last executing test programs:

9m20.728686277s ago: executing program 4 (id=5):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x20080)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000100)={0x3, 0x0, 0x98, &(0x7f0000000040)={0x2, 0x0, 0x5}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000180), 0x2, 0x1c1142)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_usbip_server_init(0x1)
name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1200)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDSIGACCEPT(r3, 0x5607, 0x38)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r4, 0x4b3a, 0x1)
ioctl$TCXONC(r4, 0x4b3a, 0x2)
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$dri(&(0x7f0000000200), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r7=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000480)={&(0x7f00000003c0)=[<r8=>0x0, 0x0], &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2, 0x0, 0xbbbbbbbb})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x0, 0x1, &(0x7f00000000c0)=[r5], &(0x7f0000000040)=[0x2], &(0x7f0000000240)=[r8, r8], &(0x7f0000000340)})
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000340), 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

9m14.71932472s ago: executing program 4 (id=21):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, 0x0, 0x0, 0x4000014, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xb3, &(0x7f0000000140)=""/179, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f0000002540)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$can_bcm(0x1d, 0x2, 0x2)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d1bf91b4d090955f70e06d038e7ff7fc6e5539b0d3f0e8b089b3f35076e090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x96d)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
recvmmsg(r0, 0x0, 0x0, 0x120, 0x0)
openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/ignore_tunneled\x00', 0x2, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080), 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x8, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, {0xa, 0x0, 0x8, @remote}, r6}}, 0x48)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r5, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {0x0, r6, r5}}, 0x18)
close_range(r4, 0xffffffffffffffff, 0x400000000000000)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)

9m13.625382329s ago: executing program 4 (id=23):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$FIONREAD(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
dup(r3)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x2, 0x3fc, 0x0, 0x32}, 0x9c)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000ffa000/0x4000)=nil)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40046f41, &(0x7f0000000440)=0x1f)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000200)={0x20000001})
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

8m57.658536572s ago: executing program 32 (id=23):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$FIONREAD(r0, 0x541b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
dup(r3)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x2, 0x3fc, 0x0, 0x32}, 0x9c)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000ffa000/0x4000)=nil)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40046f41, &(0x7f0000000440)=0x1f)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000200)={0x20000001})
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

4m35.18654312s ago: executing program 1 (id=789):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1d}, {0x85, 0x0, 0x0, 0x15}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000001000000000000000f0ffffffffffffff10"])

4m34.677410084s ago: executing program 1 (id=792):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f00000000c0)={0x1d, 0x5, 0xe})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000009f02"])

4m34.331050003s ago: executing program 1 (id=797):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000000c0)=0x13)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)="89", 0x1}], 0x1)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000340)={0xff02, 0x2000, 0x1ff, 0x80d, 0x5, "5f730000a9003f00"})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x5f)

4m33.857404299s ago: executing program 1 (id=799):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0xc0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r0, &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000001dc0)={0xb, 0x2, 0x80000}, 0x20)

4m33.593982219s ago: executing program 1 (id=802):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$FIONREAD(r1, 0x541b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
dup(r4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
mremap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000ffa000/0x4000)=nil)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40046f41, &(0x7f0000000440)=0x1f)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, &(0x7f0000000200)={0x20000001})
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

4m33.108366021s ago: executing program 1 (id=804):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/cpuinfo\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)

4m32.348767292s ago: executing program 33 (id=804):
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/cpuinfo\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x20000023896)

2m1.361388968s ago: executing program 0 (id=1586):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000700)="21c5741a6d8ef804a1c59b401e5990077d19e5fc59120021a7fe1b7902f131746373376ba35a950f8e92e27d9cfc0700045c684389325170000800f0f670d8c724ab5402f8e6756519d9aeb0308afab97ade71e4becb38f92af4becf714d58133961183c2f390796822160dcb995ee4f66ffb790bbd713cb3e7e55364d3acfa4919287b879cc97e36b9db8efd58ecefe395dec0b60cef1c6b166c7717867ee0065ccbb34b9d7897e3ccbd52ddafbaedbe43554a138f65b33e6ece01aef2fb8becfab8dba133539b1b6d9187b2111e97a13aca332c6944bca9e527d05bee65909b0e713a98ada611e7baff0d5e6cf3ef119639dcc1e457a0f1e83c5f32dc771bb7ff57153072d7301fc1aa26d8398ee68a35b1072671a2a9c830fbf491d04c8160df2109aeb2e43fbcdd87c55f67ca50acf8ab4d2f6a85e472b46381a7e3b0c02c42b64", 0x143}, {&(0x7f0000000380)="73d363f9dbb5da6239915a34e7cc1300d9113e25000a5669dfcaab1f0ac1144542817a08cd23b01380a4f40d612629d3c33c831f627a9095120e3dace54d1623009a92534faf7cba447bd69f9f2ff265ae56da5f8bf55abf216b3ca6672236cef9dbe064566f6cc3597655ddd57307ebcee99547df87ceceb660e453ae7b", 0x7e}, {&(0x7f0000000400)="7049ca359c10ce605372d30a35897c8249edcd86", 0x14}, {&(0x7f0000001300)="c77320d1673630e3b6aac4f6f30f8625ef6bf58ebcc7e776de861740fa967027721f7e6d9fa6c75b673d7fa3549c49b95507822749b08eff92977746512014394a495ab4fba2b053510061b51e6bb5a457bdb3e5882aea7778e05d8e3f8f124ea9c36b7a9c7c62e338dea60274586e1a562817171a4578751cc5c9697ddabf3a9ae1a63b708a321706074aee826db65e33b716d346099764493345173b2a0152e785ff1500fa0370202f152bb587f4e3d3086d7ae82250d41520f8a23b76f3f89f029d647793033cb80f0c0432c0345c6e38fcfbd327c1c71bd0bdd6c569ce54ac72df0a8180b2e50cf1f71fa7cfe5a47420e08fe1251adf29804935333e439c41ea7a48058d188b7494b242a1484574606838bb11858fc0ea34c3aaf34d228646966a2507beb919ea41fa4eab9df1053600b160ea3ca3782269d031944a0c21817ab2d62993c541c04a244b9c6d6b6e6d89eb565ff38925b96ada10664ff6b05dd29c24ca47f52370a2d51c5eb1dd6b62e32484b6ccb5697abb0007de2ded5c69bd27cea7d61d8b405b431fa0cb158ede2c732ef3e956c9fb72a502dd5707855d6c1403dea7d789406c01cb88b392f0534d51bb4abad193ac9fa2e98eaf62aabe3642fed41c0a1de7eff90ae16177fe4e08e2670f969dc450fe518e7f3b8d570c81b9a0efe189f0f0ee93fa59e5cc48e54284ee472e66fffc2ff291b2fa1e94212e655c6681c449d28f2ea01093ca39f6010ce685acf53ac1428e8d23069eb5e024c2af11ee5b02c8d602ad403a2da955144dca095b6c34bd32626a98fcd38d81b94ac6f69f3286c278a464c33253c69514ecbfe37859382e8ed1ff0218c932e18e5b528c8fd740d07d60cd20ed74e51c536158ebb1bdd4aa88e2cfb3ced8508be050c42a7e281da7f95f54a327e74364ece4707e36d6af22b8a19440b4045fd739e16fd1a33da7c95d27c46e93fc5f4310529c2ec91e4f6a9efb415b9b023bb3bec8ee38ac9e0a7253a11641fcc9b9d2d54d5d444c9226e2b15976e4a09b12dff54452f141aea3cc9aecd3fc3699c10e2355ffaa8745d2233605ce245b38b4cde55885e84b9e862e115ba818a6ddf19d8ea84d7eb655da69ca326917048b693b9465847989e8ad49ce47c14e57620ceedd1f96d7d2b676d285adc8170e8fd91b351fce4bbc407825b55209397da047ae62482beb117f5c060caed7a306ce95b10f5cf24dfb03cdcde0d07347488d299a1a496cd81c50c2749428531b4273bb7c86786816a4cba815a4d68d6da4d30f513d413b00cdf64b87772bf39fb04869be16c30e04447797fa47033e02ab2372e9c38f40635bc9f611a36d8e1465435931df341ce423ec8ff13fba59f23906641ed8427ebbee1618c5725b7f442f593377f9a4f53361d8d38226d0fa41fa2f7a3e5323383c480aaa15729dca2b03bcf62e232633a78110863f24018e82b64b8b011fa0a33fb9de4b25d1faea577b509b28df8c7d6988d43dca62d413cb8f03d9721efb751b174e39ac9b5dc7fcdcae6e8ea77e0f7760c2a665667f07aee356741ca02366fcb1bb3ca8184704045811c17613beaeacb05a51eb34adbf6b6d3fc596bef6e29e4236c5105b6ef379e6fe6e4d5dca5a5b331f18997741688e48ebc9d0ca5182c483d888da780e6e8a403254c89b0438db3354b9c32bdcee26f276dd7daad6a6865d7da625cc470657cbdd050045151cd03a9b9a7472718e7b884a60ad925720cea1f89617d40e6e27cb8991456f9c6dfde30cbd1125c7fea62c73bd205b6a232c0a11fb8b23bb10af465a07b31fc2f5dc79f0d4083d360c5d2763ff0680c054fcc5d17a243a665d2984f2ff4ac90ed84fddc4519ec7e83ce721352371753cd0cafbafb7ee23d9b9b367a1e3ceb771edb6cabb1ad3986f5afe969dbd92e3a72896bc33e5dd6b34a462e697245974250bb29b37ea4e04c060abe24aae4f1f613d65018bc41b1d9ec5c3f6d77b59fc42706c87f08094571dbc4bdcf3ec4b6df3a12d12a9f19e464059771d2207feef999c3e05fbfe3e2d8248ec2a88e1b711c6ef495b8f5ac672037ff4f48828edda9c23a28a2b4a86f63f8e4fe5f4781f49b2ed3921fd102e9cc68cd0ef43c7e625fb4ec599490d3aee627b12fbdadacf86ab9d3bf42f93343c1866afef9531d4e36a6f67a3a10b438f62bdbbd2b844ca43602650a570027876cc4a71a18194df3b9da478e954c3b9df94599630e911d78c48cac765f589c4f9472c6c4055ac1d156b7032a3cf31ddbe1d1bb3e2e1e037f2efad35c174d08d71629a5eba8ccbe0b8174eaaa743720adef9b65bad719944ba1765c591e65dbb49ee18dbfc7e728ddc9ccac53a3f5527f0306a54c7d04a9954715d87bac09c1bf21f1999f94b8193c97d6a02f0b80f581d4dee3ccd923ea82256964df942a417853186a0fdecfef475c072a0a4ac7a8f73316eed34ba1ee6e3bd3b65d94f3ba6f5e9b9744d5342d5eaa40d21583a96886f0555d5bcb8139137a7c0d19d222486495cecbc444fa375d3be86d08fadf3be102b3e5925cc13dbaa8af0cce449c6d78a95b98898d7b889df5f3160ec3fe474ea0447d3bb012e27165b6b45707f6c97c84dbb241fc22e8173fa45aed32307af8bf8ed58dffd75088738977a439e5a5599cfcc610de995fffae8cb2725967d0ec37dbfc1c1b9934ba00c14137b2167ad713b233b4dadbb6353d3674289e28525a385d53a111fefe7caad67c675f12d7900a9e4d1f5aa9f010a42272742d594348a4c1daf36b7dd653af1142735d6957a8cc2afd4d4f2ecb2cd2e083185e490a8d8e5dd68ebac3c1d56b225742b68c8982e38f565c4af131a285429c25659e493c3b2349567399fb0c88cd21fcb4ad8dcc8c97c72f7c4b7032ad4e5c5cd9c605108924916452507b43cc208e15fea7465c18f2033e14ebaee78ce2c7bf82ed0bc1618e49f7d10f7023bcd99525efd6d803b77d4371783e853236520048f7eba5af9445fb6fefa91b52c10353add665744c7f2a7ddee11d25872f6a03b1b4fe1e9b7568b9f1952b3d86020387197280ff3da0eee61425598cee84485fd683fdb4641cad253245e8448ab1d9acd3813a67e6cd0f2168fbe3d05533ae00a96a7cfec971b5cc6b3d5e192f1b877e99c1362059725aad83c0198957c899bbb6aa8e17473431d5d466e36e6ca33f39918e39fd997f1c1d9e65d3a18ba217860b3818fb8c9988cbd350f49688c86dbe483f274d6b2dd4b2ee1e9cd692d328ec2d8daa2f629b6054a05356cd959c021de0772b4e5838e324703431a7d74af63ac8eda79e897307c54ee00349dacb33305ca33d5c5a6d08d31f2c0e6e2a649eef18cf485dd85904c91ef2b1420fae337be26b30403b7e500a406a2706473b2e1c4e8d024686f064bcda902ec7ce263c38485e2266b7f71df2477d1db9338918125b17b9df9f722e1aa62717daf29548af57dd4d6a394fdeef21552e0f743f1cb6df040c231775a29d21304c7c43eeab423a8f0fc68bc637d6ab048d5db7abddf9d7f1922268356e66b91cf4d39a2919c17ddd15652b0967f6a0a02d189b932757d7b9e08435f6d2bd2f9d64504c622e8ee52e1fa9061ad698267d41153aab3ad1eb91727ff22d08c81e6be4e085b4159c4996e542fb8d98ada3cf1e8390861f2a7c3981a8ccb60f71df33f61712f9a248f155673a7208d954104011b5df1d6758a5fafc69878db65f46b9171ae6e7969b93b64d04da602034355a72e3ff4dfa8045b87050c9500fc46ca0e56ac277c9441af5c36e6f88f3a2d1b64f0644a0fdebbb3559f3d8463105d356fd31760d1e4df221ffcd870cc59f92d4bc4a0154a581974372ed0e8f4b4edeca7080c08782ca9d348848a241e3717e3e55c39bbde26d0728adab4bf470396bc642135fbb32e76c68e0cfd3471b829c12a9e367e278e0556b818971c82eaa3c98e4b7ca754ffae91221d74145283ba9036dc983ea62c7e9521ce91acbe741d574967020c229d49321c1dbe25cda8c9837e54cb91f7fdc46d7ae3c873d537d14873d8b36cfbfb0b8b6372b27e8c39de7b2e581c92a8fad710a40f3c3fad4acb514d6aa7e3cdbaf87cd3857976c30a46de39fb9ee0fc3c4294dd5bfa04ac4c0878c18187ff16beb0760f6d899bc8470089e58bca5b8a28221c2844cd1675e4282d4f019c187e14a9ef881b460d1195031e1b517a614fc270d3a7fd8169bc5d4924426bbe844c087fcd783be5b6e999bb8f5d0b7bbfea3d1479f8b1f4916febe11acf623f9d7f62abb299f659269e6b7a6898f759c77cd8dff26388031f161c1a9a3edac78a081d0cd92d5cac940b74fff6a9868e6e72c1f0ee545394ce3d2497be57fb1a82f3cad56e928a8af5292824652d25e1bfebc01d625542a0150b383a98d0b8f75c2e0eda95c3cd935ff24042d319fc91e5e27976aa93a7d11fa95f33b5c0321f3e7a974cb90a3571e9a930b2a062a1155b91ec7410a3d3a84a0344f0052d4156e03ac1d5b1e90c13d48e8788fa61fb89e9f2be8148919c38e992e63b3feb56ba657f193d798fcf655bacb7e82a48adf3728d087358b5219421730601958fc9bff3ca08fdd5a4f5a4836dffb2f05281609e2c506306d384d1e5b32f63c9e60932f8532bec70b0dfa983cc9d06450a34ad4e7c3b150152d77abd37fca0e93caf582bab5bfaffee3bf8d0790f49665fdfef12e322914308fe44a149f861a7feb68f079a1c953973df78b20555077d1b91b7f8a9c33d5f494749d1f8c0e58986632194ee6286ac6f527612cd35fa653607361feb336593ae5ae91649960ad11e96a4e6e5910b98c708bb23a263f069915871c56af82c6e879be2305dc688fc0765ad38f8da1f902e61f875f2ccc86f5af8d24dddfe2e5094b17fe90b5fcffcd2146884e4fe49e4ba431ac5237161699807e863605729e289cb0f13a677083595f090c12d868547de2f97572bbae43a902daabc300c9ddb309ef951d075787371da80765dddc773735c20992db3b84954b165bd20754815b57df51f68f4ca5647a74c2b63252a9e1d98e58c523a1abb3ab710a7ed1c2fa2fc70a5b42dc3338bd11e633b1a63f0097fedb42d3a0488beb27a757944af968dea6770e79e", 0xe2b}], 0x4)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x10001})

2m0.984088724s ago: executing program 0 (id=1588):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0xffffff7f, 0x0, 0x20040800}, 0x400048c0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000600)={0x2c, &(0x7f00000003c0)={0x0, 0x1, 0x5, "3aa184493c"}, 0x0, 0x0, 0x0, 0x0})

1m57.932049529s ago: executing program 0 (id=1600):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000006c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
inotify_init()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32=r1, @ANYBLOB="08001b"], 0x34}}, 0x4004010)
r5 = socket(0x2, 0x3, 0x6)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
inotify_init()
process_vm_readv(r2, &(0x7f0000000280)=[{&(0x7f0000000440)=""/165, 0xa5}, {&(0x7f0000000040)=""/2, 0x2}, {&(0x7f0000000500)=""/225, 0xe1}], 0x3, &(0x7f0000000800)=[{0x0}, {&(0x7f00000006c0)=""/66, 0x42}, {&(0x7f0000000740)=""/32, 0x20}, {&(0x7f0000000780)=""/93, 0x5d}], 0x4, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8)
recvmsg$unix(r5, &(0x7f0000000140)={&(0x7f00000000c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f0000000380)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x88}, 0x40)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
socket$xdp(0x2c, 0x3, 0x0)

1m56.844440544s ago: executing program 0 (id=1603):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00')

1m56.338382644s ago: executing program 0 (id=1605):
r0 = openat$sw_sync(0xffffff9c, &(0x7f0000000080), 0x80800, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000200)={0xc, "e89c5b0900f8ff0000000007000000000000005b00", <r1=>0xffffffffffffffff})
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000340))
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000100)={0x30000000})

