last executing test programs:

5m27.979388308s ago: executing program 3 (id=120):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='afs_dir_check_failed\x00', 0xffffffffffffffff, 0x0, 0x200}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newtaction={0x130, 0x30, 0xffff, 0x0, 0x0, {}, [{0x11c, 0x1, [@m_ife={0x118, 0x1, 0x0, 0x0, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x1}}}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_TCINDEX={0x6}]}, @TCA_IFE_METALST={0x44, 0x6, [@IFE_META_SKBMARK={0x8, 0x1, @val=0x8}, @IFE_META_TCINDEX={0x32, 0x5, @val=0x3}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x8}, @IFE_META_PRIO={0x4, 0x3, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x3921}, @IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_PRIO={0x0, 0x3, @void}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x9}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x2510}]}, @TCA_IFE_PARMS={0x1c, 0x1, {{0x5, 0xc6a, 0x4, 0x200, 0x3}, 0x1}}, @TCA_IFE_SMAC={0xa}, @TCA_IFE_TYPE={0x6, 0x5, 0x51}, @TCA_IFE_METALST={0x1c, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}, @IFE_META_TCINDEX={0x6, 0x5, @val=0x500a}, @IFE_META_PRIO={0x8, 0x3, @val=0x3}, @IFE_META_TCINDEX={0x4, 0x5, @void}]}, @TCA_IFE_SMAC={0xa, 0x4, @multicast}, @TCA_IFE_SMAC={0xa, 0x4, @remote}, @TCA_IFE_PARMS={0x1c, 0x1, {{0xc3, 0x7ff, 0x7, 0x8000, 0x80}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x130}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000540)=0x9)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000180)=0x3)
ioctl$TIOCSTI(r4, 0x5412, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7e)
close_range(r3, 0xffffffffffffffff, 0x0)

5m26.089672726s ago: executing program 3 (id=124):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0xffffffffffffff45)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)}, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, 0x0, &(0x7f0000000040))
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace(0x10, 0x1)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)=0x80000003)
r4 = socket$inet6(0xa, 0x2, 0x3a)
setsockopt$inet6_int(r4, 0x29, 0x31, &(0x7f0000000100)=0xffff, 0x4)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x1f, 0x6, 0x4e0, 0x2e8, 0x1f0, 0xd0, 0x408, 0x0, 0x500, 0x500, 0x500, 0x500, 0x500, 0x6, 0x0, {[{{@ipv6={@mcast1, @remote, [0xffffffff, 0x0, 0xff000000, 0xffffff00], [0xff, 0xff, 0xff000000], 'gre0\x00', 'veth1_virt_wifi\x00', {}, {}, 0x1, 0x2, 0x4, 0x20}, 0x0, 0xa8, 0xd0}, @common=@unspec=@AUDIT={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x31}, @private1, [0x0, 0xffffffff, 0xffffffff, 0xffffffff], [], 'macvlan1\x00', 'veth0_to_bridge\x00', {0xff}, {}, 0x33, 0x6, 0x4, 0xd}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x1, 0x18}}}, {{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffff00, 0xff, 0x0, 0xffffffff], [0x0, 0xffffffff], 'tunl0\x00', 'bond_slave_0\x00', {}, {0xff}, 0x2f, 0xb, 0x0, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28, 'NFQUEUE\x00', 0x0, {0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x3, 0xfa}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
sendto$inet6(r4, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x0, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r5 = dup2(r3, r3)
read$FUSE(r5, &(0x7f00000063c0)={0x2020}, 0x2020)
socket$netlink(0x10, 0x3, 0x4)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
syz_io_uring_setup(0x5ade, &(0x7f0000000300)={0x0, 0xe34f, 0x10100}, 0x0, &(0x7f0000000080)=<r7=>0x0)
syz_io_uring_submit(0x0, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r6, 0x80, &(0x7f0000000200)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x4, 0x100001, 0x4, 0xfffffffe, {0xa, 0x4e23, 0x7, @dev={0xfe, 0x80, '\x00', 0x39}, 0x101}}}})

5m21.601466337s ago: executing program 3 (id=132):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000480)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000004)
r4 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000480), 0x4)
recvmmsg(r4, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000001d80)=""/152, 0x98}], 0x1, &(0x7f0000001fc0)=""/67, 0x43}, 0x1}], 0x1, 0x2002, 0x0)
sendmsg$tipc(r4, &(0x7f0000000200)={&(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x4}}, 0x10, &(0x7f0000000380)=[{&(0x7f00000004c0)="e8", 0x1}], 0x1, 0x0, 0x0, 0x10}, 0x4800)
syz_io_uring_submit(r2, r3, 0x0)
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x82e, 0x0, &(0x7f0000000380), 0x0)
openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x87, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56e, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x2}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x4, 0x6}}}}}]}}]}}, 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r6, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r6, 0x802)

5m17.186364769s ago: executing program 3 (id=139):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
fsopen(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113b00000000008510000002000000e73113b47e43929ccf01dcdbfc119500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
fchdir(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$vim2m(&(0x7f0000000340), 0x0, 0x2)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = dup(r3)
ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001b00)={0x2, {0x2, 0x13d, 0x0, 0x8, 0x1001}})
renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00')
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000005c0)={0x3, 0x2, 0x2, "0d159fe28bdca5a7951c5861adf99c93ee60aa816c78b6ef1a82e45b0ec1eb6e", 0x3147504d})
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fchdir(r2)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x2c, 0x2, 0x6, 0x1, 0x6000006, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x2c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
dup(0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04070620"], 0x7)
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000240)={{&(0x7f0000b64000/0x4000)=nil, 0x4000}})

5m13.264623737s ago: executing program 3 (id=141):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = creat(0x0, 0x0)
syz_emit_vhci(0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r2, 0x0, 0x3}}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
ioctl$CEC_S_MODE(r4, 0x40046109, &(0x7f0000000300)=0xd0)
r5 = semget$private(0x0, 0x207, 0x53)
write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000280)={0x7, 0x8, 0xfa00, {r2, 0x5}}, 0x10)
semctl$GETALL(r5, 0x0, 0xd, &(0x7f0000000040)=""/119)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r6, 0xc020aa08, 0x0)
ioctl$UFFDIO_COPY(r6, 0xc028aa05, &(0x7f00000000c0)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3})
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f00000000c0)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0x3e)

5m11.829375705s ago: executing program 3 (id=146):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001a000100000000000000000002000000000000000000000008000100ac1414aa080002006401010108000300", @ANYRES32=r5], 0x34}}, 0x50)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xff7f, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b04000023dc5ad93c5c2b7b0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500160003000000080004"], 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x0)

4m55.111047s ago: executing program 32 (id=146):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0xa, 0x3, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000300)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001a000100000000000000000002000000000000000000000008000100ac1414aa080002006401010108000300", @ANYRES32=r5], 0x34}}, 0x50)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xff7f, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010004b04000023dc5ad93c5c2b7b0000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800500160003000000080004"], 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x0)

3m34.88320339s ago: executing program 1 (id=255):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
umount2(0x0, 0x7)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@dev, 0x0, 0x2}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
recvmmsg(r1, &(0x7f00000033c0)=[{{0x0, 0x0, &(0x7f0000000080)}, 0x9}, {{&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f00000008c0)=[{&(0x7f00000003c0)=""/154, 0x9a}, {&(0x7f0000000480)=""/78, 0x4e}, {&(0x7f0000000500)=""/133, 0x85}, {&(0x7f00000005c0)=""/138, 0x8a}, {&(0x7f0000000680)=""/222, 0xde}, {&(0x7f0000000780)=""/171, 0xab}, {&(0x7f0000000840)=""/101, 0x65}], 0x7, &(0x7f0000000940)=""/107, 0x6b}, 0x5}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000009c0)=""/244, 0xf4}, {&(0x7f0000000ac0)=""/199, 0xc7}, {&(0x7f0000000bc0)=""/241, 0xf1}, {&(0x7f0000000cc0)=""/161, 0xa1}], 0x4, &(0x7f0000000340)=""/28, 0x1c}, 0x2}, {{&(0x7f0000000d80)=@alg, 0x80, &(0x7f0000000f80)=[{&(0x7f0000000e00)=""/41, 0x29}, {&(0x7f0000000e40)=""/41, 0x29}, {&(0x7f0000000e80)=""/132, 0x84}, {&(0x7f0000000f40)=""/12, 0xc}], 0x4, &(0x7f0000000fc0)=""/171, 0xab}, 0x5}, {{&(0x7f0000001080)=@in6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000002340)=[{&(0x7f0000001100)=""/39, 0x27}, {&(0x7f0000001140)=""/7, 0x7}, {&(0x7f0000001180)=""/4096, 0x1000}, {&(0x7f0000002180)=""/72, 0x48}, {&(0x7f0000002200)=""/57, 0x39}, {&(0x7f0000002240)=""/198, 0xc6}], 0x6, &(0x7f00000023c0)=""/4096, 0x1000}, 0x528a}], 0x5, 0x1, &(0x7f0000003500)={0x0, 0x3938700})
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
unshare(0x400)
r3 = socket(0x2, 0x80805, 0x0)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
clock_gettime(0x0, 0x0)
pselect6(0x40, &(0x7f0000000080)={0x1000000000000000, 0x7, 0x7, 0x3, 0x7, 0xffff, 0x9, 0xc}, &(0x7f0000003540)={0x2, 0x6, 0x8000000000000000, 0x1, 0x4, 0x2, 0x401, 0x6}, &(0x7f0000003580)={0xb, 0x4, 0xf95, 0x29, 0x5, 0x9, 0x10001, 0x2c}, &(0x7f0000003600), &(0x7f0000003680)={&(0x7f0000003640)={[0x1]}, 0x8})
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6f}, 0x2c)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r6, 0x800448d7, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa014101, 0x4e21, 0x3, 'nq\x00', 0x4, 0x3, 0x10075}, {@rand_addr=0x64010102, 0x4e1f, 0x0, 0x4, 0x13d5f, 0x7}}, 0x44)
ioctl$FS_IOC_GETFSLABEL(r2, 0x400452c8, &(0x7f0000000100))

3m31.604713445s ago: executing program 1 (id=257):
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00', @ANYRES64=r1, @ANYRES64=r0], 0x3c}, 0x1, 0x0, 0x0, 0x4090}, 0x40084)
ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
io_uring_setup(0x28f0, &(0x7f0000000340)={0x0, 0x7695, 0x2, 0x0, 0x260})
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000)
ioctl$CEC_S_MODE(0xffffffffffffffff, 0x40046109, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
getpgid(0x0)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$cgroup_devices(r4, &(0x7f0000000080)=ANY=[@ANYBLOB='b *:'], 0x47)
r5 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
clock_settime(0x5, &(0x7f0000000300)={0x0, 0x3938700})
ioctl$DRM_IOCTL_MODE_ADDFB2(r5, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x3231564e, 0x3, [0x2], [0x80ffff], [], [0x400000000000001]})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r7 = openat$cgroup_devices(r6, &(0x7f00000001c0)='devices.deny\x00', 0x2, 0x0)
splice(r3, 0x0, r7, 0x0, 0x8, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r8)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r9, 0x0)
syz_emit_ethernet(0x5a, &(0x7f00000000c0)=ANY=[@ANYRES32=r9, @ANYRES32=0x41424344, @ANYBLOB="90c20000907800001e0aa500ac1414aa00001e041f400000"], 0x0)

3m29.439110478s ago: executing program 1 (id=262):
socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv0\x00'})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4054)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000bc0), r1)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)={0x14, r2, 0x301, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x800)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r1)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000380)=@ethtool_drvinfo={0x33, "a4c3eabfbc4a051fc8f66eedf1c6676b4e9ac471123ee41b102a78284f881840", "c493c69907ac61ee57f3ff6656218f8c880cab0b7f5f977f29b54144914986b5", "7795433781033bb967429b7c68c2566066943f3a566d7fd05557583a535a3b9e", "cba936683f411a1265d9ffb369dbe16de72fd8ee91c60f531196c136add25f43", "3fda464b4ffcb83f5c89e20fe8814b4e26bb81519905d65c5a0ae43be09d9f7b", "9900255a099270427859ce54", 0x43dd5e67, 0x9, 0x4, 0x5, 0xfffffffe}})
openat$zero(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r5, 0x4040ae77, 0x0)
ioctl$KVM_SET_PIT2(r5, 0x4070aea0, &(0x7f0000000300)={[{0x0, 0x8000, 0xe0, 0x3, 0x0, 0xb, 0x4, 0x1, 0x0, 0x2, 0x3, 0x5, 0x7c}, {0x0, 0x0, 0xff, 0xff, 0x4, 0xfe, 0x81, 0x0, 0x20, 0x2, 0x0, 0x4}, {0x7, 0x0, 0x0, 0x11, 0x8, 0x9, 0xf8, 0x2, 0xfd, 0xfd, 0x0, 0x0, 0xe0ee}], 0x7})
ioperm(0x0, 0x5, 0x6)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r6 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0)
fcntl$setlease(r6, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x183203, 0x0)
fcntl$setlease(r6, 0x400, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x4, &(0x7f0000000000)=@framed={{}, [@exit]}, &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3m24.566560923s ago: executing program 1 (id=266):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = syz_open_dev$media(&(0x7f0000000140), 0x4, 0x200)
preadv2(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/113, 0x71}, {0x0}], 0x2, 0x7, 0x1, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
close(0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
llistxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)=""/227, 0xe3)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r10=>0x0})
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_QOS_MAP(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="110c2dbd7000fedbdf256800000008000300", @ANYRES32=r10, @ANYBLOB="1400c7000707"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r6, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x90}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0002fbbd7000fedbdd2dded621e8bb00037f", @ANYRES32=r10, @ANYBLOB="0c00990005000000210000000e003300d4000a0008021100000000000400670004006700"], 0x40}, 0x1, 0x0, 0x0, 0x44000}, 0x440c5)
syz_open_dev$usbmon(&(0x7f0000000040), 0x5b, 0x2340)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f1ff0000000071103300000000001d300500000000004704000001ed00000f030000000000001d44000000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, r5, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

3m19.009818795s ago: executing program 1 (id=272):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x9}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(r0, 0x8, &(0x7f00000001c0)=0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
shutdown(r2, 0x0)
write(r2, 0x0, 0x0)
r3 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r4 = socket$kcm(0x10, 0x2, 0x0)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r5, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
bind$bt_rfcomm(r3, &(0x7f0000000080)={0x1f, @none, 0xff}, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="00fbcf0026d4ef363b108b3b00060000000300000400000000", @ANYRES32, @ANYBLOB="0200"/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000065e9b587177598448d0606aefdfa49e4c5cccc71e4994d2593bae01fed740dff3ee3f00124c433841272c3d1d3c14adc2bb1eef542a2cef39dd85848427221884d14e9ead18548b02551091420b1f0d1e041704589a"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000007"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x10)
connect$bt_rfcomm(r3, &(0x7f00000000c0)={0x1f, @none, 0x6}, 0xa)

3m14.923082863s ago: executing program 1 (id=275):
fsopen(0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), 0x0)

2m59.570220073s ago: executing program 33 (id=275):
fsopen(0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$igmp(0x2, 0x3, 0x2)
migrate_pages(r0, 0xa94b, &(0x7f0000000b80), 0x0)

7.174470858s ago: executing program 2 (id=863):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @local=@item_4={0x3, 0x2, 0x0, "53743ff6"}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @global=@item_4={0x3, 0x1, 0x5, "a90da1f6"}, @local=@item_4={0x3, 0x2, 0x0, "00000400"}]}}, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000100)=""/101)

