last executing test programs:

28m57.735960804s ago: executing program 32 (id=177):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0})

28m55.01490906s ago: executing program 33 (id=149):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
close_range(r0, 0xffffffffffffffff, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x60000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_CAP_EXIT_HYPERCALL(r2, 0x4068aea3, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
fanotify_mark(0xffffffffffffffff, 0x201, 0x8000033, 0xffffffffffffffff, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2000, 0x0)

28m52.597560811s ago: executing program 34 (id=192):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000540)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})

25m10.974103853s ago: executing program 4 (id=472):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
close(r4)

25m9.745665853s ago: executing program 4 (id=473):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
r2 = socket$tipc(0x1e, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000400)={'dummy0\x00'})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockopt$llc_int(r3, 0x10c, 0x0, &(0x7f0000000100), &(0x7f0000000140)=0x4)

24m55.222028243s ago: executing program 4 (id=489):
openat$iommufd(0xffffff9c, &(0x7f0000000040), 0x2da041, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, 0x0, 0x2404c044)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)

24m52.758226446s ago: executing program 4 (id=491):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x5add, &(0x7f0000000040)={0x0, 0xc19d, 0x1, 0x5, 0x61}, &(0x7f00000000c0), &(0x7f0000000280))
dup2(r0, r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x0)
recvmmsg(r2, &(0x7f0000002340)=[{{0x0, 0x0, 0x0}, 0xffffffe1}, {{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, 0x0}, 0x9}], 0x3, 0x2000, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

24m51.417427543s ago: executing program 4 (id=492):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
preadv(r4, &(0x7f0000000200)=[{&(0x7f0000000680)=""/211, 0xd3}], 0x1, 0x1006, 0xffffff4b)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, 0x0, &(0x7f00000003c0))
syz_open_dev$tty20(0xc, 0x4, 0x1)

24m49.902189803s ago: executing program 4 (id=493):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x28, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000600))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x8000000000000001}}, 0x30)
syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0)

24m34.733520618s ago: executing program 35 (id=493):
socket$nl_route(0x10, 0x3, 0x0)
socket(0x28, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pipe(&(0x7f0000000600))
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000008c0)={{r0}, &(0x7f0000000840), &(0x7f0000000880)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, r3, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x8000000000000001}}, 0x30)
syz_emit_ethernet(0x4e, &(0x7f0000000800)=ANY=[], 0x0)

18m43.777975152s ago: executing program 5 (id=813):
ioctl$COMEDI_INSNLIST(0xffffffffffffffff, 0x8010640b, &(0x7f00001859c0)={0x1, &(0x7f0000000040)=[{0xa000002, 0x0, 0x0, 0xfffeffff, 0x1ff}]})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x9c, 0xb, 0x0, 0xffffffffffffffff, 0x327}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000067930000000000", @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, 0x0, &(0x7f0000000100))
sendmsg$netlink(r0, &(0x7f0000001280)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)={0x1c, 0x2d, 0x1, 0xfffffffc, 0x80, "", [@typed={0x8, 0x104, 0x0, 0x0, @uid}, @nested={0x4, 0x1}]}, 0x1c}], 0x1, 0x0, 0x0, 0x4}, 0x5)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000300)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x1, 0xb, 0x8, 0x9}, {0x4, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r5}, {}, {0x46, 0x0, 0x0, 0x76}}], {{}, {0x6, 0x0, 0x7, 0x8}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

18m39.266201472s ago: executing program 5 (id=816):
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffe68, &(0x7f00000002c0)=0x1000000000002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_procfs(0x0, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r1 = socket$vsock_stream(0x28, 0x5, 0x28)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @host}, 0x10)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
r4 = fanotify_init(0x20, 0x1000)
r5 = memfd_create(&(0x7f0000000080)='-B\xd5\x9appp\xf0\x00\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x11\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x00\xc0t\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x4)
r6 = dup(r5)
fanotify_mark(r4, 0x1, 0x40000018, r6, 0x0)
ftruncate(r6, 0x6)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x5b0f, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0x0, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000))
close_range(r3, r3, 0x0)

18m35.547336997s ago: executing program 5 (id=820):
execve(0x0, &(0x7f00000001c0)={[&(0x7f0000000040)='\'*\'\\\']\x00', &(0x7f00000000c0)='\x00', &(0x7f0000000100)='\xf1\x00', &(0x7f0000000140)='}\xc4[_]\x00', &(0x7f0000000180)='\x00']}, &(0x7f00000002c0)={[&(0x7f0000000200)='\x00', &(0x7f0000000240)='\x00', &(0x7f0000000280)='\'\x00']})
mount(&(0x7f0000000300)=@sg0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='aio\x00', 0x4020, &(0x7f00000003c0)='/\x00')
arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000400))
arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000580))
r0 = syz_open_dev$sndpcmc(&(0x7f00000005c0), 0x1ff, 0x80000)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r0, 0x40184150, &(0x7f0000000700)={0x0, &(0x7f0000000600)="428ed7f46cd97f4fda7670ec6580d22b950f8382b206a118796115f7ca1fee1389f7dc3e61bdf58a13a3979292f5bec54a534398ed4508779f41d30755070d4ccc3d6fd6a14ec0f6960c7cd78487e7dc5246a8e705f471910ce13e7c70a31e4c821985738a230f10d7ac6b8c496188d8130f3c99e486dc6b1feafc1411e1654074489636b01b0dfb89b1c6b815584a84e2182955ef5a58f3f6a00d0d5b946989dd10b2e55ac9ed25648b664fa07b1ae140b67abd7593868a317533a90d94500aff18160c7f5cf121d957aa0c62aabc1efd6d4033165b7555b686b2dee2d746dafa42c60da9", 0xe5})
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000740))
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x600941, 0x41)
mkdirat(r1, &(0x7f00000007c0)='./file0\x00', 0x11)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000800)={0x2, [[0x9, 0x109, 0x7, 0x7d, 0x1, 0x7, 0x8, 0x1], [0x29, 0x7, 0x35, 0x1, 0x5, 0xa25, 0x2, 0x35], [0x8001, 0x9, 0x5, 0xa, 0xf6f, 0x80, 0x7, 0x1]], '\x00', [{0x80000000, 0x5bc67c98, 0x1, 0x0, 0x0, 0x1}, {0x6, 0x9, 0x0, 0x1}, {0x8, 0x40, 0x1, 0x0, 0x0, 0x1}, {0xa5, 0x101, 0x1, 0x1}, {0x4, 0x6, 0x0, 0x1, 0x0, 0x1}, {0x9, 0x5, 0x0, 0x1}, {0x9ff, 0x2, 0x1, 0x0, 0x0, 0x1}, {0xbde5, 0x8, 0x0, 0x1, 0x1, 0x1}, {0x80, 0x1, 0x0, 0x1, 0x1, 0x1}, {0xa98, 0x1, 0x1, 0x0, 0x1, 0x1}, {0xffff, 0x9, 0x1, 0x0, 0x1}, {0xfcf, 0x9, 0x1, 0x1}], '\x00', 0x9})
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000a80), 0x20000, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ASSOCIATE(r3, &(0x7f0000000bc0)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b40)={0x2c, r4, 0x4, 0x70bd2b, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x3, 0x2b}}}}, [@NL80211_ATTR_PREV_BSSID={0xa}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x200000c0)
sendmsg$NL80211_CMD_SET_CQM(r3, &(0x7f0000000d40)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000040}, 0x80)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000dc0), r3)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r0, 0x8010671f, &(0x7f0000000fc0)={&(0x7f0000000f00)=""/158, 0x9e})
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000001000)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x7f, 0xffffffff90000000, 0xfff8, 0x5, 0x1, 0x5, 0x0, 0x0, 0x4, 0xcede}}, 0x50)
getpeername$packet(r3, &(0x7f0000001080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000010c0)=0x14)
sendmsg$BATADV_CMD_SET_VLAN(r3, &(0x7f00000011c0)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000001180)={&(0x7f0000001140)={0x34, r5, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20044081}, 0x7a43fa05f08ea5b)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000001240)={'wlan0\x00'})
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r0, 0x0, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f00000013c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_STATION(r3, 0x0, 0x4)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x28}, 0xc, &(0x7f00000015c0)={&(0x7f0000001540)={0x64, r4, 0x100, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1ff, 0x3f}}}}, [@NL80211_ATTR_FRAME_MATCH={0x44, 0x5b, "6040aa5b8f76ad39f6b45ce7200204d66527ee9b1d9068b3035ee4e1faa8e3d778530b601e86a9273c65037d2a28e3c2acae236175aa6d3035cff2c9039180a7"}]}, 0x64}}, 0x8080)
sendmsg$BATADV_CMD_GET_VLAN(r3, &(0x7f0000001700)={&(0x7f0000001640)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001680)={0x3c, r5, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffffe}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x7f}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8084}, 0x4040)

18m33.950024301s ago: executing program 5 (id=823):
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x2, 0x3, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x141800, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r4=>0xffffffffffffffff})
r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x141100, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000140)={0x1000, "340b7832ceefd131b8e6498c25f58fad9987ffe93bbabd18cf501922de974a27", <r6=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"3c24139ed44aec57f2e2ad238a7b448ed886923c31d4b8affbf514fd00", r6, <r7=>0xffffffffffffffff})
ppoll(&(0x7f0000000000)=[{r7}], 0x1, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, 0x0, 0x0)
r9 = socket(0x1e, 0x1, 0x0)
syz_open_dev$sg(0x0, 0x0, 0x127081)
shutdown(r9, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)

18m29.849925843s ago: executing program 5 (id=828):
socket$inet_udp(0x2, 0x2, 0x0)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
memfd_create(&(0x7f00000009c0)='y\x105\xf3\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x2)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$comedi(0xffffffffffffff9c, 0x0, 0x181000, 0x0)
syz_open_dev$video(0x0, 0xd, 0x4080c0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x2)
syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
r3 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f0000000100)=r4, 0x4)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000280)={0x8001, 0x7, 0xac, 0x81, 0x16, "42343ef636859eea01db72588230f987820124"})
sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)

18m27.945020315s ago: executing program 5 (id=830):
socket$inet(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="ac1e0201000000000100000006000000e0000001e00000010a0101000a01010264010100ffffffff2e3458710acf8ad67fd6864d05f0df66d7030007f85f947bce975f7d3466270fc55b299b827c50cbd730d1e385dbe2cacc5074b4dce7eb0ee32d2220980086b08a7e4cfe16031f2d6329678648a1ecb843616a0c6c95cd307822402dda2b00f429d0bc81fb8449c01c9b171a92541a"], 0x28)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x76, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

18m11.68421645s ago: executing program 36 (id=830):
socket$inet(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x2}]}, @IFLA_GROUP={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048054}, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="ac1e0201000000000100000006000000e0000001e00000010a0101000a01010264010100ffffffff2e3458710acf8ad67fd6864d05f0df66d7030007f85f947bce975f7d3466270fc55b299b827c50cbd730d1e385dbe2cacc5074b4dce7eb0ee32d2220980086b08a7e4cfe16031f2d6329678648a1ecb843616a0c6c95cd307822402dda2b00f429d0bc81fb8449c01c9b171a92541a"], 0x28)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x76, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

17m37.428739917s ago: executing program 7 (id=885):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x2202, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, 0x0, 0x40)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4c00000002060108000034e400000000000000020500010006000000050004000000fe000900020073797a3100000000050005"], 0x4c}}, 0x2)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r6 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r6, &(0x7f0000000240)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
close(r0)
r7 = socket$inet6(0xa, 0x3, 0x6)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r7, 0x3a, 0x44, 0x0, 0x0)

17m35.756876697s ago: executing program 7 (id=887):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_clone(0x0, &(0x7f0000000800), 0x0, 0x0, &(0x7f0000000000), &(0x7f00000003c0)="5cbacbd181f2ed01cca6f4f4862323baf158a6ee6d9a9a8ed58cb6b0fde396c9be290d0c643eddbff6c945cf64eaf7418efc0f5bf04d0300ba0f48ec")
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000001c0)='sched_switch\x00', r3}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x18)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000280)={@remote}, 0x14)
close(r7)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000580)=@generic={&(0x7f0000000400)='./file0\x00', r6}, 0x18)

17m33.637825288s ago: executing program 7 (id=889):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r4, &(0x7f0000000180)="0b0312002e0064000200475400f6", 0xe, 0x0, 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0)
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2865)
io_uring_setup(0x4760, 0x0)
r6 = socket$isdn(0x22, 0x2, 0x10)
r7 = socket$isdn(0x22, 0x2, 0x2)
r8 = dup3(r7, r6, 0x0)
write$P9_RGETLOCK(r8, 0x0, 0x0)
syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/time\x00')
io_uring_setup(0x7fd0, 0x0)

17m27.874586527s ago: executing program 7 (id=892):
socket$nl_generic(0x10, 0x3, 0x10)
keyctl$link(0x8, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000440)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x65)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, &(0x7f0000000140)=0xffff0000, 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x20000040, 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6", 0x10)
r3 = accept4(r2, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), r3)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x100, 0x0)
ioctl$COMEDI_CMD(r4, 0x80506409, &(0x7f0000000300)={0x1, 0x80, 0x40, 0x0, 0xffffffff, 0x100, 0x40, 0x9, 0x10, 0xa37d, 0x1, 0x0, &(0x7f0000000100)=[0x10001, 0x40], 0x2, 0x0})

17m26.110017506s ago: executing program 7 (id=894):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x18)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
mlockall(0x7)
prlimit64(0x0, 0x9, 0x0, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x400, 0x20)
setsockopt$bt_BT_RCVMTU(r5, 0x112, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000340)=[@sack_perm, @window={0x3, 0xfffe}], 0x2)

17m23.608453078s ago: executing program 7 (id=897):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_clone3(&(0x7f0000000680)={0x4800800, &(0x7f00000001c0), &(0x7f0000000340), &(0x7f0000000380), {0x34}, &(0x7f00000003c0)=""/226, 0xe2, &(0x7f00000004c0)=""/255, &(0x7f00000005c0)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58)
syz_clone3(&(0x7f0000000940)={0x10000, &(0x7f0000000600), &(0x7f0000000700), &(0x7f0000000740), {0xb}, &(0x7f0000000780)=""/236, 0xec, &(0x7f0000000880)=""/99, &(0x7f0000000900)=[0xffffffffffffffff, 0x0, 0x0], 0x3}, 0x58)
getpid()
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x124c1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x2082)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRES32], 0x24}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x5, 0x0, 0x0, 0x5, 0x1, {0x16, 0x4, 0x0, 0x9, 0x686, 0x67, 0xfff9, 0x7, 0x2f, 0x1000, @multicast1, @rand_addr=0x64010102, {[@lsrr={0x83, 0xf, 0xf7, [@multicast2, @multicast1, @dev={0xac, 0x14, 0x14, 0x35}]}, @timestamp={0x44, 0x4, 0xb3, 0x0, 0xd}, @lsrr={0x83, 0x2f, 0x71, [@empty, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0x41}, @local, @dev={0xac, 0x14, 0x14, 0x32}, @multicast2, @dev={0xac, 0x14, 0x14, 0x15}, @rand_addr=0x64010100, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x39}]}]}}}}}}}, 0x0)
gettid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, &(0x7f0000000100))
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20003)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(0x0, 0x0, 0xffffffffffbffff8)