1m55.90934783s ago: executing program 0 (id=1607):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="cf4305"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x82, 0x2, "af77"}, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000f40)={0x2c, &(0x7f0000000e00)={0x0, 0x21, 0x2, {0x2, 0x27}}, 0x0, &(0x7f0000000e80)={0x0, 0xf, 0x1b, {0x5, 0xf, 0x1b, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x6, 0x78, 0x9, 0x3}, @wireless={0xb, 0x10, 0x1, 0x0, 0x2, 0xfa, 0x3, 0x6}]}}, 0x0, 0x0}, &(0x7f00000013c0)={0x84, &(0x7f0000000f80)={0x0, 0x0, 0x2, "6183"}, 0x0, 0x0, &(0x7f0000001080)={0x20, 0x0, 0x4, {0x6, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000d00)={0x84, &(0x7f0000000780)={0x0, 0x31, 0x6, "97a5442b4bd3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x40, 0x1e, 0x1, 0x2}, 0x0})

1m55.35262633s ago: executing program 34 (id=1607):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000c00)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="cf4305"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000005c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x82, 0x2, "af77"}, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, &(0x7f0000000f40)={0x2c, &(0x7f0000000e00)={0x0, 0x21, 0x2, {0x2, 0x27}}, 0x0, &(0x7f0000000e80)={0x0, 0xf, 0x1b, {0x5, 0xf, 0x1b, 0x2, [@wireless={0xb, 0x10, 0x1, 0xc, 0x2, 0x6, 0x78, 0x9, 0x3}, @wireless={0xb, 0x10, 0x1, 0x0, 0x2, 0xfa, 0x3, 0x6}]}}, 0x0, 0x0}, &(0x7f00000013c0)={0x84, &(0x7f0000000f80)={0x0, 0x0, 0x2, "6183"}, 0x0, 0x0, &(0x7f0000001080)={0x20, 0x0, 0x4, {0x6, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000d00)={0x84, &(0x7f0000000780)={0x0, 0x31, 0x6, "97a5442b4bd3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)={0x40, 0x1e, 0x1, 0x2}, 0x0})

1m47.121955741s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

1m38.968975125s ago: executing program 3 (id=1669):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000000540)=[{0x0}], 0x1}, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m38.484381978s ago: executing program 3 (id=1672):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f00000006c0)="2ef2dd050080000048b84441000000000000b9130b00000f320f21f8350000ce00010123f836362e6726af4b0f20c1350e000000440f22c0b805000000b9009800000f01d97c0f01c9c947338c01c4c40f79d226660f013b", 0x58}], 0x1, 0x50, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x001'], 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x20008080)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m38.044156163s ago: executing program 3 (id=1674):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4044004)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1m37.66120058s ago: executing program 3 (id=1675):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x389380a, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x1)

1m37.451616427s ago: executing program 3 (id=1676):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7bedcb5d07081196f37538e486dd6372ce22667f2b00dbf6e97158cf474fec87891f6d76745b686158bbcfe8875afdef00010000000029"], 0x66)

1m37.161175102s ago: executing program 3 (id=1678):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde605cbeac671e8e8fdecb035865e362ead91b1979a5ae30705b52710aeee835cf0d0000000098b51fe6b1b8d9db"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0f0000000400000004000000", @ANYRES32, @ANYBLOB="578900000000000000000000000000000000008000000000000000003056476b9a86851067a1250972e30edf21bdcbd704a241ee349fb1f9892874dee36ae68be0859d5c1dc7567ec954425a9e8ae7b939eb66e783b942ea24e59b058393baa84ee3b1260cd205a392e8f7930264531e8aae38b3d3832f2d5a5f80577e1181451c3b3a9f130a497049405b91e90b434e5c68e436fe700f22e8b3f554009e60dfc2b07c685b98d184aece2f1e7d60bf5a9effd5085ad8a42a35e5a3021e"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x28, &(0x7f00000000c0)="1bbb268dd6", 0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
fcntl$getown(r0, 0x9)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000380)='./file0/../file0/../file0/../file0\x00')
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, 0x0, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14)

1m36.605869126s ago: executing program 35 (id=1678):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde605cbeac671e8e8fdecb035865e362ead91b1979a5ae30705b52710aeee835cf0d0000000098b51fe6b1b8d9db"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0f0000000400000004000000", @ANYRES32, @ANYBLOB="578900000000000000000000000000000000008000000000000000003056476b9a86851067a1250972e30edf21bdcbd704a241ee349fb1f9892874dee36ae68be0859d5c1dc7567ec954425a9e8ae7b939eb66e783b942ea24e59b058393baa84ee3b1260cd205a392e8f7930264531e8aae38b3d3832f2d5a5f80577e1181451c3b3a9f130a497049405b91e90b434e5c68e436fe700f22e8b3f554009e60dfc2b07c685b98d184aece2f1e7d60bf5a9effd5085ad8a42a35e5a3021e"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x28, &(0x7f00000000c0)="1bbb268dd6", 0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
fcntl$getown(r0, 0x9)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000380)='./file0/../file0/../file0/../file0\x00')
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, 0x0, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14)

1m28.363220427s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

1m14.313101092s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

1m7.558814543s ago: executing program 8 (id=1811):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000300)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f00000000c0)={0x8})
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000100)={0x6, 0xfffffffe, 0xe, 0x6, 0x7})

1m7.149320086s ago: executing program 8 (id=1814):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4048aecb, &(0x7f0000000080))

1m6.552929816s ago: executing program 8 (id=1819):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@newtfilter={0x50, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x5, 0xd}, {}, {0xa, 0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x1c, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_HWID={0x0, 0x4, 0xc6}]}, @TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x0, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x104}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x3}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x7}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0xffff6a09}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x8001}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x2}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x0, 0x1, 0x80000001}]}]}]}}]}, 0xfeb7}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)

1m5.841531293s ago: executing program 8 (id=1824):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x41)
chroot(&(0x7f0000000080)='./file0/file0\x00')
pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', 0x0)

1m5.715232688s ago: executing program 8 (id=1825):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000004c0)={'wlan0\x00', <r2=>0x0})
mq_notify(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0xc, 0x1})
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$cgroup_int(r3, 0x0, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002700851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x4000804)

1m5.455360109s ago: executing program 8 (id=1826):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x30000000})
openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
writev(r0, &(0x7f0000000b40)=[{&(0x7f0000000a00)='.', 0x1}], 0x1)

1m5.027074669s ago: executing program 36 (id=1826):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)={0x30000000})
openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
writev(r0, &(0x7f0000000b40)=[{&(0x7f0000000a00)='.', 0x1}], 0x1)

50.724643713s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

28.597520748s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

8.181047132s ago: executing program 9 (id=2036):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x7f}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x7c}}, 0x0)
syz_emit_ethernet(0x12, &(0x7f00000004c0)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@llc={0x4, {@llc={0x42, 0x42, "f3", "f4"}}}}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2}, 0x0, 0x0}, 0x20)
listen(0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, 'b'}]}, 0x24}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a13de30840205029f1850102030109022d000200eb25f93f53170000000904210001d553e50009050605000000001692b6f69c12d0ad00b4f3c79d5a5e03527bea3b69fdcf85ec91904b63949bb331172660a5e1a2503035a66cea90a16932d160cbd97b6b22dd6a82799d2973fb3cb0bca1914b00a77d2a9b787fa90db98d832fb5b07f87bf1f5d70b670b45aff5a01103e64dab712a171d03bd6696b6f4bdf0a7fb99a95e588a4f489072b5a3855185dada61f661b89de4bb4136f573ed3e0a0756b3ac7ee6129b9f173e57c"], 0x0)

5.916994327s ago: executing program 7 (id=2042):
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r1)
setgroups(0x1, &(0x7f0000000080)=[r1])
setuid(0xee01)
r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
writev(r2, &(0x7f0000000180)=[{&(0x7f0000000040)="d5858783", 0x4}], 0xa)

5.721052515s ago: executing program 7 (id=2043):
setgroups(0x0, 0x0)
getgroups(0x1, &(0x7f0000000080)=[<r0=>0xee00])
setregid(0x0, r0)
setgroups(0x1, &(0x7f0000000040)=[r0])
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
r1 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
write$tcp_congestion(r1, 0x0, 0x0)

5.719408625s ago: executing program 9 (id=2044):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='rpm_return_int\x00', r3}, 0xe)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)

5.617252913s ago: executing program 7 (id=2045):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="002212"], 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
syz_usb_connect(0x2, 0x9a2, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000140), 0x0, 0x101001)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000000c0)={0x1, 0xcb, 0x6, &(0x7f0000000040)={0x19, "a8fd4950f88fdde38cf1995035d7eda42ac09b31639c19fecc520418fe9285ad70"}})

5.557106512s ago: executing program 2 (id=1548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6}]})
accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80800)
close_range(r1, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x515002, 0xc6)

5.502675566s ago: executing program 9 (id=2047):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_REJECT_ICMP_CODE={0x5, 0x2, 0x7f}, @NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x2}]}}}]}]}], {0x14}}, 0x7c}}, 0x0)
syz_emit_ethernet(0x12, &(0x7f00000004c0)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@llc={0x4, {@llc={0x42, 0x42, "f3", "f4"}}}}}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x4, 0x3, 0x4, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000700)={{r2}, 0x0, 0x0}, 0x20)
listen(0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)={0x24, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, 'b'}]}, 0x24}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000740)={'wlan1\x00', <r9=>0x0})
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)={0x24, 0x0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, "16"}]}, 0x24}}, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_usb_connect(0x1, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a13de30840205029f1850102030109022d000200eb25f93f53170000000904210001d553e50009050605000000001692b6f69c12d0ad00b4f3c79d5a5e03527bea3b69fdcf85ec91904b63949bb331172660a5e1a2503035a66cea90a16932d160cbd97b6b22dd6a82799d2973fb3cb0bca1914b00a77d2a9b787fa90db98d832fb5b07f87bf1f5d70b670b45aff5a01103e64dab712a171d03bd6696b6f4bdf0a7fb99a95e588a4f489072b5a3855185dada61f661b89de4bb4136f573ed3e0a0756b3ac7ee6129b9f173e57c"], 0x0)

3.854856192s ago: executing program 9 (id=2049):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000033bc0e00000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000feffffff5986513c8703800b0020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000"], 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x84280, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r2, 0x89a1, &(0x7f0000000900)={'bridge0\x00', @broadcast})

3.854057887s ago: executing program 5 (id=2050):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x0}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000500)={r3, 0x0, 0x0}, 0x20)

3.69341661s ago: executing program 5 (id=2051):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
ioctl$PPPIOCGL2TPSTATS(0xffffffffffffffff, 0x80487436, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, 0x0)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)

3.335699054s ago: executing program 7 (id=2052):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x88, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0xa}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x58, 0x2, [@TCA_BASIC_EMATCHES={0x54, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xc695}}, @TCA_EMATCH_TREE_LIST={0x48, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x1c, 0x1, 0x0, 0x0, {{}, {0x0, 0xa, 0x1, "240c963b786274cf6671"}}}, @TCF_EM_META={0x7, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc}, @TCA_EM_META_LVALUE={0xe, 0x2, [@TCF_META_TYPE_VAR="972ee6f96e5a192627c7"]}]}}]}]}]}}]}, 0x88}}, 0x0)

2.878345961s ago: executing program 6 (id=2053):
r0 = socket$kcm(0x10, 0x2, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0xf0ffffff, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000007f03e3f7000000006ee2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0012100001400d0c0c00bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

2.006291922s ago: executing program 5 (id=2054):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, @void, @value}, 0x94)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000180)={0x50, 0x0, r1, {0x7, 0x29, 0xfffffffe, 0xffffffff85000014, 0x1, 0x1007, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="780000000000000002000000000000040000000000000000000000000000000004"], 0x0, 0x0, 0x0, 0x0})
getdents(r2, &(0x7f0000000700)=""/90, 0x5a)

1.921038041s ago: executing program 6 (id=2055):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x7, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc8910610700fa6fa26fa7088c60897d4a6148a1c1e43f00001bde"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="578900000000000000000000000000000000008000000000000000003056476b9a86851067a1250972e30edf21bdcbd704a241ee349fb1f9892874dee36ae68be0859d5c1dc7567ec954425a9e8ae7b939eb66e783b942ea24e59b058393baa84ee3b1260cd205a392e8f7930264531e8aae38b3d3832f2d5a5f80577e1181451c3b3a9f130a497049405b91e90b"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x28, &(0x7f00000000c0)="1bbb268dd6", 0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x5)
fcntl$getown(r0, 0x9)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(r0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devtmpfs\x00', 0x0, 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r5 = open_tree(0xffffffffffffff9c, &(0x7f00000002c0)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000400)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
pivot_root(&(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000380)='./file0/../file0/../file0/../file0\x00')
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_ULP(r6, 0x6, 0x1f, 0x0, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14)

1.65341026s ago: executing program 5 (id=2056):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000004440)=""/5)

922.969333ms ago: executing program 6 (id=2057):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="b0"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport'])
statfs(&(0x7f0000000140)='./file0\x00', 0x0)

838.973329ms ago: executing program 5 (id=2058):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000380)={'erspan0\x00', &(0x7f00000002c0)={'gre0\x00', 0x0, 0x80, 0x20, 0x6, 0x2, {{0x8, 0x4, 0x0, 0x3b, 0x20, 0x67, 0x0, 0x9, 0x4, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@ssrr={0x89, 0xb, 0x8a, [@private=0xa010102, @local]}]}}}}})
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'xfrm0\x00', <r3=>0x0})
socket$inet6_udp(0xa, 0x2, 0x0)
sendto$packet(r1, &(0x7f00000002c0)="12040500d3fc03fc01004788031c09100628", 0xfd35, 0x4, &(0x7f0000000140)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
readv(r0, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/228, 0xe4}], 0x1)

692.949364ms ago: executing program 5 (id=2059):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
socket$inet_udplite(0x2, 0x2, 0x88)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x10, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20024094, &(0x7f0000000040)={0x2, 0xfffd, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10)
r2 = openat$cgroup_devices(r0, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f00000003c0)={'b', ' *:* ', 'r\x00'}, 0x8)
r3 = openat$cgroup_devices(r0, &(0x7f0000000240)='devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r3, &(0x7f0000000280)={'b', ' *:* ', 'rm\x00'}, 0x9)

641.481706ms ago: executing program 6 (id=2060):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)
syz_open_dev$dri(0x0, 0x5, 0xc4c83)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000006c0)="aaf39c6a87", 0x5}], 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0x541b, &(0x7f0000000000)={<r3=>0xffffffffffffffff, 0x0, 0x0, 0x1})
close_range(r3, 0xffffffffffffffff, 0x0)

559.211974ms ago: executing program 6 (id=2061):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x84)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup\x00', 0x0, 0x2)
getdents64(r0, &(0x7f0000000100)=""/252, 0xfc)

461.241118ms ago: executing program 7 (id=2062):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESOCT, @ANYRESDEC, @ANYBLOB="e10d9660a404b98631da8f19addd3d013d2862ec824fe242e913dae6535800f7f31d5f4b4d690ce7013b2df88463fb9e05e0e244b511e9a759c2f6fc1e20aae8"])
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x8004, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d"], 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}, 0x5}], 0x40002ff, 0x2, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x87, 0x0, 0xee00}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x8d, 0x0, 0x4}, {0x0, 0x4000000000009, 0x40000000000000, 0x800}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in6=@local, 0x0, 0x6c}, 0xa, @in=@private=0xa010100, 0x0, 0x0, 0x0, 0xb7, 0x0, 0x5, 0x6}}, 0xe8)
sendmmsg$inet6(r1, &(0x7f0000000880)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x4001)

434.577519ms ago: executing program 9 (id=2063):
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x80082, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xf30, 0x1, 0x9, 0x1ff, 0x80, 0x7, 0x9, 0x3, 0x1}}}}]}, 0x58}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x0, 0xc}}}, 0x24}}, 0x0)

193.457861ms ago: executing program 6 (id=2064):
r0 = landlock_create_ruleset(&(0x7f00000001c0)={0xa019, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = getpgrp(0x0)
r4 = landlock_create_ruleset(&(0x7f0000000080)={0x220, 0x0, 0x2}, 0x18, 0x0)
landlock_restrict_self(r4, 0x0)
fcntl$setownex(r2, 0xf, &(0x7f0000000100)={0x2, r3})
sendmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="b5", 0x1}], 0x1}, 0x240408c1)

166.432365ms ago: executing program 7 (id=2065):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
r1 = fcntl$dupfd(r0, 0x406, r0)
ioctl$TCFLSH(r1, 0x400455c8, 0x2)
ioctl$TIOCSETD(r1, 0x5412, &(0x7f0000000140)=0xffffffc0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000280)=0x5)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000180)=0xff)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000380)=0xff)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)=0xfe)