4.489575269s ago: executing program 2 (id=886):
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x2a020400)
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x3, @local, 'geneve0\x00'}}, 0x1e)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000002c0), 0x80200, 0x0)
ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000100)=0x1)
ioctl$PPPIOCCONNECT(r1, 0x4004743a, &(0x7f0000000280)=0x2000)

4.20654092s ago: executing program 2 (id=888):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

3.590029443s ago: executing program 6 (id=892):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x200, 0x10001, 0xffffffffffffffff, 0x8, 0x2000004, 0x200, 0x4, 0x2c, 0x7fffffff, 0x1})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r2, 0xc0984124, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2})

3.378508595s ago: executing program 5 (id=894):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x3f}, @TCA_FLOWER_KEY_CT_STATE_MASK={0x6, 0x5c, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x14004801}, 0x800)

3.001442821s ago: executing program 5 (id=898):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50)
sendto$inet(r0, &(0x7f0000000580)="e1", 0xfffffffffffffef1, 0x40000, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
recvmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000800)=""/140, 0x8c}], 0x1}, 0x10000)

2.570007606s ago: executing program 0 (id=901):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
ioctl$SIOCSIFHWADDR(r1, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602ab1100000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

2.548883388s ago: executing program 6 (id=902):
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x8, 0x0, 0x42000}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c0000001400", @ANYRES16=r0], 0x28}}, 0x0)

2.282543777s ago: executing program 6 (id=903):
modify_ldt$write(0x1, &(0x7f0000000080)={0x800}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1f075, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x10000, @void, @value}, 0x94)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0))
ptrace$cont(0x20, r0, 0xfffffffffffffffa, 0x8)

2.282161861s ago: executing program 2 (id=904):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x8, 0x800000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f0000000080)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x74, &(0x7f0000000480)={r2, 0xfffe, 0x30, 0x20000000000005, 0x3b0000}, &(0x7f00000009c0)=0x18)

2.080282014s ago: executing program 0 (id=906):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x25)
setresuid(0xee01, 0xee01, 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
sync()
chdir(&(0x7f0000000080)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)

2.030024138s ago: executing program 5 (id=907):
socket$inet6_tcp(0xa, 0x1, 0x0)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x40)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)=@deltfilter={0xc80, 0x2d, 0x4, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xffff}, {0x4, 0xb}, {0xc, 0x15b148abc9f65b57}}, [@TCA_CHAIN={0x8, 0xb, 0xff}, @filter_kind_options=@f_basic={{0xa}, {0xc48, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x0, 0x2}}, @TCA_BASIC_POLICE={0xc38, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x7, 0x4, 0x0, 0xc57, 0xd00, 0x7, 0x8, 0xa5, 0xfff, 0xd7, 0x40, 0x7fffffff, 0x6, 0x4, 0x5, 0xc, 0x8, 0xffffff22, 0x7, 0xa53, 0x1, 0x5, 0xffffffff, 0x5, 0xffffffff, 0x9, 0x3, 0xffffffff, 0x5bca, 0x4, 0x1, 0xf, 0x4, 0x3, 0xe59, 0x401, 0x3, 0x2, 0x8, 0x3, 0x4fee, 0x6, 0xff, 0x8, 0xfffffff8, 0x0, 0x0, 0x3, 0x4d4, 0x6, 0x7ff, 0x8, 0x79, 0xd, 0x40, 0x4, 0x4, 0x98, 0x72ab, 0x7ff, 0x4, 0x7f, 0x4, 0x3, 0x1000, 0x1, 0x8, 0x100, 0xe, 0xfffffff8, 0xba8a, 0x10, 0x79, 0x800, 0x3, 0x3, 0x3, 0x80, 0xe, 0x2, 0x6401, 0x5636, 0x3, 0x1ff, 0x15a, 0x8c0, 0x4, 0xfffffffd, 0x2, 0x7f, 0x5, 0x4, 0x6, 0x8000, 0x5cd6, 0x1, 0x5, 0x1, 0x4, 0xe, 0x7f, 0x9, 0x3ad9, 0xf4, 0x10000, 0x8, 0x1, 0x5, 0x8a, 0xa1d3, 0x1, 0x10, 0x4, 0x7f, 0x3, 0xffff, 0x4, 0x3, 0x5, 0xffffffff, 0x80000000, 0xfe, 0x8, 0x200, 0x2, 0x7, 0xffff, 0x9, 0x4, 0xfffffff9, 0x2, 0x80000000, 0x1ff, 0x80, 0x6, 0x2, 0xb0, 0x1, 0x30000000, 0x14b1, 0x1, 0x0, 0x401, 0x9, 0xe7, 0x38, 0x80000000, 0x8, 0x401, 0x101, 0x1, 0x5, 0x6, 0x6, 0x8, 0xfffffffb, 0x4, 0x80, 0x79b, 0x7, 0x6, 0x5f, 0xa21, 0x9, 0x4, 0x788c, 0x800, 0x2, 0x8, 0x5, 0x7, 0x401, 0x3, 0xfffffff7, 0x0, 0xff, 0x7, 0x4, 0x7, 0x6, 0x7, 0x678d, 0x9, 0x1000, 0x1, 0x8f, 0x3, 0x9, 0xffff, 0x2, 0x9, 0x80000001, 0x4fc, 0x10000, 0x2, 0x7ff, 0x9, 0xa4d9, 0x3379, 0x7, 0x7, 0x4, 0x7, 0xbd6e, 0x7, 0x0, 0x3, 0x4, 0x7f, 0x7, 0x5, 0x2, 0x3, 0x7, 0x5, 0x0, 0x5fb2, 0xee, 0x7fff, 0x3, 0x2, 0x2cf, 0x99f1, 0x8001, 0x200, 0x8000, 0x8001, 0x40, 0x2, 0x4, 0x1, 0x2, 0xa, 0x1, 0x2906, 0xc, 0x8, 0x20000, 0x6, 0x0, 0x8, 0x200, 0x2, 0x2, 0x4, 0x5, 0x9, 0xd, 0x8, 0x2, 0x1, 0x3, 0x2, 0x8, 0x800, 0xe14]}, @TCA_POLICE_RESULT={0x8, 0x5, 0x3}, @TCA_POLICE_RATE={0x404, 0x2, [0x6, 0xe, 0x8250, 0x2, 0x10000, 0x0, 0xa8, 0x0, 0x42, 0x1b72c677, 0x3, 0x0, 0xbbc5, 0x9, 0x9, 0x4, 0x80000000, 0xa3e1, 0x51, 0x401, 0xfff, 0x18000, 0x7, 0x4, 0xffffffff, 0xb47ba403, 0x9, 0x7, 0x0, 0x0, 0x6, 0x1, 0xfffffff8, 0x7fff, 0x8e, 0x5, 0x3, 0x5, 0x5, 0x6, 0x9, 0x1, 0x2, 0x7, 0x6, 0x6, 0x2, 0x8000, 0x0, 0x6, 0x100, 0x401, 0x7, 0x23ec1cd8, 0x43a70a62, 0x3, 0x8, 0x10000, 0x3, 0x9, 0x1, 0x33b4, 0x3, 0x100, 0x7, 0x3, 0x9, 0x41, 0x0, 0x0, 0x9, 0xff, 0xe, 0x8000, 0x2, 0x2, 0x7, 0x4, 0x8f8, 0xe, 0x8, 0x80000000, 0xfffffff9, 0x8, 0xfff, 0x7, 0x3, 0x26, 0x5, 0x7, 0x8, 0xffffffff, 0xc, 0x10000, 0x3, 0x2, 0x90, 0x6, 0xffffffff, 0x8, 0x101, 0x3, 0x80000001, 0x8, 0x5, 0x1bc3, 0x3, 0x8, 0x0, 0x101, 0xc0a, 0x5, 0x80000000, 0xfffffffe, 0x24d7ebbb, 0x8, 0xb2d, 0xfffffa13, 0x8001, 0x4, 0x0, 0x6, 0x4dc319e2, 0xc, 0x100, 0xab4, 0x6, 0x0, 0x3, 0xffffff4d, 0x3, 0xc, 0x8, 0x8, 0x7, 0x2, 0xf0d1, 0x2, 0x9, 0x3, 0x8, 0x489, 0xffffffff, 0x4b9, 0x1f8e, 0x9, 0xffff, 0x3, 0x7, 0xffff, 0x6, 0x9, 0x1, 0x7fffffff, 0x0, 0x7fff, 0x40000, 0xe, 0x857, 0x5, 0x1, 0x7, 0x3, 0xfffffffe, 0x6, 0xb46, 0x46, 0x3, 0xa, 0x9, 0xa89, 0x4, 0x6afc, 0x3ff, 0x1, 0x400, 0x28, 0x6, 0x6, 0x7fffffff, 0x7, 0x74, 0x8, 0x8000, 0x3, 0x4, 0x1000, 0xffff0000, 0xa5a, 0x8, 0x4, 0x9, 0x5, 0x57, 0x0, 0x1, 0x800, 0x914, 0x2, 0x6, 0x2, 0x80, 0x7f, 0x8, 0x4, 0x2, 0x8, 0x81, 0xfffffffc, 0x5, 0x1, 0xa46, 0x8, 0x4, 0x1, 0xfffffffd, 0xb90, 0x3, 0x0, 0x7, 0xfff, 0x0, 0x8, 0x3, 0x8, 0x7, 0x2, 0xf31, 0x3ff, 0x7f, 0x8d0, 0x3167, 0xfffffffc, 0xd7, 0x2, 0x9, 0x3, 0x9, 0xd, 0x0, 0xc, 0x8000, 0x40, 0x8, 0x6, 0x101, 0xaaf0, 0x2, 0x0, 0x53dd, 0xfffffff9, 0xded, 0x7fff, 0x1, 0x8000, 0x1]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x1, 0x4, 0x2648000, 0x4d, 0x3, 0x1000, 0x6, 0x0, 0x3, 0x72c6, 0x1, 0x95, 0x9, 0x5, 0x59f, 0x3, 0x6, 0x100, 0x7, 0x1bc4, 0x3, 0x9fb5, 0x2, 0x4, 0x6, 0x3, 0xfffffff4, 0x2, 0x7f, 0x21, 0xfffffffd, 0x5, 0xfff, 0x9, 0x47, 0x9, 0x7, 0x9, 0x965b, 0x80000001, 0x8, 0x0, 0x200, 0x1, 0x10000, 0x40, 0x9, 0x9, 0x7, 0x4, 0x1, 0xbe9, 0x8000, 0x4, 0x4, 0x8, 0x7, 0x83f, 0x0, 0x1, 0x400, 0x2, 0x2, 0x1, 0x101, 0x6, 0x180, 0x10000, 0x4, 0x4, 0xb88, 0x60000, 0x0, 0x6, 0x7fffffff, 0x80000000, 0x8, 0x100, 0x10000, 0x422, 0x4, 0x8, 0x0, 0x6, 0x430, 0x5321092e, 0x4d, 0xffffffff, 0x6, 0xfffffff9, 0x6, 0x9, 0x3, 0x2, 0x7, 0x7, 0x7, 0xce, 0x4, 0x2, 0xe1, 0x0, 0x1, 0x6, 0x200, 0x0, 0x4, 0x5, 0x1, 0x2, 0x2, 0x7, 0x1, 0x10, 0xffffffc6, 0x8, 0x8001, 0xfd, 0x0, 0x4, 0x6b2, 0x7, 0x1, 0x8000, 0x5, 0x7, 0x80000000, 0x7, 0x0, 0x1ff, 0x3, 0x4, 0x1, 0x5, 0x8, 0xf, 0x8000, 0x8, 0x5, 0x6, 0x9, 0x103, 0x1, 0x7fffffff, 0x7555abb7, 0x4, 0x1, 0xa78, 0x80c, 0x800, 0x10001, 0x7, 0x8001, 0x2, 0x7, 0x9, 0x3ff, 0x7, 0x4, 0x4, 0x4, 0x0, 0x8, 0x7ff, 0x7, 0x1, 0x7, 0xc52, 0x0, 0x1000, 0x4, 0x401, 0x8000, 0x7f, 0x7f, 0x3, 0x2, 0x5, 0x2, 0x15d, 0xfffffffc, 0xd3, 0x7, 0x7, 0x80, 0x3, 0x8, 0x2, 0x1, 0xe8f, 0x101, 0x1, 0x1, 0x62a, 0x40, 0x10000000, 0x7, 0x7, 0x9, 0x2, 0x2eda, 0xf, 0x5, 0xfffffff9, 0x4c6e, 0x5, 0x0, 0x4, 0x6, 0x1, 0xfffffbff, 0x1f9ad5f4, 0x401, 0x584, 0x4, 0x7ff, 0x4630, 0x9, 0x97d, 0xef, 0x3, 0x3, 0x1, 0x62, 0x5, 0x7, 0x800, 0x800, 0x230697c2, 0x1064, 0xfffffff8, 0x3, 0x9, 0x9, 0x75d1, 0x8001, 0x7, 0x3, 0x9, 0x4, 0x0, 0xf, 0x2, 0xfffffff7, 0x6, 0xe7c6, 0x7, 0x1, 0x1, 0x6, 0x81, 0x200000, 0x64, 0xd, 0xd4, 0xffff8001]}, @TCA_POLICE_RATE64={0xc, 0x8, 0x8988}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x100000000}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x8}]}, @TCA_BASIC_POLICE={0x4}]}}]}, 0xc80}, 0x1, 0x0, 0x0, 0x804}, 0x0)
syz_io_uring_setup(0x24ff, &(0x7f0000000080)={0x0, 0x44ec, 0x10100, 0x3}, &(0x7f0000000100), &(0x7f0000001040))
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382)
ioctl$LOOP_SET_STATUS(r0, 0x1277, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x6, 0x0, 0xc, 0x9, "4b8b3ea46929dfed0b2f34380d308f95a023d009852471dd5a94a9fe9549918ae7fd1f0ececd9bada8b108403362cfe0f4fccffb1b6a2115354d4df15d017a3f", "2363f18d9acc6c25af21ca2af6d2e80e4caadd6d126cfb80c92dc817d44dcdec", [0x1]})

1.914498392s ago: executing program 6 (id=909):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
accept$inet(r1, &(0x7f0000000280)={0x2, 0x0, @empty}, 0x0)
setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x22}}}}, 0x108)
r2 = socket$netlink(0x10, 0x3, 0x0)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000007208", 0x39}], 0x1)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)="3900000013000318680907070000000f0000ff3f04000000170a001700000000040037000d00030001332564aa58b9a64411f6bbf44dc48f57", 0x39}], 0x1)

1.714479313s ago: executing program 0 (id=910):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.713882697s ago: executing program 5 (id=911):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0xff, 0x3, 0x1, 0xd, 0x9, 0x80000001, 0x4, 0x2, r3}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0)
dup(r1)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x10, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5, <r7=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r6}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r7, &(0x7f0000000300)="15ed6c41c1", 0x0}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x400)

1.713583078s ago: executing program 4 (id=912):
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80001, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x70, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0xb4}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

1.114904859s ago: executing program 0 (id=913):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac7102d000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)

973.920917ms ago: executing program 4 (id=914):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50)
mknod$loop(0x0, 0x40, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r2, 0x0, 0x3)

842.40872ms ago: executing program 2 (id=915):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x6, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}]}, @TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x14}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x800)

829.847857ms ago: executing program 5 (id=916):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x68, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='oom_score_adj_update\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_adj\x00')
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1)

718.025062ms ago: executing program 0 (id=917):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
syz_usb_connect$cdc_ecm(0x2, 0x4d, &(0x7f0000000480)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x6, 0x50, 0xb, [{{0x9, 0x4, 0x0, 0x5, 0x3, 0x2, 0x6, 0x0, 0xc, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x3, 0x3, 0xe4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x8, 0x2, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x2b, 0x5, 0xd}}}}}]}}]}}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x0, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {}, {0x0, 0x0, 0x4, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {}, {0x0, 0x8f, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x2, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x0, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}})