17m6.32134221s ago: executing program 37 (id=897):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
syz_clone3(&(0x7f0000000680)={0x4800800, &(0x7f00000001c0), &(0x7f0000000340), &(0x7f0000000380), {0x34}, &(0x7f00000003c0)=""/226, 0xe2, &(0x7f00000004c0)=""/255, &(0x7f00000005c0)=[0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x4}, 0x58)
syz_clone3(&(0x7f0000000940)={0x10000, &(0x7f0000000600), &(0x7f0000000700), &(0x7f0000000740), {0xb}, &(0x7f0000000780)=""/236, 0xec, &(0x7f0000000880)=""/99, &(0x7f0000000900)=[0xffffffffffffffff, 0x0, 0x0], 0x3}, 0x58)
getpid()
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0), 0x124c1, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x2082)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYRES32], 0x24}}, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0xfd, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x5, 0x0, 0x0, 0x5, 0x1, {0x16, 0x4, 0x0, 0x9, 0x686, 0x67, 0xfff9, 0x7, 0x2f, 0x1000, @multicast1, @rand_addr=0x64010102, {[@lsrr={0x83, 0xf, 0xf7, [@multicast2, @multicast1, @dev={0xac, 0x14, 0x14, 0x35}]}, @timestamp={0x44, 0x4, 0xb3, 0x0, 0xd}, @lsrr={0x83, 0x2f, 0x71, [@empty, @local, @multicast2, @dev={0xac, 0x14, 0x14, 0x41}, @local, @dev={0xac, 0x14, 0x14, 0x32}, @multicast2, @dev={0xac, 0x14, 0x14, 0x15}, @rand_addr=0x64010100, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x39}]}]}}}}}}}, 0x0)
gettid()
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c9, &(0x7f0000000100))
ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000b28000)=0x20003)
pause()
fcntl$setsig(0xffffffffffffffff, 0xa, 0x12)
poll(0x0, 0x0, 0xffffffffffbffff8)

11m21.123157469s ago: executing program 9 (id=1950):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007"], 0xcc}, 0x1, 0x0, 0x0, 0x880}, 0x0)

11m19.116324555s ago: executing program 9 (id=1954):
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0xc1105511, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close(r3)

11m9.421482818s ago: executing program 9 (id=1973):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="0008000007500500580012800b0001006272696467650000480002800500190002000000050017000000000008001d00040000000c002200060000000000000008000400810000000500240001000000050016000100000005002c0002"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r3, 0x0, 0x0)
getpeername$l2tp(r3, 0x0, 0x0)
r4 = syz_open_dev$usbfs(0x0, 0x1ff, 0xa401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"})
ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000006c0)={0x1, 0xf, 0x4, 0x300, 0xffffffffffffff2c, 0x9, 0x0})
r5 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r5, &(0x7f00000022c0)={0x2020}, 0x2020)
write$FUSE_NOTIFY_RESEND(r5, &(0x7f00000076c0)={0x14}, 0x14)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000007c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x3c}, 0x1, 0x0, 0x0, 0x4000850}, 0x20040040)

11m9.107479166s ago: executing program 9 (id=1975):
r0 = socket(0x10, 0x2, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0)
io_submit(0x0, 0x0, &(0x7f0000001d00))
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000280)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffffb, 0xffffffefffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffbfffffff, 0x0, 0x8, 0x0, 0x7, 0x80000000, 0x0, 0x0, 0x0, 0x6, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x100, 0x0, 0x7fff, 0x0, 0x9, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x2, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffd, 0xfffffffffffffff7, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xc0c0, 0xfff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x10800000000003, 0x0, 0xf, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x9]})
write(r0, 0x0, 0x0)

11m8.91412388s ago: executing program 9 (id=1977):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8000, &(0x7f00000024c0)=ANY=[@ANYBLOB='quota'])
r4 = openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x250942, 0x1cd)
quotactl_fd$Q_GETNEXTQUOTA(r4, 0xffffffff80000901, 0xee00, 0x0)

11m7.137074059s ago: executing program 9 (id=1978):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_FPEXC(0xb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xf96d, 0x3010, 0x4, 0x1}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[], 0xe8}, 0x0, 0x24040092})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0)

10m50.803303503s ago: executing program 38 (id=1978):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_GET_FPEXC(0xb, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0xf96d, 0x3010, 0x4, 0x1}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r2, 0x0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=ANY=[], 0xe8}, 0x0, 0x24040092})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0)

10m48.54812148s ago: executing program 6 (id=2007):
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xb, 0x0, 0x0)
setrlimit(0xf, &(0x7f0000000000)={0x800000002, 0xfffffffbffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_create_resource$binfmt(&(0x7f0000000280)='./file0\x00')
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0xd4}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)

10m46.276849229s ago: executing program 6 (id=2009):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92)
mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0)
mknod$loop(&(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, 0x1)
rename(&(0x7f0000000500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0\x00')
r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r2, 0x0, 0x0)

10m45.869442183s ago: executing program 6 (id=2010):
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
socket$inet(0x2, 0x2, 0x1)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000140)={'dt2814\x00', [0xb000, 0x5, 0x0, 0x2, 0x88d7, 0x8f, 0x1007, 0x10, 0x1002, 0xffffffff, 0x200, 0x7, 0x10000009, 0x1, 0x5, 0x1, 0x8, 0x3, 0x9, 0x8e, 0x108, 0x3, 0x7, 0xa, 0x5, 0x1, 0xb0c4, 0xc, 0x8, 0x400002, 0x2]})

10m42.79391972s ago: executing program 6 (id=2015):
r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0xb, 0x73}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x29, 0x2007, @fd=r5, 0x7, 0x0, 0x0, 0x12})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

10m39.019392102s ago: executing program 6 (id=2019):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xc)
socket(0x40000000015, 0x5, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket(0x2a, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0xadc1, 0x0, 0x7fffffff}, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000e40))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000680)=0x41)

10m35.230421638s ago: executing program 6 (id=2025):
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000240)=0x8)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000107000000b1da000002000001800800020003000000050005000f000000080002000500000008000300030000000800020000000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10000}, 0x81)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

10m19.051991284s ago: executing program 39 (id=2025):
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x68}, 0x8080)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000240)=0x8)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="000107000000b1da000002000001800800020003000000050005000f000000080002000500000008000300030000000800020000000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x10000}, 0x81)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m55.559703454s ago: executing program 1 (id=3009):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r1, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x8)
listen(r0, 0x3)
accept4(r0, 0x0, 0x0, 0x0)
creat(0x0, 0x90)
chdir(0x0)
unlink(&(0x7f0000000100)='./file0/file1\x00')
mknod(0x0, 0x8000, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

2m53.305532008s ago: executing program 8 (id=3012):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='illinois\x00', 0x9)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

2m51.248419934s ago: executing program 8 (id=3016):
syz_io_uring_setup(0x110, &(0x7f00000001c0)={0x0, 0x10, 0x0, 0x3, 0x80}, 0x0, &(0x7f0000000280))
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fdinfo/3\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
lseek(r0, 0x4, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0xa, 0x3, 0x3a)
ioctl$SIOCGETLINKNAME(r5, 0x89e0, 0x0)

2m51.157594648s ago: executing program 1 (id=3018):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x22, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x7fdf, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040), 0x0, 0x2931b90f, r4}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
epoll_create(0x3)
sendmsg$nl_xfrm(r0, &(0x7f0000000940)={0x0, 0xfffffff0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff010000000000000000000000000001000000003c0000000a000000fe8000000000000000000000000000aa0000000001000000000000000000000000000000ff010000000000000000000000000001000000002b0000000a000000fe8800000000000000000000000000010000000000000000000000000000000000000000ff020000000000000000000000000001000000003200000002000000fe8000000000000000000000000000000000000004"], 0x254}}, 0x0)

2m48.171536335s ago: executing program 8 (id=3019):
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000240)={0x3fffc0}, 0x8)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
creat(&(0x7f0000000080)='./file0\x00', 0xc7)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)

2m47.162056311s ago: executing program 1 (id=3022):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf1c25000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r3 = syz_open_dev$media(&(0x7f00000001c0), 0x10, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r3, 0xc0487c04, &(0x7f0000000040)={0x0, 0x6, 0x0, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b003a484fa500"/19, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000fdffffff00"/28], 0x50)
r5 = socket$netlink(0x10, 0x3, 0x0)
socket(0x2, 0x2, 0x1)
r6 = socket(0x2, 0x2, 0x1)
bind$unix(r6, &(0x7f0000000000)=@abs, 0x6e)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')
preadv(r7, &(0x7f00000007c0)=[{&(0x7f0000001ac0)=""/175, 0xaf}], 0x1, 0x8001, 0x2081)
r8 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600))
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000005c0)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x9, 0x1, 0x2, 0x2, 0xd, 0x6e}, 0x20)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000680)=ANY=[@ANYBLOB="60000000d2b0b7b86bae0b3a7c21798784fcba64d7144f2ee32e3109c9a295bd02f119d1865c86924515825801ee4709cf28b765014b739c3e15d18bd1c7fa23643500dbee8ccca17fd695cf7875cfa3c6a88ea7fb7abbd98ddcfd01d1d617a948b5b2c25c9f16fcfbe213a3ae1bd0df023634d4946b9d37cdffe8e022b63f5a37dbcc9f951e036d7fed48fc2d18809a665ed150f01bd33846a3b6e970fd78498ad02ae45702bd657e567ab26b1e4e0f82", @ANYRES16=0x0, @ANYBLOB="00012bbd7000ffdbdf250a0000004400018014000400fe88000000000000000000000000000105000200080000000800060000000000060005004e21000014000400fc0100"/79], 0x60}}, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x7, 0x17, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000065090100000000000000202070250000f8a4c29f6f1553719589d10000002020207b9a00fe000000005e9100000000000037010000f8ffffffb702000008000000b70300000000000056000000060000002c93000000000000b5030000000000008500000076000000b700000000000000950000000000000000000000000000000000958f7ced40e68dbd3618a87aea8438202f39cf0e687e226715505dbf49d04e5c8ef8f66cd922253a79b21fd3d56d55c0263b80090ea093879518adc16a5eed844d8da2945524caeb3a6b55b13cacd1e29329c37d652e1e2126ec24f6a7a862794a98ae245bc9f32c6551a40302317285dfc6f6d40c459eb56bba9b477847c3ef5fc6729768db2b130e929c322435ec95b32731ccd8cf984dba2a33658a8f4e332ce54ebc5b14d538d53e45d91708680e12288bc7a48d87c4516203be0778c7912da9c15f4e9b842e686cc671e898e15fde4a57c660e9e6b51edfa40b049e8036e581a234c34b1bbc47af2f828ebbebd19a3c039fdfa99b0fccfb3980435f9d57f58191fa286f5e2a485f5e4b9524"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000240)={0x6, r1, 'id1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

2m43.330186555s ago: executing program 8 (id=3023):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x38, r4, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x2400c005}, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)

2m43.009339623s ago: executing program 1 (id=3025):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000ee0000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
r4 = socket$inet6(0xa, 0x3, 0x6)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc000)
setsockopt$inet6_buf(r4, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
getsockopt$inet6_opts(r4, 0x29, 0x39, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_4={0x3, 0x1, 0x9, "67d9926b"}]}}, 0x0}, 0x0)

2m38.535796678s ago: executing program 8 (id=3029):
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x83}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2m38.497999268s ago: executing program 1 (id=3030):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)
preadv(r4, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_emit_ethernet(0x4b, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010120", 0x15, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, [{0x1, 0x0, "fe906d"}]}}}}}}, 0x0)

2m36.453777057s ago: executing program 8 (id=3033):
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8080)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000240)=0x8)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \''], 0x86)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@', @ANYRES16], 0x40}, 0x1, 0x0, 0x0, 0x10000}, 0x81)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m29.716326621s ago: executing program 1 (id=3041):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000ee0000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$inet6(0xa, 0x3, 0x6)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc000)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
getsockopt$inet6_opts(r3, 0x29, 0x39, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_4={0x3, 0x1, 0x9, "67d9926b"}]}}, 0x0}, 0x0)

2m20.16287245s ago: executing program 40 (id=3033):
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8080)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x8943, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(0xffffffffffffffff, 0x80045518, &(0x7f0000000240)=0x8)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
write$proc_mixer(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \''], 0x86)
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
r4 = dup3(r3, r2, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='@', @ANYRES16], 0x40}, 0x1, 0x0, 0x0, 0x10000}, 0x81)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m12.368558696s ago: executing program 41 (id=3041):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000ee0000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$inet6(0xa, 0x3, 0x6)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x1a, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc000)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
getsockopt$inet6_opts(r3, 0x29, 0x39, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x6, {[@local=@item_012={0x0, 0x2, 0x9}, @global=@item_4={0x3, 0x1, 0x9, "67d9926b"}]}}, 0x0}, 0x0)

19.564744371s ago: executing program 2 (id=3190):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92)
mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./bus\x00', 0x0)
chdir(&(0x7f0000000080)='./bus\x00')
renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0)
getdents(0xffffffffffffffff, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r2, 0x0, 0x0)

17.998363504s ago: executing program 2 (id=3193):
socket$inet6(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000003c0), 0x1, 0x80000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[<r6=>0x0], &(0x7f0000000540), 0x0, 0x1, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000e00)={0x4ff1, r6, r5})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x402000, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r7, 0x5609, &(0x7f0000000040)={0x1, 0x7, 0x3})

13.900762831s ago: executing program 2 (id=3197):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0xbc1, 0xc0080)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r1, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040040}, 0x8000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = epoll_create1(0x80000)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/keys\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000000))
epoll_wait(r4, &(0x7f0000000280)=[{}], 0x1, 0x86f2)
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r5, &(0x7f0000000240))
r6 = getpid()
sched_setscheduler(r6, 0x3, &(0x7f0000000200)=0x2)
ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000280)={'\x00', 0x4, 0x8, 0x9, 0x8000, 0x2, r6})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
tgkill(r2, r6, 0x1a)
ioctl$sock_SIOCSPGRP(r1, 0x8902, 0x0)

13.789706259s ago: executing program 3 (id=3199):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20000841, &(0x7f00000001c0)={0xa, 0x2, 0x1b6, @private2={0xfc, 0x2, '\x00', 0x5}}, 0x1c)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r6, &(0x7f0000000180)="0b0312002e0064000200475400f6a13bb10000", 0x13, 0x0, &(0x7f0000000140)={0x11, 0x8100}, 0x14)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x4008630a, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2865)
write$cgroup_int(r5, &(0x7f0000000040)=0x1c9, 0x12)
io_uring_setup(0x4760, 0x0)
r8 = socket$isdn(0x22, 0x2, 0x10)
r9 = socket$isdn(0x22, 0x2, 0x2)
r10 = dup3(r9, r8, 0x0)
write$P9_RGETLOCK(r10, 0x0, 0x0)
syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/time\x00')
io_uring_setup(0x7fd0, 0x0)

12.289332288s ago: executing program 2 (id=3200):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)

10.706266607s ago: executing program 3 (id=3202):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r5 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000080)={0x0, 0x13, 0x6, @local}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)

6.687113877s ago: executing program 3 (id=3204):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/cgroup.procs\x00', 0x2, 0x128)
io_setup(0x1000, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
io_submit(0x0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f0000000100)="331e767999fcd25f16458f4625beb50ccf5f5cefa8fb1e529ba065a5408dce94db48b94aaaf38e5a4a227022569863287447e19719aec40f9bc75aa3e46a465636b066cc1098833cb68b222af67ffef277f2465f770e6d1e", 0x58, 0x7, 0x0, 0x2}])
fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4c810}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)