0s ago: executing program 9 (id=2066):
r0 = socket$inet(0x2, 0x3, 0x9)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x7b, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  521.213200][ T5872] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  521.227820][ T5872] usb 1-1: Product: syz
[  521.232338][ T5872] usb 1-1: Manufacturer: syz
[  521.252547][ T5872] usb 1-1: SerialNumber: syz
[  521.274963][ T5872] usb 1-1: config 0 descriptor??
[  521.287439][ T5872] ch341 1-1:0.0: ch341-uart converter detected
[  521.412140][   T30] audit: type=1326 audit(1748701861.560:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10877 comm="syz.5.1438" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3edd78e969 code=0x0
[  521.938338][ T5989] gspca_sq930x: reg_w 0105 bc00 failed -71
[  521.963230][ T5989] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  521.986223][ T5989] usb 3-1: USB disconnect, device number 41
[  522.720343][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.728787][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.864141][ T5872] usb 1-1: ch341-uart converter now attached to ttyUSB0
[  522.893261][ T5872] usb 1-1: USB disconnect, device number 23
[  522.903962][ T5872] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  522.914612][ T5872] ch341 1-1:0.0: device disconnected
[  522.923988][ T9928] udevd[9928]: setting mode of /dev/bus/usb/001/023 to 020664 failed: No such file or directory
[  522.973427][ T9928] udevd[9928]: setting owner of /dev/bus/usb/001/023 to uid=0, gid=0 failed: No such file or directory
[  523.019464][   T30] audit: type=1326 audit(1748701863.170:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10900 comm="syz.3.1445" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efeb3f8e969 code=0x0
[  523.364827][T10909] GUP no longer grows the stack in syz.6.1448 (10909): 200000004000-20000000a000 (200000002000)
[  523.381433][T10909] CPU: 0 UID: 0 PID: 10909 Comm: syz.6.1448 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  523.381465][T10909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  523.381480][T10909] Call Trace:
[  523.381489][T10909]  <TASK>
[  523.381498][T10909]  dump_stack_lvl+0x189/0x250
[  523.381540][T10909]  ? __pfx_dump_stack_lvl+0x10/0x10
[  523.381574][T10909]  ? __pfx__printk+0x10/0x10
[  523.381591][T10909]  ? find_vma+0xe7/0x160
[  523.381639][T10909]  __get_user_pages+0x2a96/0x30c0
[  523.381705][T10909]  ? __pfx___get_user_pages+0x10/0x10
[  523.381743][T10909]  get_user_pages_remote+0x2f9/0xaa0
[  523.381770][T10909]  ? __pfx_mtree_load+0x10/0x10
[  523.381796][T10909]  ? __pfx_get_user_pages_remote+0x10/0x10
[  523.381835][T10909]  __access_remote_vm+0x215/0x5f0
[  523.381875][T10909]  ? __pfx___access_remote_vm+0x10/0x10
[  523.381908][T10909]  ? alloc_pages_noprof+0xbe/0x190
[  523.381942][T10909]  proc_pid_cmdline_read+0x440/0x840
[  523.381961][T10909]  ? __asan_memset+0x22/0x50
[  523.381992][T10909]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  523.382015][T10909]  ? rw_verify_area+0x258/0x650
[  523.382045][T10909]  vfs_readv+0x5aa/0x850
[  523.382066][T10909]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  523.382088][T10909]  ? __pfx_vfs_readv+0x10/0x10
[  523.382124][T10909]  ? __fget_files+0x2a/0x420
[  523.382148][T10909]  ? __fget_files+0x3a0/0x420
[  523.382164][T10909]  ? __fget_files+0x2a/0x420
[  523.382192][T10909]  __x64_sys_preadv+0x197/0x2a0
[  523.382224][T10909]  ? __pfx___x64_sys_preadv+0x10/0x10
[  523.382251][T10909]  ? rcu_is_watching+0x15/0xb0
[  523.382280][T10909]  ? do_syscall_64+0xbe/0x3b0
[  523.382305][T10909]  do_syscall_64+0xfa/0x3b0
[  523.382326][T10909]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.382344][T10909]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  523.382364][T10909]  ? clear_bhb_loop+0x60/0xb0
[  523.382399][T10909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  523.382418][T10909] RIP: 0033:0x7ffa0718e969
[  523.382437][T10909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  523.382454][T10909] RSP: 002b:00007ffa0809a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  523.382475][T10909] RAX: ffffffffffffffda RBX: 00007ffa073b5fa0 RCX: 00007ffa0718e969
[  523.382491][T10909] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005
[  523.382510][T10909] RBP: 00007ffa07210ab1 R08: 0000000000000000 R09: 0000000000000000
[  523.382523][T10909] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  523.382536][T10909] R13: 0000000000000000 R14: 00007ffa073b5fa0 R15: 00007ffe34fed228
[  523.382569][T10909]  </TASK>
[  524.155394][T10889] Bluetooth: hci3: command 0x0406 tx timeout
[  524.270124][T10923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1453'.
[  524.291920][T10923] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1453'.
[  524.577865][ T5989] usb 1-1: new low-speed USB device number 24 using dummy_hcd
[  524.751575][ T5989] usb 1-1: config 0 has an invalid interface number: 198 but max is 0
[  524.764230][ T5989] usb 1-1: config 0 has no interface number 0
[  524.774725][T10932] syzkaller1: entered promiscuous mode
[  524.784992][ T5989] usb 1-1: config 0 interface 198 has no altsetting 0
[  524.797645][T10932] syzkaller1: entered allmulticast mode
[  524.816517][ T5989] usb 1-1: New USB device found, idVendor=1b3d, idProduct=0138, bcdDevice=74.e6
[  524.843984][ T5989] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.925262][ T5989] usb 1-1: config 0 descriptor??
[  525.085930][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  525.461053][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  525.473724][ T5989] usb 1-1: string descriptor 0 read error: -71
[  525.668844][ T5989] ftdi_sio 1-1:0.198: FTDI USB Serial Device converter detected
[  525.714015][ T5989] ftdi_sio ttyUSB0: unknown device type: 0x74e6
[  525.798262][ T5989] usb 1-1: USB disconnect, device number 24
[  525.822954][ T5989] ftdi_sio 1-1:0.198: device disconnected
[  526.039196][ T8662] usb 4-1: new low-speed USB device number 30 using dummy_hcd
[  526.188037][ T5870] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  526.367930][ T5870] usb 7-1: Using ep0 maxpacket: 8
[  526.382243][ T5870] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  526.399044][ T5870] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.407198][ T5870] usb 7-1: Product: syz
[  526.427797][ T5870] usb 7-1: Manufacturer: syz
[  526.432468][ T5870] usb 7-1: SerialNumber: syz
[  526.453584][ T5870] usb 7-1: config 0 descriptor??
[  526.708136][ T5870] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  526.806931][T10963] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[  527.222231][T10974] netlink: 'syz.0.1472': attribute type 5 has an invalid length.
[  527.449691][ T5872] hid-generic 0000:0000:0000.0025: unknown main item tag 0x0
[  527.502154][ T5872] hid-generic 0000:0000:0000.0025: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  527.706392][ T5870] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  527.740504][ T5870] usb 7-1: USB disconnect, device number 11
[  527.917573][T10997] loop2: detected capacity change from 0 to 7
[  527.938477][T10997] Dev loop2: unable to read RDB block 7
[  527.944252][T10997]  loop2: unable to read partition table
[  527.953683][T10997] loop2: partition table beyond EOD, truncated
[  527.961113][T10997] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  527.977893][ T5872] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  528.168043][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  528.192109][ T5872] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  528.217864][ T5872] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  528.243703][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  528.282787][ T5872] usb 3-1: config 0 descriptor??
[  528.470507][   T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  528.478953][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  528.735374][ T5872] lenovo 0003:17EF:6047.0026: unknown main item tag 0x0
[  528.752413][ T5872] lenovo 0003:17EF:6047.0026: unknown main item tag 0x0
[  528.767152][ T5872] lenovo 0003:17EF:6047.0026: unknown main item tag 0x0
[  528.807291][ T5872] lenovo 0003:17EF:6047.0026: unknown main item tag 0x0
[  528.835052][ T5872] lenovo 0003:17EF:6047.0026: unknown main item tag 0x0
[  528.876534][ T5872] lenovo 0003:17EF:6047.0026: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0
[  529.111121][ T5989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  529.119691][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  529.672407][T11043] netlink: 'syz.0.1496': attribute type 9 has an invalid length.
[  529.789512][ T5871] usb 3-1: USB disconnect, device number 42
[  529.868431][ T5989] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  530.047942][ T5989] usb 4-1: Using ep0 maxpacket: 16
[  530.054964][ T5989] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.066141][ T5989] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  530.076891][ T5989] usb 4-1: config 0 interface 0 has no altsetting 0
[  530.086539][ T5989] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  530.095784][ T5989] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.113142][ T5989] usb 4-1: config 0 descriptor??
[  530.237938][ T5870] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  530.237938][ T5872] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  530.398743][ T5872] usb 6-1: Using ep0 maxpacket: 8
[  530.415880][ T5872] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  530.452454][ T5870] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  530.466947][ T5872] usb 6-1: config 0 has no interface number 0
[  530.476845][ T5870] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  530.514012][ T5872] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  530.524425][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  530.528871][ T5870] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  530.551291][ T5872] usb 6-1: Product: syz
[  530.563829][ T5872] usb 6-1: Manufacturer: syz
[  530.567799][ T5870] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.588145][ T5872] usb 6-1: SerialNumber: syz
[  530.596773][ T5870] usb 7-1: config 0 descriptor??
[  530.603520][ T5872] usb 6-1: config 0 descriptor??
[  530.792697][ T5989] usb 4-1: USB disconnect, device number 31
[  530.826134][ T5872] usb 6-1: Found UVC 0.04 device syz (046d:08c3)
[  530.837241][ T5872] usb 6-1: No valid video chain found.
[  530.897919][T11078] kvm: apic: phys broadcast and lowest prio
[  531.026808][ T5870] cm6533_jd 0003:0D8C:0022.0028: unknown main item tag 0x0
[  531.042731][ T5872] usb 6-1: USB disconnect, device number 23
[  531.046057][ T5870] cm6533_jd 0003:0D8C:0022.0028: unknown main item tag 0x0
[  531.074511][ T5870] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:0D8C:0022.0028/input/input55
[  531.108890][ T5870] cm6533_jd 0003:0D8C:0022.0028: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[  531.237315][T11056] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1501'.
[  531.322524][ T5872] usb 7-1: USB disconnect, device number 12
[  531.954390][ T5872] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  532.138154][ T5872] usb 6-1: Using ep0 maxpacket: 8
[  532.232726][ T5872] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  532.302901][ T5872] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.335947][ T5872] usb 6-1: Product: syz
[  532.346403][ T5872] usb 6-1: Manufacturer: syz
[  532.560321][ T5872] usb 6-1: SerialNumber: syz
[  532.719063][ T5872] usb 6-1: config 0 descriptor??
[  532.945974][ T5872] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  533.120647][T11127] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1524'.
[  533.177613][T11129] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  533.315940][T11133] evm: overlay not supported
[  533.349462][T11135] loop2: detected capacity change from 0 to 7
[  533.363425][T11135]  loop2: p1
[  533.367340][T11135] loop2: partition table partially beyond EOD, truncated
[  533.386844][T11135] loop2: p1 size 1919251295 extends beyond EOD, truncated
[  533.533210][ T9958] udevd[9958]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  533.738126][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.747238][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.771395][ T5872] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  533.809590][ T5872] usb 6-1: USB disconnect, device number 24
[  534.237294][   T68] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.245901][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  536.065192][ T5989] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  536.729595][ T5989] usb 4-1: Using ep0 maxpacket: 32
[  536.753967][ T5989] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  536.791215][ T5989] usb 4-1: config 0 has no interface number 0
[  536.826521][ T5989] usb 4-1: config 0 interface 12 has no altsetting 0
[  536.878553][ T5989] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  536.935269][ T5989] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.024020][ T5989] usb 4-1: Product: syz
[  537.052881][ T5989] usb 4-1: Manufacturer: syz
[  537.057553][ T5989] usb 4-1: SerialNumber: syz
[  537.105930][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  537.142325][ T5989] usb 4-1: config 0 descriptor??
[  537.543299][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  537.894570][T11197] mkiss: ax0: crc mode is auto.
[  538.402435][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.708821][ T5871] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  538.717244][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  538.839764][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  538.919518][ T5989] f81534 4-1:0.12: f81534_set_register: reg: 1002 data: 2f failed: -71
[  538.933580][ T5989] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  538.944881][ T5989] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  538.956131][ T5989] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  538.985793][ T5989] usb 4-1: USB disconnect, device number 32
[  539.379332][   T13] veth0_to_bridge: left allmulticast mode
[  539.424830][T10889] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  539.429210][   T13] veth0_to_bridge: left promiscuous mode
[  539.440233][T10889] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  539.448939][T10889] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  539.459942][T10889] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  539.468822][T10889] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  539.500934][   T13] bridge0: port 3(veth0_to_bridge) entered disabled state
[  539.979051][   T13] bridge_slave_1: left allmulticast mode
[  540.000640][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.009094][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.059396][   T13] bridge_slave_1: left promiscuous mode
[  540.078067][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.104920][   T13] bridge_slave_0: left allmulticast mode
[  540.115278][   T13] bridge_slave_0: left promiscuous mode
[  540.121225][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.494388][   T30] audit: type=1326 audit(1748701880.640:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11231 comm="syz.3.1560" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efeb3f8e969 code=0x0
[  541.191903][T11212] lo speed is unknown, defaulting to 1000
[  541.212105][T11212] lo speed is unknown, defaulting to 1000
[  541.687891][   T43] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  541.832364][T10889] Bluetooth: hci2: command tx timeout
[  541.857016][   T43] usb 4-1: Using ep0 maxpacket: 16
[  541.882091][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  541.928451][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  541.949527][   T43] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 231
[  541.967375][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  542.030760][   T43] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  542.043209][   T43] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  542.052938][   T13] hsr_slave_0: left promiscuous mode
[  542.064370][   T43] usb 4-1: Manufacturer: syz
[  542.097008][   T43] usb 4-1: config 0 descriptor??
[  542.128372][   T13] hsr_slave_1: left promiscuous mode
[  542.142088][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  542.190387][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.223136][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  542.249476][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.366161][   T13] veth1_macvtap: left promiscuous mode
[  542.385266][   T13] veth0_macvtap: left promiscuous mode
[  542.408909][   T13] veth1_vlan: left promiscuous mode
[  542.414308][   T13] veth0_vlan: left promiscuous mode
[  542.428583][T11286] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1572'.
[  542.498417][   T43] rc_core: IR keymap rc-hauppauge not found
[  542.512539][T11292] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  542.528668][   T43] Registered IR keymap rc-empty
[  542.538589][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.566830][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.601692][   T43] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  542.656285][   T43] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input56
[  542.697282][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.718509][    C1] mceusb 4-1:0.0: long-range (0x61) receiver active
[  542.758130][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.794439][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.830353][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.858970][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.906983][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.949077][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  542.990119][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  543.040558][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  543.070886][   T43] mceusb 4-1:0.0: Error: mce write urb status = -71
[  543.111521][   T43] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  543.142491][   T43] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x61 active)
[  543.222205][   T43] usb 4-1: USB disconnect, device number 33
[  543.785518][   T43] hid-generic 0000:0000:0000.0029: unknown main item tag 0x0
[  543.821488][   T43] hid-generic 0000:0000:0000.0029: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  543.922934][T10889] Bluetooth: hci2: command tx timeout
[  544.187536][   T13] team0 (unregistering): Port device team_slave_1 removed
[  544.294668][   T13] team0 (unregistering): Port device team_slave_0 removed
[  544.968009][ T5871] usb 4-1: new low-speed USB device number 34 using dummy_hcd
[  545.122801][ T5871] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  545.147995][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  545.162580][ T5871] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  545.199651][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  545.214021][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  545.231328][ T5871] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  545.245379][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  545.270409][ T5871] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  545.289570][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  545.301754][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  545.318259][ T5871] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  545.337015][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  545.363941][ T5871] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  545.404344][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  545.433033][ T5871] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  545.537201][ T5871] usb 4-1: string descriptor 0 read error: -22
[  545.567954][ T5871] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  545.633171][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.748720][T11369] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.757127][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.778185][ T5871] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  545.996106][T10889] Bluetooth: hci2: command tx timeout
[  546.384691][ T5989] lo speed is unknown, defaulting to 1000
[  546.391802][ T5989] infiniband syz0: ib_query_port failed (-19)
[  546.495160][T11379] netlink: 'syz.6.1587': attribute type 12 has an invalid length.
[  546.540549][T11379] netlink: 'syz.6.1587': attribute type 29 has an invalid length.
[  546.557859][T11379] netlink: 148 bytes leftover after parsing attributes in process `syz.6.1587'.
[  546.599283][T11383] loop6: detected capacity change from 0 to 7
[  546.616501][ T9928] Dev loop6: unable to read RDB block 7
[  546.623594][ T9928]  loop6: AHDI p3 p4
[  546.627650][ T9928] loop6: partition table partially beyond EOD, truncated
[  546.628176][T11379] netlink: 'syz.6.1587': attribute type 1 has an invalid length.
[  546.637059][ T9928] loop6: p3 start 838891365 is beyond EOD, 
[  546.651566][T11379] netlink: 'syz.6.1587': attribute type 2 has an invalid length.
[  546.656444][ T9928] truncated
[  546.657638][T11379] netlink: 39 bytes leftover after parsing attributes in process `syz.6.1587'.
[  546.684715][T11383] Dev loop6: unable to read RDB block 7
[  546.727007][T11383]  loop6: AHDI p3 p4
[  546.758995][T11383] loop6: partition table partially beyond EOD, truncated
[  546.776386][T11383] loop6: p3 start 838891365 is beyond EOD, truncated
[  546.817867][ T5989] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  546.948496][   T68] Bluetooth: hci5: Frame reassembly failed (-84)
[  547.003983][T11389] Bluetooth: hci0: unsupported parameter 39401
[  547.026408][T11389] Bluetooth: hci0: invalid length 0, exp 2 for type 3
[  547.034902][ T5989] usb 1-1: Using ep0 maxpacket: 32
[  547.061168][ T5989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9
[  547.104820][   T13] IPVS: stop unused estimator thread 0...
[  547.137873][ T5989] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1032, setting to 1024
[  547.187947][ T5989] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  547.197058][ T5989] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.244698][T11212] chnl_net:caif_netlink_parms(): no params data found
[  547.266030][ T5989] usb 1-1: config 0 descriptor??
[  547.289254][T11381] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  547.399815][ T5989] hub 1-1:0.0: USB hub found
[  547.867180][ T5989] hub 1-1:0.0: 1 port detected
[  548.013609][T11212] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.021654][T11212] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.029577][T11212] bridge_slave_0: entered allmulticast mode
[  548.037619][T11212] bridge_slave_0: entered promiscuous mode
[  548.047647][T11212] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.057069][T11212] bridge0: port 2(bridge_slave_1) entered disabled state
[  548.067140][T11212] bridge_slave_1: entered allmulticast mode