699.072442ms ago: executing program 6 (id=918):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x7, 0x5}}, [@filter_kind_options=@f_bpf={{0x8}, {0x1c, 0x2, [@TCA_BPF_FLAGS={0x8}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}, @TCA_BPF_FD={0x8}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)

622.438672ms ago: executing program 4 (id=919):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_SETINTERFACE(r1, 0x80045510, &(0x7f0000000000))

536.08895ms ago: executing program 5 (id=920):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

454.578225ms ago: executing program 4 (id=921):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x80000000, 0x6, 0x9, 0x100, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x7, 0x8000, 0x47, @void, @value, @void, @value}, 0x50)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2f, &(0x7f0000000000)=0x2, 0x4)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x6], 0x0, 0x8340})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

401.679164ms ago: executing program 2 (id=922):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000340)={0x0, 0xbe08, 0x10, 0x5, 0x12}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2d, 0x0, 0x0, 0x1000004}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0)

246.492919ms ago: executing program 4 (id=923):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
close_range(r0, 0xffffffffffffffff, 0x0)

172.293482ms ago: executing program 6 (id=924):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="cc", 0x1}], 0x1}}], 0x1, 0x24008804)
accept4(r1, 0x0, 0x0, 0x800)

145.883049ms ago: executing program 4 (id=925):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r1}, './file2\x00'})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

0s ago: executing program 0 (id=926):
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000000)={0xff, 0x3, 0x1, 0xd, 0x9, 0x80000001, 0x4, 0x2, r3}, 0x20)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYRESOCT=r0, @ANYRES16=r1, @ANYRES64], 0x14}, 0x1, 0x0, 0x0, 0x2404c025}, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='qnx4\x00', 0x0, 0x0)
dup(r1)
ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x10, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r5, <r7=>0xffffffffffffffff}, &(0x7f0000000340), &(0x7f0000000380)=r6}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000e80)={r7, &(0x7f0000000300)="15ed6c41c1", 0x0}, 0x20)
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x400)

kernel console output (not intermixed with test programs):

