last executing test programs:

8m8.537300542s ago: executing program 4 (id=602):
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r3=>0x0})
r4 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'team_slave_1\x00', <r5=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x5c, r2, 0x1, 0x70bd28, 0x25dfdbff, {}, [{{0x8, 0x1, r3}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400}, 0x4040014)

8m7.409282693s ago: executing program 4 (id=605):
openat$dsp(0xffffffffffffff9c, 0x0, 0x42f82, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000200)={0xb, 0x100008b}, 0x0)
socket$inet(0x10, 0x3, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f00000001c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x2, 0x0, 0x5, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)
shutdown(r2, 0x1)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0)

7m59.981415052s ago: executing program 4 (id=627):
pwritev(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000100)="60d4fb54", 0x4}], 0x1, 0xf07, 0x10000)

7m59.916212726s ago: executing program 4 (id=629):
socket$inet6(0xa, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
memfd_create(&(0x7f0000019080)='@@\x00', 0x1)
r2 = dup(r1)
syz_usb_connect$hid(0x4, 0xffffffffffffff33, 0x0, 0x0)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
shutdown(0xffffffffffffffff, 0x0)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, &(0x7f0000001b00))
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r4, 0x5000943f, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/bus/input/devices\x00', 0x0, 0x0)
r6 = syz_io_uring_setup(0x7585, &(0x7f0000000140)={0x0, 0xafed, 0x2, 0x2, 0x261, 0x0, r5}, 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x5, 0x0, 0x200000000000}, 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
io_uring_enter(r6, 0x47f6, 0x0, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)

7m56.824383171s ago: executing program 4 (id=637):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x2c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xfff1}, {0xffff, 0xffff}, {0x2, 0x1}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40058}, 0x4000080)

7m54.363448324s ago: executing program 4 (id=646):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d80402f000000000000109022d00010000001009040000010300000009211000fd0122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000100)=0x875, 0x4)
r4 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(0x0, 0x2000000000000005, 0x2)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
sendto$ax25(r6, 0x0, 0x0, 0x2000c054, 0x0, 0x0)

7m38.050338657s ago: executing program 32 (id=646):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010d80402f000000000000109022d00010000001009040000010300000009211000fd0122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0x0}, 0x0)
socket(0x10, 0x3, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x48, &(0x7f0000000100)=0x875, 0x4)
r4 = socket$packet(0x11, 0x2, 0x300)
syz_open_dev$vim2m(0x0, 0x2000000000000005, 0x2)
r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r5, 0x541b, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb)
sendto$ax25(r6, 0x0, 0x0, 0x2000c054, 0x0, 0x0)

5m6.755967302s ago: executing program 1 (id=1050):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x41009432, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x100, 0xffffffffffffffff, 0x2})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r0, 0x0, 0x9}, 0x18)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
sendmsg$kcm(r2, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000280)=0x14)
socket$kcm(0x10, 0x2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
pipe2$9p(0x0, 0x80000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)

5m5.080526324s ago: executing program 1 (id=1052):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r4=>0x0], &(0x7f0000000180)=[<r5=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000440)={&(0x7f0000000240)=[r4, r5], 0x2})

5m3.286085674s ago: executing program 1 (id=1058):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$xdp(0x2c, 0x3, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x380, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)

5m1.670816876s ago: executing program 1 (id=1061):
recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000100, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002, 0x2000}, 0x1c)
sendto$inet6(r1, 0x0, 0x91, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x3, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090000006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x406f413, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92)
mknodat(r2, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
mkdir(0x0, 0x40)
open(0x0, 0x1000, 0x4)
getpid()
umount2(0x0, 0x2)

4m59.842216121s ago: executing program 1 (id=1065):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r1, &(0x7f0000000340)='A\x00\x00\x00', 0x4)
ioctl$sock_bt_hci(r0, 0x400448ca, 0x0)