[  548.082400][ T5827] Bluetooth: hci2: command tx timeout
[  548.085310][T11212] bridge_slave_1: entered promiscuous mode
[  548.142332][T11212] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  548.163028][T11212] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  548.239127][ T5870] usb 4-1: USB disconnect, device number 34
[  548.251333][T11212] team0: Port device team_slave_0 added
[  548.309539][T11212] team0: Port device team_slave_1 added
[  548.314794][ T5989] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.323544][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.482744][T11212] batman_adv: batadv0: Adding interface: batadv_slave_0
[  548.492165][T11212] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  548.525847][T11212] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  548.543483][T11212] batman_adv: batadv0: Adding interface: batadv_slave_1
[  548.578264][T11212] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  548.666263][T11212] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  548.688404][ T5870] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  548.710815][ T5989] usb 1-1-port1: config error
[  548.836857][T11212] hsr_slave_0: entered promiscuous mode
[  548.847017][T11212] hsr_slave_1: entered promiscuous mode
[  548.854478][T11212] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  548.864037][T11212] Cannot create hsr debugfs directory
[  548.877214][ T5870] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  548.902841][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.923849][ T5871] usb 1-1: USB disconnect, device number 25
[  548.931425][ T5870] usb 4-1: Product: syz
[  548.941785][ T5870] usb 4-1: Manufacturer: syz
[  548.946472][ T5870] usb 4-1: SerialNumber: syz
[  548.948086][T10889] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  548.951376][ T5827] Bluetooth: hci5: command 0x1003 tx timeout
[  548.980297][ T5870] usb 4-1: config 0 descriptor??
[  548.995668][ T5870] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  549.144348][T11422] input: syz0 as /devices/virtual/input/input57
[  550.118984][T11212] 8021q: adding VLAN 0 to HW filter on device bond0
[  550.170100][T11212] 8021q: adding VLAN 0 to HW filter on device team0
[  550.290254][T11360] bridge0: port 1(bridge_slave_0) entered blocking state
[  550.297566][T11360] bridge0: port 1(bridge_slave_0) entered forwarding state
[  550.309060][ T5871] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  550.392756][T11360] bridge0: port 2(bridge_slave_1) entered blocking state
[  550.400056][T11360] bridge0: port 2(bridge_slave_1) entered forwarding state
[  551.036084][ T5871] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.493040][   T43] usb 4-1: USB disconnect, device number 35
[  551.513117][   T13] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.521635][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.746008][ T2991] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  551.863093][T11212] 8021q: adding VLAN 0 to HW filter on device batadv0
[  551.987999][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.009911][ T2991] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.201859][ T2991] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.376564][ T2991] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.418133][ T5871] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  552.619852][ T5871] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  552.651587][ T5871] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  552.688083][ T5871] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  552.728895][ T5871] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.838951][T11484] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  552.862502][ T5871] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  553.028042][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  553.229471][T10377] udevd[10377]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  553.288823][ T5871] usb 7-1: USB disconnect, device number 13
[  553.331398][ T2991] bridge_slave_1: left allmulticast mode
[  553.337112][ T2991] bridge_slave_1: left promiscuous mode
[  553.387114][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  553.406533][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  553.415067][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  553.424850][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  553.432720][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  553.480536][ T2991] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.512978][ T2991] bridge_slave_0: left allmulticast mode
[  553.524689][ T2991] bridge_slave_0: left promiscuous mode
[  553.533791][ T2991] bridge0: port 1(bridge_slave_0) entered disabled state
[  554.076115][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.119098][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.519291][ T5827] Bluetooth: hci0: command tx timeout
[  555.712808][ T2991] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  555.733818][ T2991] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  555.747482][ T2991] bond0 (unregistering): Released all slaves
[  555.964927][T11212] veth0_vlan: entered promiscuous mode
[  555.986835][ T2991] tipc: Disabling bearer <udp:s>
[  556.003268][ T2991] tipc: Left network mode
[  556.055831][T11212] veth1_vlan: entered promiscuous mode
[  556.072117][T11508] lo speed is unknown, defaulting to 1000
[  556.311018][T11212] veth0_macvtap: entered promiscuous mode
[  556.437231][T11212] veth1_macvtap: entered promiscuous mode
[  556.573098][ T2991] hsr_slave_0: left promiscuous mode
[  556.612138][ T2991] hsr_slave_1: left promiscuous mode
[  556.655323][ T2991] veth1_macvtap: left promiscuous mode
[  556.661295][ T2991] veth0_macvtap: left promiscuous mode
[  556.666989][ T2991] veth1_vlan: left promiscuous mode
[  556.677596][ T2991] veth0_vlan: left promiscuous mode
[  557.602770][ T5827] Bluetooth: hci0: command tx timeout
[  557.699420][  T978] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  557.867997][  T978] usb 7-1: Using ep0 maxpacket: 32
[  557.893840][  T978] usb 7-1: config index 0 descriptor too short (expected 156, got 27)
[  557.902654][  T978] usb 7-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  557.915499][  T978] usb 7-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  557.940141][  T978] usb 7-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  557.953464][  T978] usb 7-1: config 0 interface 0 has no altsetting 0
[  557.963688][  T978] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  557.972888][  T978] usb 7-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  557.982612][  T978] usb 7-1: Product: syz
[  557.987509][  T978] usb 7-1: Manufacturer: syz
[  557.992508][  T978] usb 7-1: SerialNumber: syz
[  558.009459][  T978] usb 7-1: config 0 descriptor??
[  558.019238][  T978] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  558.046542][  T978] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  558.360711][T11582] ldusb 7-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  558.362858][ T5868] usb 7-1: USB disconnect, device number 14
[  558.368259][    C0] ldusb 7-1:0.0: usb_submit_urb failed (-19)
[  558.397258][ T5868] ldusb 7-1:0.0: LD USB Device #0 now disconnected
[  558.489228][T11212] batman_adv: batadv0: Interface activated: batadv_slave_0
[  558.673339][T11212] batman_adv: batadv0: Interface activated: batadv_slave_1
[  558.884653][T11508] chnl_net:caif_netlink_parms(): no params data found
[  558.974095][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.005166][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.191772][  T978] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  559.548011][  T978] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  559.632347][  T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.668008][ T5827] Bluetooth: hci0: command tx timeout
[  559.710175][  T978] usb 6-1: Product: syz
[  559.730709][  T978] usb 6-1: Manufacturer: syz
[  559.735368][  T978] usb 6-1: SerialNumber: syz
[  559.772795][  T978] usb 6-1: config 0 descriptor??
[  559.860921][T11508] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.876292][T11508] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.892078][T11508] bridge_slave_0: entered allmulticast mode
[  559.906931][T11508] bridge_slave_0: entered promiscuous mode
[  559.935364][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.946921][ T2991] IPVS: stop unused estimator thread 0...
[  559.962631][T11508] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.975119][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.987533][T11508] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.000905][T11508] bridge_slave_1: entered allmulticast mode
[  560.009627][T11508] bridge_slave_1: entered promiscuous mode
[  560.048649][  T978] usb-storage 6-1:0.0: USB Mass Storage device detected
[  560.150049][  T978] usb 6-1: USB disconnect, device number 25
[  560.183712][T11508] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.217289][T11508] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  560.354378][T11508] team0: Port device team_slave_0 added
[  560.373281][T11360] bridge_slave_1: left allmulticast mode
[  560.388154][T11360] bridge_slave_1: left promiscuous mode
[  560.405084][T11360] bridge0: port 2(bridge_slave_1) entered disabled state
[  560.446728][T11360] bridge_slave_0: left allmulticast mode
[  560.457901][T11360] bridge_slave_0: left promiscuous mode
[  560.463727][T11360] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.943388][ T5989] hid-generic 0000:0000:0000.002A: unknown main item tag 0x0
[  560.978879][ T5989] hid-generic 0000:0000:0000.002A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  561.457263][ T5138] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  561.481653][ T5138] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  561.490505][ T5138] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  561.510755][ T5138] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  561.519861][ T5138] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  561.611103][T11360] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  561.634015][T11360] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  561.662371][T11360] bond0 (unregistering): Released all slaves
[  561.698958][T11508] team0: Port device team_slave_1 added
[  561.757316][ T5138] Bluetooth: hci0: command tx timeout
[  561.908155][ T5138] Bluetooth: hci5: command 0x1003 tx timeout
[  561.914670][ T5827] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  562.007198][T11640] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1642'.
[  562.055099][T11508] batman_adv: batadv0: Adding interface: batadv_slave_0
[  562.069002][T11508] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.130923][T11508] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.191586][T11508] batman_adv: batadv0: Adding interface: batadv_slave_1
[  562.205482][T11508] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.261574][T11508] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  562.285706][T11629] lo speed is unknown, defaulting to 1000
[  562.486971][T11508] hsr_slave_0: entered promiscuous mode
[  562.497231][T11508] hsr_slave_1: entered promiscuous mode
[  562.580001][ T5872] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  562.772528][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  562.786287][T11360] hsr_slave_0: left promiscuous mode
[  562.827250][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  562.837380][T11360] hsr_slave_1: left promiscuous mode
[  562.858687][T11360] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  562.866247][ T5872] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  562.879782][T11360] batman_adv: batadv0: Removing interface: batadv_slave_0
[  562.880304][ T5872] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  562.896439][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.911020][ T5872] usb 4-1: config 0 descriptor??
[  562.913129][T11360] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  562.924222][T11360] batman_adv: batadv0: Removing interface: batadv_slave_1
[  562.960537][T11360] veth1_macvtap: left promiscuous mode
[  562.966256][T11360] veth0_macvtap: left promiscuous mode
[  562.972991][T11360] veth1_vlan: left promiscuous mode
[  562.978492][T11360] veth0_vlan: left promiscuous mode
[  563.034727][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  563.357507][ T5872] plantronics 0003:047F:FFFF.002B: reserved main item tag 0xd
[  563.373142][ T5872] plantronics 0003:047F:FFFF.002B: No inputs registered, leaving
[  563.409735][ T5872] plantronics 0003:047F:FFFF.002B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  563.588178][ T5827] Bluetooth: hci2: command tx timeout
[  563.643507][ T5872] usb 4-1: USB disconnect, device number 36
[  563.808663][T11360] team0 (unregistering): Port device team_slave_1 removed
[  563.869020][T11360] team0 (unregistering): Port device team_slave_0 removed
[  565.667933][ T5827] Bluetooth: hci2: command tx timeout
[  565.873244][T11629] chnl_net:caif_netlink_parms(): no params data found
[  566.026450][T11691] Bluetooth: MGMT ver 1.23
[  566.047808][   T30] audit: type=1326 audit(1748701906.190:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11686 comm="syz.3.1657" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efeb3f8e969 code=0x0
[  566.234637][T11629] bridge0: port 1(bridge_slave_0) entered blocking state
[  566.274846][T11629] bridge0: port 1(bridge_slave_0) entered disabled state
[  566.324975][T11629] bridge_slave_0: entered allmulticast mode
[  566.383167][T11629] bridge_slave_0: entered promiscuous mode
[  566.428817][T11629] bridge0: port 2(bridge_slave_1) entered blocking state
[  566.445507][T11629] bridge0: port 2(bridge_slave_1) entered disabled state
[  566.463447][T11629] bridge_slave_1: entered allmulticast mode
[  566.495959][T11629] bridge_slave_1: entered promiscuous mode
[  566.656569][T11629] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  566.681383][T11629] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  566.705259][T11508] 8021q: adding VLAN 0 to HW filter on device bond0
[  566.893360][T11629] team0: Port device team_slave_0 added
[  566.927442][T11629] team0: Port device team_slave_1 added
[  567.179827][T11629] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.197108][T11629] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.244336][T11629] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.274380][T11508] 8021q: adding VLAN 0 to HW filter on device team0
[  567.288882][T11629] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.295886][T11629] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  567.524310][T11629] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  567.619272][T11732] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  567.677501][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  567.684753][ T6208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  567.700741][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.707968][ T6208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  567.743238][T11629] hsr_slave_0: entered promiscuous mode
[  567.751854][ T5827] Bluetooth: hci2: command tx timeout
[  567.763243][T11629] hsr_slave_1: entered promiscuous mode
[  567.778755][T11629] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  567.786384][T11629] Cannot create hsr debugfs directory
[  567.937008][T11739] /dev/nullb0: Can't open blockdev
[  568.449260][T11508] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  569.443943][T11629] 8021q: adding VLAN 0 to HW filter on device bond0
[  569.472733][T11508] 8021q: adding VLAN 0 to HW filter on device batadv0
[  569.521002][T11629] 8021q: adding VLAN 0 to HW filter on device team0
[  569.565464][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.572733][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  569.610677][T11768] loop2: detected capacity change from 0 to 7
[  569.629754][T11768]  loop2:
[  569.632780][T11768] loop2: partition table partially beyond EOD, truncated
[  569.674736][ T6479] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.682000][ T6479] bridge0: port 2(bridge_slave_1) entered forwarding state
[  569.829541][ T5827] Bluetooth: hci2: command tx timeout
[  570.492536][ T6479] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.666426][T11629] 8021q: adding VLAN 0 to HW filter on device batadv0
[  570.791750][ T6479] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  570.939374][T11508] veth0_vlan: entered promiscuous mode
[  571.064692][ T6479] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.304694][ T6479] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  571.360033][T11508] veth1_vlan: entered promiscuous mode
[  571.469409][T11810] syzkaller0: refused to change device tx_queue_len
[  571.511883][T11508] veth0_macvtap: entered promiscuous mode
[  571.715722][T11508] veth1_macvtap: entered promiscuous mode
[  571.903410][ T5138] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  571.941397][ T5138] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  571.943297][T11508] batman_adv: batadv0: Interface activated: batadv_slave_0
[  571.961578][ T5138] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  571.985127][ T5138] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  571.995601][ T5138] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  572.028818][T11821] overlayfs: failed to decode file handle (len=12, type=248, flags=0, err=-61)
[  572.042614][T11508] batman_adv: batadv0: Interface activated: batadv_slave_1
[  572.099721][ T6479] bridge_slave_1: left allmulticast mode
[  572.105441][ T6479] bridge_slave_1: left promiscuous mode
[  572.125120][ T6479] bridge0: port 2(bridge_slave_1) entered disabled state
[  572.179896][ T6479] bridge_slave_0: left allmulticast mode
[  572.185601][ T6479] bridge_slave_0: left promiscuous mode
[  572.208082][ T6479] bridge0: port 1(bridge_slave_0) entered disabled state
[  572.583175][T11835] input: syz1 as /devices/virtual/input/input59
[  572.944928][ T6479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  572.956903][ T6479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  572.967414][ T6479] bond0 (unregistering): Released all slaves
[  572.990371][T11629] veth0_vlan: entered promiscuous mode
[  573.014907][T11837] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  573.089226][ T6479] : left promiscuous mode
[  573.127910][T11820] lo speed is unknown, defaulting to 1000
[  573.136495][T11629] veth1_vlan: entered promiscuous mode
[  573.297871][ T5868] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  573.453391][ T6479] hsr_slave_0: left promiscuous mode
[  573.462233][ T5868] usb 7-1: Using ep0 maxpacket: 8
[  573.469073][ T6479] hsr_slave_1: left promiscuous mode
[  573.475842][ T6479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  573.484873][ T6479] batman_adv: batadv0: Removing interface: batadv_slave_0
[  573.492781][ T5868] usb 7-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  573.504374][ T6479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  573.518500][ T6479] batman_adv: batadv0: Removing interface: batadv_slave_1
[  573.522758][ T5868] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.533991][ T5868] usb 7-1: Product: syz
[  573.558353][ T5868] usb 7-1: Manufacturer: syz
[  573.563025][ T5868] usb 7-1: SerialNumber: syz
[  573.566014][ T6479] veth1_macvtap: left promiscuous mode
[  573.578796][ T6479] veth0_macvtap: left promiscuous mode
[  573.584724][ T6479] veth1_vlan: left promiscuous mode
[  573.591736][ T6479] veth0_vlan: left promiscuous mode
[  573.599769][ T5868] usb 7-1: config 0 descriptor??
[  573.824748][ T5868] usb 7-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  574.058881][ T5868] dvb_usb_rtl28xxu 7-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  574.068863][ T5827] Bluetooth: hci1: command tx timeout
[  574.098383][ T5868] usb 7-1: USB disconnect, device number 15
[  574.321560][ T6479] team0 (unregistering): Port device team_slave_1 removed
[  574.374829][ T6479] team0 (unregistering): Port device team_slave_0 removed
[  574.703691][T11853] overlayfs: failed to decode file handle (len=12, type=248, flags=0, err=-61)
[  575.378180][ T6208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  575.386062][ T6208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  575.642909][T11629] veth0_macvtap: entered promiscuous mode
[  575.751846][T11629] veth1_macvtap: entered promiscuous mode
[  575.860246][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  575.881893][T11820] chnl_net:caif_netlink_parms(): no params data found
[  575.888049][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  576.148131][ T5827] Bluetooth: hci1: command tx timeout
[  576.322875][T11629] batman_adv: batadv0: Interface activated: batadv_slave_0
[  576.442582][T11629] batman_adv: batadv0: Interface activated: batadv_slave_1
[  576.536638][ T6479] IPVS: stop unused estimator thread 0...
[  576.845010][T11820] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.866170][T11820] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.886616][T11820] bridge_slave_0: entered allmulticast mode
[  576.895689][T11820] bridge_slave_0: entered promiscuous mode
[  576.919270][T11820] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.921016][T11906] ptrace attach of "./syz-executor exec"[11912] was attempted by "./syz-executor exec"[11906]
[  576.931584][T11820] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.950373][T11820] bridge_slave_1: entered allmulticast mode
[  576.966142][T11820] bridge_slave_1: entered promiscuous mode
[  577.190953][T11820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  577.236418][T11820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  577.676196][T11820] team0: Port device team_slave_0 added
[  577.791105][T11820] team0: Port device team_slave_1 added
[  577.802775][ T6112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.835734][ T6112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.116718][T11820] batman_adv: batadv0: Adding interface: batadv_slave_0
[  578.147804][T11820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  578.217814][T11820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  578.228807][ T5827] Bluetooth: hci1: command tx timeout
[  578.324282][T11820] batman_adv: batadv0: Adding interface: batadv_slave_1
[  578.360841][T11820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  578.420226][T11962] Bluetooth: hci0: unsupported parameter 39401
[  578.445841][T11962] Bluetooth: hci0: invalid len left 4, exp >= 133
[  578.471110][T11820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  578.545187][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  578.562045][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.726109][T11820] hsr_slave_0: entered promiscuous mode
[  578.749784][T11820] hsr_slave_1: entered promiscuous mode
[  578.756032][T11820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  578.774385][T11820] Cannot create hsr debugfs directory