bridge_slave_1: entered allmulticast mode
[   93.917618][ T5821] bridge_slave_1: entered promiscuous mode
[   93.951716][ T5831] chnl_net:caif_netlink_parms(): no params data found
[   93.985907][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.993245][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.000418][ T5820] bridge_slave_0: entered allmulticast mode
[   94.007872][ T5820] bridge_slave_0: entered promiscuous mode
[   94.032468][ T5817] team0: Port device team_slave_0 added
[   94.061861][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.069210][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.077333][ T5820] bridge_slave_1: entered allmulticast mode
[   94.085435][ T5820] bridge_slave_1: entered promiscuous mode
[   94.104000][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.115384][ T5817] team0: Port device team_slave_1 added
[   94.143416][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.150578][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.158170][ T5830] bridge_slave_0: entered allmulticast mode
[   94.165623][ T5830] bridge_slave_0: entered promiscuous mode
[   94.189306][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.239080][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.246444][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.253937][ T5830] bridge_slave_1: entered allmulticast mode
[   94.261162][ T5830] bridge_slave_1: entered promiscuous mode
[   94.296859][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.304226][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.330717][ T5817] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.380831][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.394007][ T5821] team0: Port device team_slave_0 added
[   94.402873][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.413153][ T5817] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.420151][ T5817] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.447472][ T5817] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.478551][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   94.490344][ T5821] team0: Port device team_slave_1 added
[   94.512197][   T51] Bluetooth: hci1: command tx timeout
[   94.517993][ T5824] Bluetooth: hci0: command tx timeout
[   94.546133][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   94.592006][ T5824] Bluetooth: hci2: command tx timeout
[   94.603043][ T5820] team0: Port device team_slave_0 added
[   94.652607][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.659598][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.685870][ T5824] Bluetooth: hci4: command tx timeout
[   94.686179][ T5824] Bluetooth: hci3: command tx timeout
[   94.691712][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.709849][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.716943][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.743507][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   94.756743][ T5820] team0: Port device team_slave_1 added
[   94.781519][ T5817] hsr_slave_0: entered promiscuous mode
[   94.787925][ T5817] hsr_slave_1: entered promiscuous mode
[   94.808150][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.815978][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.823312][ T5831] bridge_slave_0: entered allmulticast mode
[   94.830615][ T5831] bridge_slave_0: entered promiscuous mode
[   94.878514][ T5830] team0: Port device team_slave_0 added
[   94.885266][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.895654][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.903184][ T5831] bridge_slave_1: entered allmulticast mode
[   94.910470][ T5831] bridge_slave_1: entered promiscuous mode
[   94.920841][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   94.928760][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   94.955693][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   94.968425][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   94.975622][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.001808][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.015229][ T5830] team0: Port device team_slave_1 added
[   95.096419][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   95.156232][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.186859][ T5821] hsr_slave_0: entered promiscuous mode
[   95.193298][ T5821] hsr_slave_1: entered promiscuous mode
[   95.199484][ T5821] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.207322][ T5821] Cannot create hsr debugfs directory
[   95.247011][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.254402][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.281134][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.309083][ T5831] team0: Port device team_slave_0 added
[   95.338842][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.345895][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.372819][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.386532][ T5831] team0: Port device team_slave_1 added
[   95.398895][ T5820] hsr_slave_0: entered promiscuous mode
[   95.405693][ T5820] hsr_slave_1: entered promiscuous mode
[   95.412223][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.419830][ T5820] Cannot create hsr debugfs directory
[   95.510893][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.518247][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.544315][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.606525][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.613674][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.639717][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   95.756617][ T5830] hsr_slave_0: entered promiscuous mode
[   95.763592][ T5830] hsr_slave_1: entered promiscuous mode
[   95.769745][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.777591][ T5830] Cannot create hsr debugfs directory
[   95.965168][ T5831] hsr_slave_0: entered promiscuous mode
[   95.972044][ T5831] hsr_slave_1: entered promiscuous mode
[   95.979244][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   95.987030][ T5831] Cannot create hsr debugfs directory
[   96.197998][ T5817] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   96.211663][ T5817] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   96.240358][ T5817] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   96.266568][ T5817] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   96.354806][ T5820] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   96.383007][ T5820] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   96.396358][ T5820] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   96.407938][ T5820] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   96.503517][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   96.523739][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   96.552149][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   96.564398][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   96.591693][ T5824] Bluetooth: hci0: command tx timeout
[   96.591701][   T51] Bluetooth: hci1: command tx timeout
[   96.655045][ T5830] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   96.666559][ T5830] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   96.673654][ T5824] Bluetooth: hci2: command tx timeout
[   96.711795][ T5830] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   96.724442][ T5830] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   96.751838][ T5824] Bluetooth: hci3: command tx timeout
[   96.751903][   T51] Bluetooth: hci4: command tx timeout
[   96.838993][ T5817] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.868025][ T5831] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   96.893315][ T5831] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   96.904181][ T5831] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   96.917564][ T5831] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   96.938906][ T5817] 8021q: adding VLAN 0 to HW filter on device team0
[   96.977612][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.999232][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.006575][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.040745][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   97.074874][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.082106][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.106033][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.113247][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.162273][ T3506] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.169439][ T3506] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.239366][ T5817] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   97.279865][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.329955][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.429564][ T5821] 8021q: adding VLAN 0 to HW filter on device team0
[   97.453129][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[   97.485614][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   97.516808][ T3506] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.524044][ T3506] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.574088][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[   97.608984][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.616222][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.637995][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.645268][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.689547][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.696800][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.707037][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.714753][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   97.776498][ T5817] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.801015][ T1083] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.808318][ T1083] bridge0: port 2(bridge_slave_1) entered forwarding state
[   97.909386][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.063286][ T5817] veth0_vlan: entered promiscuous mode
[   98.139718][ T5817] veth1_vlan: entered promiscuous mode
[   98.156109][ T5820] veth0_vlan: entered promiscuous mode
[   98.262545][ T5820] veth1_vlan: entered promiscuous mode
[   98.285072][ T5817] veth0_macvtap: entered promiscuous mode
[   98.372678][ T5817] veth1_macvtap: entered promiscuous mode
[   98.435058][ T5820] veth0_macvtap: entered promiscuous mode
[   98.479616][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.494494][ T5820] veth1_macvtap: entered promiscuous mode
[   98.506233][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.548909][ T5817] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.585237][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.607065][ T5817] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.617530][ T5817] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.627932][ T5817] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.636795][ T5817] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.655478][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   98.665043][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.672100][   T51] Bluetooth: hci0: command tx timeout
[   98.682068][   T51] Bluetooth: hci1: command tx timeout
[   98.757948][   T51] Bluetooth: hci2: command tx timeout
[   98.774908][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.804900][ T5821] veth0_vlan: entered promiscuous mode
[   98.817404][ T5820] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.826909][ T5820] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.836794][   T51] Bluetooth: hci3: command tx timeout
[   98.838092][ T5824] Bluetooth: hci4: command tx timeout
[   98.845201][ T5820] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.856910][ T5820] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   98.955604][ T5821] veth1_vlan: entered promiscuous mode
[   98.967576][ T5830] veth0_vlan: entered promiscuous mode
[   99.062198][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.063738][ T5830] veth1_vlan: entered promiscuous mode
[   99.076823][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.177103][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.198503][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.204991][ T5821] veth0_macvtap: entered promiscuous mode
[   99.256402][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.268098][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.333405][ T5821] veth1_macvtap: entered promiscuous mode
[   99.357658][ T3506] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.367268][ T3506] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.385839][ T5817] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   99.394094][ T5830] veth0_macvtap: entered promiscuous mode
[   99.455236][ T5830] veth1_macvtap: entered promiscuous mode
[   99.469246][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.487236][ T5831] veth0_vlan: entered promiscuous mode
[   99.508726][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.550775][ T5831] veth1_vlan: entered promiscuous mode
[   99.586734][ T5821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.595791][ T5821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.604838][ T5821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.613909][ T5821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.631757][ T5906] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4'.
[   99.999777][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.228531][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.261779][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[  100.271534][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  100.595359][ T5830] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.632506][ T5830] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.775929][   T51] Bluetooth: hci0: command tx timeout
[  100.775951][ T5824] Bluetooth: hci1: command tx timeout
[  100.912150][   T51] Bluetooth: hci2: command tx timeout
[  100.917632][   T51] Bluetooth: hci4: command tx timeout
[  100.923787][ T5824] Bluetooth: hci3: command tx timeout
[  100.940638][ T5830] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.999591][ T5830] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  101.867921][ T5831] veth0_macvtap: entered promiscuous mode
[  101.878633][ T5831] veth1_macvtap: entered promiscuous mode
[  102.100019][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  102.130382][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.148972][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  103.182673][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  103.324440][ T5831] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.333512][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.348414][ T5831] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.357605][ T5831] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.366603][ T5831] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.372230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.384384][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.394312][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  103.403328][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  103.467749][ T1083] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.505271][ T1083] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  103.602868][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  103.635810][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.211236][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  104.265261][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  104.666021][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  104.675187][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  104.768585][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  107.605204][ T3506] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.673329][ T3506] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.007546][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.026232][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.076129][ T5936] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  109.110495][ T5938] usb usb1: usbfs: process 5938 (syz.2.3) did not claim interface 0 before use
[  109.328588][ T5941] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  109.345627][ T5941] ip6t_REJECT: ECHOREPLY is not supported
[  110.175429][ T5950] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  110.333502][ T5957] xt_nfacct: accounting object `syz1' does not exists
[  113.271518][ T5980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.18'.
[  115.443485][ T5984] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  116.119157][ T5991] =======================================================
[  116.119157][ T5991] WARNING: The mand mount option has been deprecated and
[  116.119157][ T5991]          and is ignored by this kernel. Remove the mand
[  116.119157][ T5991]          option from the mount to silence this warning.
[  116.119157][ T5991] =======================================================
[  116.168086][ T5991] syz.4.19: attempt to access beyond end of device
[  116.168086][ T5991] nbd4: rw=0, sector=0, nr_sectors = 1 limit=0
[  116.726940][ T5993] Zero length message leads to an empty skb
[  117.243800][ T5999] netlink: 16 bytes leftover after parsing attributes in process `syz.0.21'.
[  123.526900][  T880] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  123.746921][  T880] usb 5-1: Using ep0 maxpacket: 8
[  123.761123][  T880] usb 5-1: config 0 has an invalid interface number: 126 but max is 0
[  123.780019][  T880] usb 5-1: config 0 has no interface number 0
[  123.794087][  T880] usb 5-1: config 0 interface 126 has no altsetting 0
[  125.000600][  T880] usb 5-1: New USB device found, idVendor=0547, idProduct=7303, bcdDevice=fa.3e
[  125.022907][  T880] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.073368][  T880] usb 5-1: Product: syz
[  125.077713][  T880] usb 5-1: Manufacturer: syz
[  125.093936][  T880] usb 5-1: SerialNumber: syz
[  125.119642][  T880] usb 5-1: config 0 descriptor??
[  125.169504][  T880] gspca_main: dtcs033-2.14.0 probing 0547:7303
[  125.851869][    T9] usb 5-1: USB disconnect, device number 2
[  128.627234][ T6068] process 'syz.3.36' launched './file0' with NULL argv: empty string added
[  131.261376][    T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  131.721947][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[  131.743350][    T9] usb 2-1: not running at top speed; connect to a high speed hub
[  132.888836][    T9] usb 2-1: unable to read config index 0 descriptor/start: -71
[  132.902769][ T6077] syz.4.40 (6077): drop_caches: 2
[  132.931051][    T9] usb 2-1: can't read configurations, error -71
[  133.017999][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  133.025138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  137.785401][ T6139] xt_CT: You must specify a L4 protocol and not use inversions on it
[  138.030913][ T6143] fuse: Bad value for 'fd'
[  138.408057][ T6138] sctp: failed to load transform for md5: -2
[  138.543039][   T30] audit: type=1804 audit(1748342107.013:2): pid=6146 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.1.51" name="/newroot/7/file0" dev="tmpfs" ino=54 res=1 errno=0
[  140.891320][ T6158] vivid-002: kernel_thread() failed
[  141.526627][ T6169] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  143.243866][ T6174] KVM: debugfs: duplicate directory 6174-4
[  143.344491][ T6178] binder: 6173:6178 ioctl 4018620d 0 returned -22
[  143.950059][ T6187] 9pnet_virtio: no channels available for device syz
[  151.989141][ T6224] sctp: failed to load transform for md5: -2
[  154.446799][ T6245] netlink: 8 bytes leftover after parsing attributes in process `syz.2.75'.
[  155.263238][ T6250] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  156.026621][ T6242] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4
[  156.044775][   T30] audit: type=1800 audit(1748342124.903:3): pid=6242 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.72" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0
[  157.632709][ T6242] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4
[  157.709798][ T6262] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  157.971443][ T6242] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s
[  158.911333][ T6269] fuse: Unknown parameter 'group_id00000000000000000000'
[  158.956801][ T6269] o2cb: This node has not been configured.
[  158.962885][ T6269] o2cb: Cluster check failed. Fix errors before retrying.
[  158.970214][ T6269] (syz.4.81,6269,1):user_dlm_register:674 ERROR: status = -22
[  158.977952][ T6269] (syz.4.81,6269,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  159.573723][ T6242] syz.0.72 (6242) used greatest stack depth: 16712 bytes left
[  160.973728][ T6274] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  160.984479][ T6274] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  161.359500][ T6274] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  162.002766][ T6274] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  162.018247][ T6274] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  162.039853][   T30] audit: type=1326 audit(1748342130.653:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6282 comm="syz.1.86" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1fc478e969 code=0x0
[  162.077177][ T6274] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  162.182531][ T6274] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  162.194779][ T6274] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  162.220273][ T6287] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'.
[  162.229236][ T6293] mmap: syz.1.87 (6293) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  162.240368][ T6287] netlink: 16 bytes leftover after parsing attributes in process `syz.0.83'.
[  162.260914][ T6287] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'.
[  162.263689][ T6274] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  162.405433][ T6274] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  162.433188][ T6287] netlink: 36 bytes leftover after parsing attributes in process `syz.0.83'.
[  162.520369][ T6295] xt_ecn: cannot match TCP bits for non-tcp packets
[  162.576915][ T6274] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  163.273685][ T6305] fuse: Unknown parameter 'fd0xffffffffffffffff0000000000000000000500000000000000000000'
[  163.845350][ T6274] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  163.891839][ T6274] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  163.897894][ T6274] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  163.916416][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  163.968033][ T6295] overlayfs: failed to resolve './file1': -2