4m58.701330264s ago: executing program 1 (id=1069):
openat$vcsu(0xffffff9c, &(0x7f0000000180), 0x88080, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a"], 0x57)
socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8500, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x810, 0xffffffffffffffff, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_open_dev$hidraw(0x0, 0x8001, 0x591483)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad00020000", 0x2b}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, 0x0, 0x0)
r4 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)

4m44.623747511s ago: executing program 3 (id=1090):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = gettid()
setresuid(0x0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x1, 0x7fff0000}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000200))
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r2, 0x0, 0x0)

4m43.417083621s ago: executing program 33 (id=1069):
openat$vcsu(0xffffff9c, &(0x7f0000000180), 0x88080, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x1ff)
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a"], 0x57)
socket$nl_route(0x10, 0x3, 0x0)
fsopen(0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x8500, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x810, 0xffffffffffffffff, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680))
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
syz_open_dev$hidraw(0x0, 0x8001, 0x591483)
writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000400)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad00020000", 0x2b}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x28, 0x0, 0x0)
r4 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000080)="bc5d", 0x2, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r4, r5, r4}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)

4m42.276683069s ago: executing program 3 (id=1095):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0)

4m41.847464402s ago: executing program 3 (id=1099):
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rseq(&(0x7f0000000300), 0x20, 0x0, 0x0)
shmget(0x1, 0x2000, 0x200, &(0x7f0000ffc000/0x2000)=nil)
getgid()
setrlimit(0x9, 0x0)
socket$kcm(0x10, 0x2, 0x0)
statx(0xffffffffffffff9c, 0x0, 0x400, 0x1, 0x0)

4m39.458057727s ago: executing program 3 (id=1101):
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280), 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xa8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2721, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r4=>0x0, <r5=>0x0}, 0x3800)
chown(&(0x7f0000000040)='./file1\x00', r4, r5)
statx(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x800, 0x48, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000640)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, <r7=>0xffffffffffffffff}}, './file0\x00'})
getresgid(&(0x7f0000000680), &(0x7f00000006c0), 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000740)={{}, {0x1, 0x7}, [{0x2, 0x4}, {0x2, 0x2, 0xee00}, {0x2, 0x2}], {0x4, 0x4}, [{0x8, 0x3}, {0x8, 0x0, 0xee01}, {0x8, 0x7, r6}, {}, {0x8, 0x1, r7}, {0x8, 0x5}], {0x10, 0x1}, {0x20, 0x4}}, 0x6c, 0x3)
getitimer(0x0, &(0x7f0000000080))

4m37.153045245s ago: executing program 3 (id=1103):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r1, 0x114, 0x2710, &(0x7f0000019440)=""/102400, &(0x7f00000000c0)=0x19000)

4m36.647364156s ago: executing program 3 (id=1104):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0xffffffffffff32ab}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

4m20.923317154s ago: executing program 34 (id=1104):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0xffffffffffff32ab}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084)

10.229082552s ago: executing program 0 (id=1568):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)={'crc32c\x00'}})

7.580936058s ago: executing program 0 (id=1572):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r1, 0x407, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}}, 0x50)
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r1, 0x407, 0x2000000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

7.580368623s ago: executing program 2 (id=1573):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x108, 0x8, 0x181}, 0x50)

7.473420668s ago: executing program 2 (id=1574):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syslog(0x1, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
bind$l2tp6(0xffffffffffffffff, 0x0, 0x0)
connect$l2tp6(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15)

6.152061177s ago: executing program 0 (id=1576):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x8, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000700)=""/166}, 0x20)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmmsg$inet(r3, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0)

5.365328789s ago: executing program 5 (id=1579):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)}], 0x1)

5.273561538s ago: executing program 5 (id=1580):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r0, r0, r0}, 0x0, 0x0, 0x0)

5.022677611s ago: executing program 2 (id=1581):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
ioctl$I2C_TIMEOUT(r0, 0x702, 0x2000000f8)