[  578.957933][ T5989] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  579.134194][ T5989] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  579.165172][ T5989] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  579.205232][ T5989] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  579.217115][ T5989] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  579.233471][   T68] bridge_slave_1: left allmulticast mode
[  579.245838][   T68] bridge_slave_1: left promiscuous mode
[  579.251997][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.265398][ T5989] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  579.276817][ T5989] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  579.291009][ T5989] usb 7-1: Manufacturer: syz
[  579.302701][   T68] bridge_slave_0: left allmulticast mode
[  579.309896][ T5989] usb 7-1: config 0 descriptor??
[  579.324832][   T68] bridge_slave_0: left promiscuous mode
[  579.333969][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.631935][ T5989] rc_core: IR keymap rc-hauppauge not found
[  579.644003][ T5989] Registered IR keymap rc-empty
[  579.657898][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.689442][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.719616][ T5989] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0
[  579.758745][ T5989] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/rc/rc0/input60
[  579.796172][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.828202][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.858137][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.888051][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.918420][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.947079][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.972667][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  579.998384][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  580.007363][T10889] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  580.017501][T10889] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  580.026580][T10889] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  580.045939][T10889] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  580.053396][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  580.070348][T10889] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  580.120837][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  580.152816][ T5989] mceusb 7-1:0.0: Error: mce write submit urb error = -90
[  580.193189][ T5989] mceusb 7-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  580.203057][ T5989] mceusb 7-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  580.203308][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  580.219464][ T5989] usb 7-1: USB disconnect, device number 16
[  580.253174][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  580.270419][   T68] bond0 (unregistering): Released all slaves
[  580.323912][T10889] Bluetooth: hci1: command tx timeout
[  581.192012][T10889] Bluetooth: hci2: command 0x1003 tx timeout
[  581.198581][ T5827] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  581.371766][   T68] hsr_slave_0: left promiscuous mode
[  581.398822][   T68] hsr_slave_1: left promiscuous mode
[  581.405030][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  581.448204][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  581.478778][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  581.486279][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.015263][   T68] veth1_macvtap: left promiscuous mode
[  582.058213][   T68] veth0_macvtap: left promiscuous mode
[  582.063951][   T68] veth1_vlan: left promiscuous mode
[  582.081277][   T68] veth0_vlan: left promiscuous mode
[  582.154363][T10889] Bluetooth: hci5: command tx timeout
[  583.112392][   T68] team0 (unregistering): Port device team_slave_1 removed
[  583.220366][   T68] team0 (unregistering): Port device team_slave_0 removed
[  583.550545][T12049] syz.6.1746 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  583.807975][ T8662] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  583.977994][ T8662] usb 7-1: Using ep0 maxpacket: 16
[  583.989606][ T8662] usb 7-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  584.005195][ T8662] usb 7-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  584.018188][ T8662] usb 7-1: config 0 interface 0 has no altsetting 0
[  584.024901][ T8662] usb 7-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00
[  584.038252][ T8662] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  584.049514][ T8662] usb 7-1: config 0 descriptor??
[  584.070396][T12003] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  584.243912][T10889] Bluetooth: hci5: command tx timeout
[  584.397475][T12061] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input61
[  584.513090][ T8662] chicony 0003:04F2:0418.002C: hidraw0: USB HID v0.00 Device [HID 04f2:0418] on usb-dummy_hcd.6-1/input0
[  584.540227][T11820] 8021q: adding VLAN 0 to HW filter on device bond0
[  584.580487][T11981] chnl_net:caif_netlink_parms(): no params data found
[  584.685576][ T8662] usb 7-1: USB disconnect, device number 17
[  584.782250][T12066] fido_id[12066]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  584.883284][T11820] 8021q: adding VLAN 0 to HW filter on device team0
[  584.919673][T11360] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.926916][T11360] bridge0: port 1(bridge_slave_0) entered forwarding state
[  584.974933][T11981] bridge0: port 1(bridge_slave_0) entered blocking state
[  584.984135][T11981] bridge0: port 1(bridge_slave_0) entered disabled state
[  584.991699][T11981] bridge_slave_0: entered allmulticast mode
[  584.999994][T11981] bridge_slave_0: entered promiscuous mode
[  585.018348][T11981] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.025644][T11981] bridge0: port 2(bridge_slave_1) entered disabled state
[  585.033205][T11824] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  585.042252][T11981] bridge_slave_1: entered allmulticast mode
[  585.053688][T11981] bridge_slave_1: entered promiscuous mode
[  585.124051][T11981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  585.142842][T11981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  585.194999][T11824] usb 6-1: not running at top speed; connect to a high speed hub
[  585.218870][T11824] usb 6-1: config 1 interface 0 has no altsetting 0
[  585.235121][T11824] usb 6-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.40
[  585.236030][  T750] bridge0: port 2(bridge_slave_1) entered blocking state
[  585.248430][T11824] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.251453][  T750] bridge0: port 2(bridge_slave_1) entered forwarding state
[  585.261045][T11824] usb 6-1: Product: syz
[  586.008895][T11824] usb 6-1: Manufacturer: syz
[  586.013563][T11824] usb 6-1: SerialNumber: syz
[  586.308757][T10889] Bluetooth: hci5: command tx timeout
[  586.309746][T11981] team0: Port device team_slave_0 added
[  586.614121][T11824] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input62
[  586.628338][T11981] team0: Port device team_slave_1 added
[  586.649693][ T5173] bcm5974 6-1:1.0: could not read from device
[  586.669951][ T5173] bcm5974 6-1:1.0: could not read from device
[  586.676899][T11824] usb 6-1: USB disconnect, device number 26
[  586.816213][T11981] batman_adv: batadv0: Adding interface: batadv_slave_0
[  586.823720][T11981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  586.849674][    C0] vkms_vblank_simulate: vblank timer overrun
[  586.864745][T11981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  586.902804][T11981] batman_adv: batadv0: Adding interface: batadv_slave_1
[  586.935766][T11981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  586.972049][T11981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  587.176020][T11981] hsr_slave_0: entered promiscuous mode
[  587.184300][T11981] hsr_slave_1: entered promiscuous mode
[  587.213678][T11981] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  587.221687][T11981] Cannot create hsr debugfs directory
[  588.388010][T10889] Bluetooth: hci5: command tx timeout
[  588.745427][T12123] input: syz1 as /devices/virtual/input/input63
[  589.081842][T11820] 8021q: adding VLAN 0 to HW filter on device batadv0
[  589.153446][T11981] 8021q: adding VLAN 0 to HW filter on device bond0
[  589.226957][T11981] 8021q: adding VLAN 0 to HW filter on device team0
[  589.252585][ T6479] bridge0: port 1(bridge_slave_0) entered blocking state
[  589.259783][ T6479] bridge0: port 1(bridge_slave_0) entered forwarding state
[  589.291832][T11360] bridge0: port 2(bridge_slave_1) entered blocking state
[  589.299089][T11360] bridge0: port 2(bridge_slave_1) entered forwarding state
[  590.196827][T11820] veth0_vlan: entered promiscuous mode
[  590.256185][T11981] 8021q: adding VLAN 0 to HW filter on device batadv0
[  590.284378][T11820] veth1_vlan: entered promiscuous mode
[  590.397659][T11820] veth0_macvtap: entered promiscuous mode
[  590.425546][T11820] veth1_macvtap: entered promiscuous mode
[  590.581288][T11820] batman_adv: batadv0: Interface activated: batadv_slave_0
[  590.640477][T11820] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.956980][  T750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.989041][  T750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.075951][ T6479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.094253][ T6479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.336336][T11981] veth0_vlan: entered promiscuous mode
[  591.394936][T11981] veth1_vlan: entered promiscuous mode
[  591.521199][T11981] veth0_macvtap: entered promiscuous mode
[  591.525673][T12204] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1778'.
[  591.975267][T11981] veth1_macvtap: entered promiscuous mode
[  592.087113][T11981] batman_adv: batadv0: Interface activated: batadv_slave_0
[  592.143221][T11981] batman_adv: batadv0: Interface activated: batadv_slave_1
[  592.479641][ T6112] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.517985][ T6112] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.628114][ T6112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.708374][ T6112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  593.007934][ T8662] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  593.139852][ T5870] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  593.167614][ T6479] bridge_slave_1: left allmulticast mode
[  593.180246][ T6479] bridge_slave_1: left promiscuous mode
[  593.182487][ T8662] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.198538][ T6479] bridge0: port 2(bridge_slave_1) entered disabled state
[  593.223976][ T6479] bridge_slave_0: left allmulticast mode
[  593.226189][ T8662] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  593.252819][ T6479] bridge_slave_0: left promiscuous mode
[  593.273267][ T6479] bridge0: port 1(bridge_slave_0) entered disabled state
[  593.273885][ T8662] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  593.330823][ T5870] usb 7-1: Using ep0 maxpacket: 32
[  593.348139][ T8662] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  593.350015][ T5870] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  593.373761][ T8662] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.400000][ T8662] usb 8-1: config 0 descriptor??
[  593.422390][ T5870] usb 7-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  593.448908][ T5870] usb 7-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  593.477548][ T5870] usb 7-1: Product: syz
[  593.498023][ T5870] usb 7-1: Manufacturer: syz
[  593.502689][ T5870] usb 7-1: SerialNumber: syz
[  593.524458][ T5870] usb 7-1: config 0 descriptor??
[  593.552072][T12241] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  593.845731][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.861937][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.873676][ T5868] usb 7-1: USB disconnect, device number 18
[  593.888979][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.911185][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.919622][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.935159][ T8662] plantronics 0003:047F:FFFF.002D: unknown main item tag 0x0
[  593.965674][ T8662] plantronics 0003:047F:FFFF.002D: No inputs registered, leaving
[  593.996459][ T8662] plantronics 0003:047F:FFFF.002D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  594.160522][ T5868] usb 8-1: USB disconnect, device number 2
[  595.003583][ T6479] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  595.025691][ T6479] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  595.058576][ T6479] bond0 (unregistering): Released all slaves
[  595.353820][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  595.368255][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  595.392393][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  595.430897][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  595.448728][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  595.941757][T11824] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  595.979854][ T5870] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  596.067801][ T6479] hsr_slave_0: left promiscuous mode
[  596.078906][ T6479] hsr_slave_1: left promiscuous mode
[  596.084945][ T6479] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  596.093095][ T6479] batman_adv: batadv0: Removing interface: batadv_slave_0
[  596.104259][ T6479] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  596.120423][T11824] usb 8-1: Using ep0 maxpacket: 8
[  596.128235][ T6479] batman_adv: batadv0: Removing interface: batadv_slave_1
[  596.136822][T11824] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  596.157206][T11824] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.168044][ T5870] usb 9-1: Using ep0 maxpacket: 32
[  596.189587][T11824] usb 8-1: config 0 descriptor??
[  596.207907][ T5870] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  596.224242][ T6479] veth1_macvtap: left promiscuous mode
[  596.248086][ T5870] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  596.258007][ T6479] veth0_macvtap: left promiscuous mode
[  596.266206][ T5870] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  596.278315][ T5870] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  596.285384][ T6479] veth1_vlan: left promiscuous mode
[  596.288563][ T5870] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.314966][ T6479] veth0_vlan: left promiscuous mode
[  596.337417][ T5870] usb 9-1: config 0 descriptor??
[  596.359819][T12299] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  596.374521][ T5870] hub 9-1:0.0: USB hub found
[  596.409403][T11824] asix 8-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  596.595950][ T5870] hub 9-1:0.0: 2 ports detected
[  596.628435][ T8662] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  596.856872][ T8662] usb 6-1: config 0 has an invalid interface number: 133 but max is 0
[  596.880486][ T8662] usb 6-1: config 0 has no interface number 0
[  596.905108][ T8662] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  596.914550][ T8662] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  596.922790][ T8662] usb 6-1: Product: syz
[  596.926996][ T8662] usb 6-1: Manufacturer: syz
[  596.931703][ T8662] usb 6-1: SerialNumber: syz
[  596.939631][ T8662] usb 6-1: config 0 descriptor??
[  597.011469][ T5870] hub 9-1:0.0: set hub depth failed
[  597.022899][ T5870] usb 9-1: USB disconnect, device number 2
[  597.166852][ T8662] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected
[  597.179537][ T8662] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81
[  597.182161][ T6479] team0 (unregistering): Port device team_slave_1 removed
[  597.187533][ T8662] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1
[  597.207071][ T8662] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2
[  597.222483][ T8662] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  597.289287][ T6479] team0 (unregistering): Port device team_slave_0 removed
[  597.516330][T10889] Bluetooth: hci2: command tx timeout
[  597.581998][ T8662] usb 6-1: USB disconnect, device number 27
[  597.615022][ T8662] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  597.640332][T11824] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  597.663301][ T8662] keyspan 6-1:0.133: device disconnected
[  597.678308][T11824] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  597.691442][T11824] asix 8-1:0.0: probe with driver asix failed with error -71
[  598.622291][T11824] usb 8-1: USB disconnect, device number 3
[  599.102923][ T5870] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  599.589309][T10889] Bluetooth: hci2: command tx timeout
[  599.886579][ T5870] usb 6-1: Using ep0 maxpacket: 16
[  599.899647][ T5870] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  599.916826][ T5870] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  599.934946][ T5870] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  599.944411][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.956575][ T5870] usb 6-1: Product: syz
[  599.999139][ T5870] usb 6-1: Manufacturer: syz
[  600.003800][ T5870] usb 6-1: SerialNumber: syz
[  600.051662][ T5870] usb 6-1: config 0 descriptor??
[  600.123118][ T5870] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  600.176118][ T5870] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  600.569726][T12285] chnl_net:caif_netlink_parms(): no params data found
[  600.673037][ T5870] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  600.698414][ T5870] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  600.915271][ T5870] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  600.950674][ T5870] em28xx 6-1:0.0: No AC97 audio processor
[  600.998175][ T5870] usb 6-1: USB disconnect, device number 28
[  601.019767][ T5870] em28xx 6-1:0.0: Disconnecting em28xx
[  601.031819][ T5870] em28xx 6-1:0.0: Freeing device
[  601.137372][T12285] bridge0: port 1(bridge_slave_0) entered blocking state
[  601.157853][ T8662] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  601.175674][T12285] bridge0: port 1(bridge_slave_0) entered disabled state
[  601.196128][T12285] bridge_slave_0: entered allmulticast mode
[  601.224655][T12285] bridge_slave_0: entered promiscuous mode
[  601.234357][T12285] bridge0: port 2(bridge_slave_1) entered blocking state
[  601.245779][T12285] bridge0: port 2(bridge_slave_1) entered disabled state
[  601.254310][T12285] bridge_slave_1: entered allmulticast mode
[  601.281089][T12285] bridge_slave_1: entered promiscuous mode
[  601.317989][ T8662] usb 8-1: Using ep0 maxpacket: 8
[  601.335983][ T8662] usb 8-1: config 0 has no interfaces?
[  601.355584][ T8662] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  601.382265][ T8662] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.411120][T12285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  601.423016][ T8662] usb 8-1: config 0 descriptor??
[  601.481899][T12285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  601.667880][T10889] Bluetooth: hci2: command tx timeout
[  601.683037][ T8662] usb 8-1: USB disconnect, device number 4
[  601.748941][T12285] team0: Port device team_slave_0 added
[  601.759790][T12285] team0: Port device team_slave_1 added
[  601.783457][T12388] kvm: emulating exchange as write
[  601.935848][T12285] batman_adv: batadv0: Adding interface: batadv_slave_0
[  601.945723][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  601.979283][   T24] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  601.997825][T12285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  602.012771][T12285] batman_adv: batadv0: Adding interface: batadv_slave_1
[  602.022694][T12285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  602.058115][T12285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  602.130531][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  602.157827][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  602.201506][   T24] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  602.218722][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.219368][T11361] bridge_slave_1: left allmulticast mode
[  602.238182][   T24] usb 6-1: Product: syz
[  602.242387][   T24] usb 6-1: Manufacturer: syz
[  602.247003][   T24] usb 6-1: SerialNumber: syz
[  602.267378][T11361] bridge_slave_1: left promiscuous mode
[  602.274548][T11361] bridge0: port 2(bridge_slave_1) entered disabled state
[  602.280904][   T24] usb 6-1: config 0 descriptor??
[  602.294498][   T24] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  602.317120][T11361] bridge_slave_0: left allmulticast mode
[  602.327964][T11361] bridge_slave_0: left promiscuous mode
[  602.333810][T11361] bridge0: port 1(bridge_slave_0) entered disabled state
[  602.771052][   T24] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -12
[  602.856598][   T24] usb 6-1: USB disconnect, device number 29
[  603.543189][T10379] udevd[10379]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  603.747862][T10889] Bluetooth: hci2: command tx timeout
[  603.848304][T12414] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1832'.
[  604.450731][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  604.462421][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  604.481821][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  604.491529][ T5827] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  604.499660][ T5827] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  604.695771][T11361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  604.707349][T11361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  604.718603][T11361] bond0 (unregistering): Released all slaves
[  604.854680][T12285] hsr_slave_0: entered promiscuous mode
[  604.869480][T12285] hsr_slave_1: entered promiscuous mode
[  604.876187][T12285] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  604.890513][T12285] Cannot create hsr debugfs directory
[  606.447827][T11361] hsr_slave_0: left promiscuous mode
[  606.496659][T11361] hsr_slave_1: left promiscuous mode
[  606.512972][T11361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  606.532122][T11361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.541904][T11361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  606.560619][T10889] Bluetooth: hci1: command tx timeout
[  606.566039][T11361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  606.656494][T11361] veth1_macvtap: left promiscuous mode
[  606.664488][T11361] veth0_macvtap: left promiscuous mode
[  606.674017][T11361] veth1_vlan: left promiscuous mode
[  606.681998][T11361] veth0_vlan: left promiscuous mode
[  606.761317][   T43] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  606.920054][   T43] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  606.938588][   T43] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  606.955245][   T43] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  606.964802][   T43] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.973250][   T43] usb 8-1: Product: syz
