag 0x1
[  127.911830][ T5928] aquacomputer_d5next 0003:0C70:F00B.0002: unknown main item tag 0x0
[  127.911859][ T5928] aquacomputer_d5next 0003:0C70:F00B.0002: unknown main item tag 0x0
[  127.953801][ T5928] aquacomputer_d5next 0003:0C70:F00B.0002: hidraw0: USB HID v0.04 Device [HID 0c70:f00b] on usb-dummy_hcd.4-1/input0
[  128.120706][ T5928] usb 5-1: USB disconnect, device number 2
[  128.541017][ T6286] fido_id[6286]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  128.864207][ T6304] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  129.275747][   T38] audit: type=1400 audit(1757614850.030:16): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=6318 comm="syz.4.137" src=1 dest=20000 netif=wpan0
[  129.569869][ T5929] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  129.732285][ T5929] usb 3-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  129.732318][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.732340][ T5929] usb 3-1: Product: syz
[  129.732356][ T5929] usb 3-1: Manufacturer: syz
[  129.732371][ T5929] usb 3-1: SerialNumber: syz
[  129.830334][ T5929] usb 3-1: config 0 descriptor??
[  130.275251][ T5929] mos7840 3-1:0.0: required endpoints missing
[  130.310269][ T5929] usb 3-1: USB disconnect, device number 2
[  130.666886][ T1234] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  130.788034][ T6361] [U] v�3��f��"S��/��4:�XTz�W�t��lW��=
[  130.878321][ T1234] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  130.878376][ T1234] usb 5-1: New USB device found, idVendor=1038, idProduct=12c2, bcdDevice= 0.00
[  130.878400][ T1234] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.942225][ T1234] usb 5-1: config 0 descriptor??
[  131.405789][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405830][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405861][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405889][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405918][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405947][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.405975][ T1234] steelseries 0003:1038:12C2.0003: unknown main item tag 0x0
[  131.586851][ T5927] usb 5-1: USB disconnect, device number 3
[  131.755533][ T6386] =======================================================
[  131.755533][ T6386] WARNING: The mand mount option has been deprecated and
[  131.755533][ T6386]          and is ignored by this kernel. Remove the mand
[  131.755533][ T6386]          option from the mount to silence this warning.
[  131.755533][ T6386] =======================================================
[  131.757022][    T9] kernel write not supported for file /86/comm (pid: 9 comm: kworker/0:0)
[  132.099801][ T5928] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  132.255010][ T5928] usb 1-1: Using ep0 maxpacket: 8
[  132.278597][ T5928] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  132.278628][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  132.278650][ T5928] usb 1-1: Product: syz
[  132.278665][ T5928] usb 1-1: Manufacturer: syz
[  132.278681][ T5928] usb 1-1: SerialNumber: syz
[  132.362710][ T5928] usb 1-1: config 0 descriptor??
[  132.384717][ T5928] gspca_main: se401-2.14.0 probing 047d:5003
[  132.815868][ T5928] gspca_se401: Bayer format not supported!
[  133.028846][    T9] usb 1-1: USB disconnect, device number 3
[  133.300050][ T5928] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  133.452516][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  133.452551][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  133.452575][ T5928] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  133.452617][ T5928] usb 3-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  133.452640][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.472317][ T5928] usb 3-1: config 0 descriptor??
[  133.703311][ T6438] netlink: 40 bytes leftover after parsing attributes in process `syz.1.185'.
[  133.703333][ T6438] tipc: Invalid UDP bearer configuration
[  133.703385][ T6438] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  133.808822][ T6441] random: crng reseeded on system resumption
[  134.015348][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015387][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015416][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015444][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015473][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015501][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015529][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015558][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015586][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.015614][ T5928] elecom 0003:056E:011C.0004: unknown main item tag 0x0
[  134.058771][ T5928] elecom 0003:056E:011C.0004: hidraw0: USB HID v0.00 Device [HID 056e:011c] on usb-dummy_hcd.2-1/input0
[  134.126689][ T6448] process 'syz.1.189' launched './file0' with NULL argv: empty string added
[  134.296387][ T6064] usb 3-1: USB disconnect, device number 3
[  134.920842][ T6464] program syz.4.195 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  134.986878][ T6460] fido_id[6460]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  135.113205][    T9] kernel write not supported for file /input/mice (pid: 9 comm: kworker/0:0)
[  136.204068][ T6498] dummy0: entered promiscuous mode
[  137.322205][ T6532] ip6tnl1: entered allmulticast mode
[  137.639779][ T6064] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  137.794105][ T6064] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  137.794139][ T6064] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  137.794185][ T6064] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  137.794210][ T6064] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.832030][ T6064] usb 2-1: config 0 descriptor??