[  164.117389][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  164.191409][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  164.800278][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  164.885607][ T6274] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  166.321833][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  166.327925][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  166.334073][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout
[  166.340148][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  166.590231][ T6324] random: crng reseeded on system resumption
[  167.495137][ T6324] netlink: 4 bytes leftover after parsing attributes in process `syz.2.93'.
[  167.865772][ T6325] xt_time: invalid argument - start or stop time greater than 23:59:59
[  167.925761][ T6325] netlink: 28 bytes leftover after parsing attributes in process `syz.1.92'.
[  168.088255][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  168.816812][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  168.826405][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  168.836629][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  168.843059][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[  170.553562][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout
[  170.895274][ T6334] syz.3.97 uses obsolete (PF_INET,SOCK_PACKET)
[  170.912397][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[  172.071750][ T6343] vxcan1: tx drop: invalid da for name 0x0000000000000001
[  172.830854][ T6349] capability: warning: `syz.4.99' uses deprecated v2 capabilities in a way that may be insecure
[  179.725658][ T5871] IPVS: starting estimator thread 0...
[  180.056785][ T6370] xt_CT: You must specify a L4 protocol and not use inversions on it
[  180.992849][ T6366] IPVS: Scheduler module ip_vs_sip not found
[  182.236324][ T6361] IPVS: using max 24 ests per chain, 57600 per kthread
[  184.260984][ T6378] netlink: 'syz.2.106': attribute type 1 has an invalid length.
[  184.722433][ T6378] bond1: entered promiscuous mode
[  184.730419][ T6378] 8021q: adding VLAN 0 to HW filter on device bond1
[  185.538516][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'.
[  185.558212][ T6385] netlink: 8 bytes leftover after parsing attributes in process `syz.1.107'.
[  186.998490][ T6404] [U] �
[  187.896370][ T6411] lo speed is unknown, defaulting to 1000
[  187.903108][ T6411] lo speed is unknown, defaulting to 1000
[  187.924305][ T6411] lo speed is unknown, defaulting to 1000
[  187.972242][ T6411] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  188.070667][ T6411] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  188.357912][ T6411] lo speed is unknown, defaulting to 1000
[  188.378238][ T6411] lo speed is unknown, defaulting to 1000
[  188.385935][ T6411] lo speed is unknown, defaulting to 1000
[  188.393611][ T6411] lo speed is unknown, defaulting to 1000
[  188.401349][ T6411] lo speed is unknown, defaulting to 1000
[  189.261626][ T5871] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  189.509443][ T5871] usb 5-1: Using ep0 maxpacket: 32
[  189.521288][ T6424] qnx4: no qnx4 filesystem (no root dir).
[  189.590020][ T6424] ubi31: attaching mtd0
[  189.798300][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.811303][ T5871] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.821108][ T5871] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  189.835918][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.893827][ T6424] ubi31: scanning is finished
[  189.913144][ T5871] usb 5-1: config 0 descriptor??
[  190.712072][ T6424] ubi31: empty MTD device detected
[  191.249971][ T5871] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  192.492586][ T6424] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4
[  192.599109][ T5931] libceph: connect (1)[c::]:6789 error -101
[  192.606576][ T6435] netlink: 48 bytes leftover after parsing attributes in process `syz.2.117'.
[  192.622128][ T5931] libceph: mon0 (1)[c::]:6789 connect error
[  193.055330][ T5931] libceph: connect (1)[c::]:6789 error -101
[  193.067969][ T5931] libceph: mon0 (1)[c::]:6789 connect error
[  193.107971][ T6433] ceph: No mds server is up or the cluster is laggy
[  194.101967][ T6160] libceph: connect (1)[c::]:6789 error -101
[  194.108114][ T6160] libceph: mon0 (1)[c::]:6789 connect error
[  194.500795][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.507207][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  196.202522][ T5824] Bluetooth: hci1: unexpected event for opcode 0x041c
[  196.312105][ T5931] usb 5-1: USB disconnect, device number 3
[  196.490470][ T6472] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  196.533418][   T12] Bluetooth: hci5: Frame reassembly failed (-84)
[  197.150874][ T6481] ptrace attach of "./syz-executor exec"[5817] was attempted by "./syz-executor exec"[6481]
[  198.682839][   T51] Bluetooth: hci5: command 0x1003 tx timeout
[  198.689175][ T5824] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  200.402590][ T5824] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  200.424498][ T5824] Bluetooth: hci1: Injecting HCI hardware error event
[  200.435343][ T5824] Bluetooth: hci1: hardware error 0x00
[  200.573102][ T5871] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  201.001462][ T5871] usb 4-1: Using ep0 maxpacket: 32
[  201.241594][ T5871] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.257710][ T5871] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  202.126645][ T5871] usb 4-1: config 0 interface 0 has no altsetting 0
[  202.141479][ T5871] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  202.151178][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.177099][ T5871] usb 4-1: config 0 descriptor??
[  202.292396][ T6520] fuse: Unknown parameter 'fd0x000000000000000400000000000000000000'
[  202.521730][ T5824] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  203.404975][ T5871] usbhid 4-1:0.0: can't add hid device: -71
[  203.413669][ T5871] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  203.429142][ T5871] usb 4-1: USB disconnect, device number 2
[  203.555978][ T6524] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  203.608864][ T6524] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  204.018610][ T5824] Bluetooth: hci0: unexpected event for opcode 0x2006
[  208.557864][   T30] audit: type=1400 audit(2000000000.460:5): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="*" object="_" requested=w pid=6543 comm="syz.1.142" saddr=0.0.0.224 src=20000 daddr=224.0.0.1 dest=20000 netif=wpan0
[  208.976193][ T6530] syz.2.138 (6530): drop_caches: 2
[  209.477714][ T6560] vivid-000: disconnect
[  209.500877][ T6560] netlink: 'syz.4.145': attribute type 13 has an invalid length.
[  210.641286][ T6555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.143'.
[  211.010845][ T6551] vivid-000: reconnect
[  211.611057][ T6566] siw: device registration error -23
[  211.644499][ T6566] batadv_slave_0: mtu less than device minimum
[  213.587605][ T6582] hub 8-0:1.0: USB hub found
[  213.595412][ T6582] hub 8-0:1.0: 1 port detected
[  221.351677][ T6600] sctp: failed to load transform for md5: -2
[  225.064372][ T6621] qnx4: no qnx4 filesystem (no root dir).
[  225.985931][ T6630] macsec0: entered promiscuous mode
[  226.001037][ T6630] macsec0: entered allmulticast mode
[  226.006817][ T6630] veth1_macvtap: entered allmulticast mode
[  227.192984][   T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  227.209834][   T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  227.221799][   T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  227.853184][   T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  227.892070][   T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  229.960799][ T5824] Bluetooth: hci5: command tx timeout
[  230.777565][ T6658] xt_CT: You must specify a L4 protocol and not use inversions on it
[  230.838193][   T24] libceph: connect (1)[c::]:6789 error -101
[  230.851584][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  230.869373][   T24] libceph: connect (1)[c::]:6789 error -101
[  230.884266][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  230.929101][ T6663] netlink: 12 bytes leftover after parsing attributes in process `+}[@'.
[  231.104135][ T6659] sctp: failed to load transform for md5: -2
[  231.247900][  T880] libceph: connect (1)[c::]:6789 error -101
[  231.261056][  T880] libceph: mon0 (1)[c::]:6789 connect error
[  231.284496][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.398392][ T6650] ceph: No mds server is up or the cluster is laggy
[  231.928747][  T880] libceph: connect (1)[c::]:6789 error -101
[  232.079518][ T5824] Bluetooth: hci5: command tx timeout
[  234.161420][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  234.176642][ T5824] Bluetooth: hci5: command tx timeout
[  234.307136][  T880] libceph: mon0 (1)[c::]:6789 connect error
[  234.357262][  T880] libceph: connect (1)[c::]:6789 error -101
[  234.368453][  T880] libceph: mon0 (1)[c::]:6789 connect error
[  236.564876][ T5824] Bluetooth: hci5: command tx timeout
[  237.145288][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.956821][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.457260][ T6713] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  240.465356][ T6713] UDF-fs: Scanning with blocksize 512 failed
[  240.477164][ T6713] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  240.485117][ T6713] UDF-fs: Scanning with blocksize 1024 failed
[  240.494113][ T6713] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  240.502130][ T6713] UDF-fs: Scanning with blocksize 2048 failed
[  240.514927][ T6713] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  240.523166][ T6713] UDF-fs: Scanning with blocksize 4096 failed
[  242.123247][ T6635] chnl_net:caif_netlink_parms(): no params data found
[  242.415611][ T6723] xt_hashlimit: max too large, truncated to 1048576
[  245.146017][ T6736] syz.4.183: attempt to access beyond end of device
[  245.146017][ T6736] loop4: rw=0, sector=0, nr_sectors = 1 limit=0
[  245.162068][ T6736] FAT-fs (loop4): unable to read boot sector
[  245.209164][ T6736] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0
[  249.197976][ T6757] syz.1.184: attempt to access beyond end of device
[  249.197976][ T6757] nbd1: rw=0, sector=64, nr_sectors = 1 limit=0
[  249.212458][ T6757] syz.1.184: attempt to access beyond end of device
[  249.212458][ T6757] nbd1: rw=0, sector=256, nr_sectors = 1 limit=0
[  249.226064][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  249.236787][ T6757] syz.1.184: attempt to access beyond end of device
[  249.236787][ T6757] nbd1: rw=0, sector=512, nr_sectors = 1 limit=0
[  249.250228][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  249.263855][ T6757] syz.1.184: attempt to access beyond end of device
[  249.263855][ T6757] nbd1: rw=0, sector=64, nr_sectors = 2 limit=0
[  249.277478][ T6757] syz.1.184: attempt to access beyond end of device
[  249.277478][ T6757] nbd1: rw=0, sector=512, nr_sectors = 2 limit=0
[  249.290611][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  249.300924][ T6757] syz.1.184: attempt to access beyond end of device
[  249.300924][ T6757] nbd1: rw=0, sector=1024, nr_sectors = 2 limit=0
[  249.314327][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  249.325838][ T6757] syz.1.184: attempt to access beyond end of device
[  249.325838][ T6757] nbd1: rw=0, sector=64, nr_sectors = 4 limit=0
[  249.339248][ T6757] syz.1.184: attempt to access beyond end of device
[  249.339248][ T6757] nbd1: rw=0, sector=1024, nr_sectors = 4 limit=0
[  249.352596][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  249.363713][ T6757] syz.1.184: attempt to access beyond end of device
[  249.363713][ T6757] nbd1: rw=0, sector=2048, nr_sectors = 4 limit=0
[  249.377237][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  249.389492][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=256, location=256
[  249.400126][ T6757] UDF-fs: error (device nbd1): udf_read_tagged: read failed, block=512, location=512
[  249.410019][ T6757] UDF-fs: warning (device nbd1): udf_fill_super: No partition found (1)
[  253.380368][ T6764] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  253.380419][ T6764] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  253.755730][ T6773] vivid-000: disconnect
[  255.796877][ T6770] vivid-000: reconnect
[  255.929298][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.936170][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  256.429290][ T6778] Bluetooth: MGMT ver 1.23
[  256.712959][ T5824] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  257.050189][ T6635] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.061841][ T6635] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.069270][ T6635] bridge_slave_0: entered allmulticast mode
[  257.077969][ T6635] bridge_slave_0: entered promiscuous mode
[  257.087272][ T6635] bridge0: port 2(bridge_slave_1) entered blocking state
[  257.094933][ T6635] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.102647][ T6635] bridge_slave_1: entered allmulticast mode
[  257.110744][ T6635] bridge_slave_1: entered promiscuous mode
[  258.417290][ T6635] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  258.422959][ T6801] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  258.427738][   T13] bridge_slave_1: left allmulticast mode
[  259.148022][   T13] bridge_slave_1: left promiscuous mode
[  259.452482][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  259.745602][   T13] bridge_slave_0: left allmulticast mode
[  259.755345][   T13] bridge_slave_0: left promiscuous mode
[  259.762243][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.799917][ T6815] kAFS: Can only specify source 'none' with -o dyn
[  261.448779][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  261.461050][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  261.473352][   T13] bond0 (unregistering): Released all slaves
[  261.488769][ T6786] lo speed is unknown, defaulting to 1000
[  261.495373][ T6786] lo speed is unknown, defaulting to 1000
[  261.504953][ T6786] lo speed is unknown, defaulting to 1000
[  261.519694][ T6786] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  261.557275][ T6786] lo speed is unknown, defaulting to 1000
[  261.565270][ T6786] lo speed is unknown, defaulting to 1000
[  261.573996][ T6786] lo speed is unknown, defaulting to 1000
[  261.582343][ T6786] lo speed is unknown, defaulting to 1000
[  261.590319][ T6786] lo speed is unknown, defaulting to 1000
[  261.599230][ T6786] lo speed is unknown, defaulting to 1000
[  261.704198][ T6635] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  262.115836][ T6635] team0: Port device team_slave_0 added
[  262.125159][ T6817] netlink: 8 bytes leftover after parsing attributes in process `syz.2.198'.
[  263.722989][ T6635] team0: Port device team_slave_1 added
[  263.906776][ T6842] RDS: rds_bind could not find a transport for fe80::17, load rds_tcp or rds_rdma?
[  264.000935][   T30] audit: type=1800 audit(2000000055.900:6): pid=6842 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.202" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=11039 res=0 errno=0
[  265.542203][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.549358][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.167279][ T6635] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  268.954431][ T6635] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.816093][ T6635] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.845259][ T6635] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  270.646660][ T6868] netlink: 24 bytes leftover after parsing attributes in process `syz.2.207'.
[  271.594674][ T6867] netlink: 4 bytes leftover after parsing attributes in process `syz.2.207'.
[  271.737816][ T6872] IPVS: set_ctl: invalid protocol: 92 10.1.1.0:20004
[  273.262311][ T6888] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.209'.
[  275.558876][ T6900] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  275.939401][  T880] IPVS: starting estimator thread 0...
[  276.041780][ T6904] IPVS: using max 28 ests per chain, 67200 per kthread
[  277.104430][ T6635] hsr_slave_0: entered promiscuous mode
[  277.319997][ T6635] hsr_slave_1: entered promiscuous mode
[  277.326782][ T6635] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  277.334976][ T6635] Cannot create hsr debugfs directory
[  277.511676][ T6919] syz.0.215 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  278.338431][   T13] hsr_slave_0: left promiscuous mode
[  278.368340][   T13] hsr_slave_1: left promiscuous mode
[  278.380751][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.495159][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.514800][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.530999][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.987959][   T13] veth1_macvtap: left promiscuous mode
[  279.057768][   T13] veth0_macvtap: left promiscuous mode
[  279.127129][   T13] veth1_vlan: left promiscuous mode
[  279.180469][   T13] veth0_vlan: left promiscuous mode
[  279.206320][ T6926] netlink: 'syz.4.218': attribute type 1 has an invalid length.
[  279.218720][ T6926] netlink: 228 bytes leftover after parsing attributes in process `syz.4.218'.
[  282.285764][ T6923] syz.0.216 (6923): drop_caches: 2
[  282.992785][ T6947] netlink: 20 bytes leftover after parsing attributes in process `syz.4.222'.
[  283.338911][ T6954] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  284.839291][   T13] team0 (unregistering): Port device team_slave_1 removed
[  284.878376][   T13] team0 (unregistering): Port device team_slave_0 removed
[  285.273938][ T6911] @: renamed from vlan0 (while UP)
[  285.336694][ T6957] warning: `syz.1.225' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  286.637399][ T6965] vcan0: tx drop: invalid da for name 0x0000000000000002
[  286.931655][ T6967] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  286.939282][ T6967] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  286.945558][ T6967] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  286.951707][ T6967] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  286.958621][ T6967] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  286.982862][ T6967] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  287.903759][ T6980] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.230'.
[  287.962998][ T6980] netlink: 16 bytes leftover after parsing attributes in process `syz.2.230'.
[  289.032784][   T13] IPVS: stop unused estimator thread 0...
[  289.066885][ T5824] Bluetooth: hci2: command 0x0c1a tx timeout
[  289.070223][ T5819] Bluetooth: hci5: command 0x0c1a tx timeout
[  289.073265][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout
[  289.078959][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  291.485058][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[  292.457975][ T7009] overlayfs: failed to resolve './file0': -2
[  293.529317][ T7014] netlink: 84 bytes leftover after parsing attributes in process `syz.0.235'.
[  293.733383][ T5824] Bluetooth: hci5: command 0x0c1a tx timeout
[  294.202168][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  294.226798][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  294.250369][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  294.298323][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  294.314115][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  294.539475][ T7026] netlink: 8 bytes leftover after parsing attributes in process `syz.2.238'.
[  294.661586][   T10] IPVS: starting estimator thread 0...
[  294.981344][ T7028] IPVS: using max 27 ests per chain, 64800 per kthread
[  295.653952][ T7016] lo speed is unknown, defaulting to 1000
[  295.751079][ T3506] bridge_slave_1: left allmulticast mode
[  295.783980][ T7039] netlink: 'syz.0.240': attribute type 10 has an invalid length.
[  295.807414][ T3506] bridge_slave_1: left promiscuous mode
[  295.914879][ T3506] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.386225][ T3506] bridge_slave_0: left allmulticast mode
[  296.431810][ T5819] Bluetooth: hci0: command tx timeout
[  296.465974][ T3506] bridge_slave_0: left promiscuous mode
[  296.472936][ T3506] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.727078][ T7048] netlink: 596 bytes leftover after parsing attributes in process `syz.2.241'.
[  297.443270][ T7049] netlink: 8 bytes leftover after parsing attributes in process `syz.1.242'.
[  297.862879][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  298.129670][   T10] usb 3-1: Using ep0 maxpacket: 8
[  298.155861][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  298.178083][ T3506] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  298.512397][ T5819] Bluetooth: hci0: command tx timeout
[  298.849373][   T10] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  298.858583][   T10] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  298.872653][   T10] usb 3-1: Product: syz
[  298.876988][   T10] usb 3-1: Manufacturer: syz
[  298.882889][   T10] usb 3-1: SerialNumber: syz
[  298.934134][ T3506] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  298.963192][ T3506] bond0 (unregistering): Released all slaves
[  299.187152][   T10] usb 3-1: Invalid connection information received from device
[  299.203690][ T7039] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.213986][ T7039] bridge_slave_1: left allmulticast mode
[  299.219715][ T7039] bridge_slave_1: left promiscuous mode
[  299.346493][ T7058] netlink: 24 bytes leftover after parsing attributes in process `syz.4.244'.
[  299.994066][ T7039] bridge0: port 2(bridge_slave_1) entered disabled state
[  300.174784][ T7039] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  300.641702][ T5819] Bluetooth: hci0: command tx timeout
[  300.994828][  T978] usb 3-1: USB disconnect, device number 2
[  301.381147][ T3506] hsr_slave_0: left promiscuous mode
[  302.162457][ T7076] binfmt_misc: register: failed to install interpreter file ./file0
[  302.706116][ T5819] Bluetooth: hci0: command tx timeout
[  302.795466][ T3506] hsr_slave_1: left promiscuous mode
[  302.830583][ T7078] bio_check_eod: 3 callbacks suppressed
[  302.830663][ T7078] syz.0.248: attempt to access beyond end of device
[  302.830663][ T7078] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  302.852031][ T7078] SQUASHFS error: Failed to read block 0x0: -5
[  302.859491][ T7078] unable to read squashfs_super_block
[  302.994375][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_0
[  303.286845][ T3506] batman_adv: batadv0: Removing interface: batadv_slave_1