5.270771329s ago: executing program 0 (id=3206):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="fa0008f600000001f0ffff7f399ffcce643b89b8"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYRES64=r0], &(0x7f00000007c0)='GPL\x00', 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000280)='objagg_obj_parent_unassign\x00', r1, 0x0, 0x2}, 0x18)
pipe(&(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
pipe2(0x0, 0x80c80)
rt_sigprocmask(0x3, 0x0, &(0x7f0000000240), 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000000), 0x10, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[], 0x48)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r2, 0x5607, 0x2c)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
ioctl$TIOCL_SETVESABLANK(r4, 0x560e, &(0x7f0000000140))
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_ACTIVATE(r5, 0x5606, 0x4)
ioctl$TIOCL_BLANKSCREEN(r5, 0x541c, &(0x7f0000000000))
set_tid_address(&(0x7f0000000040))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8923, &(0x7f00000000c0)={'bond_slave_0\x00', @random="0137013710ff"})
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f0000000080)={0xd, 0x1, 0x2, 0x0, 0x0, 0x1000})
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
syz_emit_ethernet(0x5e, &(0x7f0000002240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0486dd6021000000283afffe8000000000000000000000000000aaff0200000000000000000000000000018900907800000000ff0200000000000000000000000000010000000000000000"], 0x0)
getpid()
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

4.682769183s ago: executing program 0 (id=3207):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x7, &(0x7f0000006680))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
writev(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd, 0x100}, 0x0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_SET_REPORT_REPLY(r2, &(0x7f0000000200)={0xe, {0x26, 0xff, 0xdf}}, 0xc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

4.518403019s ago: executing program 3 (id=3208):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r1, 0x1)

3.430153056s ago: executing program 0 (id=3209):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000001240)=[{&(0x7f0000000100)='p', 0x1}], 0x1, 0x4)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0xf0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x84}}, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xa0)
bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x3, 0x8, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r2}}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getrlimit(0xd, &(0x7f0000000180))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r3}, 0x20)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
r4 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000400)=ANY=[], 0x1df)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000280), 0xffffffffffffffff)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x402c00, 0x0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32], 0x3c}}, 0x0)
close(0xffffffffffffffff)
ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x8)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
unshare(0x8000000)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)

2.956055575s ago: executing program 0 (id=3210):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r1, 0x1)

2.126857326s ago: executing program 3 (id=3211):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)

2.034313237s ago: executing program 0 (id=3212):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f00000023c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)={0x24, 0x1, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}, [@CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x10}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000004}, 0x40c4)

1.985878204s ago: executing program 2 (id=3213):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r0, 0x1)

1.073374086s ago: executing program 3 (id=3214):
r0 = socket(0x6, 0x3, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0x13, &(0x7f00000009c0)=ANY=[@ANYRES16=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff}, 0x0)
syz_emit_ethernet(0x2a, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r5 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
shmat(r5, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
munmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000)
mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)
connect$netrom(r4, &(0x7f0000000080)={{0x6, @rose, 0x8}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x8, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x1814800, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r2, @ANYBLOB='\x00\x00\x00', @ANYRESHEX, @ANYRESOCT=r0])
socket$inet6_udplite(0xa, 0x2, 0x88)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="40010000", @ANYRESOCT=r2, @ANYRES32=r1, @ANYRES32=r7, @ANYBLOB="0c00990000000000000000000800a0004e16000008009f000a000000080026000816"], 0x40}}, 0x200040b4)
r8 = socket$alg(0x26, 0x5, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="6400000000010104000000000000000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c000280050001000000000014000180080001007f00000108000200ac141400080007"], 0x64}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000020109040000000000000000021f"], 0x38}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0xffffffffffffff00, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES32=r4, @ANYRES16=0x0], 0x30}, 0x1, 0x0, 0x0, 0x4048011}, 0x48080)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000180)="dd9d480e", 0x4)

953.150141ms ago: executing program 2 (id=3215):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
syz_io_uring_setup(0x34b7, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r1, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r1, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r1, 0x1)

0s ago: executing program 0 (id=3216):
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/cgroup.procs\x00', 0x2, 0x128)
io_setup(0x1000, &(0x7f0000001d00)=<r1=>0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
io_submit(r1, 0x1, &(0x7f00000000c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8, r0, &(0x7f0000000100)="331e767999fcd25f16458f4625beb50ccf5f5cefa8fb1e529ba065a5408dce94db48b94aaaf38e5a4a227022569863287447e19719aec40f9bc75aa3e46a465636b066cc1098833cb68b222af67ffef277f2465f770e6d1e", 0x58, 0x7, 0x0, 0x2}])
fsopen(&(0x7f0000000000)='msdos\x00', 0x1)
sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYRES16], 0x34}, 0x1, 0x0, 0x0, 0x4c810}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)

kernel console output (not intermixed with test programs):