[  138.237476][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  138.237583][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  138.326099][ T6558] xt_socket: unknown flags 0xd0
[  138.342459][ T6064] kye 0003:0458:5011.0005: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  138.515661][ T6064] kye 0003:0458:5011.0005: hidraw0: USB HID vff.fe Device [HID 0458:5011] on usb-dummy_hcd.1-1/input0
[  138.515695][ T6064] kye 0003:0458:5011.0005: tablet-enabling feature report not found
[  138.515708][ T6064] kye 0003:0458:5011.0005: tablet enabling failed
[  138.674329][ T6563] program syz.0.243 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  138.779302][ T6064] usb 2-1: USB disconnect, device number 2
[  139.115072][ T6566] fido_id[6566]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  141.128718][ T6600] syz.3.260 (6600) used greatest stack depth: 17432 bytes left
[  141.650593][ T6617] netlink: 72 bytes leftover after parsing attributes in process `syz.2.269'.
[  142.249491][ T6625] capability: warning: `syz.1.273' uses 32-bit capabilities (legacy support in use)
[  144.749896][    T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  144.909861][    T9] usb 2-1: Using ep0 maxpacket: 32
[  144.917959][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.918004][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.918046][    T9] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  144.918070][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.008531][    T9] usb 2-1: config 0 descriptor??
[  147.245380][    T9] koneplus 0003:1E7D:2D51.0006: item fetching failed at offset 1/5
[  147.301044][    T9] koneplus 0003:1E7D:2D51.0006: parse failed
[  147.301127][    T9] koneplus 0003:1E7D:2D51.0006: probe with driver koneplus failed with error -22
[  147.353847][ T6654] netlink: 44 bytes leftover after parsing attributes in process `syz.3.285'.
[  147.615813][    T9] usb 2-1: USB disconnect, device number 3
[  147.799301][ T6657] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  147.949663][    C1] sched: DL replenish lagged too much
[  149.128620][ T6669] netlink: 20 bytes leftover after parsing attributes in process `syz.1.292'.
[  153.381520][ T6685] comedi comedi3: reset error (fatal)
[  156.089184][ T5848] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  156.107482][ T5848] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  156.120997][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  156.124888][ T5848] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  156.127317][ T5848] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  157.368972][ T6696] chnl_net:caif_netlink_parms(): no params data found
[  157.658240][ T6708] sp0: Synchronizing with TNC
[  158.229975][ T5848] Bluetooth: hci5: command tx timeout
[  160.310231][ T5848] Bluetooth: hci5: command tx timeout
[  162.390335][ T5848] Bluetooth: hci5: command tx timeout
[  164.469998][ T5848] Bluetooth: hci5: command tx timeout
[  166.559741][  T981] usb 4-1: new low-speed USB device number 2 using dummy_hcd
[  166.715712][  T981] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  166.715742][  T981] usb 4-1: config 0 has no interface number 0
[  166.715791][  T981] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  166.715814][  T981] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  166.715842][  T981] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  166.715869][  T981] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  166.715896][  T981] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  166.715924][  T981] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  166.715969][  T981] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  166.715993][  T981] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.840013][  T981] usb 4-1: config 0 descriptor??
[  166.842662][ T6722] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.842932][ T6722] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  166.898702][  T981] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  167.166018][  T981] usb 4-1: USB disconnect, device number 2
[  167.217542][  T981] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  169.316550][ T5155] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  169.345682][ T5155] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  169.347764][ T5155] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  169.349153][ T5155] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  169.384734][ T5155] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  174.003469][ T5851] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  174.006516][ T5851] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  174.007788][ T5851] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  174.043097][ T5851] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  174.046652][ T5851] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  174.477523][ T5842] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  174.506175][ T5842] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  174.507696][ T5842] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  174.509301][ T5842] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  174.511444][ T5842] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  176.863566][ T6740] netlink: 12 bytes leftover after parsing attributes in process `syz.3.321'.