[  303.795168][ T7085] overlayfs: failed to resolve './file1': -2
[  305.951438][ T5824] Bluetooth: hci0: command 0x0405 tx timeout
[  307.199215][ T7101] sctp: failed to load transform for md5: -2
[  307.669347][  T978] IPVS: starting estimator thread 0...
[  307.821573][ T7108] IPVS: using max 24 ests per chain, 57600 per kthread
[  308.397617][ T3506] team0 (unregistering): Port device team_slave_1 removed
[  309.050958][ T3506] team0 (unregistering): Port device team_slave_0 removed
[  310.306228][ T7090] tipc: Started in network mode
[  310.311653][ T7090] tipc: Node identity 7, cluster identity 4711
[  310.319827][ T7090] tipc: Node number set to 7
[  313.192225][ T7138] netdevsim netdevsim1: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[  313.212349][ T7138] netdevsim netdevsim1: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[  315.806567][ T7016] chnl_net:caif_netlink_parms(): no params data found
[  318.059383][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  318.121428][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  318.170905][ T7169] x_tables: ip_tables: TCPMSS target: only valid for protocol 6
[  324.273676][ T7206] netlink: 'syz.1.272': attribute type 10 has an invalid length.
[  325.223455][ T7203] overlayfs: failed to resolve './file1': -2
[  326.088421][ T7016] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.122792][ T7016] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.155301][ T7016] bridge_slave_0: entered allmulticast mode
[  326.193795][ T7016] bridge_slave_0: entered promiscuous mode
[  326.231543][ T7016] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.271534][ T7016] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.278990][ T7016] bridge_slave_1: entered allmulticast mode
[  326.484518][ T7016] bridge_slave_1: entered promiscuous mode
[  327.917654][   T30] audit: type=1800 audit(2000000119.110:7): pid=7224 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.277" name="file0" dev="overlay" ino=369 res=0 errno=0
[  328.241260][ T7226] qnx4: no qnx4 filesystem (no root dir).
[  328.282521][ T7226] ubi31: attaching mtd0
[  328.302817][ T7226] ubi31: scanning is finished
[  328.571636][ T7016] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  328.615140][ T7016] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  328.800829][ T7226] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  329.092090][ T7226] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  329.224770][ T7226] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  329.294766][ T7226] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  329.348163][ T7226] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  329.385553][ T7226] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  329.398410][ T7226] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2304650906
[  329.416384][ T7226] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  329.661368][ T7233] ubi31: background thread "ubi_bgt31d" started, PID 7233
[  329.819406][ T7016] team0: Port device team_slave_0 added
[  329.865259][ T7016] team0: Port device team_slave_1 added
[  329.996800][ T7242] openvswitch: netlink: ct_state flags 7fffffff unsupported
[  330.704049][ T7248] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  330.716057][ T7248] overlayfs: missing 'lowerdir'
[  331.170211][ T7240] hugetlbfs: syz.0.281 (7240): Using mlock ulimits for SHM_HUGETLB is obsolete
[  331.400170][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.621951][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.771508][ T7016] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  331.804128][ T7016] batman_adv: batadv0: Adding interface: batadv_slave_1
[  331.820555][ T7016] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.984232][ T7016] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  332.052532][ T7255] nfs4: Bad value for 'source'
[  333.291130][ T7016] hsr_slave_0: entered promiscuous mode
[  333.331909][ T7016] hsr_slave_1: entered promiscuous mode
[  338.865415][ T7297] qnx4: no qnx4 filesystem (no root dir).
[  338.915499][ T7297] ubi: mtd0 is already attached to ubi31
[  338.997999][ T7016] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  339.107350][ T7016] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  339.230006][ T7016] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  339.343711][ T7016] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  340.920956][ T7016] 8021q: adding VLAN 0 to HW filter on device bond0
[  341.139648][ T7016] 8021q: adding VLAN 0 to HW filter on device team0
[  341.370628][ T7016] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  341.395211][ T7320] overlayfs: failed to get inode (-116)
[  341.409183][ T7016] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  341.565073][ T6219] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.572301][ T6219] bridge0: port 1(bridge_slave_0) entered forwarding state
[  341.587969][ T6219] bridge0: port 2(bridge_slave_1) entered blocking state
[  341.595274][ T6219] bridge0: port 2(bridge_slave_1) entered forwarding state
[  342.149120][ T7320] overlayfs: failed to get inode (-116)
[  344.609292][ T7350] nfs: Unexpected value for 'acl'
[  344.622286][ T7346] netlink: 28 bytes leftover after parsing attributes in process `syz.4.301'.
[  344.634012][ T5819] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  344.643957][ T5819] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  344.656488][ T5819] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  344.669509][ T5819] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  344.682410][ T5819] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  344.720716][ T7350] ieee802154 phy0 wpan0: encryption failed: -22
[  344.831468][ T7352] netlink: 4 bytes leftover after parsing attributes in process `syz.4.301'.
[  344.841954][ T7352] netlink: 8 bytes leftover after parsing attributes in process `syz.4.301'.
[  345.484306][ T7348] lo speed is unknown, defaulting to 1000
[  345.687490][ T7016] 8021q: adding VLAN 0 to HW filter on device batadv0
[  346.683786][ T7372] XFS (nullb0): Invalid superblock magic number
[  346.766262][ T5824] Bluetooth: hci5: command tx timeout
[  348.877069][ T5824] Bluetooth: hci5: command tx timeout
[  349.061460][ T6715] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.015746][ T5824] Bluetooth: hci5: command tx timeout
[  351.664057][ T7422] /dev/nullb0: Can't lookup blockdev
[  351.680712][ T5819] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  351.694472][ T5819] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  351.702806][ T5819] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  351.718898][ T5819] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  351.730509][ T5819] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  351.841396][ T7426] netlink: 'syz.4.310': attribute type 1 has an invalid length.
[  351.920664][ T7426] 8021q: adding VLAN 0 to HW filter on device bond1
[  351.936139][   T30] audit: type=1326 audit(2000000143.840:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  351.990673][   T30] audit: type=1326 audit(2000000143.860:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  352.014835][   T30] audit: type=1326 audit(2000000143.860:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  352.241778][   T30] audit: type=1326 audit(2000000143.860:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.236287][ T5819] Bluetooth: hci5: command tx timeout
[  353.255833][ T6715] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.264305][   T30] audit: type=1326 audit(2000000143.860:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.375839][   T30] audit: type=1326 audit(2000000143.860:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.407540][   T30] audit: type=1326 audit(2000000143.860:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.428567][ T7429] vlan2: entered allmulticast mode
[  353.546399][ T7429] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  353.571460][   T30] audit: type=1326 audit(2000000143.860:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.846469][ T5819] Bluetooth: hci0: command tx timeout
[  353.867245][   T30] audit: type=1326 audit(2000000143.860:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.901010][   T30] audit: type=1326 audit(2000000143.860:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7430 comm="syz.2.312" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  353.930396][ T7429] bond1: (slave vlan2): making interface the new active one
[  353.944469][ T7429] bond1: (slave vlan2): Enslaving as an active interface with an up link
[  354.002455][ T7348] chnl_net:caif_netlink_parms(): no params data found
[  354.068741][ T7423] lo speed is unknown, defaulting to 1000
[  354.194926][ T6715] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.999639][ T6715] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.498230][ T7348] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.519658][ T7348] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.531688][ T7348] bridge_slave_0: entered allmulticast mode
[  355.539570][ T7348] bridge_slave_0: entered promiscuous mode
[  355.642524][ T7348] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.667914][ T7348] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.717596][ T7348] bridge_slave_1: entered allmulticast mode
[  355.785462][ T7459] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  355.793630][ T7459] UDF-fs: Scanning with blocksize 512 failed
[  355.802760][ T7459] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  355.812128][ T7459] UDF-fs: Scanning with blocksize 1024 failed
[  355.821572][ T7459] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  355.829186][ T7459] UDF-fs: Scanning with blocksize 2048 failed
[  355.882948][ T7459] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  355.890698][ T7459] UDF-fs: Scanning with blocksize 4096 failed
[  356.100690][ T5819] Bluetooth: hci0: command tx timeout
[  356.206117][ T7348] bridge_slave_1: entered promiscuous mode
[  358.522779][ T5819] Bluetooth: hci0: command tx timeout
[  358.993102][ T7348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.591559][ T5824] Bluetooth: hci0: command tx timeout
[  362.120762][ T7348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  362.950145][ T6715] bridge_slave_1: left allmulticast mode
[  362.956470][ T6715] bridge_slave_1: left promiscuous mode
[  362.977246][ T6715] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.044046][ T6715] bridge_slave_0: left allmulticast mode
[  363.049751][ T6715] bridge_slave_0: left promiscuous mode
[  363.066361][ T6715] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.445542][ T6715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  363.456848][ T6715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  363.467816][ T6715] bond0 (unregistering): Released all slaves
[  363.496177][ T7494] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.504616][ T7494] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.542363][ T7494] bridge0: entered allmulticast mode
[  363.590481][ T7495] bridge_slave_1: left allmulticast mode
[  363.599709][ T7495] bridge_slave_1: left promiscuous mode
[  363.627903][ T7495] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.699229][ T7495] bridge_slave_0: left allmulticast mode
[  363.705301][ T7495] bridge_slave_0: left promiscuous mode
[  363.712537][ T7495] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.687360][ T7348] team0: Port device team_slave_0 added
[  365.872155][ T7348] team0: Port device team_slave_1 added
[  366.192746][ T7518] netlink: 'syz.4.325': attribute type 4 has an invalid length.
[  366.263292][ T7519] netlink: 'syz.4.325': attribute type 4 has an invalid length.
[  366.464847][ T5824] Bluetooth: hci4: SCO packet for unknown connection handle 200
[  366.788541][ T7523] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  366.803976][ T7523] UDF-fs: Scanning with blocksize 512 failed
[  366.815269][ T7523] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  366.823111][ T7523] UDF-fs: Scanning with blocksize 1024 failed
[  366.868691][ T7523] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  366.876463][ T7523] UDF-fs: Scanning with blocksize 2048 failed
[  366.887461][ T7523] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  366.895206][ T7523] UDF-fs: Scanning with blocksize 4096 failed
[  368.693644][ T7348] batman_adv: batadv0: Adding interface: batadv_slave_0
[  368.700860][ T7348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  368.769002][ T7348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  368.864924][ T7348] batman_adv: batadv0: Adding interface: batadv_slave_1
[  368.893693][ T7348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.065685][ T7348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  369.078665][ T7423] chnl_net:caif_netlink_parms(): no params data found
[  371.246776][ T6715] hsr_slave_0: left promiscuous mode
[  371.277253][ T6715] hsr_slave_1: left promiscuous mode
[  371.313667][ T6715] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.363508][ T6715] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.433499][ T6715] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.496638][ T6715] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.575426][ T6715] veth1_macvtap: left allmulticast mode
[  372.082402][ T6715] veth1_macvtap: left promiscuous mode
[  372.090100][ T6715] veth0_macvtap: left promiscuous mode
[  372.103595][ T6715] veth1_vlan: left promiscuous mode
[  372.109219][ T6715] veth0_vlan: left promiscuous mode
[  374.855626][ T7618] netlink: 'syz.0.336': attribute type 2 has an invalid length.
[  375.527279][ T6715] team0 (unregistering): Port device team_slave_1 removed
[  376.258391][ T6715] team0 (unregistering): Port device team_slave_0 removed
[  377.341087][ T7348] hsr_slave_0: entered promiscuous mode
[  377.372590][ T7348] hsr_slave_1: entered promiscuous mode
[  377.379078][ T7348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  377.387288][ T7348] Cannot create hsr debugfs directory
[  377.430576][ T5873] lo speed is unknown, defaulting to 1000
[  377.439152][ T5873] infiniband syz0: ib_query_port failed (-19)
[  377.469373][ T7632] netdevsim netdevsim0: Direct firmware load for �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F failed with error -2
[  377.488994][ T7632] netdevsim netdevsim0: Falling back to sysfs fallback for: �J��n���gkN��q>�*x(O�@ēƙ�a�W��fV!����_�)�AD�I��w�C7�;�gB�|h�V`f�?:Vm�UWX:SZ;�˩6h?Ae���i��m�/���S��6��_C?�F
[  377.532518][ T7574] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  377.577068][ T7574] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  377.609101][ T7574] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  378.497500][ T7649] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  378.523454][ T7423] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.540042][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.560561][ T7423] bridge_slave_0: entered allmulticast mode
[  378.579058][ T7423] bridge_slave_0: entered promiscuous mode
[  378.612117][ T7423] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.619382][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.627825][ T7423] bridge_slave_1: entered allmulticast mode
[  378.642144][ T7423] bridge_slave_1: entered promiscuous mode
[  378.749385][ T6715] IPVS: stop unused estimator thread 0...
[  378.770786][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.779108][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.874653][ T7423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  378.895225][ T7655] overlayfs: failed to resolve './file0': -2
[  378.923423][ T7653] 9pnet_fd: Insufficient options for proto=fd
[  379.492476][   T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  380.132622][ T7423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  380.267859][   T10] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  380.332339][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  380.347769][   T10] usb 5-1: New USB device strings: Mfr=0, Product=29, SerialNumber=1
[  380.359776][   T10] usb 5-1: Product: syz
[  380.552275][   T10] usb 5-1: SerialNumber: syz
[  381.328437][ T7423] team0: Port device team_slave_0 added
[  381.691890][ T7676] netlink: 'syz.2.347': attribute type 10 has an invalid length.
[  382.531884][   T10] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  382.585832][   T10] usb 5-1: USB disconnect, device number 4
[  382.718929][ T7423] team0: Port device team_slave_1 added
[  383.382249][ T7676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  383.411006][ T7676] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  383.744480][ T7423] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.768574][ T7423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.805371][ T7423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  384.095870][ T7704] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  384.252377][ T7699] (syz.2.352,7699,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[  384.261168][ T7699] (syz.2.352,7699,1):ocfs2_fill_super:1177 ERROR: status = -22
[  384.751318][ T5824] Bluetooth: hci3: unexpected event for opcode 0x0c6d
[  384.860258][ T7423] batman_adv: batadv0: Adding interface: batadv_slave_1
[  384.872088][ T7423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  384.899661][ T7423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  384.971789][ T7348] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  386.791313][ T7348] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  386.858873][ T7423] hsr_slave_0: entered promiscuous mode
[  386.870666][ T7708] netlink: 80 bytes leftover after parsing attributes in process `syz.4.354'.
[  386.897909][ T7423] hsr_slave_1: entered promiscuous mode
[  386.899144][ T7718] overlayfs: failed to resolve './file0': -2
[  386.914752][ T7423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  386.922664][ T7423] Cannot create hsr debugfs directory
[  386.934218][ T7348] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  387.712103][ T7348] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  388.091600][ T7729] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  391.064141][ T6715] bridge_slave_1: left allmulticast mode
[  391.080287][ T6715] bridge_slave_1: left promiscuous mode
[  391.098179][ T6715] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.183601][ T6715] bridge_slave_0: left allmulticast mode
[  391.213561][ T6715] bridge_slave_0: left promiscuous mode
[  391.268600][ T6715] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.410022][ T7766] sctp: [Deprecated]: syz.0.364 (pid 7766) Use of struct sctp_assoc_value in delayed_ack socket option.
[  391.410022][ T7766] Use struct sctp_sack_info instead
[  395.197741][ T6715] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  395.225033][ T6715] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  395.248171][ T6715] bond0 (unregistering): Released all slaves
[  395.420644][ T7348] 8021q: adding VLAN 0 to HW filter on device bond0
[  395.462510][ T7348] 8021q: adding VLAN 0 to HW filter on device team0
[  395.508740][ T7348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  395.576910][ T7348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  395.683836][ T7798] netlink: 'syz.4.370': attribute type 21 has an invalid length.
[  395.694283][ T7798] netlink: 'syz.4.370': attribute type 6 has an invalid length.
[  395.702239][ T7798] netlink: 132 bytes leftover after parsing attributes in process `syz.4.370'.
[  396.517612][ T7607] bridge0: port 1(bridge_slave_0) entered blocking state
[  396.524916][ T7607] bridge0: port 1(bridge_slave_0) entered forwarding state
[  396.618068][ T7800] netlink: 12 bytes leftover after parsing attributes in process `syz.0.371'.
[  396.629693][ T7607] bridge0: port 2(bridge_slave_1) entered blocking state
[  396.636903][ T7607] bridge0: port 2(bridge_slave_1) entered forwarding state
[  396.901088][ T6715] hsr_slave_0: left promiscuous mode
[  397.579870][ T6715] hsr_slave_1: left promiscuous mode
[  397.586033][ T6715] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.594299][ T6715] batman_adv: batadv0: Removing interface: batadv_slave_1
[  398.687150][ T6715] team0 (unregistering): Port device team_slave_1 removed
[  398.775748][ T6715] team0 (unregistering): Port device team_slave_0 removed
[  404.389691][ T5871] IPVS: starting estimator thread 0...
[  404.433391][ T7858] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  404.764585][ T7860] IPVS: using max 27 ests per chain, 64800 per kthread
[  405.205116][ T7866] overlayfs: failed to resolve 'fowner>00000000000000000000': -2
[  405.968811][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  405.977793][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  405.988293][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  406.051075][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  406.060307][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  408.238849][ T7874] netlink: 80 bytes leftover after parsing attributes in process `syz.4.385'.
[  409.873186][ T5819] Bluetooth: hci2: command tx timeout
[  412.121306][ T5819] Bluetooth: hci2: command tx timeout
[  412.833117][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  412.842839][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  412.851219][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  413.695952][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  413.709880][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  413.906099][ T7939] sctp: [Deprecated]: syz.0.392 (pid 7939) Use of struct sctp_assoc_value in delayed_ack socket option.
[  413.906099][ T7939] Use struct sctp_sack_info instead
[  414.194283][ T5824] Bluetooth: hci2: command tx timeout
[  414.356727][ T7929] lo speed is unknown, defaulting to 1000
[  414.366294][ T7929] lo speed is unknown, defaulting to 1000
[  414.373058][ T7929] lo speed is unknown, defaulting to 1000
[  414.530476][ T7929] infiniband syz0: set active
[  414.535578][ T7929] infiniband syz0: added lo
[  414.541937][ T7929] syz0: rxe_create_cq: returned err = -12
[  414.548108][ T7929] infiniband syz0: Couldn't create ib_mad CQ
[  414.554472][ T7929] infiniband syz0: Couldn't open port 1
[  414.579158][   T24] lo speed is unknown, defaulting to 1000
[  414.587471][ T7929] RDS/IB: syz0: added
[  414.592834][ T7929] smc: adding ib device syz0 with port count 1
[  414.599226][ T7929] smc:    ib device syz0 port 1 has pnetid 
[  414.688640][ T7929] lo speed is unknown, defaulting to 1000
[  414.807794][   T24] lo speed is unknown, defaulting to 1000
[  415.197356][ T7929] lo speed is unknown, defaulting to 1000
[  416.176972][ T5824] Bluetooth: hci0: command tx timeout