 with result -19
[ 1064.152995][T12178] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1064.169496][T12178] batadv_slave_0: entered promiscuous mode
[ 1064.231054][ T8210] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[ 1064.281358][T12180] netlink: 'syz.0.1356': attribute type 10 has an invalid length.
[ 1064.342545][T12180] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1064.358147][T12180] team0: Port device bond0 added
[ 1064.368283][ T8210] usb 9-1: device descriptor read/64, error -71
[ 1064.635165][ T8210] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[ 1064.968243][ T8210] usb 9-1: device descriptor read/64, error -71
[ 1065.567578][ T8210] usb usb9-port1: attempt power cycle
[ 1065.950029][ T8210] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[ 1065.972379][ T8210] usb 9-1: device descriptor read/8, error -71
[ 1066.238717][ T8210] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[ 1066.283846][ T8210] usb 9-1: device descriptor read/8, error -71
[ 1066.312122][T12220] 9pnet_fd: Insufficient options for proto=fd
[ 1066.399494][ T8210] usb usb9-port1: unable to enumerate USB device
[ 1066.853176][T12236] input: syz1 as /devices/virtual/input/input10
[ 1067.971476][T12262] syzkaller1: entered promiscuous mode
[ 1067.971506][T12262] syzkaller1: entered allmulticast mode
[ 1069.119860][T12280] program syz.6.1387 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1070.213221][T12287] syzkaller1: entered promiscuous mode
[ 1070.213250][T12287] syzkaller1: entered allmulticast mode
[ 1070.446175][   T37] kauditd_printk_skb: 1 callbacks suppressed
[ 1070.446192][   T37] audit: type=1326 audit(1757802176.998:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12293 comm="syz.0.1392" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x0
[ 1070.533526][T12297] loop2: detected capacity change from 0 to 7
[ 1070.577733][T10980] Dev loop2: unable to read RDB block 7
[ 1070.577768][T10980]  loop2: AHDI p2 p3
[ 1070.577797][T10980] loop2: partition table partially beyond EOD, truncated
[ 1070.627162][T10980] loop2: p2 start 13841266 is beyond EOD, truncated
[ 1070.681904][T12297] Dev loop2: unable to read RDB block 7
[ 1070.681937][T12297]  loop2: AHDI p2 p3
[ 1070.681966][T12297] loop2: partition table partially beyond EOD, truncated
[ 1070.682224][T12297] loop2: p2 start 13841266 is beyond EOD, truncated
[ 1070.697316][ T1737] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[ 1070.871041][ T1737] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1070.871071][ T1737] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1070.894037][ T1737] usb 10-1: config 0 descriptor??
[ 1070.941247][ T1737] cp210x 10-1:0.0: cp210x converter detected
[ 1071.359569][ T5926] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[ 1071.364226][ T1737] cp210x 10-1:0.0: failed to get vendor val 0x000e size 3: -32
[ 1071.534605][ T5926] usb 9-1: config 0 has an invalid interface number: 32 but max is 0
[ 1071.534633][ T5926] usb 9-1: config 0 has no interface number 0
[ 1071.534753][ T5926] usb 9-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1071.534779][ T5926] usb 9-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1071.534817][ T5926] usb 9-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00
[ 1071.534897][ T5926] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1072.699388][ T5926] usb 9-1: config 0 descriptor??
[ 1072.719255][ T1737] usb 10-1: cp210x converter now attached to ttyUSB0
[ 1073.539435][ T1737] usb 10-1: USB disconnect, device number 6
[ 1073.712388][ T1737] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1073.913955][ T5926] uclogic 0003:256C:006E.0007: interface is invalid, ignoring
[ 1074.109187][ T1737] cp210x 10-1:0.0: device disconnected
[ 1074.191723][ T5926] usb 9-1: USB disconnect, device number 10
[ 1076.922890][   T31] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[ 1077.773879][   T31] usb 3-1: Using ep0 maxpacket: 16
[ 1077.776761][   T31] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1077.776809][   T31] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[ 1077.776833][   T31] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1077.822631][   T31] usb 3-1: config 0 descriptor??
[ 1077.837178][   T31] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11
[ 1078.135507][   T31] bcm5974 3-1:0.0: could not read from device
[ 1078.262626][ T5189] bcm5974 3-1:0.0: could not read from device
[ 1078.287181][ T8210] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[ 1078.334008][   T31] input: failed to attach handler mousedev to device input11, error: -5
[ 1078.385398][   T31] usb 3-1: USB disconnect, device number 8
[ 1078.409276][ T5189] bcm5974 3-1:0.0: could not read from device
[ 1078.489551][ T8210] usb 9-1: Using ep0 maxpacket: 32
[ 1078.502084][ T8210] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1078.502115][ T8210] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1078.502154][ T8210] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1078.502176][ T8210] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1078.535450][ T8210] usb 9-1: config 0 descriptor??
[ 1079.031728][ T8210] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[ 1079.205224][T10212] usb 9-1: USB disconnect, device number 11
[ 1079.256870][T12403] netlink: 'syz.0.1433': attribute type 4 has an invalid length.
[ 1079.350870][ T1737] lo speed is unknown, defaulting to 1000
[ 1079.350912][ T1737] syz0: Port: 1 Link DOWN
[ 1079.382759][T12404] netlink: 'syz.0.1433': attribute type 4 has an invalid length.
[ 1079.436532][ T1737] lo speed is unknown, defaulting to 1000
[ 1079.436563][ T1737] syz0: Port: 1 Link ACTIVE
[ 1079.697925][   T31] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[ 1080.528879][T10365] libceph: connect (1)[c::]:6789 error -101
[ 1080.529083][T10365] libceph: mon0 (1)[c::]:6789 connect error
[ 1080.583646][T12409] ceph: No mds server is up or the cluster is laggy
[ 1080.607780][   T31] usb 10-1: Using ep0 maxpacket: 8
[ 1080.610745][   T31] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1080.610772][   T31] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1080.610796][   T31] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1080.610820][   T31] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1080.610862][   T31] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1080.610884][   T31] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1080.989347][   T31] usb 10-1: GET_CAPABILITIES returned 0
[ 1080.989403][   T31] usbtmc 10-1:16.0: can't read capabilities
[ 1081.805313][ T8210] usb 10-1: USB disconnect, device number 7
[ 1082.950511][T12443] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1436'.
[ 1083.823407][T12463] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1443'.
[ 1087.038754][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1087.038942][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1088.027977][ T5926] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 1088.203402][ T5926] usb 10-1: Using ep0 maxpacket: 32
[ 1088.230939][ T5926] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1088.230972][ T5926] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1088.231011][ T5926] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1088.231033][ T5926] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1088.257180][ T5926] usb 10-1: config 0 descriptor??
[ 1088.307305][ T5926] hub 10-1:0.0: USB hub found
[ 1088.530119][ T5926] hub 10-1:0.0: 1 port detected
[ 1089.177092][ T5926] hub 10-1:0.0: activate --> -90
[ 1089.307517][    C0] vxcan1: j1939_tp_rxtimer: 0xffff88805c333800: rx timeout, send abort
[ 1089.312625][    C0] vxcan1: j1939_xtp_rx_abort_one: 0xffff88805c333800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1089.607596][ T5926] usb 10-1-port1: cannot reset (err = -71)
[ 1089.607958][ T5926] usb 10-1-port1: cannot reset (err = -71)
[ 1089.607976][ T5926] usb 10-1-port1: Cannot enable. Maybe the USB cable is bad?
[ 1089.612641][   T44] usb 10-1: USB disconnect, device number 8
[ 1089.616329][ T5926] usb 10-1-port1: cannot disable (err = -71)
[ 1089.616800][ T5926] usb 10-1-port1: attempt power cycle
[ 1093.517822][T12641] netlink: 'syz.8.1494': attribute type 30 has an invalid length.
[ 1094.304349][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1094.710217][ T5926] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[ 1094.893370][ T5926] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1094.893399][ T5926] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1094.893426][ T5926] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1094.893478][ T5926] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1094.893503][ T5926] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1094.899220][ T5926] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1094.899251][ T5926] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1094.899269][ T5926] usb 9-1: Product: syz
[ 1094.899282][ T5926] usb 9-1: Manufacturer: syz
[ 1095.068600][ T5926] cdc_wdm 9-1:1.0: skipping garbage
[ 1095.068621][ T5926] cdc_wdm 9-1:1.0: skipping garbage
[ 1095.100572][ T5926] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1095.100594][ T5926] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1095.312757][   T44] usb 9-1: USB disconnect, device number 12
[ 1095.843536][T12680] lo: entered allmulticast mode
[ 1096.301189][T12674] lo: left allmulticast mode
[ 1097.585938][T12728] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1098.530112][T12748] netlink: 'syz.6.1532': attribute type 10 has an invalid length.
[ 1098.558470][T12748] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1098.576949][T12748] bridge_slave_1: left allmulticast mode
[ 1098.576979][T12748] bridge_slave_1: left promiscuous mode
[ 1098.577249][T12748] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1098.701934][T12748] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1099.422611][ T9939] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1099.604229][ T8210] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 1100.452950][ T8210] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1100.452978][ T8210] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1100.454575][ T8210] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1100.454600][ T8210] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1100.454619][ T8210] usb 10-1: SerialNumber: syz
[ 1100.743174][ T8210] usb 10-1: 0:2 : does not exist
[ 1100.829985][ T8210] usb 10-1: USB disconnect, device number 13
[ 1101.032676][T10980] udevd[10980]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1101.982639][T12831] netlink: 'syz.9.1568': attribute type 1 has an invalid length.
[ 1102.036805][T12831] gretap1: entered allmulticast mode
[ 1102.043240][T12831] bond1: (slave gretap1): making interface the new active one
[ 1102.051086][T12831] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1102.848677][T12837] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1103.923128][   T31] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1104.104783][   T31] usb 7-1: Using ep0 maxpacket: 32
[ 1104.107493][   T31] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1104.111134][   T31] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[ 1104.111160][   T31] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1104.111178][   T31] usb 7-1: Product: syz
[ 1104.111191][   T31] usb 7-1: Manufacturer: syz
[ 1104.111206][   T31] usb 7-1: SerialNumber: syz
[ 1104.186555][   T31] usb 7-1: config 0 descriptor??
[ 1104.441344][T12874] could not allocate digest TFM handle _!5Á’›ã(ìÛiÀ£ïÕHP,ƒomñ«xúÄ™í©*Ô71U"~Âß‘�2.Ë>£~e’…ñŠ>/yµ™
[ 1104.643769][   T31] gs_usb 7-1:0.0: Configuring for 2 interfaces
[ 1104.703766][ T8210] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[ 1104.844879][ T8210] usb 3-1: device descriptor read/64, error -71
[ 1105.099550][ T8210] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[ 1105.100135][   T31] gs_usb 7-1:0.0: Couldn't get bit timing const for channel 1 (-EPIPE)
[ 1105.556226][ T8210] usb 3-1: device descriptor read/64, error -71
[ 1105.810749][ T8210] usb usb3-port1: attempt power cycle
[ 1106.168276][ T8210] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[ 1106.190620][ T8210] usb 3-1: device descriptor read/8, error -71
[ 1106.353682][   T31] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -32
[ 1106.379056][   T31] usb 7-1: USB disconnect, device number 3
[ 1106.433409][T12895] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[ 1106.467585][ T8210] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[ 1106.489898][ T8210] usb 3-1: device descriptor read/8, error -71
[ 1106.607102][ T8210] usb usb3-port1: unable to enumerate USB device
[ 1110.557102][T12928] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1603'.
[ 1111.289816][T12942] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1111.290773][T12942] batadv_slave_0: entered promiscuous mode
[ 1114.138034][T12978] bridge_slave_0: left allmulticast mode
[ 1114.138364][T12978] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1114.297890][T12981] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1622'.
[ 1115.475539][T13016] netlink: 48 bytes leftover after parsing attributes in process `syz.9.1634'.
[ 1116.063452][ T5850] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 1116.221896][ T5850] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1116.221923][ T5850] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1116.224247][ T5850] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1116.224274][ T5850] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1116.224293][ T5850] usb 10-1: SerialNumber: syz
[ 1116.642628][ T5850] usb 10-1: 0:2 : does not exist
[ 1116.777445][ T5850] usb 10-1: USB disconnect, device number 14
[ 1117.181659][T10980] udevd[10980]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1117.361351][T10365] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1118.186598][T10365] usb 3-1: Using ep0 maxpacket: 16
[ 1118.259380][T10365] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1118.259404][T10365] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1118.259423][T10365] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1118.263722][T10365] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1118.263749][T10365] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1118.263776][T10365] usb 3-1: Product: syz
[ 1118.263791][T10365] usb 3-1: Manufacturer: syz
[ 1118.263805][T10365] usb 3-1: SerialNumber: syz
[ 1119.403374][T10365] usb 3-1: 0:2 : does not exist
[ 1120.705672][T10365] usb 3-1: 1:0: cannot get min/max values for control 6 (id 1)
[ 1120.771952][T10365] usb 3-1: USB disconnect, device number 13
[ 1120.917505][T10980] udevd[10980]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1122.099584][ T9939] Bluetooth: hci3: command 0x0406 tx timeout
[ 1122.500513][    C0] vcan0: j1939_tp_rxtimer: 0xffff888011354400: rx timeout, send abort
[ 1122.507170][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888011354400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1122.507318][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d2c5800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1123.862103][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805e668400: rx timeout, send abort
[ 1123.862339][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e668400: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1123.862554][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d2c6800: 0x10000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1123.953146][    C0] vxcan1: j1939_tp_rxtimer: 0xffff8880664d5c00: rx timeout, send abort
[ 1124.487759][    C0] vxcan1: j1939_tp_rxtimer: 0xffff8880664d5c00: abort rx timeout. Force session deactivation
[ 1127.634968][ T5926] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[ 1127.795262][ T5926] usb 9-1: Using ep0 maxpacket: 32
[ 1127.909710][ T5926] usb 9-1: config index 0 descriptor too short (expected 156, got 27)
[ 1127.909756][ T5926] usb 9-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[ 1127.909799][ T5926] usb 9-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[ 1127.909831][ T5926] usb 9-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[ 1127.909857][ T5926] usb 9-1: config 0 interface 0 has no altsetting 0
[ 1127.968588][ T5926] usb 9-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[ 1127.968626][ T5926] usb 9-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[ 1127.968638][ T5926] usb 9-1: Product: syz
[ 1127.968645][ T5926] usb 9-1: Manufacturer: syz
[ 1127.968653][ T5926] usb 9-1: SerialNumber: syz
[ 1128.011139][ T5926] usb 9-1: config 0 descriptor??
[ 1128.049924][ T5926] ldusb 9-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[ 1128.106344][ T5926] ldusb 9-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[ 1130.788070][ T5953] usb 9-1: USB disconnect, device number 13
[ 1130.817525][ T5953] ldusb 9-1:0.0: LD USB Device #0 now disconnected
[ 1130.861293][T13200] netlink: 'syz.0.1696': attribute type 1 has an invalid length.
[ 1130.861307][T13200] netlink: 'syz.0.1696': attribute type 2 has an invalid length.
[ 1135.444386][T13209] syz_tun: entered allmulticast mode
[ 1135.911194][T13209] syz_tun: left allmulticast mode
[ 1136.248310][T13238] binder: 13237:13238 unknown command 0
[ 1136.248331][T13238] binder: 13237:13238 ioctl c0306201 200000000080 returned -22
[ 1136.250063][T13238] binder: BINDER_SET_CONTEXT_MGR already set
[ 1136.250073][T13238] binder: 13237:13238 ioctl 4018620d 200000000040 returned -16
[ 1136.618536][T13245] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1709'.
[ 1136.618562][T13245] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1709'.
[ 1138.479936][T13269] affs: No valid root block on device nullb0
[ 1138.927009][T13288] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1725'.
[ 1139.304500][T13295] binder: 13294:13295 ioctl c0306201 200000000080 returned -14
[ 1139.629525][T13299] binder: 13298:13299 unknown command 0
[ 1139.629545][T13299] binder: 13298:13299 ioctl c0306201 200000000080 returned -22
[ 1141.212085][ T5953] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1141.501682][ T5953] usb 7-1: Using ep0 maxpacket: 16
[ 1141.503801][ T5953] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1141.503826][ T5953] usb 7-1: config 0 has no interfaces?
[ 1141.507412][ T5953] usb 7-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[ 1141.507428][ T5953] usb 7-1: New USB device strings: Mfr=225, Product=0, SerialNumber=0
[ 1141.507439][ T5953] usb 7-1: Manufacturer: syz
[ 1141.557885][ T5953] usb 7-1: config 0 descriptor??
[ 1144.242633][T13352] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1747'.
[ 1145.009273][T13359] serio: Serial port ptm0
[ 1145.029331][T10212] usb 7-1: USB disconnect, device number 4
[ 1146.696711][T13374] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1755'.
[ 1148.700639][T13374] hsr_slave_1 (unregistering): left promiscuous mode
[ 1149.097704][   T37] audit: type=1800 audit(1757802250.530:105): pid=13405 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.6.1764" name="bus" dev="overlay" ino=460 res=0 errno=0
[ 1151.035699][   T37] audit: type=1800 audit(1757802252.373:106): pid=13424 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.9.1770" name="3" dev="overlay" ino=967 res=0 errno=0
[ 1152.717178][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1152.717257][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1152.854348][T13442] netlink: 60 bytes leftover after parsing attributes in process `syz.9.1779'.
[ 1155.890500][   T44] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[ 1156.061128][   T44] usb 7-1: Using ep0 maxpacket: 8
[ 1156.063803][   T44] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1156.063835][   T44] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1156.063867][   T44] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1156.063889][   T44] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1156.063930][   T44] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1156.063954][   T44] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.916500][   T44] usb 7-1: GET_CAPABILITIES returned 0
[ 1156.916561][   T44] usbtmc 7-1:16.0: can't read capabilities
[ 1157.466040][   T37] audit: type=1326 audit(1757802258.397:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13492 comm="syz.0.1794" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x0
[ 1157.759946][T13496] usb 7-1: USB disconnect, device number 5
[ 1158.762673][T13522] netlink: 56 bytes leftover after parsing attributes in process `syz.9.1803'.
[ 1160.833990][   T37] audit: type=1107 audit(1757802261.343:108): pid=13546 uid=0 auid=4294967295 ses=4294967295 subj=_ msg=''
[ 1166.111440][T13589] overlayfs: "xino" feature enabled using 3 upper inode bits.
[ 1167.120031][T13592] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1169.482174][T13613] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1830'.
[ 1171.731576][T13624] pim6reg1: entered promiscuous mode
[ 1171.731606][T13624] pim6reg1: entered allmulticast mode
[ 1174.524174][T13640] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1174.728145][T13640] bond0: (slave rose0): Enslaving as an active interface with an up link
[ 1178.168111][T13704] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1854'.
[ 1187.016872][T13790] overlayfs: failed to clone upperpath
[ 1187.548106][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1187.943443][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1188.850283][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1189.064689][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1189.291137][T13818] bridge0: entered promiscuous mode
[ 1189.291722][T13818] vlan3: entered promiscuous mode
[ 1189.832808][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1190.914391][T13853] bridge: RTM_NEWNEIGH with invalid ether address
[ 1193.307537][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1194.320353][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1194.464821][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1194.778037][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.532297][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.890160][T13889] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1196.101480][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1196.251177][T13895] IPv6: Can't replace route, no match found
[ 1196.569996][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1196.596920][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1196.875247][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1197.513162][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1200.388603][T13918] lo speed is unknown, defaulting to 1000
[ 1204.365975][T13945] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1204.810476][T13496] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[ 1205.207474][T13496] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1205.207509][T13496] usb 3-1: config 0 has no interfaces?