[  186.258354][ T5851] Bluetooth: hci8: command tx timeout
[  188.316411][ T5851] Bluetooth: hci8: command tx timeout
[  188.316684][ T5851] Bluetooth: hci6: command tx timeout
[  188.316821][ T5851] Bluetooth: hci7: command tx timeout
[  190.390596][ T5155] Bluetooth: hci7: command tx timeout
[  190.390642][ T5155] Bluetooth: hci6: command tx timeout
[  190.390666][ T5155] Bluetooth: hci8: command tx timeout
[  192.471464][ T5851] Bluetooth: hci8: command tx timeout
[  192.471500][ T5851] Bluetooth: hci6: command tx timeout
[  192.471532][ T5851] Bluetooth: hci7: command tx timeout
[  193.672228][ T5851] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  193.689064][ T5851] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  193.710614][ T5851] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  193.713726][ T5851] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  193.716852][ T5851] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  194.552827][ T5851] Bluetooth: hci7: command tx timeout
[  194.552862][ T5851] Bluetooth: hci6: command tx timeout
[  201.680232][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  201.680317][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  209.031765][ T5155] Bluetooth: hci9: command tx timeout
[  211.110043][ T5155] Bluetooth: hci9: command tx timeout
[  213.190052][ T5155] Bluetooth: hci9: command tx timeout
[  215.270505][ T5155] Bluetooth: hci9: command tx timeout
[  216.263025][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  216.279940][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  216.281132][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  216.282389][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  216.283536][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  222.549884][ T5848] Bluetooth: hci1: command tx timeout
[  224.636694][ T5848] Bluetooth: hci1: command tx timeout
[  226.709894][ T5848] Bluetooth: hci1: command tx timeout
[  228.792550][ T5848] Bluetooth: hci1: command tx timeout
[  230.365137][ T5155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  230.380956][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  230.382195][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  230.383509][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  230.405843][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  233.910511][ T5848] Bluetooth: hci2: command tx timeout
[  235.887555][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  235.909986][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  235.911499][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  235.913456][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  235.941222][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  235.989930][ T5848] Bluetooth: hci2: command tx timeout
[  236.098005][ T5155] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  236.118440][ T5155] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  236.127778][ T5155] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  236.161890][ T5155] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  236.171245][ T5155] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  237.989810][ T5848] Bluetooth: hci3: command tx timeout
[  238.080248][ T5848] Bluetooth: hci2: command tx timeout
[  238.230190][ T5848] Bluetooth: hci10: command tx timeout
[  240.069976][ T5848] Bluetooth: hci3: command tx timeout
[  240.149978][ T5848] Bluetooth: hci2: command tx timeout
[  240.309967][ T5848] Bluetooth: hci10: command tx timeout
[  242.167532][ T5848] Bluetooth: hci3: command tx timeout
[  242.391907][ T5848] Bluetooth: hci10: command tx timeout
[  244.229861][ T5848] Bluetooth: hci3: command tx timeout
[  244.474474][ T5848] Bluetooth: hci10: command tx timeout
[  253.845923][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  253.869346][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  253.878317][ T5155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  253.890828][ T5155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  253.891813][ T5155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  263.196296][ T5848] Bluetooth: hci4: command 0x0406 tx timeout