[  606.977620][   T43] usb 8-1: Manufacturer: syz
[  606.983532][   T43] usb 8-1: SerialNumber: syz
[  607.223678][T12460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  607.237684][T12460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  607.263754][   T43] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22
[  607.297211][   T43] usb 8-1: USB disconnect, device number 5
[  607.455522][T11361] team0 (unregistering): Port device team_slave_1 removed
[  607.521462][T11361] team0 (unregistering): Port device team_slave_0 removed
[  607.747987][   T43] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  607.914630][   T43] usb 8-1: Using ep0 maxpacket: 8
[  607.921844][   T43] usb 8-1: config index 0 descriptor too short (expected 301, got 72)
[  607.931670][   T43] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  607.943777][   T43] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  607.953762][   T43] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  607.964614][   T43] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  607.974950][   T43] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  607.986180][   T43] usb 8-1: config 16 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  608.002591][   T43] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  608.011771][   T43] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.257809][   T43] usb 8-1: usb_control_msg returned -32
[  608.280250][   T43] usbtmc 8-1:16.0: can't read capabilities
[  608.310453][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.316608][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.322745][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.330698][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.336815][    C1] usbtmc 8-1:16.0: invalid notification: 11
[  608.347152][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.358357][    C1] usbtmc 8-1:16.0: invalid notification: 2
[  608.364459][    C1] usbtmc 8-1:16.0: invalid notification: 5
[  608.372278][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.378370][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.384407][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.390567][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.396675][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.402779][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.408890][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.414952][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.421034][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.427075][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.433143][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.439206][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.445273][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.451331][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.457391][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.463528][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.478216][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.484408][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.490514][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.496604][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.502657][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.508723][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.514916][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.521015][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.527079][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.533169][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.539238][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.545583][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.551862][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.557947][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.564003][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.570291][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.576555][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.582647][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.589153][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.595224][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.601341][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.607397][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.613497][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.619552][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.626251][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.632838][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.633115][T10889] Bluetooth: hci1: command tx timeout
[  608.638919][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.656316][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.662411][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.668487][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.674854][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.680934][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.686981][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.693075][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.699177][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.706337][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.712411][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.718485][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.724528][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.730822][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.736879][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.743040][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.749111][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.755165][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.761258][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.767312][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.773359][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.787302][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.797509][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.803868][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.809996][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.817947][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.824047][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.830105][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.836160][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.842248][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.848311][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.854368][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.860539][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.867173][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.874174][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.880512][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.886739][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.894881][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.900938][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.907063][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.913149][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.919236][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.925301][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.931358][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.937387][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.943457][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.949576][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.955616][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.961669][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.967775][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.973850][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.984258][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.990474][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  608.996524][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.002594][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.008737][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.014792][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.020840][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.027093][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.033223][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.039335][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.045680][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.051769][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.057819][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.063878][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.069962][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.076036][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.082285][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.088504][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.094545][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.100604][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.106632][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.112824][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.118865][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.124898][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.131150][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.137223][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.143293][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.149369][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.155426][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.161526][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.167613][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.173665][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.179756][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.186214][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.192590][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.198719][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.204772][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.210814][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.216848][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.222885][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.228929][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.234966][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.241007][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.247063][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.253123][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.259172][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.265231][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.271292][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.277334][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.286559][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.294506][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.300579][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.306623][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.312696][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.318775][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.324833][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.330900][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.337026][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.343188][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.349280][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.355361][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.361426][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.367471][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.373547][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.379634][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.385690][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.392832][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.399108][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.405175][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.411262][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.417327][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.417930][T12081] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  609.423373][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.436913][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.443063][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.449233][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.455283][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.461355][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.467403][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.473442][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.479500][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.485605][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.491844][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.498063][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.504121][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.510255][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.516301][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.522347][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.528416][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.534468][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.540525][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.546784][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.552921][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.558967][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.565025][    C1] usbtmc 8-1:16.0: invalid notification: 0
[  609.655665][T12081] usb 6-1: config 0 has no interfaces?
[  609.681376][T12081] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  609.714406][T12081] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.734860][T12081] usb 6-1: Product: syz
[  609.741184][T12081] usb 6-1: Manufacturer: syz
[  609.746179][T12081] usb 6-1: SerialNumber: syz
[  609.764189][T12418] chnl_net:caif_netlink_parms(): no params data found
[  609.775681][T12081] usb 6-1: config 0 descriptor??
[  609.826752][T12285] 8021q: adding VLAN 0 to HW filter on device bond0
[  609.906954][T12285] 8021q: adding VLAN 0 to HW filter on device team0
[  609.958850][T12081] usb 8-1: USB disconnect, device number 6
[  610.030258][T11824] usb 6-1: USB disconnect, device number 30
[  610.243927][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.251197][ T6208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  610.283572][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.290836][ T6208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  610.391925][T12418] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.413887][T12418] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.431667][T12418] bridge_slave_0: entered allmulticast mode
[  610.450566][T12418] bridge_slave_0: entered promiscuous mode
[  610.707823][T10889] Bluetooth: hci1: command tx timeout
[  610.731641][T12418] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.751880][T12418] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.765369][T12418] bridge_slave_1: entered allmulticast mode
[  610.777429][T12418] bridge_slave_1: entered promiscuous mode
[  610.933309][T12418] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  610.964768][T12418] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  611.317381][T12418] team0: Port device team_slave_0 added
[  611.352391][T12418] team0: Port device team_slave_1 added
[  611.581484][T12418] batman_adv: batadv0: Adding interface: batadv_slave_0
[  611.591748][T12418] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  611.620821][T12418] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  612.788270][T10889] Bluetooth: hci1: command tx timeout
[  613.733844][T12418] batman_adv: batadv0: Adding interface: batadv_slave_1
[  613.741107][T12418] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  613.767214][T12418] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  613.951324][T12285] 8021q: adding VLAN 0 to HW filter on device batadv0
[  614.033362][T12418] hsr_slave_0: entered promiscuous mode
[  614.055473][T12418] hsr_slave_1: entered promiscuous mode
[  614.066832][T12418] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  614.082216][T12418] Cannot create hsr debugfs directory
[  614.167814][T11824] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  614.363512][T11824] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  614.406909][T11824] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  614.458657][T11824] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  614.492157][T11824] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  614.547767][T11824] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  614.557129][T11824] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  614.600841][T11824] usb 8-1: config 0 descriptor??
[  614.607439][T12550] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  614.829308][T12285] veth0_vlan: entered promiscuous mode
[  614.892578][T12285] veth1_vlan: entered promiscuous mode
[  615.024610][T12285] veth0_macvtap: entered promiscuous mode
[  615.061835][T11824] plantronics 0003:047F:FFFF.002E: reserved main item tag 0xd
[  615.075674][T12285] veth1_macvtap: entered promiscuous mode
[  615.127416][T11824] plantronics 0003:047F:FFFF.002E: No inputs registered, leaving
[  615.164408][T11824] plantronics 0003:047F:FFFF.002E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  615.206629][T12285] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.269641][T12418] 8021q: adding VLAN 0 to HW filter on device bond0
[  615.351630][T12285] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.401695][T11824] usb 8-1: USB disconnect, device number 7
[  615.443226][T12418] 8021q: adding VLAN 0 to HW filter on device team0
[  615.806804][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  615.814081][ T6208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  615.872974][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  615.880247][ T6208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  616.114846][ T6208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.152185][ T6208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.272990][  T750] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.296318][  T750] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.822895][T11361] bridge_slave_1: left allmulticast mode
[  616.830934][T11361] bridge_slave_1: left promiscuous mode
[  616.842031][T11361] bridge0: port 2(bridge_slave_1) entered disabled state
[  616.890039][T11361] bridge_slave_0: left allmulticast mode
[  616.927852][T11361] bridge_slave_0: left promiscuous mode
[  616.939095][T11361] bridge0: port 1(bridge_slave_0) entered disabled state
[  617.699440][T11361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  617.710946][T11361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  617.721324][T11361] bond0 (unregistering): Released all slaves
[  617.741330][T12629] netlink: 'syz.6.1880': attribute type 5 has an invalid length.
[  618.159234][T12418] 8021q: adding VLAN 0 to HW filter on device batadv0
[  618.820127][T11361] hsr_slave_0: left promiscuous mode
[  618.826429][T11361] hsr_slave_1: left promiscuous mode
[  618.843516][T11361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  618.873198][T11361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  618.929074][T11361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  618.946076][T11361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  619.000605][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  619.013299][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  619.038976][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  619.051258][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  619.060305][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  619.132753][T11361] veth1_macvtap: left promiscuous mode
[  619.173230][T11361] veth0_macvtap: left promiscuous mode
[  619.201322][T11361] veth1_vlan: left promiscuous mode
[  619.220696][T11361] veth0_vlan: left promiscuous mode
[  619.597287][T12682] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1888'.
[  620.301126][T11361] team0 (unregistering): Port device team_slave_1 removed
[  620.392600][T11361] team0 (unregistering): Port device team_slave_0 removed
[  620.475849][T10889] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  620.486680][T10889] Bluetooth: Wrong link type (-22)
[  620.499782][T10889] Bluetooth: hci0: link tx timeout
[  620.505276][T10889] Bluetooth: hci0: killing stalled connection 11:aa:aa:aa:aa:aa
[  621.127366][ T5827] Bluetooth: hci2: command tx timeout
[  622.549905][ T5827] Bluetooth: hci0: command 0x0406 tx timeout
[  622.630580][T12418] veth0_vlan: entered promiscuous mode
[  622.740751][T12418] veth1_vlan: entered promiscuous mode
[  623.034870][T12418] veth0_macvtap: entered promiscuous mode
[  623.077285][T12730] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1901'.
[  623.101961][T12730] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1901'.
[  623.188489][T10889] Bluetooth: hci2: command tx timeout
[  623.322531][T12418] veth1_macvtap: entered promiscuous mode
[  623.414782][T12418] batman_adv: batadv0: Interface activated: batadv_slave_0
[  623.469139][T12418] batman_adv: batadv0: Interface activated: batadv_slave_1
[  623.540416][T12668] chnl_net:caif_netlink_parms(): no params data found
[  623.718791][T12748] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1904'.
[  623.807964][T12748] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  623.823753][T12748] batman_adv: batadv0: Removing interface: batadv_slave_0
[  623.850718][T12755] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1906'.
[  623.861335][T12748] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  623.873525][T12748] batman_adv: batadv0: Removing interface: batadv_slave_1
[  624.068924][T12668] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.088273][T12668] bridge0: port 1(bridge_slave_0) entered disabled state
[  624.095576][T12668] bridge_slave_0: entered allmulticast mode
[  624.121016][T12668] bridge_slave_0: entered promiscuous mode
[  624.148790][T12668] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.156047][T12668] bridge0: port 2(bridge_slave_1) entered disabled state
[  624.178901][T12668] bridge_slave_1: entered allmulticast mode
[  624.198196][T12668] bridge_slave_1: entered promiscuous mode
[  624.325325][T12668] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  624.352999][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.382719][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  624.413636][T12668] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  624.480863][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  624.691569][T12768] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1910'.
[  624.747151][T12668] team0: Port device team_slave_0 added