[ 1205.208692][T13496] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1205.208715][T13496] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1205.225068][T13496] usb 3-1: config 0 descriptor??
[ 1206.891784][   T44] usb 3-1: USB disconnect, device number 14
[ 1207.025163][T13989] overlayfs: failed to clone upperpath
[ 1210.484814][T14010] overlayfs: failed to set uuid (265/file1, err=-1); falling back to uuid=null.
[ 1210.484858][T14010] overlayfs: failed to verify upper root origin
[ 1218.703779][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1218.703856][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1218.830248][T14066] overlayfs: failed to clone upperpath
[ 1221.649153][T14108] loop9: detected capacity change from 0 to 7
[ 1221.875436][T13965] buffer_io_error: 43 callbacks suppressed
[ 1221.875453][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.875580][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.875790][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.875907][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.877622][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.877759][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.877894][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.877976][T13965] ldm_validate_partition_table(): Disk read failed.
[ 1221.878035][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.878149][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.878260][T13965] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1221.878553][T13965] Dev loop9: unable to read RDB block 0
[ 1221.878885][T13965]  loop9: unable to read partition table
[ 1221.879146][T13965] loop9: partition table beyond EOD, truncated
[ 1225.894297][T14142] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1961'.
[ 1226.742173][T14145] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1227.444548][T14145] veth0: entered promiscuous mode
[ 1227.496954][T14145] bond1: (slave macvlan2): making interface the new active one
[ 1227.523569][T14145] bond1: (slave macvlan2): Enslaving as an active interface with an up link
[ 1228.949960][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1229.130097][   T10] usb 7-1: Using ep0 maxpacket: 16
[ 1229.153754][   T10] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1229.153786][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[ 1229.532672][   T10] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1229.532691][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1229.532701][   T10] usb 7-1: Product: syz
[ 1229.532708][   T10] usb 7-1: Manufacturer: syz
[ 1229.532716][   T10] usb 7-1: SerialNumber: syz
[ 1229.535787][   T10] usb 7-1: config 0 descriptor??
[ 1229.557260][   T10] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1229.557293][   T10] em28xx 7-1:0.0: Audio interface 0 found (Vendor Class)
[ 1230.262583][   T10] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[ 1230.263354][   T10] em28xx 7-1:0.0: Config register raw data: 0xfffffffb
[ 1230.828474][T14181] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1230.828685][T14181] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1230.908553][   T10] em28xx 7-1:0.0: Unknown AC97 audio processor detected!
[ 1230.909577][   T10] em28xx 7-1:0.0: couldn't setup AC97 register 2
[ 1230.910270][   T10] em28xx 7-1:0.0: couldn't setup AC97 register 4
[ 1230.911982][   T10] em28xx 7-1:0.0: couldn't setup AC97 register 6
[ 1231.155160][   T10] em28xx 7-1:0.0: couldn't setup AC97 register 54
[ 1231.155596][   T10] em28xx 7-1:0.0: couldn't setup AC97 register 56
[ 1231.174288][   T10] usb 7-1: USB disconnect, device number 6
[ 1231.259123][   T31] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[ 1232.370853][   T31] usb 9-1: Using ep0 maxpacket: 8
[ 1232.373615][   T31] usb 9-1: config 0 has no interfaces?
[ 1232.376084][   T31] usb 9-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1232.376100][   T31] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1232.376111][   T31] usb 9-1: Product: syz
[ 1232.376118][   T31] usb 9-1: Manufacturer: syz
[ 1232.376125][   T31] usb 9-1: SerialNumber: syz
[ 1232.822178][   T31] usb 9-1: config 0 descriptor??
[ 1233.369086][   T31] usb 9-1: USB disconnect, device number 14
[ 1235.036397][T14215] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[ 1238.513318][T14229] befs: (nullb0): invalid magic header
[ 1241.405435][T14250] netlink: 'syz.8.1985': attribute type 10 has an invalid length.
[ 1242.641479][T14260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1991'.
[ 1242.815724][T14250] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1245.959372][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1246.495662][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1246.981367][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1249.111446][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1249.721112][T14302] tipc: Started in network mode
[ 1249.721142][T14302] tipc: Node identity 564eb7e8da5a, cluster identity 4711
[ 1249.721361][T14302] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1249.722451][T14302] syzkaller0: entered promiscuous mode
[ 1249.722479][T14302] syzkaller0: entered allmulticast mode
[ 1249.736222][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1250.931545][T10365] tipc: Node number set to 2350168040
[ 1251.186761][T14306] tipc: Resetting bearer <eth:syzkaller0>
[ 1251.541862][T14300] tipc: Resetting bearer <eth:syzkaller0>
[ 1254.062437][T14300] tipc: Disabling bearer <eth:syzkaller0>
[ 1254.321473][ T9939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1254.325799][ T9939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1254.340254][ T9939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1254.357558][ T9939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1254.358312][ T9939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1256.237096][T14325] comedi comedi2: dt2814: I/O port conflict (0xb000,2)
[ 1257.194429][ T9939] Bluetooth: hci0: command tx timeout
[ 1257.671078][T14320] lo speed is unknown, defaulting to 1000
[ 1260.123355][ T9939] Bluetooth: hci0: command tx timeout
[ 1262.347421][ T9939] Bluetooth: hci0: command tx timeout
[ 1264.823539][ T9939] Bluetooth: hci0: command tx timeout
[ 1265.135168][T14388] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2026'.
[ 1265.160827][T14389] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2024'.
[ 1266.227634][T13496] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1266.409945][T13496] usb 3-1: Using ep0 maxpacket: 16
[ 1266.412003][T13496] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1266.412018][T13496] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1266.414910][T13496] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1266.414926][T13496] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1266.414936][T13496] usb 3-1: Product: syz
[ 1266.414943][T13496] usb 3-1: Manufacturer: syz
[ 1266.414950][T13496] usb 3-1: SerialNumber: syz
[ 1266.649379][T13496] usb 3-1: 0:2 : does not exist
[ 1266.656381][T13496] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[ 1266.759365][T13496] usb 3-1: USB disconnect, device number 15
[ 1266.913240][T14388] batadv0: entered promiscuous mode
[ 1266.915901][T14388] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1266.918173][T14388] batadv0: left promiscuous mode
[ 1267.182494][T13965] udevd[13965]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1272.518698][   T43] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1273.996470][T14320] chnl_net:caif_netlink_parms(): no params data found
[ 1279.974780][   T43] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1280.109959][T14393] syz.6.2025 (14393): drop_caches: 2
[ 1282.282359][   T43] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1283.021361][ T9996] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1283.818744][ T9996] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1283.820340][ T9996] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1283.822893][ T9996] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1283.823722][ T9996] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1284.075520][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1284.075590][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1286.166397][ T9996] Bluetooth: hci2: command tx timeout
[ 1288.339853][   T43] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1288.348316][ T9996] Bluetooth: hci2: command tx timeout
[ 1288.391853][T14483] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[ 1288.521482][T14320] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1288.521630][T14320] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1288.521843][T14320] bridge_slave_0: entered allmulticast mode
[ 1288.589738][T14320] bridge_slave_0: entered promiscuous mode
[ 1290.900887][ T9996] Bluetooth: hci2: command tx timeout
[ 1291.255914][T14320] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1291.256061][T14320] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1291.256321][T14320] bridge_slave_1: entered allmulticast mode
[ 1291.259245][T14320] bridge_slave_1: entered promiscuous mode
[ 1293.294172][ T9996] Bluetooth: hci2: command tx timeout
[ 1293.761612][T14320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1293.767285][T13496] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[ 1293.794632][T14320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1294.623158][T13496] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1294.623219][T13496] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1294.623243][T13496] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.628697][T13496] usb 3-1: config 0 descriptor??
[ 1294.679185][T13496] pwc: Askey VC010 type 2 USB webcam detected.
[ 1295.902426][T13496] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1295.904110][T13496] pwc: recv_control_msg error -32 req 02 val 2700
[ 1295.905483][T13496] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1295.925377][T13496] pwc: recv_control_msg error -32 req 04 val 1000
[ 1295.926828][T13496] pwc: recv_control_msg error -32 req 04 val 1300
[ 1295.937195][T13496] pwc: recv_control_msg error -32 req 04 val 1400
[ 1295.947292][T13496] pwc: recv_control_msg error -32 req 02 val 2000
[ 1295.948502][T13496] pwc: recv_control_msg error -32 req 02 val 2100
[ 1295.950078][T13496] pwc: recv_control_msg error -32 req 04 val 1500
[ 1295.951214][T13496] pwc: recv_control_msg error -32 req 02 val 2500
[ 1295.980031][T13496] pwc: recv_control_msg error -32 req 02 val 2400
[ 1295.981605][T13496] pwc: recv_control_msg error -32 req 02 val 2600
[ 1295.982855][T13496] pwc: recv_control_msg error -32 req 02 val 2900
[ 1295.984150][T13496] pwc: recv_control_msg error -32 req 02 val 2800
[ 1296.124660][T14548] hub 9-0:1.0: USB hub found
[ 1296.125039][T14548] hub 9-0:1.0: 1 port detected
[ 1296.203401][T13496] pwc: recv_control_msg error -71 req 04 val 1200
[ 1296.243469][T13496] pwc: Registered as video103.
[ 1296.347939][T13496] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input13
[ 1296.396957][T13496] usb 3-1: USB disconnect, device number 16
[ 1296.445740][T14320] team0: Port device team_slave_0 added
[ 1296.458829][T14473] lo speed is unknown, defaulting to 1000
[ 1296.737922][T14320] team0: Port device team_slave_1 added
[ 1297.552544][T14320] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1297.552556][T14320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1297.552569][T14320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1297.563029][T14320] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1297.563044][T14320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1297.563068][T14320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1297.640451][T14571] overlayfs: failed to clone upperpath
[ 1299.937091][   T43] bridge_slave_1: left allmulticast mode
[ 1299.937124][   T43] bridge_slave_1: left promiscuous mode
[ 1299.937404][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1300.044780][   T43] bridge_slave_0: left allmulticast mode
[ 1300.044814][   T43] bridge_slave_0: left promiscuous mode
[ 1300.045092][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1304.184707][   T43] bond1 (unregistering): (slave gretap1): Releasing active interface
[ 1315.224062][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1316.032007][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1316.035727][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1316.084680][   T43] bond0 (unregistering): Released all slaves
[ 1316.102898][   T43] bond1 (unregistering): Released all slaves
[ 1316.294773][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1316.353645][ T9939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1316.389909][ T9939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1316.393002][ T9939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1316.394209][ T9939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1316.397833][ T9939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1316.639958][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1317.307054][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1317.687723][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1317.762033][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1317.846007][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1318.622874][ T9996] Bluetooth: hci3: command tx timeout
[ 1318.702007][T14656] lo speed is unknown, defaulting to 1000
[ 1320.851712][ T9996] Bluetooth: hci3: command tx timeout
[ 1323.960810][ T9996] Bluetooth: hci3: command tx timeout
[ 1330.283372][ T9996] Bluetooth: hci3: command tx timeout
[ 1334.734078][T14473] chnl_net:caif_netlink_parms(): no params data found
[ 1338.296148][T14742] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.070515][   T43] hsr_slave_0: left promiscuous mode
[ 1339.071155][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1339.071174][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1340.193327][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1340.193359][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1341.543421][   T43] veth1_macvtap: left promiscuous mode
[ 1341.543548][   T43] veth0_macvtap: left promiscuous mode
[ 1341.543842][   T43] veth1_vlan: left promiscuous mode
[ 1341.544046][   T43] veth0_vlan: left promiscuous mode
[ 1346.177291][T14774] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2112'.
[ 1347.394591][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1347.988490][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1348.085301][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1348.427512][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1348.741961][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1348.747862][T14794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1348.802411][T14794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1348.804932][T14794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1348.814973][T14794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1348.847004][T14794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1348.971962][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1349.067191][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1349.207474][T14804] netlink: 68 bytes leftover after parsing attributes in process `syz.8.2117'.
[ 1349.768150][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1349.781285][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1349.781360][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1350.029659][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1350.199755][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1350.989330][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.137413][T14794] Bluetooth: hci0: command tx timeout
[ 1351.296284][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.374453][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.451805][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.515609][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.580452][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.652477][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.695278][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.786714][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.833195][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1351.884903][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1352.757333][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1353.012814][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1353.379072][ T9939] Bluetooth: hci0: command tx timeout
[ 1355.569476][ T9939] Bluetooth: hci0: command tx timeout
[ 1358.129863][ T9939] Bluetooth: hci0: command tx timeout
[ 1358.281348][T14824] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2122'.
[ 1358.281406][T14824] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2122'.
[ 1359.858841][T14793] lo speed is unknown, defaulting to 1000
[ 1363.043978][T14656] chnl_net:caif_netlink_parms(): no params data found
[ 1374.718046][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1375.455749][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1378.226914][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1382.966462][T14793] chnl_net:caif_netlink_parms(): no params data found
[ 1383.328893][   T43] IPVS: stop unused estimator thread 0...
[ 1387.406959][T14794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1387.510171][T14794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1387.523856][T14794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1387.547645][T14794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1387.561531][T14794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1389.782820][T14794] Bluetooth: hci2: command tx timeout
[ 1391.255601][T14793] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1391.255758][T14793] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1391.256023][T14793] bridge_slave_0: entered allmulticast mode
[ 1392.466753][T14793] bridge_slave_0: entered promiscuous mode
[ 1392.470035][T14969] lo speed is unknown, defaulting to 1000
[ 1392.474491][   T43] bridge_slave_1: left allmulticast mode
[ 1392.474520][   T43] bridge_slave_1: left promiscuous mode
[ 1392.474759][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1393.385156][ T9939] Bluetooth: hci2: command tx timeout
[ 1393.433829][   T43] bridge_slave_0: left allmulticast mode
[ 1393.433861][   T43] bridge_slave_0: left promiscuous mode
[ 1393.434126][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1395.738107][ T9939] Bluetooth: hci2: command tx timeout
[ 1396.745043][   T43] bond0 (unregistering): Released all slaves
[ 1397.267563][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1398.163800][ T9939] Bluetooth: hci2: command tx timeout
[ 1398.333591][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1398.400273][   T43] bond0 (unregistering): Released all slaves
[ 1399.593458][T14793] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1399.593626][T14793] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1399.593890][T14793] bridge_slave_1: entered allmulticast mode
[ 1399.597539][T14793] bridge_slave_1: entered promiscuous mode
[ 1399.976715][T15053] binder: 15048:15053 ioctl c0306201 0 returned -14
[ 1401.415612][T14793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1401.605986][T15066] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2168'.
[ 1402.400620][T14793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1407.070538][T14793] team0: Port device team_slave_0 added
[ 1407.218336][T14793] team0: Port device team_slave_1 added
[ 1408.182868][T15097] /dev/nullb0: Can't lookup blockdev
[ 1408.456693][T14794] Bluetooth: hci2: command 0x0405 tx timeout
[ 1408.719719][ T1737] IPVS: starting estimator thread 0...
[ 1408.819556][T15098] IPVS: using max 14 ests per chain, 33600 per kthread
[ 1408.829085][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1408.890953][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1411.052346][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1414.398770][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1415.443762][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1415.443844][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1416.483062][T15139] overlayfs: missing 'lowerdir'
[ 1417.320589][   T37] audit: type=1326 audit(1363.214:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320642][   T37] audit: type=1326 audit(1363.233:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320684][   T37] audit: type=1326 audit(1363.233:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320726][   T37] audit: type=1326 audit(1363.233:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320766][   T37] audit: type=1326 audit(1363.233:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320806][   T37] audit: type=1326 audit(1363.233:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320847][   T37] audit: type=1326 audit(1363.233:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320893][   T37] audit: type=1326 audit(1363.233:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320933][   T37] audit: type=1326 audit(1363.243:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.320974][   T37] audit: type=1326 audit(1363.243:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15134 comm="syz.8.2185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f853e6ceba9 code=0x7ffc0000
[ 1417.323357][ T9939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1417.341352][ T9939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1417.343076][ T9939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1417.426656][ T9939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1417.717024][T15089] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1418.860138][T15154] usb usb8: usbfs: process 15154 (syz.2.2188) did not claim interface 7 before use
[ 1421.466426][T15089] Bluetooth: hci3: command tx timeout
[ 1423.175538][T15168] delete_channel: no stack
[ 1423.962241][T14794] Bluetooth: hci3: command tx timeout
[ 1424.992233][T15137] lo speed is unknown, defaulting to 1000
[ 1426.036581][T14969] chnl_net:caif_netlink_parms(): no params data found
[ 1426.127444][T14794] Bluetooth: hci3: command tx timeout
[ 1428.362125][T14794] Bluetooth: hci3: command tx timeout
[ 1432.710953][T15240] netlink: 'syz.0.2204': attribute type 4 has an invalid length.
[ 1432.710974][T15240] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2204'.
[ 1434.773268][T14969] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1434.773482][T14969] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1434.773691][T14969] bridge_slave_0: entered allmulticast mode
[ 1434.798111][T14969] bridge_slave_0: entered promiscuous mode