[  266.250991][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  266.251074][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  276.902308][ T5842] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  276.907358][ T5842] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  276.908429][ T5842] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  276.934275][ T5842] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  276.954408][ T5842] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  290.827913][ T5855] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  290.849129][ T5855] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  290.851465][ T5855] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  290.852831][ T5855] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  290.854156][ T5855] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  291.205227][ T5155] Bluetooth: hci0: command tx timeout
[  293.269994][ T5855] Bluetooth: hci0: command tx timeout
[  295.356088][ T5855] Bluetooth: hci0: command tx timeout
[  296.458171][ T5155] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  296.472280][ T5155] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  296.473435][ T5155] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  296.499170][ T5155] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  296.520032][ T5155] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  296.716329][ T5853] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  296.740008][ T5853] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  296.744378][ T5853] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  296.745915][ T5853] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  296.747308][ T5853] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  297.439812][ T5851] Bluetooth: hci0: command tx timeout
[  312.641373][ T5155] Bluetooth: hci7: command tx timeout
[  314.372141][ T5853] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  314.389218][ T5853] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  314.398564][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  314.412050][ T5853] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  314.412984][ T5853] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  314.559884][ T5853] Bluetooth: hci11: command tx timeout
[  314.709961][ T5853] Bluetooth: hci8: command tx timeout
[  314.710292][ T5853] Bluetooth: hci7: command tx timeout
[  314.710374][ T5853] Bluetooth: hci6: command tx timeout
[  316.480350][ T5842] Bluetooth: hci5: command tx timeout
[  316.629929][ T5842] Bluetooth: hci11: command tx timeout
[  316.789952][ T5842] Bluetooth: hci6: command tx timeout
[  316.789998][ T5842] Bluetooth: hci7: command tx timeout
[  316.790021][ T5842] Bluetooth: hci8: command tx timeout
[  318.559801][ T5842] Bluetooth: hci5: command tx timeout
[  318.711520][ T5842] Bluetooth: hci11: command tx timeout
[  318.869982][ T5853] Bluetooth: hci7: command tx timeout
[  318.870018][ T5853] Bluetooth: hci6: command tx timeout
[  318.876420][ T5842] Bluetooth: hci8: command tx timeout
[  320.632617][ T5842] Bluetooth: hci5: command tx timeout
[  320.809730][ T5842] Bluetooth: hci11: command tx timeout
[  320.949896][ T5155] Bluetooth: hci6: command tx timeout
[  320.949949][ T5842] Bluetooth: hci8: command tx timeout
[  322.709784][ T5842] Bluetooth: hci5: command tx timeout
[  324.640611][ T5842] Bluetooth: hci9: command 0x0406 tx timeout
[  328.335269][ T1326] ieee802154 phy0 wpan0: encryption failed: -22
[  328.335356][ T1326] ieee802154 phy1 wpan1: encryption failed: -22
[  339.454811][ T5853] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  339.471370][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  339.472461][ T5853] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  339.476452][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  339.506714][ T5853] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  351.632775][ T5853] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  351.673856][ T5853] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  351.687411][ T5853] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  351.699756][ T5853] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  351.720024][ T5853] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  356.912655][ T5848] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  356.941573][ T5848] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  356.943631][ T5848] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  356.945072][ T5848] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  356.946912][ T5848] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  357.098152][ T5851] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  357.114103][ T5851] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  357.117150][ T5851] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  357.118415][ T5851] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  357.147317][ T5851] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  359.039884][   T39] INFO: task syz.2.309:6706 blocked for more than 143 seconds.