[  416.812008][ T5824] Bluetooth: hci2: command tx timeout
[  417.814219][ T7929] lo speed is unknown, defaulting to 1000
[  418.134967][ T7929] lo speed is unknown, defaulting to 1000
[  418.343439][ T7963] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  418.407648][ T7968] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  418.945261][ T5824] Bluetooth: hci0: command tx timeout
[  419.068703][ T7868] chnl_net:caif_netlink_parms(): no params data found
[  419.147821][ T7929] lo speed is unknown, defaulting to 1000
[  419.304203][ T7929] lo speed is unknown, defaulting to 1000
[  419.465464][ T7929] lo speed is unknown, defaulting to 1000
[  421.249413][ T5824] Bluetooth: hci0: command tx timeout
[  421.509331][ T7986] netlink: 192 bytes leftover after parsing attributes in process `syz.0.400'.
[  421.785506][ T1083] bridge_slave_1: left allmulticast mode
[  421.793350][ T1083] bridge_slave_1: left promiscuous mode
[  421.799686][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[  421.815063][ T1083] bridge_slave_0: left allmulticast mode
[  421.820902][ T1083] bridge_slave_0: left promiscuous mode
[  421.827851][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[  422.024714][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  422.477624][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  422.488299][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  422.500284][   T10] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  422.518625][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  422.527609][   T10] usb 3-1: SerialNumber: syz
[  423.097568][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  423.259626][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  423.312955][ T5824] Bluetooth: hci0: command tx timeout
[  423.422180][ T1083] bond0 (unregistering): Released all slaves
[  425.744570][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  425.744622][   T30] audit: type=1800 audit(2000000217.570:34): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.405" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  426.300177][   T10] usb 3-1: 0:2 : does not exist
[  426.307733][   T10] usb 3-1: unit 5: unexpected type 0x03
[  426.404513][   T10] usb 3-1: USB disconnect, device number 3
[  426.410961][ T7868] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.446346][ T7868] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.490621][ T7868] bridge_slave_0: entered allmulticast mode
[  426.531247][ T7868] bridge_slave_0: entered promiscuous mode
[  426.563520][ T7868] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.570943][ T7868] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.578571][ T8020] udevd[8020]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  427.103562][ T7868] bridge_slave_1: entered allmulticast mode
[  427.128764][ T7868] bridge_slave_1: entered promiscuous mode
[  427.354926][ T8034] loop0: detected capacity change from 0 to 7
[  427.739805][ T8020] Dev loop0: unable to read RDB block 7
[  427.807587][ T8020]  loop0: unable to read partition table
[  427.902063][ T8020] loop0: partition table beyond EOD, truncated
[  427.983001][ T8034] Dev loop0: unable to read RDB block 7
[  427.990957][ T8034]  loop0: unable to read partition table
[  428.005327][ T8034] loop0: partition table beyond EOD, truncated
[  428.015004][ T8034] loop_reread_partitions: partition scan of loop0 (�被x������ڬ��dƤ����ݡ�����
[  428.015004][ T8034] 
) failed (rc=-5)
[  428.249087][ T7868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.326391][ T1083] hsr_slave_0: left promiscuous mode
[  428.334461][ T1083] hsr_slave_1: left promiscuous mode
[  428.371368][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  428.387752][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  428.536544][ T8048] tmpfs: Bad value for 'nr_inodes'
[  428.549516][ T8048] overlayfs: failed to clone upperpath
[  428.728151][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  428.831453][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  429.902732][ T8055] netlink: 'syz.2.412': attribute type 2 has an invalid length.
[  429.910580][ T8055] netlink: 'syz.2.412': attribute type 1 has an invalid length.
[  431.009891][ T8060] overlayfs: missing 'workdir'
[  431.844505][ T7868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  431.897889][ T8061] bridge2: entered promiscuous mode
[  431.903358][ T8061] bridge2: entered allmulticast mode
[  432.429255][ T7926] chnl_net:caif_netlink_parms(): no params data found
[  433.320310][ T8075] netlink: 'syz.4.415': attribute type 10 has an invalid length.
[  433.430872][ T7868] team0: Port device team_slave_0 added
[  433.459116][ T7868] team0: Port device team_slave_1 added
[  434.095639][ T8075] 8021q: adding VLAN 0 to HW filter on device batadv0
[  434.108897][ T8075] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  434.915489][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  434.948644][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.020850][ T7868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  435.273658][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  435.280866][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.310139][ T7868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  435.313125][ T8103] qnx4: no qnx4 filesystem (no root dir).
[  435.410890][ T8103] ubi: mtd0 is already attached to ubi31
[  436.118574][ T5824] Bluetooth: hci4: Malformed HCI Event
[  436.153236][ T7868] hsr_slave_0: entered promiscuous mode
[  436.172189][ T8118] /dev/sg0: Can't lookup blockdev
[  436.204928][ T7868] hsr_slave_1: entered promiscuous mode
[  437.759786][ T7926] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.767183][ T7926] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.807994][ T7926] bridge_slave_0: entered allmulticast mode
[  437.834885][ T7926] bridge_slave_0: entered promiscuous mode
[  437.854613][ T8129] overlayfs: failed to clone lowerpath
[  437.867418][ T7926] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.884233][ T7926] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.894796][ T7926] bridge_slave_1: entered allmulticast mode
[  438.073881][ T7926] bridge_slave_1: entered promiscuous mode
[  438.176413][ T8132] netlink: 44 bytes leftover after parsing attributes in process `syz.4.427'.
[  439.365512][ T8140] overlayfs: failed to resolve './file1/file0': -2
[  440.325941][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  440.466211][ T8142] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  440.575762][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  442.451711][   T30] audit: type=1326 audit(2000000234.160:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.113927][   T30] audit: type=1326 audit(2000000234.160:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.135428][   T30] audit: type=1326 audit(2000000234.170:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.157344][   T30] audit: type=1326 audit(2000000234.180:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.179276][   T30] audit: type=1326 audit(2000000234.180:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.200879][   T30] audit: type=1326 audit(2000000234.200:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.222464][   T30] audit: type=1326 audit(2000000234.200:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.244109][   T30] audit: type=1326 audit(2000000234.200:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.267592][   T30] audit: type=1326 audit(2000000234.210:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.345961][   T30] audit: type=1326 audit(2000000234.210:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8153 comm="syz.2.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  443.382858][ T7926] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  443.489264][ T7926] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  443.678551][ T7926] team0: Port device team_slave_0 added
[  443.840695][ T7926] team0: Port device team_slave_1 added
[  444.167268][ T7926] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.276641][ T7926] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.325647][ T7926] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  444.372040][ T7926] batman_adv: batadv0: Adding interface: batadv_slave_1
[  444.379057][ T7926] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.442160][ T7926] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.915266][ T8178] overlayfs: failed to resolve 'fowner>00000000000000000000': -2
[  446.974134][ T7926] hsr_slave_0: entered promiscuous mode
[  446.980966][ T7926] hsr_slave_1: entered promiscuous mode
[  447.102192][ T7926] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  447.141290][ T7926] Cannot create hsr debugfs directory
[  448.410765][ T1083] bridge_slave_1: left allmulticast mode
[  448.421532][ T1083] bridge_slave_1: left promiscuous mode
[  449.142821][ T1083] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.203780][ T8219] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[  449.217548][ T1083] bridge_slave_0: left allmulticast mode
[  449.227932][ T1083] bridge_slave_0: left promiscuous mode
[  449.246666][ T1083] bridge0: port 1(bridge_slave_0) entered disabled state
[  450.437311][ T1083] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  450.459038][ T1083] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  450.485123][ T1083] bond0 (unregistering): Released all slaves
[  451.360170][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  451.360190][   T30] audit: type=1326 audit(2000000242.770:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  451.907500][   T30] audit: type=1326 audit(2000000242.770:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  451.930162][   T30] audit: type=1326 audit(2000000242.780:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  451.952650][   T30] audit: type=1326 audit(2000000242.780:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  451.975172][   T30] audit: type=1326 audit(2000000242.780:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  452.006215][   T30] audit: type=1326 audit(2000000242.790:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  452.107687][   T30] audit: type=1326 audit(2000000242.790:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  452.585460][   T30] audit: type=1326 audit(2000000242.790:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  452.621263][   T30] audit: type=1326 audit(2000000242.790:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  452.693836][   T30] audit: type=1326 audit(2000000242.790:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8232 comm="syz.2.450" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb8058e969 code=0x7ffc0000
[  453.741424][ T1083] hsr_slave_0: left promiscuous mode
[  453.768299][ T1083] hsr_slave_1: left promiscuous mode
[  453.781924][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_0
[  453.842055][ T1083] batman_adv: batadv0: Removing interface: batadv_slave_1
[  455.130799][ T1083] team0 (unregistering): Port device team_slave_1 removed
[  455.183663][ T1083] team0 (unregistering): Port device team_slave_0 removed
[  456.264560][ T7868] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  456.278612][ T7868] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  456.488428][ T7868] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  456.529962][ T7868] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  458.681704][ T7868] 8021q: adding VLAN 0 to HW filter on device bond0
[  458.860815][ T8328] netlink: 44 bytes leftover after parsing attributes in process `syz.2.472'.
[  459.457855][ T7868] 8021q: adding VLAN 0 to HW filter on device team0
[  459.571169][ T7926] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  459.630506][ T7926] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  459.659522][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  459.666850][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  459.705116][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.712378][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  459.765148][ T7926] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  459.796583][ T7926] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  460.125837][ T7926] 8021q: adding VLAN 0 to HW filter on device bond0
[  460.188296][ T7926] 8021q: adding VLAN 0 to HW filter on device team0
[  460.270835][ T7604] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.278155][ T7604] bridge0: port 1(bridge_slave_0) entered forwarding state
[  460.336628][ T7604] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.343917][ T7604] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.393863][ T7926] 8021q: adding VLAN 0 to HW filter on device batadv0
[  463.783044][ T5819] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  463.804952][ T5819] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  463.813738][ T5819] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  463.826510][ T5819] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  463.835245][ T5819] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  464.231005][ T8421] lo speed is unknown, defaulting to 1000
[  464.260096][ T8439] netlink: 'syz.2.505': attribute type 10 has an invalid length.
[  464.275247][ T8439] netlink: 40 bytes leftover after parsing attributes in process `syz.2.505'.
[  465.078293][ T7926] veth0_vlan: entered promiscuous mode
[  465.872270][ T5819] Bluetooth: hci2: command tx timeout
[  465.885185][ T7926] veth1_vlan: entered promiscuous mode
[  466.189527][   T13] bridge_slave_1: left allmulticast mode
[  466.207831][   T13] bridge_slave_1: left promiscuous mode
[  466.231363][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.334118][   T13] bridge_slave_0: left allmulticast mode
[  466.352492][   T13] bridge_slave_0: left promiscuous mode
[  466.375328][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.417656][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  467.432446][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  467.446526][   T13] bond0 (unregistering): Released all slaves
[  467.626185][ T7926] veth0_macvtap: entered promiscuous mode
[  467.666240][ T7926] veth1_macvtap: entered promiscuous mode
[  467.780510][ T7926] batman_adv: batadv0: Interface activated: batadv_slave_0
[  467.876184][ T7926] batman_adv: batadv0: Interface activated: batadv_slave_1
[  467.960996][ T5819] Bluetooth: hci2: command tx timeout
[  467.973031][ T8421] chnl_net:caif_netlink_parms(): no params data found
[  468.523681][   T13] hsr_slave_0: left promiscuous mode
[  468.561308][   T13] hsr_slave_1: left promiscuous mode
[  468.568641][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  468.668327][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  468.757537][ T8542] netlink: 'syz.2.533': attribute type 1 has an invalid length.
[  468.791281][ T8542] netlink: 17 bytes leftover after parsing attributes in process `syz.2.533'.
[  469.631441][ T8550] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  470.032486][ T5819] Bluetooth: hci2: command tx timeout
[  470.234680][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  470.245985][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  470.260262][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  470.270332][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  470.284759][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  470.378355][ T8567] netlink: 'syz.4.540': attribute type 75 has an invalid length.
[  470.480074][   T13] team0 (unregistering): Port device team_slave_1 removed
[  470.537107][   T13] team0 (unregistering): Port device team_slave_0 removed
[  470.967940][ T8421] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.991281][ T8421] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.998660][ T8421] bridge_slave_0: entered allmulticast mode
[  471.008510][ T8421] bridge_slave_0: entered promiscuous mode
[  471.017562][ T8421] bridge0: port 2(bridge_slave_1) entered blocking state
[  471.025534][ T8421] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.033271][ T8421] bridge_slave_1: entered allmulticast mode
[  471.043392][ T8421] bridge_slave_1: entered promiscuous mode
[  471.805772][ T8421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  471.825768][ T8421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  472.118542][ T5824] Bluetooth: hci2: command tx timeout
[  472.137321][ T8421] team0: Port device team_slave_0 added
[  472.236249][ T8421] team0: Port device team_slave_1 added
[  472.573230][ T5824] Bluetooth: hci0: command tx timeout
[  473.045711][ T8596] overlayfs: failed to clone upperpath
[  473.899884][ T8560] lo speed is unknown, defaulting to 1000
[  473.957351][ T8421] batman_adv: batadv0: Adding interface: batadv_slave_0
[  474.015045][ T8421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  474.091179][ T8421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  474.330565][ T8421] batman_adv: batadv0: Adding interface: batadv_slave_1
[  474.347685][ T8421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  474.432208][ T8421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  474.677678][ T5824] Bluetooth: hci0: command tx timeout
[  474.911724][ T8628] qnx4: no qnx4 filesystem (no root dir).
[  474.943533][ T8628] ubi: mtd0 is already attached to ubi31
[  475.548223][ T8637] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  475.617787][ T8421] hsr_slave_0: entered promiscuous mode
[  475.646544][ T8421] hsr_slave_1: entered promiscuous mode
[  475.940873][ T8652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.572'.
[  476.173664][ T8659] ubi: mtd0 is already attached to ubi31
[  476.751411][ T5824] Bluetooth: hci0: command tx timeout
[  477.075785][   T13] bridge_slave_1: left allmulticast mode
[  477.082725][   T13] bridge_slave_1: left promiscuous mode
[  477.088631][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.329251][   T13] bridge_slave_0: left allmulticast mode
[  477.335647][   T13] bridge_slave_0: left promiscuous mode
[  477.342506][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.751023][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.764950][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  478.775618][   T13] bond0 (unregistering): Released all slaves
[  478.849994][ T5824] Bluetooth: hci0: command tx timeout
[  479.052142][ T8560] chnl_net:caif_netlink_parms(): no params data found
[  479.294885][   T13] hsr_slave_0: left promiscuous mode
[  479.300881][   T13] hsr_slave_1: left promiscuous mode
[  479.307940][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  479.315686][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  479.326468][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  479.336394][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  479.359408][   T13] veth1_macvtap: left promiscuous mode
[  479.365385][   T13] veth0_macvtap: left promiscuous mode
[  479.371021][   T13] veth1_vlan: left promiscuous mode
[  479.377724][   T13] veth0_vlan: left promiscuous mode
[  479.847750][   T13] team0 (unregistering): Port device team_slave_1 removed
[  479.896766][   T13] team0 (unregistering): Port device team_slave_0 removed
[  480.450373][ T8560] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.458028][ T8560] bridge0: port 1(bridge_slave_0) entered disabled state
[  480.465839][ T8560] bridge_slave_0: entered allmulticast mode
[  480.475213][ T8560] bridge_slave_0: entered promiscuous mode
[  480.506184][ T8560] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.528939][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state
[  480.538636][ T8560] bridge_slave_1: entered allmulticast mode
[  480.549540][ T8560] bridge_slave_1: entered promiscuous mode
[  480.650098][ T8560] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  480.687951][ T8560] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  480.753580][ T8421] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  480.809532][ T8560] team0: Port device team_slave_0 added
[  480.816136][ T8421] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  480.829228][ T8421] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  480.855290][ T8560] team0: Port device team_slave_1 added
[  480.879908][ T8421] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  480.940026][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_0
[  480.947850][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  480.975023][ T8560] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.009804][ T8560] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.017837][ T8560] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.045563][ T8560] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  481.159666][ T8560] hsr_slave_0: entered promiscuous mode
[  481.167367][ T8560] hsr_slave_1: entered promiscuous mode
[  481.175500][ T8560] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  481.183770][ T8560] Cannot create hsr debugfs directory
[  481.226763][ T8421] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.357973][ T8421] 8021q: adding VLAN 0 to HW filter on device team0
[  481.398809][ T6219] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.406042][ T6219] bridge0: port 1(bridge_slave_0) entered forwarding state
[  481.448434][ T6219] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.455758][ T6219] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.916578][ T8421] 8021q: adding VLAN 0 to HW filter on device batadv0
[  482.104875][ T8560] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  482.145996][ T8560] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  482.157459][ T8560] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  482.189529][ T8560] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  482.349022][ T8560] 8021q: adding VLAN 0 to HW filter on device bond0
[  482.383323][ T8560] 8021q: adding VLAN 0 to HW filter on device team0
[  482.405706][ T7607] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.412951][ T7607] bridge0: port 1(bridge_slave_0) entered forwarding state
[  482.444275][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  482.451500][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  482.558701][ T8421] veth0_vlan: entered promiscuous mode
[  482.595801][ T8421] veth1_vlan: entered promiscuous mode
[  482.669949][ T8421] veth0_macvtap: entered promiscuous mode
[  482.697982][ T8421] veth1_macvtap: entered promiscuous mode
[  482.746376][ T8421] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.785566][ T8421] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.822007][ T8421] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.838997][ T8421] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.848340][ T8421] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.857514][ T8421] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  482.976810][ T8560] 8021q: adding VLAN 0 to HW filter on device batadv0