[ 1434.859510][T14969] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1434.859680][T14969] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1434.859960][T14969] bridge_slave_1: entered allmulticast mode
[ 1434.900887][T14969] bridge_slave_1: entered promiscuous mode
[ 1434.956236][T15137] chnl_net:caif_netlink_parms(): no params data found
[ 1435.750082][T15262] overlayfs: failed to clone upperpath
[ 1435.810538][T14969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1437.006306][T14969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1437.303468][   T37] kauditd_printk_skb: 15 callbacks suppressed
[ 1437.303484][   T37] audit: type=1326 audit(1381.941:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15264 comm="syz.2.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1437.303532][   T37] audit: type=1326 audit(1381.941:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15264 comm="syz.2.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1437.303942][   T37] audit: type=1326 audit(1381.941:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15264 comm="syz.2.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1437.303985][   T37] audit: type=1326 audit(1381.941:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15264 comm="syz.2.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1437.304385][   T37] audit: type=1326 audit(1381.941:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15264 comm="syz.2.2213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1439.268152][T14969] team0: Port device team_slave_0 added
[ 1439.270944][T14969] team0: Port device team_slave_1 added
[ 1439.347346][T15302] binder: 15296:15302 ioctl c0306201 0 returned -14
[ 1439.351850][T15302] binder: 15296:15302 ioctl c0306201 200000000540 returned -22
[ 1441.343337][   T43] bridge_slave_1: left allmulticast mode
[ 1441.343440][   T43] bridge_slave_1: left promiscuous mode
[ 1441.343679][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1441.406556][   T43] bridge_slave_0: left allmulticast mode
[ 1441.406578][   T43] bridge_slave_0: left promiscuous mode
[ 1441.406809][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1441.962773][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1442.073506][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1442.471327][   T43] bond0 (unregistering): Released all slaves
[ 1443.361355][T15313] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1443.361408][T15313] block device autoloading is deprecated and will be removed.
[ 1443.487277][   T43] bond0 (unregistering): Released all slaves
[ 1444.502612][T15323] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1447.921990][T15319] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2228'.
[ 1448.197029][T15318] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1448.429366][T14969] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1448.429384][T14969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1448.429410][T14969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1448.430302][T15137] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1448.430437][T15137] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1448.430658][T15137] bridge_slave_0: entered allmulticast mode
[ 1448.522555][T15137] bridge_slave_0: entered promiscuous mode
[ 1448.552714][T15137] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1448.552858][T15137] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1448.553125][T15137] bridge_slave_1: entered allmulticast mode
[ 1448.556149][T15137] bridge_slave_1: entered promiscuous mode
[ 1448.923718][T14794] Bluetooth: hci1: unexpected event for opcode 0x2012
[ 1448.979118][T14794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1449.036383][T14794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1449.154262][T14794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1450.588943][T14794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1450.591356][T14794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1451.384000][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1453.239011][T15089] Bluetooth: hci0: command tx timeout
[ 1453.912989][ T5850] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[ 1454.109736][ T5850] usb 3-1: Using ep0 maxpacket: 16
[ 1454.480131][ T5850] usb 3-1: config 1 interface 0 has no altsetting 0
[ 1455.462544][T15089] Bluetooth: hci0: command tx timeout
[ 1455.573201][ T5850] usb 3-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.40
[ 1455.573231][ T5850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1455.573250][ T5850] usb 3-1: Product: syz
[ 1455.573264][ T5850] usb 3-1: Manufacturer: syz
[ 1455.573316][ T5850] usb 3-1: SerialNumber: syz
[ 1456.015351][ T5850] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input14
[ 1456.061404][ T5850] usb 3-1: USB disconnect, device number 17
[ 1456.136312][ T5189] bcm5974 3-1:1.0: could not read from device
[ 1456.459306][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1457.593192][T15333] udevd[15333]: Error opening device "/dev/input/event4": No such file or directory
[ 1457.593316][T15333] udevd[15333]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1457.593459][T15333] udevd[15333]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1457.593567][T15333] udevd[15333]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1457.593680][T15333] udevd[15333]: Unable to EVIOCGABS device "/dev/input/event4"
[ 1457.703636][T15089] Bluetooth: hci0: command tx timeout
[ 1459.112617][T15375] loop6: detected capacity change from 0 to 7
[ 1459.286354][T15375] Dev loop6: unable to read RDB block 7
[ 1459.286690][T15375]  loop6: unable to read partition table
[ 1459.290995][T15375] loop6: partition table beyond EOD, truncated
[ 1459.291174][T15375] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1459.506177][T15089] Bluetooth: Unexpected continuation frame (len 4)
[ 1459.924974][T15089] Bluetooth: hci0: command tx timeout
[ 1466.120359][T13496] IPVS: starting estimator thread 0...
[ 1467.089524][T15432] IPVS: using max 14 ests per chain, 33600 per kthread
[ 1467.310593][T15137] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1467.328483][T15137] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1468.039189][T15137] team0: Port device team_slave_0 added
[ 1468.053317][T15137] team0: Port device team_slave_1 added
[ 1468.065664][T15332] lo speed is unknown, defaulting to 1000
[ 1469.980607][T13496] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 1470.151697][T13496] usb 9-1: Using ep0 maxpacket: 32
[ 1470.157584][T13496] usb 9-1: unable to get BOS descriptor or descriptor too short
[ 1470.161084][T13496] usb 9-1: config 7 has an invalid interface number: 128 but max is 0
[ 1470.161109][T13496] usb 9-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[ 1470.161127][T13496] usb 9-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1470.161146][T13496] usb 9-1: config 7 has no interface number 0
[ 1470.161205][T13496] usb 9-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7
[ 1470.161228][T13496] usb 9-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32
[ 1470.161249][T13496] usb 9-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11
[ 1470.161274][T13496] usb 9-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[ 1470.161299][T13496] usb 9-1: config 7 interface 128 has no altsetting 0
[ 1470.193512][T13496] usb 9-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[ 1470.193542][T13496] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1470.193560][T13496] usb 9-1: Product: syz
[ 1470.193573][T13496] usb 9-1: Manufacturer: syz
[ 1470.193587][T13496] usb 9-1: SerialNumber: syz
[ 1470.490399][T15454] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[ 1470.733910][T13496] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[ 1470.733945][T13496] usb 9-1: MIDIStreaming interface descriptor not found
[ 1471.071435][T15137] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1471.071452][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1471.071476][T15137] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1471.143393][T15137] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1471.144018][T15137] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1471.144042][T15137] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1471.537030][T13496] usb 9-1: USB disconnect, device number 15
[ 1473.832977][T15497] udevd[15497]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1475.199160][T15506] Invalid source name
[ 1475.199178][T15506] UBIFS error (pid: 15506): cannot open "./file0", error -22
[ 1477.155656][T15523] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2285'.
[ 1477.155686][T15523] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2285'.
[ 1477.639640][T14794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1477.647624][T14794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1477.653096][T14794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1477.661814][T14794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1477.662563][T14794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1477.991540][T15332] chnl_net:caif_netlink_parms(): no params data found
[ 1478.309917][T15533] lo speed is unknown, defaulting to 1000
[ 1479.948576][T15089] Bluetooth: hci2: command tx timeout
[ 1480.287683][   T43] bridge_slave_1: left allmulticast mode
[ 1480.287717][   T43] bridge_slave_1: left promiscuous mode
[ 1480.287974][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1480.417326][   T43] bridge_slave_0: left allmulticast mode
[ 1480.417347][   T43] bridge_slave_0: left promiscuous mode
[ 1480.417542][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1480.685486][T15583] comedi comedi0: pcl812: I/O port conflict (0x3,16)
[ 1481.088862][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1481.137939][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1481.138010][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1481.155833][T15089] Bluetooth: hci1: unexpected event for opcode 0x0c23
[ 1481.238589][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1481.458463][   T43] bond0 (unregistering): Released all slaves
[ 1482.336717][T15089] Bluetooth: hci2: command tx timeout
[ 1482.586664][T15607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2314'.
[ 1482.586694][T15607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2314'.
[ 1482.681285][T15609] program syz.8.2315 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1483.303736][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1484.249996][T15639] netlink: 'syz.2.2327': attribute type 1 has an invalid length.
[ 1484.250018][T15639] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2327'.
[ 1484.425281][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1484.552642][T15089] Bluetooth: hci2: command tx timeout
[ 1485.367308][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1486.764892][T15089] Bluetooth: hci2: command tx timeout
[ 1486.904719][T15332] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1486.904865][T15332] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1486.905131][T15332] bridge_slave_0: entered allmulticast mode
[ 1487.848679][T15332] bridge_slave_0: entered promiscuous mode
[ 1488.390178][T15332] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1488.390350][T15332] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1488.390609][T15332] bridge_slave_1: entered allmulticast mode
[ 1488.394446][T15332] bridge_slave_1: entered promiscuous mode
[ 1489.011009][T15332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1489.020579][T15332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1490.872490][T15717] netlink: 40 bytes leftover after parsing attributes in process `syz.8.2359'.
[ 1491.022798][T15719] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2360'.
[ 1491.117864][T15332] team0: Port device team_slave_0 added
[ 1491.235618][T15332] team0: Port device team_slave_1 added
[ 1491.455804][T15724] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2362'.
[ 1491.456774][T15724] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[ 1491.715126][T15734] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2364'.
[ 1491.804946][T15332] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1491.804961][T15332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1491.804987][T15332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1491.807476][T15332] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1491.807490][T15332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1491.807514][T15332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1492.949716][T15332] hsr_slave_0: entered promiscuous mode
[ 1493.176490][T15332] hsr_slave_1: entered promiscuous mode
[ 1494.652293][T15533] chnl_net:caif_netlink_parms(): no params data found
[ 1494.692823][   T43] bridge_slave_1: left allmulticast mode
[ 1494.692856][   T43] bridge_slave_1: left promiscuous mode
[ 1494.693100][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1494.788318][   T43] bridge_slave_0: left allmulticast mode
[ 1494.788351][   T43] bridge_slave_0: left promiscuous mode
[ 1494.788647][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1494.846926][T10212] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1495.007210][T10212] usb 3-1: Using ep0 maxpacket: 16
[ 1495.010530][T10212] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1495.010588][T10212] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1495.010609][T10212] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1495.010632][T10212] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1495.010653][T10212] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[ 1495.010676][T10212] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[ 1495.012205][T10212] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1495.012241][T10212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1495.012259][T10212] usb 3-1: SerialNumber: syz
[ 1495.080455][T10212] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1495.087034][T10212] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12
[ 1495.312048][T10212] usb 3-1: USB disconnect, device number 18
[ 1496.461931][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1496.648265][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1497.268088][   T43] bond0 (unregistering): Released all slaves
[ 1498.910765][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1499.118078][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1500.517608][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1500.770067][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1503.556432][T15867] netlink: 'syz.0.2404': attribute type 4 has an invalid length.
[ 1503.556454][T15867] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.2404'.
[ 1504.509981][T15533] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1504.510137][T15533] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1504.510413][T15533] bridge_slave_0: entered allmulticast mode
[ 1504.534751][T15533] bridge_slave_0: entered promiscuous mode
[ 1504.660968][T15533] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1504.661111][T15533] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1504.661320][T15533] bridge_slave_1: entered allmulticast mode
[ 1504.664039][T15533] bridge_slave_1: entered promiscuous mode
[ 1505.094595][T15533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1505.123873][T15533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1505.301584][T15892] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2412'.
[ 1508.677538][T15533] team0: Port device team_slave_0 added
[ 1508.795571][T15533] team0: Port device team_slave_1 added
[ 1509.392712][T15533] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1509.392723][T15533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1509.392737][T15533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1509.395226][T15533] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1509.395236][T15533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1509.395250][T15533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1512.051738][T15533] hsr_slave_0: entered promiscuous mode
[ 1512.053130][T15533] hsr_slave_1: entered promiscuous mode
[ 1512.054070][T15533] debugfs: 'hsr0' already exists in 'hsr'
[ 1512.054095][T15533] Cannot create hsr debugfs directory
[ 1512.111374][T15946] binder: 15944:15946 ioctl c0306201 200000000640 returned -22
[ 1514.925121][T14794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1514.944048][T14794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1514.954307][T14794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1514.965319][T14794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1514.975107][T14794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1517.128823][T15089] Bluetooth: hci0: command tx timeout
[ 1517.635101][T16007] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[ 1518.124171][ T9946] bridge_slave_1: left allmulticast mode
[ 1518.124203][ T9946] bridge_slave_1: left promiscuous mode
[ 1518.124463][ T9946] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1518.231273][ T9946] bridge_slave_0: left allmulticast mode
[ 1518.231307][ T9946] bridge_slave_0: left promiscuous mode
[ 1518.231600][ T9946] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1518.302151][T10212] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 1518.462434][T10212] usb 3-1: Using ep0 maxpacket: 8
[ 1518.465351][T10212] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1518.465380][T10212] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1518.465403][T10212] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1518.465426][T10212] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1518.465467][T10212] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1518.465497][T10212] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1518.767286][T10212] usb 3-1: GET_CAPABILITIES returned 0
[ 1518.767330][T10212] usbtmc 3-1:16.0: can't read capabilities
[ 1518.901603][ T9946] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1519.002268][ T1737] usb 3-1: USB disconnect, device number 19
[ 1519.050677][ T9946] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1519.160911][ T9946] bond0 (unregistering): Released all slaves
[ 1519.213493][T16023] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[ 1519.351268][T15089] Bluetooth: hci0: command tx timeout
[ 1519.417903][T16036] syz_tun: entered allmulticast mode
[ 1519.445851][T15983] lo speed is unknown, defaulting to 1000
[ 1519.884888][T16036] syz_tun: left allmulticast mode
[ 1520.081602][   T44] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 1520.376717][   T44] usb 3-1: Using ep0 maxpacket: 8
[ 1520.379455][   T44] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1520.379486][   T44] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1520.379511][   T44] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024
[ 1520.379537][   T44] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 1520.379560][   T44] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1520.379602][   T44] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1520.379623][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1521.221157][ T9946] hsr_slave_0: left promiscuous mode
[ 1521.242039][   T44] usb 3-1: GET_CAPABILITIES returned 0
[ 1521.242088][   T44] usbtmc 3-1:16.0: can't read capabilities
[ 1521.290244][ T9946] hsr_slave_1: left promiscuous mode
[ 1521.301352][ T9946] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1521.330567][ T9946] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1521.459541][   T44] usb 3-1: USB disconnect, device number 20
[ 1521.573374][T15089] Bluetooth: hci0: command tx timeout
[ 1522.421335][T16096] program syz.2.2472 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1522.750319][ T9946] team0 (unregistering): Port device team_slave_1 removed
[ 1523.017634][ T9946] team0 (unregistering): Port device team_slave_0 removed
[ 1523.797010][T15089] Bluetooth: hci0: command tx timeout
[ 1524.033631][T15089] Bluetooth: hci7: unexpected event for opcode 0x0809
[ 1524.588489][T15983] chnl_net:caif_netlink_parms(): no params data found
[ 1525.657210][T14307] usb 9-1: new full-speed USB device number 16 using dummy_hcd
[ 1525.772160][T15533] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1525.833281][T14307] usb 9-1: config 0 has an invalid interface number: 106 but max is 0
[ 1525.833309][T14307] usb 9-1: config 0 has no interface number 0
[ 1525.833341][T14307] usb 9-1: config 0 interface 106 has no altsetting 0
[ 1525.836556][T14307] usb 9-1: New USB device found, idVendor=413c, idProduct=8217, bcdDevice=b2.59
[ 1525.836582][T14307] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1525.836600][T14307] usb 9-1: Product: syz
[ 1525.836613][T14307] usb 9-1: Manufacturer: syz
[ 1525.836627][T14307] usb 9-1: SerialNumber: syz
[ 1525.847133][T14307] usb 9-1: config 0 descriptor??
[ 1526.062307][T15533] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1526.107442][   T37] audit: type=1326 audit(1465.014:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.107729][   T37] audit: type=1326 audit(1465.014:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152625][   T37] audit: type=1326 audit(1465.051:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152678][   T37] audit: type=1326 audit(1465.051:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152718][   T37] audit: type=1326 audit(1465.051:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152757][   T37] audit: type=1326 audit(1465.051:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152796][   T37] audit: type=1326 audit(1465.051:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.152835][   T37] audit: type=1326 audit(1465.051:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faff15a5b67 code=0x7ffc0000
[ 1526.154559][   T37] audit: type=1326 audit(1465.051:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faff154ada9 code=0x7ffc0000
[ 1526.154610][   T37] audit: type=1326 audit(1465.051:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16160 comm="syz.0.2492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7faff15aeba9 code=0x7ffc0000
[ 1526.283307][T13496] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[ 1526.403986][T14307] usb 9-1: USB disconnect, device number 16
[ 1526.441791][T15983] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1526.441945][T15983] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1526.442205][T15983] bridge_slave_0: entered allmulticast mode
[ 1526.445869][T15983] bridge_slave_0: entered promiscuous mode
[ 1526.451560][T13496] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[ 1526.451592][T13496] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1526.451633][T13496] usb 3-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[ 1526.451654][T13496] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1526.462291][T15533] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1526.472550][T13496] usb 3-1: config 0 descriptor??