[  359.039917][   T39]       Not tainted syzkaller #0
[  359.039929][   T39] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  359.039943][   T39] task:syz.2.309       state:D stack:25128 pid:6706  tgid:6706  ppid:5856   task_flags:0x400040 flags:0x00004006
[  359.040024][   T39] Call Trace:
[  359.040032][   T39]  <TASK>
[  359.040047][   T39]  __schedule+0x16f3/0x4c20
[  359.040120][   T39]  ? validate_chain+0x897/0x2140
[  359.040169][   T39]  ? __lock_acquire+0xab9/0xd20
[  359.040200][   T39]  ? __pfx___schedule+0x10/0x10
[  359.040251][   T39]  ? schedule+0x91/0x360
[  359.040286][   T39]  schedule+0x165/0x360
[  359.040320][   T39]  schedule_timeout+0x9a/0x270
[  359.040351][   T39]  ? __pfx_schedule_timeout+0x10/0x10
[  359.040397][   T39]  ? _raw_spin_unlock_irq+0x23/0x50
[  359.040431][   T39]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.040461][   T39]  ? wait_for_completion+0x267/0x5d0
[  359.040497][   T39]  wait_for_completion+0x2bf/0x5d0
[  359.040545][   T39]  ? __pfx_wait_for_completion+0x10/0x10
[  359.040586][   T39]  ? __init_swait_queue_head+0xa9/0x150
[  359.040619][   T39]  rcu_barrier+0x463/0x570
[  359.040655][   T39]  netdev_run_todo+0x327/0xea0
[  359.040688][   T39]  ? __pfx_netdev_run_todo+0x10/0x10
[  359.040709][   T39]  ? unregister_netdevice_queue+0x33c/0x380
[  359.040736][   T39]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  359.040759][   T39]  ? rtnl_net_dev_lock+0x36/0x2f0
[  359.040793][   T39]  ? rtnl_net_dev_lock+0x36/0x2f0
[  359.040824][   T39]  ? rtnl_net_dev_lock+0x2de/0x2f0
[  359.040858][   T39]  unregister_netdev+0x52/0x60
[  359.040883][   T39]  sixpack_close+0x1d8/0x280
[  359.040915][   T39]  tty_ldisc_kill+0xa3/0x1a0
[  359.040943][   T39]  tty_ldisc_release+0x1a4/0x200
[  359.040968][   T39]  tty_release_struct+0x2a/0xd0
[  359.040994][   T39]  tty_release+0xcb6/0x1650
[  359.041032][   T39]  ? evm_file_release+0x10b/0x1e0
[  359.041064][   T39]  ? __pfx_tty_release+0x10/0x10
[  359.041086][   T39]  __fput+0x458/0xa80
[  359.041129][   T39]  task_work_run+0x1d4/0x260
[  359.041156][   T39]  ? __pfx_task_work_run+0x10/0x10
[  359.041186][   T39]  ? exit_to_user_mode_loop+0x40/0x110
[  359.041220][   T39]  exit_to_user_mode_loop+0xec/0x110
[  359.041251][   T39]  do_syscall_64+0x2bd/0x3b0
[  359.041272][   T39]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.041303][   T39]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.041326][   T39]  ? clear_bhb_loop+0x60/0xb0
[  359.041354][   T39]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.041376][   T39] RIP: 0033:0x7fa445b0eba9
[  359.041402][   T39] RSP: 002b:00007fff25b5d568 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  359.041424][   T39] RAX: 0000000000000000 RBX: 00007fa445d57da0 RCX: 00007fa445b0eba9
[  359.041440][   T39] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  359.041453][   T39] RBP: 00007fa445d57da0 R08: 0000000000002e60 R09: 0000000325b5d85f
[  359.041469][   T39] R10: 00000000005f8814 R11: 0000000000000246 R12: 00000000000268ce
[  359.041483][   T39] R13: 00007fff25b5d660 R14: ffffffffffffffff R15: 00007fff25b5d680
[  359.041520][   T39]  </TASK>
[  359.041548][   T39] 
[  359.041548][   T39] Showing all locks held in the system:
[  359.041557][   T39] 3 locks held by kworker/0:0/9:
[  359.041572][   T39] 2 locks held by rcuc/1/28:
[  359.041584][   T39]  #0: ffffffff8d84a960 (local_bh){.+.+}-{1:3}, at: __local_bh_disable_ip+0xa1/0x400
[  359.041644][   T39]  #1: ffff8880b8923d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  359.041701][   T39] 6 locks held by ktimers/1/29:
[  359.041714][   T39] 2 locks held by kworker/1:0/31:
[  359.041728][   T39] 3 locks held by kworker/u8:2/37:
[  359.041740][   T39]  #0: ffff88802fd17938 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.041798][   T39]  #1: ffffc90000ac7bc0 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.041857][   T39]  #2: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_verify_work+0x19/0x30
[  359.041914][   T39] 1 lock held by khungtaskd/39:
[  359.041926][   T39]  #0: ffffffff8d9a8d80 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  359.041986][   T39] 3 locks held by kworker/u8:9/1029:
[  359.041999][   T39]  #0: ffff888019881138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.042077][   T39]  #1: ffffc900048dfbc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.042139][   T39]  #2: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60
[  359.042206][   T39] 2 locks held by dhcpcd/5501:
[  359.042218][   T39]  #0: ffff88803a5aa910 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: netlink_dump+0xbd/0xe90
[  359.042276][   T39]  #1: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x92/0x200
[  359.042334][   T39] 2 locks held by getty/5592:
[  359.042346][   T39]  #0: ffff88823bf828a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  359.042409][   T39]  #1: ffffc90003e8b2e0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x444/0x1410
[  359.042467][   T39] 1 lock held by syz-executor/5839:
[  359.042479][   T39]  #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  359.042531][   T39] 4 locks held by kworker/u9:2/5842:
[  359.042543][   T39]  #0: ffff888039cae938 ((wq_completion)hci1#4){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.042604][   T39]  #1: ffffc90004cafbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.042662][   T39]  #2: ffff88807d5740a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  359.042719][   T39]  #3: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  359.042776][   T39] 4 locks held by kworker/u9:5/5848:
[  359.042788][   T39]  #0: ffff88804a611138 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.042848][   T39]  #1: ffffc90004cefbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.042905][   T39]  #2: ffff888054b8c0a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  359.042960][   T39]  #3: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  359.043017][   T39] 4 locks held by kworker/u9:6/5851:
[  359.043029][   T39]  #0: ffff88806b597938 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.043097][   T39]  #1: ffffc90004d2fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.043154][   T39]  #2: ffff8880712440a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  359.043209][   T39]  #3: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  359.043265][   T39] 4 locks held by kworker/u9:7/5853:
[  359.043277][   T39]  #0: ffff888082f2c138 ((wq_completion)hci12#2){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  359.043339][   T39]  #1: ffffc90004d6fbc0 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  359.043396][   T39]  #2: ffff8880847140a8 (&hdev->lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x9b/0x8e0
[  359.043451][   T39]  #3: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_remote_features_evt+0x516/0x8e0
[  359.043514][   T39] 1 lock held by syz.0.257/6593:
[  359.043525][   T39]  #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  359.043576][   T39] 1 lock held by syz-executor/6696:
[  359.043588][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  359.043649][   T39] 3 locks held by syz.2.309/6706:
[  359.043661][   T39]  #0: ffff888026a840a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0x5c/0x200
[  359.043711][   T39]  #1: ffff888037b9b0a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0x80/0x200
[  359.043766][   T39]  #2: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  359.043818][   T39] 1 lock held by syz.1.311/6713:
[  359.043830][   T39]  #0: ffffffff8d9ae730 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  359.043882][   T39] 1 lock held by syz.3.325/6748:
[  359.043894][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x41/0x1c0
[  359.043955][   T39] 3 locks held by syz-executor/6758:
[  359.043967][   T39]  #0: ffff88806a068e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  359.044023][   T39]  #1: ffff88806a0680a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  359.044083][   T39]  #2: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  359.044141][   T39] 4 locks held by kworker/1:12/6775:
[  359.044154][   T39] 2 locks held by syz-executor/6779:
[  359.044166][   T39]  #0: ffff88805ecb0e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  359.044221][   T39]  #1: ffff88805ecb00a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  359.044281][   T39] 4 locks held by syz-executor/6785:
[  359.044293][   T39]  #0: ffff88806cae4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  359.044349][   T39]  #1: ffff88806cae40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  359.044408][   T39]  #2: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  359.044458][   T39]  #3: ffff88806cc58358 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  359.044526][   T39] 3 locks held by syz-executor/6788:
[  359.044539][   T39]  #0: ffff88806ccc4e80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  359.044594][   T39]  #1: ffff88806ccc40a8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  359.044653][   T39]  #2: ffffffff8ee3af38 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  359.044704][   T39] 1 lock held by syz-executor/6795:
[  359.044717][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.044770][   T39] 1 lock held by syz-executor/6803:
[  359.044782][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.044835][   T39] 1 lock held by syz-executor/6811:
[  359.044847][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.044899][   T39] 1 lock held by syz-executor/6817:
[  359.044911][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.044963][   T39] 1 lock held by syz-executor/6820:
[  359.044975][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045027][   T39] 1 lock held by syz-executor/6828:
[  359.045039][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045098][   T39] 1 lock held by syz-executor/6834:
[  359.045110][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045163][   T39] 1 lock held by syz-executor/6838:
[  359.045175][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045228][   T39] 1 lock held by syz-executor/6844:
[  359.045240][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045293][   T39] 1 lock held by syz-executor/6846:
[  359.045305][   T39]  #0: ffffffff8ecd3578 (rtnl_mutex){+.+.}-{4:4}, at: inet_rtm_newaddr+0x3b0/0x18b0
[  359.045357][   T39] 
[  359.045362][   T39] =============================================
[  359.045362][   T39] 
[  359.045382][   T39] NMI backtrace for cpu 0
[  359.045412][   T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  359.045458][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  359.045480][   T39] Call Trace:
[  359.045494][   T39]  <TASK>
[  359.045509][   T39]  dump_stack_lvl+0x189/0x250
[  359.045574][   T39]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.045633][   T39]  ? __pfx__printk+0x10/0x10
[  359.045706][   T39]  nmi_cpu_backtrace+0x39e/0x3d0
[  359.045772][   T39]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  359.045804][   T39]  ? __pfx__printk+0x10/0x10
[  359.045833][   T39]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  359.045864][   T39]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  359.045896][   T39]  watchdog+0xf93/0xfe0
[  359.045930][   T39]  ? watchdog+0x1de/0xfe0
[  359.045964][   T39]  kthread+0x70e/0x8a0
[  359.046001][   T39]  ? __pfx_watchdog+0x10/0x10
[  359.046027][   T39]  ? __pfx_kthread+0x10/0x10
[  359.046066][   T39]  ? __pfx_kthread+0x10/0x10
[  359.046111][   T39]  ret_from_fork+0x439/0x7d0
[  359.046142][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  359.046178][   T39]  ? __switch_to_asm+0x39/0x70
[  359.046197][   T39]  ? __switch_to_asm+0x33/0x70
[  359.046216][   T39]  ? __pfx_kthread+0x10/0x10
[  359.046251][   T39]  ret_from_fork_asm+0x1a/0x30
[  359.046288][   T39]  </TASK>
[  359.046297][   T39] Sending NMI from CPU 0 to CPUs 1:
[  359.046331][    C1] NMI backtrace for cpu 1
[  359.046346][    C1] CPU: 1 UID: 0 PID: 29 Comm: ktimers/1 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  359.046366][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  359.046377][    C1] RIP: 0010:___slab_alloc+0x1/0xdc0
[  359.046396][    C1] Code: e8 74 e3 e5 08 48 89 d8 5b e9 0b 41 e7 08 cc 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 60 44 89 4c 24 20 4d 89 c6 48
[  359.046411][    C1] RSP: 0018:ffffc90000a3ed88 EFLAGS: 00000287
[  359.046426][    C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff88d7fa9d
[  359.046437][    C1] RDX: 00000000ffffffff RSI: 0000000000082820 RDI: ffff88801da9ec80
[  359.046449][    C1] RBP: 0000000000082820 R08: ffff8880b89457a0 R09: 00000000000002c0
[  359.046460][    C1] R10: ffff8880360e2c80 R11: ffffffff81aaf310 R12: ffff8880b89457a0
[  359.046472][    C1] R13: 00000000ffffffff R14: ffff88801da9ec80 R15: ffffffff88d7fa9d
[  359.046484][    C1] FS:  0000000000000000(0000) GS:ffff8881269bd000(0000) knlGS:0000000000000000
[  359.046498][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  359.046510][    C1] CR2: 0000564607282828 CR3: 000000000d7a6000 CR4: 00000000003526f0
[  359.046525][    C1] Call Trace:
[  359.046531][    C1]  <TASK>
[  359.046538][    C1]  kmem_cache_alloc_node_noprof+0xf2/0x330
[  359.046568][    C1]  kmalloc_reserve+0xbd/0x290
[  359.046598][    C1]  __alloc_skb+0x142/0x2d0
[  359.046626][    C1]  synproxy_send_client_synack+0x16c/0xe20
[  359.046662][    C1]  ? __pfx_synproxy_send_client_synack+0x10/0x10
[  359.046689][    C1]  ? nft_masq_inet_destroy+0x30/0x40
[  359.046716][    C1]  ? synproxy_pernet+0x45/0x270
[  359.046739][    C1]  nft_synproxy_eval_v4+0x36e/0x560
[  359.046763][    C1]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  359.046784][    C1]  ? nf_ip_checksum+0x13c/0x510