[  624.937736][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880336b4c00: rx timeout, send abort
[  625.386993][T10889] Bluetooth: hci2: command tx timeout
[  625.438003][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880336b4400: rx timeout, send abort
[  625.446269][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880336b4c00: abort rx timeout. Force session deactivation
[  625.716837][T12668] team0: Port device team_slave_1 added
[  625.757286][ T6112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  625.778683][ T6112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  625.805284][T12668] batman_adv: batadv0: Adding interface: batadv_slave_0
[  625.820262][T12668] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.847083][T12776] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1913'.
[  625.857375][T12668] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  625.882090][T12668] batman_adv: batadv0: Adding interface: batadv_slave_1
[  625.918169][T12668] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  625.946260][    C0] vcan0 (unregistered): j1939_tp_rxtimer: 0xffff8880336b4400: abort rx timeout. Force session deactivation
[  625.962144][T12668] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  626.115077][T12783] loop2: detected capacity change from 0 to 7
[  626.124138][T12783] Dev loop2: unable to read RDB block 7
[  626.133634][T12783]  loop2: unable to read partition table
[  626.154082][T12784] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1915'.
[  626.157795][   T43] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  626.167039][T12783] loop2: partition table beyond EOD, truncated
[  626.213254][T12783] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  626.224925][T12668] hsr_slave_0: entered promiscuous mode
[  626.241962][T12668] hsr_slave_1: entered promiscuous mode
[  626.253783][T12668] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  626.261836][T12668] Cannot create hsr debugfs directory
[  626.378890][   T43] usb 6-1: Using ep0 maxpacket: 8
[  626.404820][   T43] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  626.448526][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.475170][   T43] usb 6-1: Product: syz
[  626.489197][   T43] usb 6-1: Manufacturer: syz
[  626.494638][   T43] usb 6-1: SerialNumber: syz
[  626.563143][   T43] usb 6-1: config 0 descriptor??
[  626.688405][T12081] usb 7-1: new full-speed USB device number 19 using dummy_hcd
[  626.786611][   T43] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  626.881226][T12081] usb 7-1: config 0 has an invalid interface number: 31 but max is 0
[  626.921506][T12081] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.967896][T12081] usb 7-1: config 0 has no interface number 0
[  626.980866][T12081] usb 7-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  627.007137][T12081] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.026827][T12081] usb 7-1: Product: syz
[  627.058117][T12081] usb 7-1: Manufacturer: syz
[  627.062793][T12081] usb 7-1: SerialNumber: syz
[  627.095221][T12081] usb 7-1: config 0 descriptor??
[  627.150411][T12081] hub 7-1:0.31: bad descriptor, ignoring hub
[  627.156489][T12081] hub 7-1:0.31: probe with driver hub failed with error -5
[  627.203323][T12081] usb 7-1: Found UVC 0.04 device syz (046d:08c3)
[  627.219745][   T43] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  627.253668][T12081] uvcvideo 7-1:0.31: Entity type for entity Output 6 was not initialized!
[  627.259399][   T43] usb 6-1: USB disconnect, device number 31
[  627.291887][T12081] usb 7-1: Failed to create links for entity 6
[  627.328119][T12081] usb 7-1: Failed to register entities (-22).
[  627.422888][T12081] usb 7-1: USB disconnect, device number 19
[  627.438362][T10889] Bluetooth: hci2: command tx timeout
[  627.892384][T12668] 8021q: adding VLAN 0 to HW filter on device bond0
[  627.917573][T12668] 8021q: adding VLAN 0 to HW filter on device team0
[  628.194783][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.202070][ T6208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  628.411337][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.418574][ T6208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  628.468115][T12081] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  628.643937][T12846] usb usb8: usbfs: process 12846 (syz.7.1928) did not claim interface 0 before use
[  628.653532][T12081] usb 10-1: Using ep0 maxpacket: 16
[  628.662329][T12081] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  628.700199][T12081] usb 10-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  628.717814][T12081] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.736296][T12081] usb 10-1: Product: syz
[  628.740780][T12081] usb 10-1: Manufacturer: syz
[  628.748556][T12081] usb 10-1: SerialNumber: syz
[  628.763372][T12081] usb 10-1: config 0 descriptor??
[  628.813954][T12081] em28xx 10-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  628.833363][T12081] em28xx 10-1:0.0: DVB interface 0 found: bulk
[  629.468859][T12081] em28xx 10-1:0.0: unknown em28xx chip ID (0)
[  630.252136][T12864] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1933'.
[  630.567403][T12081] em28xx 10-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  630.594265][T12081] em28xx 10-1:0.0: board has no eeprom
[  630.685034][T12081] em28xx 10-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  630.695210][T12081] em28xx 10-1:0.0: dvb set to bulk mode.
[  630.729293][T11824] em28xx 10-1:0.0: Binding DVB extension
[  630.747045][T12081] usb 10-1: USB disconnect, device number 2
[  630.771922][T12081] em28xx 10-1:0.0: Disconnecting em28xx
[  630.880172][T11824] em28xx 10-1:0.0: Registering input extension
[  630.889632][T12081] em28xx 10-1:0.0: Closing input extension
[  630.928873][T12081] em28xx 10-1:0.0: Freeing device
[  633.227286][T12668] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  633.303065][T12668] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  633.535048][T12903] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1943'.
[  634.204076][T12668] 8021q: adding VLAN 0 to HW filter on device batadv0
[  634.363700][T12930] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1949'.
[  636.571326][T12668] veth0_vlan: entered promiscuous mode
[  636.605154][T12668] veth1_vlan: entered promiscuous mode
[  636.680313][T12668] veth0_macvtap: entered promiscuous mode
[  636.720858][T12668] veth1_macvtap: entered promiscuous mode
[  636.773865][T12668] batman_adv: batadv0: Interface activated: batadv_slave_0
[  636.841464][T12668] batman_adv: batadv0: Interface activated: batadv_slave_1
[  637.048232][   T43] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  637.056502][ T6208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  637.090799][ T6208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  637.222457][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  637.238395][   T43] usb 8-1: Using ep0 maxpacket: 16
[  637.249734][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  637.266639][   T43] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  637.287849][   T43] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  637.536034][   T43] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  637.546238][   T43] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  637.557320][   T43] usb 8-1: Product: syz
[  637.562396][   T43] usb 8-1: Manufacturer: syz
[  637.567445][   T43] usb 8-1: SerialNumber: syz
[  637.585186][   T43] usb 8-1: config 0 descriptor??
[  637.664994][T12991] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1961'.
[  637.909167][   T43] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  638.266538][   T43] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class)
[  638.704616][   T43] em28xx 8-1:0.0: unknown em28xx chip ID (0)
[  638.741651][   T43] em28xx 8-1:0.0: Config register raw data: 0xa4
[  638.809346][   T43] em28xx 8-1:0.0: I2S Audio (1 sample rate(s))
[  638.815579][   T43] em28xx 8-1:0.0: No AC97 audio processor
[  639.181101][   T68] bridge_slave_1: left allmulticast mode
[  639.367981][   T68] bridge_slave_1: left promiscuous mode
[  639.375380][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  639.455042][   T43] usb 8-1: USB disconnect, device number 8
[  639.461482][T13005] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1964'.
[  639.518896][   T68] bridge_slave_0: left allmulticast mode
[  639.524616][   T68] bridge_slave_0: left promiscuous mode
[  639.594173][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  639.878227][T13007] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1964'.
[  639.907769][T13007] nbd: nbd64 already in use
[  640.171025][ T9928] udevd[9928]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  640.967789][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  640.998408][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  641.020476][   T68] bond0 (unregistering): Released all slaves
[  641.189266][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  641.200915][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  641.215840][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  641.226379][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  641.246071][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  642.426500][T10889] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11
[  642.556674][   T68] hsr_slave_0: left promiscuous mode
[  642.573572][   T68] hsr_slave_1: left promiscuous mode
[  642.594223][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  642.617911][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  642.636568][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  642.655835][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  643.169454][   T68] veth1_macvtap: left promiscuous mode
[  643.175078][   T68] veth0_macvtap: left promiscuous mode
[  643.197979][   T68] veth1_vlan: left promiscuous mode
[  643.206617][   T68] veth0_vlan: left promiscuous mode
[  643.357948][T10889] Bluetooth: hci2: command tx timeout
[  644.486888][   T68] team0 (unregistering): Port device team_slave_1 removed
[  644.542191][   T68] team0 (unregistering): Port device team_slave_0 removed
[  644.808738][T13083] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1982'.
[  645.044124][    C0] vxcan1: j1939_tp_rxtimer: 0xffff888020af4c00: rx timeout, send abort
[  645.440250][T10889] Bluetooth: hci2: command tx timeout
[  646.214810][T13030] chnl_net:caif_netlink_parms(): no params data found
[  646.788000][ T5872] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  646.872861][T13133] vlan2: entered promiscuous mode
[  646.891526][T13133] vlan2: entered allmulticast mode
[  646.896709][T13133] hsr_slave_1: entered allmulticast mode
[  646.979973][ T5872] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  646.984859][T13030] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.033398][ T5872] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  647.060385][T13030] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.060767][ T5872] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  647.089332][T13030] bridge_slave_0: entered allmulticast mode
[  647.102643][ T5872] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  647.159707][ T5872] usb 7-1: SerialNumber: syz
[  647.212549][T13030] bridge_slave_0: entered promiscuous mode
[  647.240402][T13030] bridge0: port 2(bridge_slave_1) entered blocking state
[  647.268529][T13030] bridge0: port 2(bridge_slave_1) entered disabled state
[  647.275897][T13030] bridge_slave_1: entered allmulticast mode
[  647.327607][T13030] bridge_slave_1: entered promiscuous mode
[  647.441416][ T5872] usb 7-1: 0:2 : does not exist
[  647.509776][T10889] Bluetooth: hci2: command tx timeout
[  647.550695][ T5872] usb 7-1: USB disconnect, device number 20
[  647.731547][ T9928] udevd[9928]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  647.786087][T13030] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  647.847044][T13030] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  648.022220][T13030] team0: Port device team_slave_0 added
[  648.081358][T13030] team0: Port device team_slave_1 added
[  648.291028][T13030] batman_adv: batadv0: Adding interface: batadv_slave_0
[  648.320149][T13030] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.360757][T13030] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  648.495996][T13030] batman_adv: batadv0: Adding interface: batadv_slave_1
[  648.514732][T13030] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  648.579360][T13030] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  648.741330][T13160] binder: 13159:13160 unknown command 0
[  648.746952][T13160] binder: 13159:13160 ioctl c0306201 200000000180 returned -22
[  648.958943][T13030] hsr_slave_0: entered promiscuous mode
[  648.965750][T13030] hsr_slave_1: entered promiscuous mode
[  649.038149][T13030] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  649.051264][T13030] Cannot create hsr debugfs directory
[  649.588272][T10889] Bluetooth: hci2: command tx timeout
[  649.746709][T13178] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  649.967522][T13189] macvlan2: entered allmulticast mode
[  649.981694][T13189] bond_slave_0: entered promiscuous mode
[  650.020139][T13189] bond0: entered allmulticast mode
[  650.038505][T13189] bond_slave_0: entered allmulticast mode
[  650.055009][T13189] bond_slave_1: entered allmulticast mode
[  650.075562][T13189] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  650.101008][T13189] team0: Port device macvlan2 added
[  651.159170][T13030] 8021q: adding VLAN 0 to HW filter on device bond0
[  651.295122][T13030] 8021q: adding VLAN 0 to HW filter on device team0
[  651.316847][T11361] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.324115][T11361] bridge0: port 1(bridge_slave_0) entered forwarding state
[  651.638327][T13223] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2014'.
[  652.238906][T11361] bridge0: port 2(bridge_slave_1) entered blocking state
[  652.246029][T11361] bridge0: port 2(bridge_slave_1) entered forwarding state
[  654.978948][T13030] 8021q: adding VLAN 0 to HW filter on device batadv0
[  655.207546][   T10] hid-generic 0000:0000:0000.002F: unknown main item tag 0x0
[  655.258305][   T10] hid-generic 0000:0000:0000.002F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  655.670914][T13273] netlink: 4 bytes leftover after parsing attributes in process `syz.9.2025'.
[  657.763734][T13030] veth0_vlan: entered promiscuous mode
[  658.303966][T13030] veth1_vlan: entered promiscuous mode
[  658.612094][T13030] veth0_macvtap: entered promiscuous mode
[  658.623818][T13030] veth1_macvtap: entered promiscuous mode
[  658.706033][T13030] batman_adv: batadv0: Interface activated: batadv_slave_0
[  658.800272][T13030] batman_adv: batadv0: Interface activated: batadv_slave_1
[  659.008549][T13327] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2034'.
[  660.487112][  T750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.489240][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2039'.
[  660.524140][  T750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.752089][ T2150] usb 6-1: new low-speed USB device number 32 using dummy_hcd
[  661.469783][ T6479] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  661.488803][ T6479] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  661.849015][ T6208] bridge_slave_1: left allmulticast mode
[  661.854735][ T6208] bridge_slave_1: left promiscuous mode
[  661.932917][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state
[  662.012435][ T6208] bridge_slave_0: left allmulticast mode
[  662.167962][   T24] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  662.208652][ T6208] bridge_slave_0: left promiscuous mode
[  662.234159][ T6208] bridge0: port 1(bridge_slave_0) entered disabled state
[  662.508056][   T24] usb 8-1: Using ep0 maxpacket: 16
[  662.604356][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  662.647802][   T24] usb 8-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  662.664482][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.688431][   T24] usb 8-1: config 0 descriptor??
[  663.124335][   T24] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0
[  663.131631][   T24] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0
[  663.140730][   T24] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0
[  663.148184][   T24] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0
[  663.157365][   T24] mcp2221 0003:04D8:00DD.0030: unknown main item tag 0x0
[  663.166399][   T24] mcp2221 0003:04D8:00DD.0030: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.7-1/input0
[  663.238775][ T6208] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  663.263769][ T6208] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  663.276066][ T6208] bond0 (unregistering): Released all slaves
[  663.522411][ T2150] usb 8-1: USB disconnect, device number 9
[  663.793979][T13396] bridge0: port 2(bridge_slave_1) entered disabled state
[  663.803013][T13396] bridge0: port 1(bridge_slave_0) entered disabled state
[  663.828899][T13396] bridge0: entered allmulticast mode
[  663.911210][ T6208] hsr_slave_0: left promiscuous mode
[  663.929811][ T6208] hsr_slave_1: left promiscuous mode
[  663.946871][ T6208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  663.965142][ T6208] batman_adv: batadv0: Removing interface: batadv_slave_0
[  663.984556][ T6208] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  663.997844][ T6208] batman_adv: batadv0: Removing interface: batadv_slave_1
[  664.068196][   T43] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  664.078894][ T6208] veth1_macvtap: left promiscuous mode
[  664.084500][ T6208] veth0_macvtap: left promiscuous mode
[  664.109953][ T6208] veth1_vlan: left promiscuous mode
[  664.125975][ T6208] veth0_vlan: left promiscuous mode
[  664.227002][T13406] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2052'.
[  664.270002][   T43] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  664.279820][T13408] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2052'.
[  664.298309][   T43] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  664.319229][   T43] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  664.345823][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  664.387254][   T43] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  664.422489][   T43] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  664.440384][   T43] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  664.449094][   T43] usb 6-1: Product: syz
[  664.453717][   T43] usb 6-1: Manufacturer: syz
[  664.466568][   T43] cdc_wdm 6-1:1.0: skipping garbage
[  664.471550][ T5827] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  664.484188][   T43] cdc_wdm 6-1:1.0: skipping garbage
[  664.493792][ T5827] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  664.504943][ T5827] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  664.520231][   T43] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  664.522128][ T5827] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  664.535241][ T5827] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  664.560049][   T43] cdc_wdm 6-1:1.0: Unknown control protocol
[  664.678719][    C0] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  664.880803][   T43] usb 6-1: USB disconnect, device number 33
[  665.114351][ T6208] team0 (unregistering): Port device team_slave_1 removed
[  665.163283][ T6208] team0 (unregistering): Port device team_slave_0 removed
[  666.596518][T13393] bridge_slave_1: left allmulticast mode
[  666.611302][T13393] bridge_slave_1: left promiscuous mode
[  666.619565][T13393] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.630980][ T5827] Bluetooth: hci2: command tx timeout
[  666.702016][T13393] bridge_slave_0: left allmulticast mode
[  666.723565][T13393] bridge_slave_0: left promiscuous mode
[  666.744394][T13393] bridge0: port 1(bridge_slave_0) entered disabled state
[  667.141013][T13446] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2063'.
[  667.413519][T13456] Bluetooth: (null): Out-of-order packet arrived (4 != 0)
[  667.583473][T13453] 
[  667.585862][T13453] =====================================================
[  667.592806][T13453] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  667.600286][T13453] 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 Not tainted
[  667.607073][T13453] -----------------------------------------------------
[  667.614027][T13453] syz.6.2064/13453 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  667.621759][T13453] ffffffff8de0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420
[  667.630482][T13453] 
[  667.630482][T13453] and this task is already holding:
[  667.637844][T13453] ffff888029e31a20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[  667.646560][T13453] which would create a new lock dependency:
[  667.652447][T13453]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  667.660043][T13453] 
[  667.660043][T13453] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  667.669498][T13453]  (&dev->event_lock#2){..-.}-{3:3}
[  667.669536][T13453] 
[  667.669536][T13453] ... which became SOFTIRQ-irq-safe at:
[  667.682528][T13453]   lock_acquire+0x120/0x360
[  667.687145][T13453]   _raw_spin_lock_irqsave+0xa7/0xf0
[  667.692452][T13453]   input_inject_event+0xab/0x320
[  667.697491][T13453]   led_trigger_event+0x138/0x210
[  667.702525][T13453]   kbd_bh+0x1c6/0x2e0
[  667.706599][T13453]   tasklet_action_common+0x36c/0x580
[  667.712021][T13453]   handle_softirqs+0x283/0x870
[  667.716887][T13453]   run_ksoftirqd+0x9b/0x100
[  667.721488][T13453]   smpboot_thread_fn+0x542/0xa60
[  667.726528][T13453]   kthread+0x711/0x8a0
[  667.730697][T13453]   ret_from_fork+0x3fc/0x770
[  667.735378][T13453]   ret_from_fork_asm+0x1a/0x30
[  667.740232][T13453] 
[  667.740232][T13453] to a SOFTIRQ-irq-unsafe lock:
[  667.747264][T13453]  (tasklist_lock){.+.+}-{3:3}
[  667.747295][T13453] 
[  667.747295][T13453] ... which became SOFTIRQ-irq-unsafe at:
[  667.759949][T13453] ...
[  667.759961][T13453]   lock_acquire+0x120/0x360
[  667.767141][T13453]   _raw_read_lock+0x36/0x50
[  667.771749][T13453]   __do_wait+0xde/0x740
[  667.776010][T13453]   do_wait+0x1f8/0x520
[  667.780166][T13453]   kernel_wait+0xab/0x170
[  667.784582][T13453]   call_usermodehelper_exec_work+0xbe/0x230
[  667.790563][T13453]   process_scheduled_works+0xade/0x17b0
[  667.796196][T13453]   worker_thread+0x8a0/0xda0
[  667.800877][T13453]   kthread+0x711/0x8a0
[  667.805037][T13453]   ret_from_fork+0x3fc/0x770
[  667.809731][T13453]   ret_from_fork_asm+0x1a/0x30
[  667.814608][T13453] 
[  667.814608][T13453] other info that might help us debug this:
[  667.814608][T13453] 
[  667.824855][T13453] Chain exists of:
[  667.824855][T13453]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[  667.824855][T13453] 
[  667.837929][T13453]  Possible interrupt unsafe locking scenario:
[  667.837929][T13453] 
[  667.846258][T13453]        CPU0                    CPU1