[ 1526.473701][T16157] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 1526.606067][T15983] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1526.606313][T15983] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1526.606764][T15983] bridge_slave_1: entered allmulticast mode
[ 1526.675938][T15983] bridge_slave_1: entered promiscuous mode
[ 1526.701933][T15533] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1527.016375][T13496] playstation 0003:054C:0BA0.0009: unknown main item tag 0x0
[ 1527.016412][T13496] playstation 0003:054C:0BA0.0009: unknown main item tag 0x0
[ 1527.016439][T13496] playstation 0003:054C:0BA0.0009: unknown main item tag 0x0
[ 1527.016465][T13496] playstation 0003:054C:0BA0.0009: unknown main item tag 0x0
[ 1527.016501][T13496] playstation 0003:054C:0BA0.0009: unknown main item tag 0x0
[ 1527.106992][T13496] playstation 0003:054C:0BA0.0009: hidraw0: USB HID v1.01 Device [HID 054c:0ba0] on usb-dummy_hcd.2-1/input0
[ 1527.230194][T13496] playstation 0003:054C:0BA0.0009: Invalid reportID received, expected 18 got 9
[ 1527.230223][T13496] playstation 0003:054C:0BA0.0009: Failed to retrieve DualShock4 pairing info: -22
[ 1527.230369][T13496] playstation 0003:054C:0BA0.0009: Failed to get MAC address from DualShock4
[ 1527.230391][T13496] playstation 0003:054C:0BA0.0009: Failed to create dualshock4.
[ 1527.233343][T13496] playstation 0003:054C:0BA0.0009: probe with driver playstation failed with error -22
[ 1527.327648][T15983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1527.385846][T15983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1527.495041][T10212] usb 3-1: USB disconnect, device number 21
[ 1527.975314][T15983] team0: Port device team_slave_0 added
[ 1527.997106][T15983] team0: Port device team_slave_1 added
[ 1528.577676][T15983] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1528.577693][T15983] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1528.577718][T15983] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1529.616354][T15983] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1529.616370][T15983] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1529.616393][T15983] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1529.677265][T16210] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2503'.
[ 1530.208050][T15983] hsr_slave_0: entered promiscuous mode
[ 1530.209537][T15983] hsr_slave_1: entered promiscuous mode
[ 1531.832886][T15533] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1532.320724][T15533] 8021q: adding VLAN 0 to HW filter on device team0
[ 1532.407400][ T8765] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1532.412079][ T8765] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1532.487910][ T9952] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1532.488567][ T9952] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1532.578812][T15983] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1532.877295][T15983] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1533.005155][T15983] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1533.188763][T15983] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1535.641533][T15983] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1535.787365][T15983] 8021q: adding VLAN 0 to HW filter on device team0
[ 1535.827474][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1535.827814][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1535.855698][   T37] kauditd_printk_skb: 1 callbacks suppressed
[ 1535.855715][   T37] audit: type=1326 audit(1474.125:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.863968][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1535.864108][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1535.886980][   T37] audit: type=1326 audit(1474.153:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912496][   T37] audit: type=1326 audit(1474.162:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912551][   T37] audit: type=1326 audit(1474.172:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912596][   T37] audit: type=1326 audit(1474.172:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912635][   T37] audit: type=1326 audit(1474.172:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912673][   T37] audit: type=1326 audit(1474.172:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.912710][   T37] audit: type=1326 audit(1474.172:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.914587][   T37] audit: type=1326 audit(1474.181:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1535.914632][   T37] audit: type=1326 audit(1474.181:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16316 comm="syz.2.2534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb900b2eba9 code=0x7ffc0000
[ 1536.367357][T15533] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1536.525833][T16326] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2537'.
[ 1536.700723][T15533] veth0_vlan: entered promiscuous mode
[ 1536.789465][T15533] veth1_vlan: entered promiscuous mode
[ 1537.021658][T15533] veth0_macvtap: entered promiscuous mode
[ 1537.054477][T15533] veth1_macvtap: entered promiscuous mode
[ 1537.816508][T15983] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1537.861888][T15533] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1537.949723][T15533] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1538.187844][ T9935] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1538.189741][ T9935] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1538.215608][ T9935] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1538.248074][   T72] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1538.705794][T15983] veth0_vlan: entered promiscuous mode
[ 1538.981226][T15983] veth1_vlan: entered promiscuous mode
[ 1538.993804][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1538.993822][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1539.353745][   T72] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1539.353765][   T72] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1539.490493][T15983] veth0_macvtap: entered promiscuous mode
[ 1539.550369][T15983] veth1_macvtap: entered promiscuous mode
[ 1539.668754][T15983] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1539.721894][T15983] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1539.797757][ T9946] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.816993][ T9946] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.817509][ T9946] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1539.819647][ T9946] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1540.668761][ T8766] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1540.668776][ T8766] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1540.908429][ T9702] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1540.908449][ T9702] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1543.356257][T14794] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1543.370347][T14794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1543.373679][T14794] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1543.379052][T14794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1543.379815][T14794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1545.334576][ T8766] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1545.566343][T16421] syzkaller1: entered promiscuous mode
[ 1545.566373][T16421] syzkaller1: entered allmulticast mode
[ 1545.607870][T15089] Bluetooth: hci2: command tx timeout
[ 1546.552605][ T8766] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1546.594131][T16387] lo speed is unknown, defaulting to 1000
[ 1546.819318][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.819393][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1547.255421][ T8766] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1547.829746][T15089] Bluetooth: hci2: command tx timeout
[ 1547.913275][ T8766] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1549.038592][T16485] 9pnet_fd: Insufficient options for proto=fd
[ 1549.639131][T16387] chnl_net:caif_netlink_parms(): no params data found
[ 1550.053284][T15089] Bluetooth: hci2: command tx timeout
[ 1550.172209][ T8766] bridge_slave_1: left allmulticast mode
[ 1550.172242][ T8766] bridge_slave_1: left promiscuous mode
[ 1550.172486][ T8766] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1550.225566][T16498] sctp: [Deprecated]: syz.2.2598 (pid 16498) Use of int in max_burst socket option deprecated.
[ 1550.225566][T16498] Use struct sctp_assoc_value instead
[ 1550.259690][ T8766] bridge_slave_0: left allmulticast mode
[ 1550.259723][ T8766] bridge_slave_0: left promiscuous mode
[ 1550.260015][ T8766] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1550.405900][T14916] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1550.591398][T14916] usb 2-1: Using ep0 maxpacket: 32
[ 1550.608207][T14916] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1550.608233][T14916] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1550.608253][T14916] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1550.608301][T14916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1550.608322][T14916] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1550.608343][T14916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1550.608364][T14916] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[ 1550.608385][T14916] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1550.608428][T14916] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1550.608451][T14916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1550.634220][T14916] usb 2-1: config 0 descriptor??
[ 1550.711858][   T57] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0xe
[ 1550.960511][T14916] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1551.192274][T13496] usb 2-1: USB disconnect, device number 3
[ 1551.214280][T13496] usblp0: removed
[ 1552.317906][T15089] Bluetooth: hci2: command tx timeout
[ 1555.209327][ T8766] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1555.313989][ T8766] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1555.350509][ T8766] bond0 (unregistering): Released all slaves
[ 1558.072332][T16577] Invalid ELF header magic: != ELF
[ 1558.492327][T16570] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2624'.
[ 1559.407466][ T1737] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[ 1559.578585][ T1737] usb 9-1: Using ep0 maxpacket: 32
[ 1559.584553][ T1737] usb 9-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1559.584583][ T1737] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1559.584602][ T1737] usb 9-1: Product: syz
[ 1559.584616][ T1737] usb 9-1: Manufacturer: syz
[ 1559.584630][ T1737] usb 9-1: SerialNumber: syz
[ 1559.642871][ T1737] usb 9-1: config 0 descriptor??
[ 1559.662831][ T1737] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1559.817541][T16387] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1559.817735][T16387] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1559.818077][T16387] bridge_slave_0: entered allmulticast mode
[ 1559.870807][T16387] bridge_slave_0: entered promiscuous mode
[ 1559.907663][T16387] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1559.907768][T16387] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1559.908021][T16387] bridge_slave_1: entered allmulticast mode
[ 1559.915950][T16387] bridge_slave_1: entered promiscuous mode
[ 1560.209232][ T1737] gspca_ov534_9: reg_w failed -110
[ 1560.215270][ T8766] hsr_slave_0: left promiscuous mode
[ 1560.233381][ T8766] hsr_slave_1: left promiscuous mode
[ 1560.234401][ T8766] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1560.234428][ T8766] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1560.285476][ T8766] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1560.285508][ T8766] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1560.431019][ T8766] veth1_macvtap: left promiscuous mode
[ 1560.431144][ T8766] veth0_macvtap: left promiscuous mode
[ 1560.431433][ T8766] veth1_vlan: left promiscuous mode
[ 1560.431641][ T8766] veth0_vlan: left promiscuous mode
[ 1560.636865][ T1737] gspca_ov534_9: Unknown sensor 0000
[ 1560.636966][ T1737] ov534_9 9-1:0.0: probe with driver ov534_9 failed with error -22
[ 1561.185174][T16660] overlayfs: failed to clone upperpath
[ 1562.147015][T10212] usb 9-1: USB disconnect, device number 17
[ 1563.358015][   T37] kauditd_printk_skb: 3 callbacks suppressed
[ 1563.358032][   T37] audit: type=1326 audit(1499.858:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16680 comm="syz.0.2655" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7faff15aeba9 code=0x0
[ 1563.576836][ T9826] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[ 1563.796149][ T9826] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1563.796180][ T9826] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1563.796199][ T9826] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1563.796248][ T9826] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1563.796270][ T9826] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1563.817314][ T9826] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1563.817344][ T9826] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1563.817362][ T9826] usb 9-1: Product: syz
[ 1563.817375][ T9826] usb 9-1: Manufacturer: syz
[ 1563.890661][ T9826] cdc_wdm 9-1:1.0: skipping garbage
[ 1563.890680][ T9826] cdc_wdm 9-1:1.0: skipping garbage
[ 1563.893743][ T9826] cdc_wdm 9-1:1.0: cdc-wdm0: USB WDM device
[ 1563.893763][ T9826] cdc_wdm 9-1:1.0: Unknown control protocol
[ 1564.662784][ T1737] usb 9-1: USB disconnect, device number 18
[ 1565.188874][T16699] overlayfs: failed to clone upperpath
[ 1565.381269][T16703] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1567.553707][ T9826] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[ 1567.743494][ T9826] usb 9-1: Using ep0 maxpacket: 8
[ 1567.754663][ T9826] usb 9-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[ 1567.754692][ T9826] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1567.754712][ T9826] usb 9-1: Product: syz
[ 1567.754725][ T9826] usb 9-1: Manufacturer: syz
[ 1567.754739][ T9826] usb 9-1: SerialNumber: syz
[ 1567.795570][ T9826] usb 9-1: config 0 descriptor??
[ 1567.833736][ T8766] team0 (unregistering): Port device team_slave_1 removed
[ 1568.019164][ T9826] usb 9-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[ 1568.260130][ T8766] team0 (unregistering): Port device team_slave_0 removed
[ 1569.372357][ T9826] usb write operation failed. (-71)
[ 1569.376655][ T9826] usb 9-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[ 1569.377335][ T9826] dvbdev: DVB: registering new adapter (Terratec H7)
[ 1569.377381][ T9826] usb 9-1: media controller created
[ 1569.377845][ T9826] usb read operation failed. (-71)
[ 1569.378319][ T9826] usb write operation failed. (-71)
[ 1569.432190][ T9826] dvb_usb_az6007 9-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[ 1569.454444][ T9826] usb 9-1: USB disconnect, device number 19
[ 1572.889079][T16387] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1573.361416][T16387] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1574.012394][T16763] lo: entered allmulticast mode
[ 1574.016711][T16387] team0: Port device team_slave_0 added
[ 1574.534186][T16387] team0: Port device team_slave_1 added
[ 1574.929590][ T5850] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1575.074099][T16758] lo: left allmulticast mode
[ 1575.306518][ T5850] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1575.341621][ T5850] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1575.808299][ T5850] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1575.808394][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1575.808487][ T5850] usb 2-1: SerialNumber: syz
[ 1576.054632][T16387] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1576.054649][T16387] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1576.054674][T16387] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1576.057136][T16387] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1576.057150][T16387] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1576.057175][T16387] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1576.249885][ T5850] usb 2-1: 0:2 : does not exist
[ 1576.292977][ T5850] usb 2-1: USB disconnect, device number 4
[ 1576.557764][T16773] udevd[16773]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1577.090627][T16387] hsr_slave_0: entered promiscuous mode
[ 1577.101177][T16387] hsr_slave_1: entered promiscuous mode
[ 1577.103009][T16387] debugfs: 'hsr0' already exists in 'hsr'
[ 1577.103144][T16387] Cannot create hsr debugfs directory
[ 1577.563493][ T5850] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[ 1577.659239][ T5850] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1578.950394][   T44] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1580.282350][   T44] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1580.282379][   T44] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1580.282398][   T44] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1580.282453][   T44] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1580.282478][   T44] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1580.282505][   T44] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1580.286136][   T44] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1580.286164][   T44] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1580.286183][   T44] usb 2-1: Product: syz
[ 1580.286197][   T44] usb 2-1: Manufacturer: syz
[ 1580.423217][T16832] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1580.455125][   T44] cdc_wdm 2-1:1.0: skipping garbage
[ 1580.455144][   T44] cdc_wdm 2-1:1.0: skipping garbage
[ 1580.479042][   T44] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1580.479062][   T44] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1580.677752][    C1] wdm_int_callback: 2 callbacks suppressed
[ 1580.677776][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.677794][    C1] wdm_int_callback: 2 callbacks suppressed
[ 1580.677809][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.678060][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.678080][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.678347][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.678366][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.678609][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.678629][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.678871][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.678892][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.679135][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.679153][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.679395][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.679413][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.679655][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.679673][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.679928][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.679946][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.680195][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[ 1580.680214][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[ 1580.831463][T13496] usb 2-1: USB disconnect, device number 5
[ 1580.831507][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1580.867118][T16832] cdc_wdm 2-1:1.0: Tx URB error: -19
[ 1582.657560][T16387] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1583.121834][T16387] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1583.290881][T16387] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1583.420741][T16387] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1584.210928][T16898] Bluetooth: MGMT ver 1.23
[ 1584.632966][T16387] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1584.685044][T16387] 8021q: adding VLAN 0 to HW filter on device team0
[ 1584.725245][ T8773] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1584.725493][ T8773] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1584.753343][ T8766] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1584.753537][ T8766] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1585.430688][T16387] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1585.703999][T16387] veth0_vlan: entered promiscuous mode
[ 1585.731220][T16387] veth1_vlan: entered promiscuous mode
[ 1586.721869][T16387] veth0_macvtap: entered promiscuous mode
[ 1586.747320][T16387] veth1_macvtap: entered promiscuous mode
[ 1586.880077][T16387] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1586.922250][T16387] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1587.016486][ T8766] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1587.019689][ T8766] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1587.039480][ T8766] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1587.068542][ T8766] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1587.798228][ T9946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1587.798248][ T9946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1587.886645][ T9946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1587.886665][ T9946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1588.355504][T16968] tipc: Started in network mode
[ 1588.355535][T16968] tipc: Node identity 9e042e23fd35, cluster identity 4711
[ 1588.355775][T16968] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1588.379757][T16968] syzkaller0: entered promiscuous mode
[ 1588.379774][T16968] syzkaller0: entered allmulticast mode
[ 1588.396769][T16968] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[ 1589.558538][T14916] tipc: Node number set to 1664167459
[ 1590.112311][T16973] tipc: Resetting bearer <eth:syzkaller0>
[ 1590.196522][T16967] tipc: Resetting bearer <eth:syzkaller0>
[ 1590.637734][ T5850] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[ 1590.667663][T16967] tipc: Disabling bearer <eth:syzkaller0>
[ 1590.795170][ T5850] usb 9-1: Using ep0 maxpacket: 16
[ 1590.802241][ T5850] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1590.802268][ T5850] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1590.812176][ T5850] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1590.812205][ T5850] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1590.812225][ T5850] usb 9-1: Product: syz
[ 1590.812238][ T5850] usb 9-1: Manufacturer: syz
[ 1590.812252][ T5850] usb 9-1: SerialNumber: syz
[ 1591.205873][ T5850] usb 9-1: 0:2 : does not exist
[ 1591.232292][ T5850] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[ 1591.316694][ T5850] usb 9-1: USB disconnect, device number 20
[ 1591.399151][T16773] udevd[16773]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1594.889843][T17020] netlink: 2028 bytes leftover after parsing attributes in process `syz.3.2766'.