[  359.046806][    C1]  nft_synproxy_do_eval+0x345/0x570
[  359.046857][    C1]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  359.046886][    C1]  nft_do_chain+0x409/0x1920
[  359.046914][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[  359.046954][    C1]  nft_do_chain_inet+0x25d/0x340
[  359.046973][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  359.046992][    C1]  ? __lock_acquire+0xab9/0xd20
[  359.047022][    C1]  ? NF_HOOK+0x9a/0x3a0
[  359.047047][    C1]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  359.047067][    C1]  nf_hook_slow+0xc2/0x220
[  359.047098][    C1]  NF_HOOK+0x206/0x3a0
[  359.047124][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  359.047149][    C1]  ? NF_HOOK+0x9a/0x3a0
[  359.047173][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  359.047196][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  359.047223][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  359.047250][    C1]  ? skb_dst+0x4f/0xd0
[  359.047275][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  359.047302][    C1]  NF_HOOK+0x30c/0x3a0
[  359.047328][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  359.047352][    C1]  ? NF_HOOK+0x9a/0x3a0
[  359.047376][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  359.047402][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  359.047433][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  359.047456][    C1]  __netif_receive_skb+0x143/0x380
[  359.047479][    C1]  ? rt_spin_unlock+0x65/0x80
[  359.047503][    C1]  ? process_backlog+0x27b/0x900
[  359.047528][    C1]  process_backlog+0x31e/0x900
[  359.047558][    C1]  __napi_poll+0xb3/0x540
[  359.047583][    C1]  net_rx_action+0x707/0xe00
[  359.047607][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  359.047643][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  359.047688][    C1]  handle_softirqs+0x22f/0x710
[  359.047716][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  359.047745][    C1]  run_ktimerd+0xcf/0x190
[  359.047770][    C1]  ? __pfx_run_ktimerd+0x10/0x10
[  359.047796][    C1]  ? preempt_schedule_thunk+0x16/0x30
[  359.047819][    C1]  ? smpboot_thread_fn+0x5f4/0xa60
[  359.047849][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  359.047870][    C1]  smpboot_thread_fn+0x53f/0xa60
[  359.047894][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  359.047921][    C1]  kthread+0x70e/0x8a0
[  359.047950][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  359.047973][    C1]  ? __pfx_kthread+0x10/0x10
[  359.048003][    C1]  ? __pfx_kthread+0x10/0x10
[  359.048031][    C1]  ret_from_fork+0x439/0x7d0
[  359.048055][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  359.048082][    C1]  ? __switch_to_asm+0x39/0x70
[  359.048099][    C1]  ? __switch_to_asm+0x33/0x70
[  359.048116][    C1]  ? __pfx_kthread+0x10/0x10
[  359.048143][    C1]  ret_from_fork_asm+0x1a/0x30
[  359.048170][    C1]  </TASK>
[  359.048331][   T39] Kernel panic - not syncing: hung_task: blocked tasks
[  359.048348][   T39] CPU: 0 UID: 0 PID: 39 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  359.048371][   T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  359.048384][   T39] Call Trace:
[  359.048392][   T39]  <TASK>
[  359.048401][   T39]  dump_stack_lvl+0x99/0x250
[  359.048433][   T39]  ? __asan_memcpy+0x40/0x70
[  359.048458][   T39]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.048490][   T39]  ? __pfx__printk+0x10/0x10
[  359.048529][   T39]  vpanic+0x281/0x750
[  359.048565][   T39]  ? __pfx_vpanic+0x10/0x10
[  359.048595][   T39]  ? __x2apic_send_IPI_mask+0x1e4/0x260
[  359.048618][   T39]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.048662][   T39]  panic+0xb9/0xc0
[  359.048694][   T39]  ? __pfx_panic+0x10/0x10
[  359.048729][   T39]  ? irq_work_queue+0xc3/0x140
[  359.048762][   T39]  ? nmi_trigger_cpumask_backtrace+0x234/0x300
[  359.048793][   T39]  watchdog+0xfd2/0xfe0
[  359.048827][   T39]  ? watchdog+0x1de/0xfe0
[  359.048862][   T39]  kthread+0x70e/0x8a0
[  359.048900][   T39]  ? __pfx_watchdog+0x10/0x10
[  359.048927][   T39]  ? __pfx_kthread+0x10/0x10
[  359.048965][   T39]  ? __pfx_kthread+0x10/0x10
[  359.049000][   T39]  ret_from_fork+0x439/0x7d0
[  359.049032][   T39]  ? __pfx_ret_from_fork+0x10/0x10
[  359.049068][   T39]  ? __switch_to_asm+0x39/0x70
[  359.049094][   T39]  ? __switch_to_asm+0x33/0x70
[  359.049114][   T39]  ? __pfx_kthread+0x10/0x10
[  359.049148][   T39]  ret_from_fork_asm+0x1a/0x30
[  359.049187][   T39]  </TASK>
[  359.049494][   T39] Kernel Offset: disabled