[  483.028304][ T1083] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.057098][ T1083] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.133695][ T6219] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.145899][ T6219] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.782165][ T8773] loop2: detected capacity change from 0 to 7
[  484.065713][ T8773] Dev loop2: unable to read RDB block 7
[  484.071710][ T8773]  loop2: AHDI p2 p3
[  484.076000][ T8773] loop2: partition table partially beyond EOD, truncated
[  484.085275][ T8773] loop2: p2 size 150995456 extends beyond EOD, truncated
[  484.443284][ T8560] veth0_vlan: entered promiscuous mode
[  484.457214][ T8560] veth1_vlan: entered promiscuous mode
[  484.569295][ T8144] udevd[8144]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  484.639299][ T8782] netlink: 8 bytes leftover after parsing attributes in process `syz.2.591'.
[  484.679408][ T8782] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  484.684550][ T8560] veth0_macvtap: entered promiscuous mode
[  484.695592][ T8782] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  485.243609][ T8784] netlink: 60 bytes leftover after parsing attributes in process `syz.4.592'.
[  485.262694][ T8779] netlink: 60 bytes leftover after parsing attributes in process `syz.4.592'.
[  485.314145][ T8560] veth1_macvtap: entered promiscuous mode
[  485.438122][ T8560] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.494522][ T8560] batman_adv: batadv0: Interface activated: batadv_slave_1
[  485.515141][ T8560] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  485.583206][ T8560] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  485.594690][ T8560] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  485.603956][ T8560] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  485.968003][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.005338][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.137328][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.174916][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.847732][ T8839] netlink: 4 bytes leftover after parsing attributes in process `syz.2.616'.
[  488.193253][ T8846] sctp: [Deprecated]: syz.5.618 (pid 8846) Use of struct sctp_assoc_value in delayed_ack socket option.
[  488.193253][ T8846] Use struct sctp_sack_info instead
[  488.469705][ T8846] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=167772160 (335544320 ns) > initial count (40 ns). Using initial count to start timer.
[  489.642318][ T8868] netlink: 8 bytes leftover after parsing attributes in process `syz.0.623'.
[  489.698227][ T8869] netlink: 4 bytes leftover after parsing attributes in process `syz.5.622'.
[  490.088847][ T8880] wireguard: wg1: Could not create IPv4 socket
[  491.540278][ T8908] netlink: 4 bytes leftover after parsing attributes in process `syz.4.636'.
[  492.388805][ T8939] netlink: 24 bytes leftover after parsing attributes in process `syz.2.646'.
[  492.664765][ T8949] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  492.700018][ T8949] batadv_slave_0: entered promiscuous mode
[  492.715627][ T8949] batadv_slave_0: entered allmulticast mode
[  494.473368][ T9017] qnx4: no qnx4 filesystem (no root dir).
[  494.484614][ T9017] ubi: mtd0 is already attached to ubi31
[  495.397171][ T9029] 8021q: adding VLAN 0 to HW filter on device batadv1
[  495.433595][ T9029] team0: Port device batadv1 added
[  495.604878][ T9041] binder: 9040:9041 ioctl 4018620d 0 returned -22
[  495.663741][ T9043] syzkaller1: entered allmulticast mode
[  495.921370][ T9054] �: renamed from bond_slave_0 (while UP)
[  496.601535][   T43] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  496.634295][ T9087] Driver unsupported XDP return value 0 on prog  (id 164) dev N/A, expect packet loss!
[  496.789409][ T9092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.698'.
[  496.802469][   T43] usb 7-1: Using ep0 maxpacket: 32
[  496.830802][   T43] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  496.839429][   T43] usb 7-1: config 0 has no interface number 0
[  496.880241][   T43] usb 7-1: config 0 interface 12 has no altsetting 0
[  496.904759][   T43] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  496.921465][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.932244][   T43] usb 7-1: Product: syz
[  496.936597][   T43] usb 7-1: Manufacturer: syz
[  496.979533][   T43] usb 7-1: SerialNumber: syz
[  497.023634][   T43] usb 7-1: config 0 descriptor??
[  497.276449][   T43] f81534 7-1:0.12: f81534_set_register: reg: 1002 data: 3 failed: -71
[  497.306058][   T43] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[  497.331155][   T43] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  497.355901][   T43] f81534 7-1:0.12: probe with driver f81534 failed with error -71
[  497.398548][   T43] usb 7-1: USB disconnect, device number 2
[  497.757031][ T9117] syz_tun: entered allmulticast mode
[  497.790651][ T9117] dvmrp1: entered allmulticast mode
[  497.839458][ T9120] netlink: 'syz.2.708': attribute type 39 has an invalid length.
[  498.106049][ T9120] syz_tun (unregistering): left allmulticast mode
[  498.859784][ T9154] netlink: 16 bytes leftover after parsing attributes in process `syz.4.724'.
[  499.441201][   T43] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  499.607215][ T9186] netlink: 12 bytes leftover after parsing attributes in process `syz.2.738'.
[  499.621256][   T43] usb 7-1: Using ep0 maxpacket: 8
[  499.669547][   T43] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  499.701254][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  499.728553][   T43] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  499.781204][   T43] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  499.806371][   T43] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  499.816023][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  500.022929][ T5874] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  500.118482][   T43] usb 7-1: GET_CAPABILITIES returned 0
[  500.144300][   T43] usbtmc 7-1:16.0: can't read capabilities
[  500.284175][ T9206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.745'.
[  500.325172][   T43] usb 7-1: USB disconnect, device number 3
[  500.360453][ T9204] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  500.461589][ T5874] usb 6-1: Using ep0 maxpacket: 32
[  500.474592][ T5874] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 57, changing to 9
[  500.508917][ T5874] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  500.550040][ T5874] usb 6-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.40
[  500.571754][ T5874] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.579808][ T5874] usb 6-1: Product: syz
[  500.611263][ T5874] usb 6-1: Manufacturer: syz
[  500.615931][ T5874] usb 6-1: SerialNumber: syz
[  500.879415][ T5824] Bluetooth: hci0: unknown advertising packet type: 0x7f
[  500.879499][ T5824] Bluetooth: hci0: unknown advertising packet type: 0x24
[  500.887185][ T5824] Bluetooth: hci0: Dropping invalid advertising data
[  500.903250][ T5824] Bluetooth: hci0: unknown advertising packet type: 0x50
[  500.903280][ T5824] Bluetooth: hci0: unknown advertising packet type: 0x05
[  500.910461][ T5824] Bluetooth: hci0: unknown advertising packet type: 0x0e
[  500.917764][ T5824] Bluetooth: hci0: Malformed LE Event: 0x02
[  500.955877][ T5874] usbhid 6-1:1.0: can't add hid device: -71
[  501.000067][ T5874] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[  501.106920][ T5874] usb 6-1: USB disconnect, device number 2
[  501.349935][ T9237] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.389922][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  501.389941][   T30] audit: type=1326 audit(2000000293.290:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  501.468388][   T30] audit: type=1326 audit(2000000293.290:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  501.516040][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.6.756'.
[  501.566661][   T30] audit: type=1326 audit(2000000293.290:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  501.637781][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  501.644651][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  501.655205][ T9244] netlink: 4 bytes leftover after parsing attributes in process `syz.6.756'.
[  501.695321][   T30] audit: type=1326 audit(2000000293.290:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  501.815013][ T9247] netlink: 4 bytes leftover after parsing attributes in process `syz.5.757'.
[  501.846667][   T30] audit: type=1326 audit(2000000293.290:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  501.978187][ T9248] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  501.982421][   T30] audit: type=1326 audit(2000000293.290:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  502.152095][ T9251] netlink: 'syz.6.759': attribute type 1 has an invalid length.
[  502.159809][ T9251] netlink: 228 bytes leftover after parsing attributes in process `syz.6.759'.
[  502.188844][   T30] audit: type=1326 audit(2000000293.290:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  502.242344][ T9254] Bluetooth: MGMT ver 1.23
[  504.032485][   T30] audit: type=1326 audit(2000000293.290:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  504.088833][   T30] audit: type=1326 audit(2000000293.290:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9006b2ab39 code=0x7ffc0000
[  504.115320][   T30] audit: type=1326 audit(2000000293.320:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9226 comm="syz.4.752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9006b8e969 code=0x7ffc0000
[  504.180994][ T5931] libceph: connect (1)[c::]:6789 error -101
[  504.215649][ T5931] libceph: mon0 (1)[c::]:6789 connect error
[  504.313917][ T9256] ceph: No mds server is up or the cluster is laggy
[  504.723661][ T9290] netlink: 4 bytes leftover after parsing attributes in process `syz.6.765'.
[  505.083609][ T9299] netlink: 36 bytes leftover after parsing attributes in process `syz.0.770'.
[  507.169782][   T30] kauditd_printk_skb: 58 callbacks suppressed
[  507.169802][   T30] audit: type=1326 audit(2000000299.070:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9358 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fa58e969 code=0x7ffc0000
[  507.237634][   T30] audit: type=1326 audit(2000000299.070:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9358 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f04fa58e969 code=0x7ffc0000
[  507.308174][   T30] audit: type=1326 audit(2000000299.070:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9358 comm="syz.6.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f04fa58e969 code=0x7ffc0000
[  507.631356][ T5824] Bluetooth: hci0: command tx timeout
[  508.061919][ T5931] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  508.227336][ T5931] usb 7-1: Using ep0 maxpacket: 8
[  508.271519][ T5931] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  508.300624][ T5931] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  508.344584][ T5931] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  508.373219][ T5931] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  508.396694][ T5931] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  508.421398][ T5931] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.600738][ T9421] netlink: 'syz.2.814': attribute type 1 has an invalid length.
[  508.685830][ T5931] usb 7-1: GET_CAPABILITIES returned 0
[  508.697187][ T5931] usbtmc 7-1:16.0: can't read capabilities
[  508.785213][ T9421] 8021q: adding VLAN 0 to HW filter on device bond2
[  508.871767][ T9426] bond2: (slave gretap1): making interface the new active one
[  508.895126][ T9426] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  508.899872][ T5874] usb 7-1: USB disconnect, device number 4
[  510.017883][ T9473] 9pnet_fd: Insufficient options for proto=fd
[  510.142038][   T43] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  510.319063][   T43] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.349992][   T43] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  510.377987][   T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  510.387904][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.400771][   T43] usb 3-1: Product: syz
[  510.427085][   T43] usb 3-1: Manufacturer: syz
[  510.434066][   T43] usb 3-1: SerialNumber: syz
[  510.480147][   T43] cdc_mbim 3-1:1.0: skipping garbage
[  510.688436][ T9468] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  511.331524][ T9468] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  511.364606][   T43] cdc_mbim 3-1:1.0: setting tx_max = 184
[  511.401752][   T43] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device
[  511.461576][   T43] wwan wwan0: port wwan0mbim0 attached
[  511.524159][   T43] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 32:6f:c5:da:89:d9
[  511.535884][ T9511] netlink: 8 bytes leftover after parsing attributes in process `syz.6.838'.
[  511.623327][   T43] usb 3-1: USB disconnect, device number 4
[  511.630741][   T43] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM
[  511.945253][   T43] wwan wwan0: port wwan0mbim0 disconnected
[  513.598483][ T9593] af_packet: tpacket_rcv: packet too big, clamped from 126 to 4294967286. macoff=82
[  513.771227][ T5931] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  514.001225][ T5931] usb 3-1: Using ep0 maxpacket: 16
[  514.049103][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.084469][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.122474][ T5931] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  514.200432][ T5931] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  514.386558][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  514.799048][ T5931] usb 3-1: config 0 descriptor??
[  515.261009][ T5931] HID 045e:07da: Invalid code 65791 type 1
[  515.318737][ T5931] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0002/input/input9
[  515.420792][ T5931] microsoft 0003:045E:07DA.0002: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  515.518976][ T5931] usb 3-1: USB disconnect, device number 5
[  515.692602][ T9647] fido_id[9647]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  515.874416][ T9654] 9pnet_fd: Insufficient options for proto=fd
[  516.731321][ T5874] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  516.901332][ T5874] usb 3-1: Using ep0 maxpacket: 8
[  516.951466][ T5874] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  516.994664][ T5874] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  517.026921][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  517.083879][ T5874] usb 3-1: config 0 descriptor??
[  517.325699][ T5874] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  517.791757][ T5874] usb 3-1: USB disconnect, device number 6
[  517.903550][ T9721] netlink: 'syz.4.899': attribute type 1 has an invalid length.
[  517.962174][ T9721] bond2: (slave gretap1): making interface the new active one
[  517.971795][ T9721] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  518.114544][ T9724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.900'.
[  518.254758][ T9729] netlink: 'syz.0.901': attribute type 10 has an invalid length.
[  518.390591][ T9729] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  518.925391][ T9755] netlink: 9 bytes leftover after parsing attributes in process `syz.6.909'.
[  518.982304][ T9755] gretap0: entered promiscuous mode
[  518.986359][ T9756] netlink: 5 bytes leftover after parsing attributes in process `syz.6.909'.
[  519.115392][ T9756] 0�X��D: renamed from gretap0
[  519.239966][ T9764] qnx4: no qnx4 filesystem (no root dir).
[  519.286341][ T9764] ubi: mtd0 is already attached to ubi31
[  519.588789][ T9756] 0�X��D: left promiscuous mode
[  519.646791][ T9756] 0�X��D: entered allmulticast mode
[  519.670628][ T9756] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  519.989100][ T9774] syz.5.916 (9774): /proc/9773/oom_adj is deprecated, please use /proc/9773/oom_score_adj instead.
[  520.589176][ T9798] ==================================================================
[  520.597343][ T9798] BUG: KASAN: use-after-free in __crypto_shash_import+0x26a/0x2a0
[  520.605219][ T9798] Write of size 1 at addr ffff88815ff39b47 by task syz.6.924/9798
[  520.613147][ T9798] 
[  520.615526][ T9798] CPU: 1 UID: 0 PID: 9798 Comm: syz.6.924 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  520.615554][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  520.615572][ T9798] Call Trace:
[  520.615581][ T9798]  <TASK>
[  520.615593][ T9798]  dump_stack_lvl+0x189/0x250
[  520.615627][ T9798]  ? __virt_addr_valid+0x1c8/0x5c0
[  520.615656][ T9798]  ? rcu_is_watching+0x15/0xb0
[  520.615680][ T9798]  ? __kasan_check_byte+0x12/0x40
[  520.615708][ T9798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  520.615736][ T9798]  ? rcu_is_watching+0x15/0xb0
[  520.615759][ T9798]  ? lock_release+0x4b/0x3e0
[  520.615782][ T9798]  ? __virt_addr_valid+0x1c8/0x5c0
[  520.615808][ T9798]  ? __virt_addr_valid+0x4a5/0x5c0
[  520.615836][ T9798]  print_report+0xd2/0x2b0
[  520.615860][ T9798]  ? __crypto_shash_import+0x26a/0x2a0
[  520.615891][ T9798]  kasan_report+0x118/0x150
[  520.615926][ T9798]  ? __local_bh_enable_ip+0x12d/0x1c0
[  520.615953][ T9798]  ? __crypto_shash_import+0x26a/0x2a0
[  520.615991][ T9798]  __crypto_shash_import+0x26a/0x2a0
[  520.616027][ T9798]  crypto_shash_import+0x84/0x230
[  520.616062][ T9798]  hash_accept+0x1fb/0x280
[  520.616090][ T9798]  do_accept+0x48c/0x680
[  520.616115][ T9798]  ? __pfx_do_accept+0x10/0x10
[  520.616148][ T9798]  __sys_accept4+0x11c/0x1c0
[  520.616170][ T9798]  ? __pfx___sys_accept4+0x10/0x10
[  520.616198][ T9798]  __x64_sys_accept4+0x9a/0xb0
[  520.616221][ T9798]  do_syscall_64+0xf6/0x220
[  520.616245][ T9798]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  520.616268][ T9798]  ? clear_bhb_loop+0x60/0xb0
[  520.616291][ T9798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  520.616312][ T9798] RIP: 0033:0x7f04fa58e969
[  520.616338][ T9798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  520.616356][ T9798] RSP: 002b:00007f04fb479038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  520.616378][ T9798] RAX: ffffffffffffffda RBX: 00007f04fa7b5fa0 RCX: 00007f04fa58e969
[  520.616394][ T9798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  520.616406][ T9798] RBP: 00007f04fa610ab1 R08: 0000000000000000 R09: 0000000000000000
[  520.616418][ T9798] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
[  520.616430][ T9798] R13: 0000000000000000 R14: 00007f04fa7b5fa0 R15: 00007ffdd26d7818
[  520.616453][ T9798]  </TASK>
[  520.616461][ T9798] 
[  520.851745][ T9798] The buggy address belongs to the physical page:
[  520.858244][ T9798] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15ff39
[  520.867096][ T9798] flags: 0x57ff00000000000(node=1|zone=2|lastcpupid=0x7ff)
[  520.874335][ T9798] raw: 057ff00000000000 ffffea00057fce48 ffffea00057fce48 0000000000000000
[  520.882939][ T9798] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  520.891718][ T9798] page dumped because: kasan: bad access detected
[  520.898157][ T9798] page_owner info is not present (never set?)
[  520.904251][ T9798] 
[  520.906577][ T9798] Memory state around the buggy address:
[  520.912213][ T9798]  ffff88815ff39a00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  520.920278][ T9798]  ffff88815ff39a80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  520.928370][ T9798] >ffff88815ff39b00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  520.936437][ T9798]                                            ^
[  520.942638][ T9798]  ffff88815ff39b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  520.950828][ T9798]  ffff88815ff39c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  520.958908][ T9798] ==================================================================
[  521.001593][ T9798] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  521.008873][ T9798] CPU: 0 UID: 0 PID: 9798 Comm: syz.6.924 Not tainted 6.15.0-syzkaller-01972-g914873bc7df9 #0 PREEMPT(full) 
[  521.020424][ T9798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  521.030499][ T9798] Call Trace:
[  521.033783][ T9798]  <TASK>
[  521.036722][ T9798]  dump_stack_lvl+0x99/0x250
[  521.041614][ T9798]  ? __asan_memcpy+0x40/0x70
[  521.046212][ T9798]  ? __pfx_dump_stack_lvl+0x10/0x10
[  521.051417][ T9798]  ? __pfx__printk+0x10/0x10
[  521.056023][ T9798]  panic+0x2db/0x790
[  521.059929][ T9798]  ? __pfx_panic+0x10/0x10
[  521.064374][ T9798]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  521.070271][ T9798]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  521.076602][ T9798]  ? print_memory_metadata+0x314/0x400
[  521.082070][ T9798]  ? __crypto_shash_import+0x26a/0x2a0
[  521.087560][ T9798]  check_panic_on_warn+0x89/0xb0
[  521.092505][ T9798]  ? __crypto_shash_import+0x26a/0x2a0
[  521.097980][ T9798]  end_report+0x78/0x160
[  521.102237][ T9798]  kasan_report+0x129/0x150
[  521.106744][ T9798]  ? __local_bh_enable_ip+0x12d/0x1c0
[  521.112122][ T9798]  ? __crypto_shash_import+0x26a/0x2a0
[  521.117614][ T9798]  __crypto_shash_import+0x26a/0x2a0
[  521.122928][ T9798]  crypto_shash_import+0x84/0x230
[  521.127998][ T9798]  hash_accept+0x1fb/0x280
[  521.132430][ T9798]  do_accept+0x48c/0x680
[  521.136865][ T9798]  ? __pfx_do_accept+0x10/0x10
[  521.141655][ T9798]  __sys_accept4+0x11c/0x1c0
[  521.146257][ T9798]  ? __pfx___sys_accept4+0x10/0x10
[  521.151381][ T9798]  __x64_sys_accept4+0x9a/0xb0
[  521.156169][ T9798]  do_syscall_64+0xf6/0x220
[  521.160692][ T9798]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  521.166862][ T9798]  ? clear_bhb_loop+0x60/0xb0
[  521.171547][ T9798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.177442][ T9798] RIP: 0033:0x7f04fa58e969
[  521.181873][ T9798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.201482][ T9798] RSP: 002b:00007f04fb479038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  521.209906][ T9798] RAX: ffffffffffffffda RBX: 00007f04fa7b5fa0 RCX: 00007f04fa58e969
[  521.217884][ T9798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  521.225866][ T9798] RBP: 00007f04fa610ab1 R08: 0000000000000000 R09: 0000000000000000
[  521.233852][ T9798] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000000
[  521.241946][ T9798] R13: 0000000000000000 R14: 00007f04fa7b5fa0 R15: 00007ffdd26d7818
[  521.249963][ T9798]  </TASK>
[  521.253324][ T9798] Kernel Offset: disabled
[  521.257695][ T9798] Rebooting in 86400 seconds..