[ 1594.889868][T17020] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2766'.
[ 1603.095554][T17090] binder: 17089:17090 unknown command 0
[ 1603.095575][T17090] binder: 17089:17090 ioctl c0306201 200000000080 returned -22
[ 1603.270151][T17092] syz_tun: entered allmulticast mode
[ 1603.277205][T17092] syz_tun: left allmulticast mode
[ 1603.876246][T17100] netlink: 129704 bytes leftover after parsing attributes in process `syz.3.2791'.
[ 1611.290979][ T5850] page_pool_release_retry() stalled pool shutdown: id 114, 1 inflight 60 sec
[ 1612.518955][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1612.519034][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1613.200808][T17171] syz_tun: entered allmulticast mode
[ 1613.348232][T17169] binder: 17168:17169 ioctl c0306201 200000000680 returned -14
[ 1613.356372][T17170] syz_tun: left allmulticast mode
[ 1618.831230][T15089] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[ 1618.940397][T15089] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1619.028252][T17231] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2834'.
[ 1621.701873][T17256] policy can only be matched on NF_INET_PRE_ROUTING
[ 1621.701886][T17256] unable to load match
[ 1621.947678][T17081] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1622.616179][T17081] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1622.616210][T17081] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1622.616224][T17081] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1624.643990][T17081] usb 3-1: config 0 descriptor??
[ 1624.961539][T17081] usbhid 3-1:0.0: can't add hid device: -71
[ 1624.961696][T17081] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1625.067896][T17081] usb 3-1: USB disconnect, device number 22
[ 1626.143801][T17081] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[ 1626.642499][T17081] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1626.642521][T17081] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1626.644591][T17081] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1626.644607][T17081] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1626.644617][T17081] usb 3-1: Product: syz
[ 1626.644625][T17081] usb 3-1: Manufacturer: syz
[ 1626.644632][T17081] usb 3-1: SerialNumber: syz
[ 1626.932229][T17081] usb 3-1: 0:2 : does not exist
[ 1626.984835][T17081] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[ 1627.070547][T17081] usb 3-1: USB disconnect, device number 23
[ 1627.158397][T17122] udevd[17122]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1628.920411][T17282] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2849'.
[ 1634.444890][   T37] audit: type=1326 audit(1566.346:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17317 comm="syz.3.2861" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f419123eba9 code=0x0
[ 1636.793950][T17336] Can't find ip_set type hash
[ 1642.435798][T17398] 9pnet_fd: Insufficient options for proto=fd
[ 1648.172791][T14794] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1659.034016][ T5850] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1660.096490][T17523] lo speed is unknown, defaulting to 1000
[ 1660.222390][ T5850] usb 2-1: New USB device found, idVendor=2001, idProduct=b301, bcdDevice=45.a9
[ 1660.222420][ T5850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1660.222438][ T5850] usb 2-1: Product: syz
[ 1660.222451][ T5850] usb 2-1: Manufacturer: syz
[ 1660.222465][ T5850] usb 2-1: SerialNumber: syz
[ 1660.338013][ T5850] r8152-cfgselector 2-1: Unknown version 0x0000
[ 1660.338040][ T5850] r8152-cfgselector 2-1: config 0 descriptor??
[ 1660.341531][ T5850] r8152 2-1:0.0: Expected endpoints are not found
[ 1663.402309][ T5850] r8152-cfgselector 2-1: USB disconnect, device number 6
[ 1674.139096][T14916] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1675.037032][T14916] usb 3-1: Using ep0 maxpacket: 16
[ 1675.948887][ T9939] Bluetooth: hci2: command 0x0406 tx timeout
[ 1677.133551][T17604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1677.136920][T17604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1677.215348][T17604] delete_channel: no stack
[ 1677.217208][T14916] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1677.218511][T14916] usb 3-1: unable to read config index 0 descriptor/start: -71
[ 1677.218532][T14916] usb 3-1: can't read configurations, error -71
[ 1678.570266][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1678.570311][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1691.146263][T17694] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[ 1693.745587][ T1737] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[ 1694.636618][T17716] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2966'.
[ 1697.124236][T17739] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1697.146533][T17734] syzkaller0: entered promiscuous mode
[ 1697.146561][T17734] syzkaller0: entered allmulticast mode
[ 1699.382588][T17739] tipc: Resetting bearer <eth:syzkaller0>
[ 1699.711608][T17731] tipc: Resetting bearer <eth:syzkaller0>
[ 1700.707909][T17731] tipc: Disabling bearer <eth:syzkaller0>
[ 1701.164657][T17772] tmpfs: Bad value for 'mpol'
[ 1724.852471][   T44] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[ 1730.588093][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1730.958454][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1731.707506][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.117844][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.267955][T17928] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3018'.
[ 1732.293750][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.523037][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1732.818289][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1733.052296][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1733.749629][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1734.102876][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1734.175532][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1735.202117][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1744.263382][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1744.263456][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1751.081260][T18018] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[ 1751.081260][T18018]    program syz.2.3042 not setting count and/or reply_len properly
[ 1754.094383][T18035] Invalid source name
[ 1754.094400][T18035] UBIFS error (pid: 18035): cannot open "ubifs", error -22
[ 1758.096428][T18055] gfs2: not a GFS2 filesystem
[ 1764.498052][T17985] syz.8.3033 (17985): drop_caches: 2
[ 1770.577788][ T9939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1770.602425][ T9939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1770.624641][ T9939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1770.661553][ T9939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1770.671896][ T9939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1770.958666][ T9939] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1770.972371][ T9939] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1770.993378][ T9939] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1771.973553][ T9939] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1771.979730][ T9939] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1772.064636][T18100] lo speed is unknown, defaulting to 1000
[ 1772.941718][T15089] Bluetooth: hci3: command tx timeout
[ 1774.195598][T18104] lo speed is unknown, defaulting to 1000
[ 1774.213980][T15089] Bluetooth: hci5: command tx timeout
[ 1775.775900][T15089] Bluetooth: hci3: command tx timeout
[ 1776.596942][ T9939] Bluetooth: hci5: command tx timeout
[ 1779.248488][T15089] Bluetooth: hci3: command tx timeout
[ 1779.248521][T15089] Bluetooth: hci5: command tx timeout
[ 1781.732447][T15089] Bluetooth: hci5: command tx timeout
[ 1781.732474][T15089] Bluetooth: hci3: command tx timeout
[ 1783.931645][T14794] Bluetooth: hci5: command 0x0405 tx timeout
[ 1784.117340][T18161] kvm: kvm [18160]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x890000fdb1
[ 1784.117394][T18161] kvm: kvm [18160]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x890000bdb1
[ 1785.253016][   T37] audit: type=1804 audit(2220.412:165): pid=18176 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.3.3080" name="/newroot/76/file0" dev="tmpfs" ino=408 res=1 errno=0
[ 1785.463953][T18104] chnl_net:caif_netlink_parms(): no params data found
[ 1787.621267][T14594] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1792.300961][T14594] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1792.513038][T18100] chnl_net:caif_netlink_parms(): no params data found
[ 1797.154420][T18237] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3094'.
[ 1799.218362][T14594] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1805.787384][T14594] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1806.061765][T18104] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1806.061847][T18104] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1806.062049][T18104] bridge_slave_0: entered allmulticast mode
[ 1806.063688][T18104] bridge_slave_0: entered promiscuous mode
[ 1807.167004][T18104] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1807.167086][T18104] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1807.167272][T18104] bridge_slave_1: entered allmulticast mode
[ 1807.171010][T18104] bridge_slave_1: entered promiscuous mode
[ 1809.655811][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1809.655884][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1810.480592][T18289] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1810.482145][T18289] overlayfs: "xino" feature enabled using 2 upper inode bits.
[ 1810.903658][T18104] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1811.085443][T18100] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1811.085588][T18100] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1811.086396][T18100] bridge_slave_0: entered allmulticast mode
[ 1811.089179][T18100] bridge_slave_0: entered promiscuous mode
[ 1811.132101][T18104] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1811.327688][T18100] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1811.327831][T18100] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1811.328050][T18100] bridge_slave_1: entered allmulticast mode
[ 1811.331142][T18100] bridge_slave_1: entered promiscuous mode
[ 1811.499934][T18296] afs: Unknown parameter 'dynkaller'
[ 1812.202756][T18104] team0: Port device team_slave_0 added
[ 1812.272787][T17081] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1812.422347][T17081] usb 3-1: device descriptor read/64, error -71
[ 1812.568268][T18104] team0: Port device team_slave_1 added
[ 1812.583813][T18100] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1812.736981][T17081] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[ 1813.993694][T17081] usb 3-1: device descriptor read/64, error -71
[ 1814.098700][T18100] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1814.113667][T17081] usb usb3-port1: attempt power cycle
[ 1815.383427][T17081] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1815.438539][T17081] usb 3-1: device descriptor read/8, error -71
[ 1815.907736][T17081] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 1817.245136][T18104] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1817.245147][T18104] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1817.246037][T18104] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1818.638939][T18104] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1818.638952][T18104] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1818.638967][T18104] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1818.691357][T18100] team0: Port device team_slave_0 added
[ 1819.146166][T18334] Invalid logical block size (8192)
[ 1819.933167][T18100] team0: Port device team_slave_1 added
[ 1821.397884][T17081] usb 3-1: device descriptor read/8, error -110
[ 1822.457532][T17081] usb usb3-port1: unable to enumerate USB device
[ 1822.642401][T14594] bridge_slave_1: left allmulticast mode
[ 1822.642433][T14594] bridge_slave_1: left promiscuous mode
[ 1822.642686][T14594] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1822.912506][T14594] bridge_slave_0: left allmulticast mode
[ 1822.912539][T14594] bridge_slave_0: left promiscuous mode
[ 1822.912834][T14594] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1823.742251][T18354] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1823.742282][T18354] overlayfs: failed to set xattr on upper
[ 1823.742290][T18354] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1823.742299][T18354] overlayfs: ...falling back to index=off.
[ 1823.742306][T18354] overlayfs: ...falling back to uuid=null.
[ 1823.742323][T18354] overlayfs: maximum fs stacking depth exceeded
[ 1829.249207][T18373] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR
[ 1829.344536][ T9939] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1829.499384][ T9939] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1829.505089][ T9939] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1829.523999][ T9939] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1829.530679][ T9939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1831.785466][T14794] Bluetooth: hci0: command tx timeout
[ 1833.962403][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1833.995905][T14794] Bluetooth: hci0: command tx timeout
[ 1834.591982][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1834.875394][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1835.391482][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1836.777015][T14794] Bluetooth: hci0: command tx timeout
[ 1837.315643][T14794] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1837.359389][T14794] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1837.361840][T14794] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1837.368777][T14794] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1837.370498][T14794] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1838.989375][T14794] Bluetooth: hci0: command tx timeout
[ 1840.892490][T14794] Bluetooth: hci6: command tx timeout
[ 1841.498361][T18425] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3139'.
[ 1843.660627][T14794] Bluetooth: hci6: command tx timeout
[ 1845.883761][T14794] Bluetooth: hci6: command tx timeout
[ 1846.905331][T18441] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3144'.
[ 1848.260888][T14794] Bluetooth: hci6: command tx timeout
[ 1849.973145][T18452] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1851.399520][T18459] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1856.819155][T14594] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1856.913447][T14594] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1857.167605][T14594] bond0 (unregistering): Released all slaves
[ 1861.494496][T18376] lo speed is unknown, defaulting to 1000
[ 1861.626008][T18508] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3158'.
[ 1861.626147][T18508] openvswitch: netlink: Flow key attr not present in new flow.
[ 1862.821555][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1862.951952][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1863.405103][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1863.684897][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1863.922760][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1864.666415][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1864.848661][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1864.972982][T18407] lo speed is unknown, defaulting to 1000
[ 1865.315184][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1866.130808][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1866.356602][T14594] hsr_slave_0: left promiscuous mode
[ 1866.400650][T14594] hsr_slave_1: left promiscuous mode
[ 1866.403223][T14594] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1866.403252][T14594] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1866.456055][T14594] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1866.456085][T14594] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1866.843863][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1867.044600][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1867.260933][T14594] veth1_macvtap: left promiscuous mode
[ 1867.292396][T14594] veth0_macvtap: left promiscuous mode
[ 1867.337484][T14594] veth1_vlan: left promiscuous mode
[ 1867.397448][T14594] veth0_vlan: left promiscuous mode
[ 1867.545368][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1874.112403][T18575] overlayfs: failed to clone upperpath
[ 1875.310668][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1875.310714][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1876.357282][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1876.638907][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1876.831777][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1877.111159][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1877.140442][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1877.638669][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1878.995845][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1879.079177][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1879.331022][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1880.517832][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1880.897883][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1883.603695][T18635] overlayfs: failed to clone upperpath
[ 1888.370850][T18661] binder: BC_ATTEMPT_ACQUIRE not supported
[ 1888.370916][T18661] binder: 18658:18661 ioctl c0306201 2000000001c0 returned -22
[ 1888.507244][T18661] delete_channel: no stack
[ 1895.493772][ T9939] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1895.501329][ T9939] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1895.526130][ T9939] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1895.557484][ T9939] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1895.627757][ T9939] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1900.075002][T14794] Bluetooth: hci3: command tx timeout
[ 1903.945977][ T9939] Bluetooth: hci3: command tx timeout
[ 1904.251791][T10365] Oops: general protection fault, probably for non-canonical address 0xdffffc000000006a: 0000 [#1] SMP KASAN PTI
[ 1904.251812][T10365] KASAN: null-ptr-deref in range [0x0000000000000350-0x0000000000000357]
[ 1904.251840][T10365] CPU: 1 UID: 0 PID: 10365 Comm: kworker/1:9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1904.251861][T10365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1904.251872][T10365] Workqueue: events l2cap_info_timeout
[ 1904.251907][T10365] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1904.251933][T10365] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 c0 0b dd 08 cc 66 66 66 66 66 66 2e
[ 1904.251947][T10365] RSP: 0018:ffffc90003bff7a8 EFLAGS: 00010206
[ 1904.251961][T10365] RAX: dffffc0000000000 RBX: ffffffff88d7b46e RCX: 05aadf8b73a04b00
[ 1904.251975][T10365] RDX: 0000000000000000 RSI: ffffffff88d7b46e RDI: 000000000000006a
[ 1904.251987][T10365] RBP: ffffffff8a00fa75 R08: 0000000000000001 R09: 0000000000000000
[ 1904.251997][T10365] R10: dffffc0000000000 R11: ffffffff8a00fa30 R12: 0000000000000000
[ 1904.252009][T10365] R13: 0000000000000350 R14: 0000000000000350 R15: 0000000000000001
[ 1904.252020][T10365] FS:  0000000000000000(0000) GS:ffff8881269bd000(0000) knlGS:0000000000000000
[ 1904.252034][T10365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1904.252046][T10365] CR2: 00005575d45bea38 CR3: 0000000055cc0000 CR4: 00000000003526f0
[ 1904.252062][T10365] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005
[ 1904.252073][T10365] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1904.252084][T10365] Call Trace:
[ 1904.252090][T10365]  <TASK>
[ 1904.252097][T10365]  __kasan_check_byte+0x12/0x40
[ 1904.252124][T10365]  lock_acquire+0x8d/0x360
[ 1904.252145][T10365]  ? __cancel_work+0x25e/0x2e0
[ 1904.252172][T10365]  lock_sock_nested+0x3e/0x130
[ 1904.252193][T10365]  ? l2cap_sock_ready_cb+0x45/0x140
[ 1904.252212][T10365]  l2cap_sock_ready_cb+0x45/0x140
[ 1904.252230][T10365]  l2cap_conn_start+0x76d/0xe50
[ 1904.252256][T10365]  ? __pfx_l2cap_conn_start+0x10/0x10
[ 1904.252277][T10365]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1904.252302][T10365]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1904.252325][T10365]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1904.252349][T10365]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1904.252377][T10365]  ? mutex_lock_nested+0x154/0x1d0
[ 1904.252395][T10365]  ? l2cap_info_timeout+0x60/0xa0
[ 1904.252418][T10365]  l2cap_info_timeout+0x68/0xa0
[ 1904.252439][T10365]  ? process_scheduled_works+0x9ef/0x17b0
[ 1904.252460][T10365]  process_scheduled_works+0xade/0x17b0
[ 1904.252501][T10365]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1904.252528][T10365]  worker_thread+0x8a0/0xda0
[ 1904.252559][T10365]  kthread+0x70e/0x8a0
[ 1904.252585][T10365]  ? __pfx_worker_thread+0x10/0x10
[ 1904.252605][T10365]  ? __pfx_kthread+0x10/0x10
[ 1904.252630][T10365]  ? __pfx_kthread+0x10/0x10
[ 1904.252653][T10365]  ret_from_fork+0x439/0x7d0
[ 1904.252676][T10365]  ? __pfx_ret_from_fork+0x10/0x10
[ 1904.252698][T10365]  ? __switch_to_asm+0x39/0x70
[ 1904.252715][T10365]  ? __switch_to_asm+0x33/0x70
[ 1904.252730][T10365]  ? __pfx_kthread+0x10/0x10
[ 1904.252753][T10365]  ret_from_fork_asm+0x1a/0x30
[ 1904.252775][T10365]  </TASK>
[ 1904.252785][T10365] Modules linked in:
[ 1904.252801][T10365] ---[ end trace 0000000000000000 ]---
[ 1904.252837][T10365] RIP: 0010:kasan_byte_accessible+0x12/0x30
[ 1904.252869][T10365] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 c0 0b dd 08 cc 66 66 66 66 66 66 2e
[ 1904.252906][T10365] RSP: 0018:ffffc90003bff7a8 EFLAGS: 00010206
[ 1904.252950][T10365] RAX: dffffc0000000000 RBX: ffffffff88d7b46e RCX: 05aadf8b73a04b00
[ 1904.252989][T10365] RDX: 0000000000000000 RSI: ffffffff88d7b46e RDI: 000000000000006a
[ 1904.253025][T10365] RBP: ffffffff8a00fa75 R08: 0000000000000001 R09: 0000000000000000
[ 1904.253036][T10365] R10: dffffc0000000000 R11: ffffffff8a00fa30 R12: 0000000000000000
[ 1904.274094][T10365] R13: 0000000000000350 R14: 0000000000000350 R15: 0000000000000001
[ 1904.274115][T10365] FS:  0000000000000000(0000) GS:ffff8881269bd000(0000) knlGS:0000000000000000
[ 1904.274129][T10365] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1904.274142][T10365] CR2: 00005575d45bea38 CR3: 0000000055cc0000 CR4: 00000000003526f0
[ 1904.274158][T10365] DR0: ffffffffffffffff DR1: 0000000000000047 DR2: 0000000000000005
[ 1904.274172][T10365] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1904.274185][T10365] Kernel panic - not syncing: Fatal exception
[ 1904.274498][T10365] Kernel Offset: disabled