[  667.851627][T13453]        ----                    ----
[  667.856991][T13453]   lock(tasklist_lock);
[  667.861273][T13453]                                local_irq_disable();
[  667.868033][T13453]                                lock(&dev->event_lock#2);
[  667.875255][T13453]                                lock(&f_owner->lock);
[  667.882148][T13453]   <Interrupt>
[  667.885598][T13453]     lock(&dev->event_lock#2);
[  667.890459][T13453] 
[  667.890459][T13453]  *** DEADLOCK ***
[  667.890459][T13453] 
[  667.898600][T13453] 2 locks held by syz.6.2064/13453:
[  667.903795][T13453]  #0: ffff88807bc048c0 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x17d/0x8a0
[  667.912353][T13453]  #1: ffff888029e31a20 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[  667.921519][T13453] 
[  667.921519][T13453] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  667.932040][T13453]    -> (&dev->event_lock#2){..-.}-{3:3} {
[  667.937885][T13453]       IN-SOFTIRQ-W at:
[  667.942130][T13453]                           lock_acquire+0x120/0x360
[  667.948812][T13453]                           _raw_spin_lock_irqsave+0xa7/0xf0
[  667.956193][T13453]                           input_inject_event+0xab/0x320
[  667.963305][T13453]                           led_trigger_event+0x138/0x210
[  667.970416][T13453]                           kbd_bh+0x1c6/0x2e0
[  667.976572][T13453]                           tasklet_action_common+0x36c/0x580
[  667.984038][T13453]                           handle_softirqs+0x283/0x870
[  667.991003][T13453]                           run_ksoftirqd+0x9b/0x100
[  667.997771][T13453]                           smpboot_thread_fn+0x542/0xa60
[  668.004885][T13453]                           kthread+0x711/0x8a0
[  668.011136][T13453]                           ret_from_fork+0x3fc/0x770
[  668.017909][T13453]                           ret_from_fork_asm+0x1a/0x30
[  668.024850][T13453]       INITIAL USE at:
[  668.029009][T13453]                          lock_acquire+0x120/0x360
[  668.035596][T13453]                          _raw_spin_lock_irqsave+0xa7/0xf0
[  668.042889][T13453]                          input_inject_event+0xab/0x320
[  668.049921][T13453]                          kbd_led_trigger_activate+0xbc/0x100
[  668.057470][T13453]                          led_trigger_set+0x52d/0x950
[  668.064329][T13453]                          led_trigger_set_default+0x215/0x250
[  668.071886][T13453]                          led_classdev_register_ext+0x73d/0x930
[  668.079620][T13453]                          input_leds_connect+0x517/0x790
[  668.086733][T13453]                          input_register_device+0xcee/0x10b0
[  668.094195][T13453]                          atkbd_connect+0x70e/0x9c0
[  668.100882][T13453]                          serio_driver_probe+0x82/0xa0
[  668.107829][T13453]                          really_probe+0x26a/0x9a0
[  668.114416][T13453]                          __driver_probe_device+0x18c/0x2f0
[  668.121901][T13453]                          driver_probe_device+0x4f/0x430
[  668.129034][T13453]                          __driver_attach+0x452/0x700
[  668.135893][T13453]                          bus_for_each_dev+0x230/0x2b0
[  668.142839][T13453]                          serio_handle_event+0x1a2/0x860
[  668.149961][T13453]                          process_scheduled_works+0xade/0x17b0
[  668.157598][T13453]                          worker_thread+0x8a0/0xda0
[  668.164275][T13453]                          kthread+0x711/0x8a0
[  668.170440][T13453]                          ret_from_fork+0x3fc/0x770
[  668.177122][T13453]                          ret_from_fork_asm+0x1a/0x30
[  668.184000][T13453]     }
[  668.186759][T13453]     ... key      at: [<ffffffff99dbd580>] input_allocate_device.__key.5+0x0/0x20
[  668.196046][T13453]   -> (&client->buffer_lock){....}-{3:3} {
[  668.201966][T13453]      INITIAL USE at:
[  668.206035][T13453]                        lock_acquire+0x120/0x360
[  668.212462][T13453]                        _raw_spin_lock+0x2e/0x40
[  668.218887][T13453]                        evdev_pass_values+0xb9/0xbd0
[  668.225666][T13453]                        evdev_events+0x1e6/0x340
[  668.232086][T13453]                        input_pass_values+0x288/0x890
[  668.238948][T13453]                        input_event_dispose+0x330/0x6b0
[  668.245981][T13453]                        input_inject_event+0x1fe/0x320
[  668.252922][T13453]                        evdev_write+0x2fc/0x480
[  668.259256][T13453]                        vfs_write+0x27e/0xa90
[  668.265416][T13453]                        ksys_write+0x145/0x250
[  668.271667][T13453]                        do_syscall_64+0xfa/0x3b0
[  668.278088][T13453]                        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.285915][T13453]    }
[  668.288585][T13453]    ... key      at: [<ffffffff99dbd820>] evdev_open.__key.25+0x0/0x20
[  668.296920][T13453]    ... acquired at:
[  668.300905][T13453]    lock_acquire+0x120/0x360
[  668.305628][T13453]    _raw_spin_lock+0x2e/0x40
[  668.310314][T13453]    evdev_pass_values+0xb9/0xbd0
[  668.315348][T13453]    evdev_events+0x1e6/0x340
[  668.320055][T13453]    input_pass_values+0x288/0x890
[  668.325175][T13453]    input_event_dispose+0x330/0x6b0
[  668.330465][T13453]    input_inject_event+0x1fe/0x320
[  668.335665][T13453]    evdev_write+0x2fc/0x480
[  668.340262][T13453]    vfs_write+0x27e/0xa90
[  668.344687][T13453]    ksys_write+0x145/0x250
[  668.349195][T13453]    do_syscall_64+0xfa/0x3b0
[  668.353872][T13453]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.359946][T13453] 
[  668.362271][T13453]  -> (&new->fa_lock){....}-{3:3} {
[  668.367493][T13453]     INITIAL USE at:
[  668.371477][T13453]                      lock_acquire+0x120/0x360
[  668.377727][T13453]                      _raw_write_lock_irq+0xa2/0xf0
[  668.384425][T13453]                      fasync_remove_entry+0xf1/0x1c0
[  668.391205][T13453]                      lease_modify+0x1ca/0x3c0
[  668.397626][T13453]                      locks_remove_file+0x4bf/0xea0
[  668.404310][T13453]                      __fput+0x3ab/0xa70
[  668.410034][T13453]                      task_work_run+0x1d4/0x260
[  668.416373][T13453]                      exit_to_user_mode_loop+0xec/0x110
[  668.423402][T13453]                      do_syscall_64+0x2bd/0x3b0
[  668.429731][T13453]                      entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.437400][T13453]     INITIAL READ USE at:
[  668.441848][T13453]                           lock_acquire+0x120/0x360
[  668.448530][T13453]                           _raw_read_lock_irqsave+0xaf/0x100
[  668.456041][T13453]                           kill_fasync+0x199/0x4d0
[  668.462636][T13453]                           lease_break_callback+0x26/0x30
[  668.469844][T13453]                           __break_lease+0x6a2/0x1620
[  668.476703][T13453]                           do_dentry_open+0xd62/0x1970
[  668.483730][T13453]                           vfs_open+0x3b/0x340
[  668.489991][T13453]                           path_openat+0x2ee5/0x3830
[  668.496773][T13453]                           do_filp_open+0x1fa/0x410
[  668.503461][T13453]                           do_sys_openat2+0x121/0x1c0
[  668.510322][T13453]                           __x64_sys_open+0x11e/0x150
[  668.517207][T13453]                           do_syscall_64+0xfa/0x3b0
[  668.523896][T13453]                           entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.531988][T13453]   }
[  668.534579][T13453]   ... key      at: [<ffffffff99aae9a0>] fasync_insert_entry.__key+0x0/0x20
[  668.543358][T13453]   ... acquired at:
[  668.547296][T13453]    lock_acquire+0x120/0x360
[  668.551986][T13453]    _raw_read_lock_irqsave+0xaf/0x100
[  668.557489][T13453]    kill_fasync+0x199/0x4d0
[  668.562086][T13453]    evdev_pass_values+0x627/0xbd0
[  668.567209][T13453]    evdev_events+0x1e6/0x340
[  668.571978][T13453]    input_pass_values+0x288/0x890
[  668.577123][T13453]    input_event_dispose+0x330/0x6b0
[  668.582419][T13453]    input_inject_event+0x1fe/0x320
[  668.587621][T13453]    evdev_write+0x2fc/0x480
[  668.592221][T13453]    vfs_write+0x27e/0xa90
[  668.596646][T13453]    ksys_write+0x145/0x250
[  668.601158][T13453]    do_syscall_64+0xfa/0x3b0
[  668.605844][T13453]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.611914][T13453] 
[  668.614253][T13453] -> (&f_owner->lock){....}-{3:3} {
[  668.619477][T13453]    INITIAL USE at:
[  668.623462][T13453]                    lock_acquire+0x120/0x360
[  668.629534][T13453]                    _raw_write_lock_irq+0xa2/0xf0
[  668.636043][T13453]                    __f_setown+0x67/0x370
[  668.641861][T13453]                    generic_setlease+0xd60/0x1240
[  668.648369][T13453]                    fcntl_setlease+0x3a2/0x4c0
[  668.654617][T13453]                    do_fcntl+0x6a9/0x1910
[  668.660426][T13453]                    __se_sys_fcntl+0xc8/0x150
[  668.666579][T13453]                    do_syscall_64+0xfa/0x3b0
[  668.672654][T13453]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.680120][T13453]    INITIAL READ USE at:
[  668.684452][T13453]                         lock_acquire+0x120/0x360
[  668.690958][T13453]                         _raw_read_lock_irqsave+0xaf/0x100
[  668.698255][T13453]                         send_sigio+0x38/0x370
[  668.704516][T13453]                         kill_fasync+0x24d/0x4d0
[  668.710948][T13453]                         lease_break_callback+0x26/0x30
[  668.717993][T13453]                         __break_lease+0x6a2/0x1620
[  668.724681][T13453]                         do_dentry_open+0xd62/0x1970
[  668.731447][T13453]                         vfs_open+0x3b/0x340
[  668.737518][T13453]                         path_openat+0x2ee5/0x3830
[  668.744117][T13453]                         do_filp_open+0x1fa/0x410
[  668.750625][T13453]                         do_sys_openat2+0x121/0x1c0
[  668.757301][T13453]                         __x64_sys_open+0x11e/0x150
[  668.763981][T13453]                         do_syscall_64+0xfa/0x3b0
[  668.770490][T13453]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.778387][T13453]  }
[  668.780891][T13453]  ... key      at: [<ffffffff99aae980>] file_f_owner_allocate.__key+0x0/0x20
[  668.789757][T13453]  ... acquired at:
[  668.793564][T13453]    lock_acquire+0x120/0x360
[  668.798245][T13453]    _raw_read_lock_irqsave+0xaf/0x100
[  668.803714][T13453]    send_sigio+0x38/0x370
[  668.808137][T13453]    kill_fasync+0x24d/0x4d0
[  668.812733][T13453]    lease_break_callback+0x26/0x30
[  668.817940][T13453]    __break_lease+0x6a2/0x1620
[  668.822798][T13453]    do_dentry_open+0xd62/0x1970
[  668.827829][T13453]    vfs_open+0x3b/0x340
[  668.832110][T13453]    path_openat+0x2ee5/0x3830
[  668.836881][T13453]    do_filp_open+0x1fa/0x410
[  668.841565][T13453]    do_sys_openat2+0x121/0x1c0
[  668.846417][T13453]    __x64_sys_open+0x11e/0x150
[  668.851269][T13453]    do_syscall_64+0xfa/0x3b0
[  668.855952][T13453]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.862018][T13453] 
[  668.864344][T13453] 
[  668.864344][T13453] the dependencies between the lock to be acquired
[  668.864354][T13453]  and SOFTIRQ-irq-unsafe lock:
[  668.877871][T13453] -> (tasklist_lock){.+.+}-{3:3} {
[  668.883021][T13453]    HARDIRQ-ON-R at:
[  668.887017][T13453]                     lock_acquire+0x120/0x360
[  668.893179][T13453]                     _raw_read_lock+0x36/0x50
[  668.899347][T13453]                     __do_wait+0xde/0x740
[  668.905166][T13453]                     do_wait+0x1f8/0x520
[  668.910884][T13453]                     kernel_wait+0xab/0x170
[  668.916865][T13453]                     call_usermodehelper_exec_work+0xbe/0x230
[  668.924414][T13453]                     process_scheduled_works+0xade/0x17b0
[  668.931619][T13453]                     worker_thread+0x8a0/0xda0
[  668.937873][T13453]                     kthread+0x711/0x8a0
[  668.943601][T13453]                     ret_from_fork+0x3fc/0x770
[  668.949848][T13453]                     ret_from_fork_asm+0x1a/0x30
[  668.956354][T13453]    SOFTIRQ-ON-R at:
[  668.960340][T13453]                     lock_acquire+0x120/0x360
[  668.966494][T13453]                     _raw_read_lock+0x36/0x50
[  668.972659][T13453]                     __do_wait+0xde/0x740
[  668.978481][T13453]                     do_wait+0x1f8/0x520
[  668.984241][T13453]                     kernel_wait+0xab/0x170
[  668.990224][T13453]                     call_usermodehelper_exec_work+0xbe/0x230
[  668.997776][T13453]                     process_scheduled_works+0xade/0x17b0
[  669.004979][T13453]                     worker_thread+0x8a0/0xda0
[  669.011224][T13453]                     kthread+0x711/0x8a0
[  669.016953][T13453]                     ret_from_fork+0x3fc/0x770
[  669.023195][T13453]                     ret_from_fork_asm+0x1a/0x30
[  669.029611][T13453]    INITIAL USE at:
[  669.033595][T13453]                    lock_acquire+0x120/0x360
[  669.039662][T13453]                    _raw_write_lock_irq+0xa2/0xf0
[  669.046170][T13453]                    copy_process+0x224f/0x3c00
[  669.052415][T13453]                    kernel_clone+0x224/0x7f0
[  669.058495][T13453]                    user_mode_thread+0xdd/0x140
[  669.064828][T13453]                    rest_init+0x23/0x300
[  669.070551][T13453]                    start_kernel+0x478/0x500
[  669.076645][T13453]                    x86_64_start_reservations+0x24/0x30
[  669.083672][T13453]                    x86_64_start_kernel+0x143/0x1c0
[  669.090352][T13453]                    common_startup_64+0x13e/0x147
[  669.096891][T13453]    INITIAL READ USE at:
[  669.101222][T13453]                         lock_acquire+0x120/0x360
[  669.107732][T13453]                         _raw_read_lock+0x36/0x50
[  669.114254][T13453]                         __do_wait+0xde/0x740
[  669.120423][T13453]                         do_wait+0x1f8/0x520
[  669.126577][T13453]                         kernel_wait+0xab/0x170
[  669.132904][T13453]                         call_usermodehelper_exec_work+0xbe/0x230
[  669.140799][T13453]                         process_scheduled_works+0xade/0x17b0
[  669.148349][T13453]                         worker_thread+0x8a0/0xda0
[  669.154944][T13453]                         kthread+0x711/0x8a0
[  669.161017][T13453]                         ret_from_fork+0x3fc/0x770
[  669.167613][T13453]                         ret_from_fork_asm+0x1a/0x30
[  669.174379][T13453]  }
[  669.176873][T13453]  ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[  669.184594][T13453]  ... acquired at:
[  669.188393][T13453]    lock_acquire+0x120/0x360
[  669.193078][T13453]    _raw_read_lock+0x36/0x50
[  669.197768][T13453]    send_sigurg+0x12b/0x420
[  669.202371][T13453]    sk_send_sigurg+0x6c/0x2e0
[  669.207135][T13453]    queue_oob+0x699/0x8a0
[  669.211561][T13453]    unix_stream_sendmsg+0xaf9/0xc90
[  669.216861][T13453]    __sock_sendmsg+0x219/0x270
[  669.221713][T13453]    ____sys_sendmsg+0x505/0x830
[  669.226656][T13453]    ___sys_sendmsg+0x21f/0x2a0
[  669.231534][T13453]    __x64_sys_sendmsg+0x19b/0x260
[  669.236744][T13453]    do_syscall_64+0xfa/0x3b0
[  669.241422][T13453]    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.247491][T13453] 
[  669.249812][T13453] 
[  669.249812][T13453] stack backtrace:
[  669.255795][T13453] CPU: 1 UID: 0 PID: 13453 Comm: syz.6.2064 Not tainted 6.15.0-syzkaller-09161-g0f70f5b08a47 #0 PREEMPT(full) 
[  669.255819][T13453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  669.255831][T13453] Call Trace:
[  669.255840][T13453]  <TASK>
[  669.255849][T13453]  dump_stack_lvl+0x189/0x250
[  669.255877][T13453]  ? __pfx_dump_stack_lvl+0x10/0x10
[  669.255900][T13453]  ? __pfx__printk+0x10/0x10
[  669.255920][T13453]  validate_chain+0x1f05/0x2140
[  669.255951][T13453]  __lock_acquire+0xab9/0xd20
[  669.255970][T13453]  ? send_sigurg+0x12b/0x420
[  669.255988][T13453]  lock_acquire+0x120/0x360
[  669.256003][T13453]  ? send_sigurg+0x12b/0x420
[  669.256022][T13453]  ? _raw_read_lock_irqsave+0xbb/0x100
[  669.256058][T13453]  _raw_read_lock+0x36/0x50
[  669.256081][T13453]  ? send_sigurg+0x12b/0x420
[  669.256098][T13453]  send_sigurg+0x12b/0x420
[  669.256118][T13453]  sk_send_sigurg+0x6c/0x2e0
[  669.256135][T13453]  queue_oob+0x699/0x8a0
[  669.256161][T13453]  ? __pfx_queue_oob+0x10/0x10
[  669.256183][T13453]  ? smack_socket_getpeersec_dgram+0x320/0x430
[  669.256208][T13453]  unix_stream_sendmsg+0xaf9/0xc90
[  669.256229][T13453]  ? sched_clock+0x3f/0x60
[  669.256252][T13453]  ? psi_task_change+0xe5/0x250
[  669.256275][T13453]  ? preempt_schedule_common+0x83/0xd0
[  669.256300][T13453]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  669.256327][T13453]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  669.256342][T13453]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  669.256363][T13453]  __sock_sendmsg+0x219/0x270
[  669.256380][T13453]  ____sys_sendmsg+0x505/0x830
[  669.256406][T13453]  ? __pfx_____sys_sendmsg+0x10/0x10
[  669.256432][T13453]  ? import_iovec+0x74/0xa0
[  669.256457][T13453]  ___sys_sendmsg+0x21f/0x2a0
[  669.256480][T13453]  ? __pfx____sys_sendmsg+0x10/0x10
[  669.256516][T13453]  ? __fget_files+0x2a/0x420
[  669.256530][T13453]  ? __fget_files+0x3a0/0x420
[  669.256549][T13453]  __x64_sys_sendmsg+0x19b/0x260
[  669.256572][T13453]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  669.256599][T13453]  ? rcu_is_watching+0x15/0xb0
[  669.256620][T13453]  ? do_syscall_64+0xbe/0x3b0
[  669.256637][T13453]  do_syscall_64+0xfa/0x3b0
[  669.256653][T13453]  ? lockdep_hardirqs_on+0x9c/0x150
[  669.256668][T13453]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.256683][T13453]  ? clear_bhb_loop+0x60/0xb0
[  669.256701][T13453]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  669.256717][T13453] RIP: 0033:0x7ffa0718e969
[  669.256733][T13453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  669.256747][T13453] RSP: 002b:00007ffa0809a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  669.256765][T13453] RAX: ffffffffffffffda RBX: 00007ffa073b5fa0 RCX: 00007ffa0718e969
[  669.256778][T13453] RDX: 00000000240408c1 RSI: 0000200000000080 RDI: 0000000000000004
[  669.256788][T13453] RBP: 00007ffa07210ab1 R08: 0000000000000000 R09: 0000000000000000
[  669.256798][T13453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  669.256809][T13453] R13: 0000000000000000 R14: 00007ffa073b5fa0 R15: 00007ffe34fed228
[  669.256827][T13453]  </TASK>
[  669.595805][ T5827] Bluetooth: hci2: command tx timeout
[  670.061283][T13412] chnl_net:caif_netlink_parms(): no params data found
[  670.669102][T13412] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.677320][T13412] bridge0: port 1(bridge_slave_0) entered disabled state
[  670.776406][T13412] bridge_slave_0: entered allmulticast mode
[  670.797106][T13412] bridge_slave_0: entered promiscuous mode
[  670.830815][T13412] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.859177][T13412] bridge0: port 2(bridge_slave_1) entered disabled state
[  670.867985][T13412] bridge_slave_1: entered allmulticast mode
[  670.875161][T13412] bridge_slave_1: entered promiscuous mode
[  670.950423][T13412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  670.966798][T13412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  671.011311][T13412] team0: Port device team_slave_0 added
[  671.020901][T13412] team0: Port device team_slave_1 added
[  671.050022][T13412] batman_adv: batadv0: Adding interface: batadv_slave_0
[  671.057081][T13412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.085203][T13412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  671.101512][T13412] batman_adv: batadv0: Adding interface: batadv_slave_1
[  671.110118][T13412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  671.138786][T13412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  671.181366][T13412] hsr_slave_0: entered promiscuous mode
[  671.189587][T13412] hsr_slave_1: entered promiscuous mode
[  671.195781][T13412] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  671.204166][T13412] Cannot create hsr debugfs directory
[  671.377119][T13412] 8021q: adding VLAN 0 to HW filter on device bond0
[  671.401637][T13412] 8021q: adding VLAN 0 to HW filter on device team0
[  671.414663][ T6239] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.421841][ T6239] bridge0: port 1(bridge_slave_0) entered forwarding state
[  671.457094][ T6239] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.464279][ T6239] bridge0: port 2(bridge_slave_1) entered forwarding state
[  671.486456][T13412] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  671.671432][T10889] Bluetooth: hci2: command tx timeout
[  671.683175][T13412] 8021q: adding VLAN 0 to HW filter on device batadv0
[  671.940627][T13412] veth0_vlan: entered promiscuous mode
[  671.959423][T13412] veth1_vlan: entered promiscuous mode
[  671.987898][T13412] veth0_macvtap: entered promiscuous mode
[  671.997175][T13412] veth1_macvtap: entered promiscuous mode
[  672.020065][T13412] batman_adv: batadv0: Interface activated: batadv_slave_0
[  672.040397][T13412] batman_adv: batadv0: Interface activated: batadv_slave_1
[  672.079423][T13412] ieee80211 phy39: Selected rate control algorithm 'minstrel_ht'
[  672.105968][ T6208] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.117931][T13412] ieee80211 phy40: Selected rate control algorithm 'minstrel_ht'
[  672.131656][ T6208] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  672.160591][T11364] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  672.170782][T11364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  672.291277][ T6208] bridge_slave_1: left allmulticast mode
[  672.297001][ T6208] bridge_slave_1: left promiscuous mode
[  672.310228][ T6208] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.332952][ T6208] bridge_slave_0: left allmulticast mode
[  672.342437][ T6208] bridge_slave_0: left promiscuous mode
[  672.349630][ T6208] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.568117][ T6208] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  672.596500][ T6208] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  672.610455][ T6208] bond0 (unregistering): Released all slaves
[  672.909165][ T6208] hsr_slave_0: left promiscuous mode
[  672.915114][ T6208] hsr_slave_1: left promiscuous mode
[  672.929570][ T6208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  672.937028][ T6208] batman_adv: batadv0: Removing interface: batadv_slave_0
[  672.969581][ T6208] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  672.977049][ T6208] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.018952][ T6208] veth1_macvtap: left promiscuous mode
[  673.024525][ T6208] veth0_macvtap: left promiscuous mode
[  673.039032][ T6208] veth1_vlan: left promiscuous mode
[  673.044388][ T6208] veth0_vlan: left promiscuous mode
[  673.231758][ T6208] team0 (unregistering): Port device team_slave_1 removed
[  673.260679][ T6208] team0 (unregistering): Port device team_slave_0 removed