4.849374154s ago: executing program 2 (id=1582):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x8916, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_mreq(r5, 0x29, 0x1b, &(0x7f0000000040)={@private2}, 0x14)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
prctl$PR_SET_IO_FLUSHER(0x39, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0xc0606610, &(0x7f0000000040)=0x60)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), r6)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x30, r7, 0x1, 0x2, 0x100000, {{}, {}, {0x14, 0x19, {0x2, 0x1, 0x7, 0x8}}}}, 0x30}}, 0x9004)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x100, 0x4, 0x28}, 0x50)

3.560067826s ago: executing program 2 (id=1583):
socket$inet6(0xa, 0x2, 0x0)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
memfd_create(&(0x7f0000019080)='@@\x00', 0x1)
r0 = dup(0xffffffffffffffff)
syz_usb_connect$hid(0x4, 0xffffffffffffff33, 0x0, 0x0)
futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
shutdown(0xffffffffffffffff, 0x0)
write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137)
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x80044940, &(0x7f0000001b00))
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r2, 0x5000943f, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_readahead}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/bus/input/devices\x00', 0x0, 0x0)
r4 = syz_io_uring_setup(0x7585, &(0x7f0000000140)={0x0, 0xafed, 0x2, 0x2, 0x261, 0x0, r3}, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x5, 0x0, 0x200000000000}, 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)

3.37611813s ago: executing program 5 (id=1584):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="37122800000000006113200000000000bf1000000000000025000200091bb0ff3d030000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)

3.025383777s ago: executing program 5 (id=1585):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r1, 0x407, 0x0)
write$FUSE_INIT(r1, &(0x7f0000000340)={0x50, 0xfffffffffffffff5, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8}}, 0x50)
vmsplice(r1, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r1, 0x407, 0x2000000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.39685931s ago: executing program 5 (id=1586):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000480), 0x1000000, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
open(&(0x7f0000000440)='./file1\x00', 0x0, 0x73)
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff, 0x100)

1.980545872s ago: executing program 5 (id=1587):
syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_tcp(0xa, 0x1, 0x0)
getitimer(0x0, &(0x7f0000000080))

1.828386201s ago: executing program 0 (id=1588):
r0 = socket$netlink(0x10, 0x3, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b45602067fffffff81004e22030d00ff0028925aa8002000eaa57b000900", 0x2c}], 0x1)

1.59288076s ago: executing program 0 (id=1589):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000100"/28], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000840)={&(0x7f00000009c0)=@bridge_getlink={0x28, 0x12, 0x101, 0x20000000, 0x0, {0x7, 0x0, 0x0, 0x0, 0x4140}, [@IFLA_EXT_MASK={0x8, 0x1d, 0xff}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000280)={'wpan0\x00', <r6=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)={0x3c, r5, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x3}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='erofs\x00', 0x200000, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SCAN(r7, 0x0, 0x44000)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
mmap$binder(&(0x7f00008d6000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x5)
sendmsg$NL80211_CMD_TDLS_OPER(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c44a4fad", @ANYRES16, @ANYBLOB="08002cbd7000ffdbdf25510000000a000600ffffffffffff00000a000600ffffffffffff0000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000840}, 0x91)

261.430212ms ago: executing program 2 (id=1590):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000000c0)="6880a642beaf34317f0dd3122a90ad0d2b", 0x11}], 0x1}, 0x0)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r3, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600)

0s ago: executing program 0 (id=1591):
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x936, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x47b6, 0x800000, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

butes in process `syz.3.47'.
[  126.224745][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  126.377677][   T10] usb 3-1: unable to get BOS descriptor or descriptor too short
[  126.379514][   T10] usb 3-1: config 204 has an invalid interface number: 223 but max is 0
[  126.379532][   T10] usb 3-1: config 204 has an invalid descriptor of length 10, skipping remainder of the config
[  126.379545][   T10] usb 3-1: config 204 has no interface number 0
[  126.379563][   T10] usb 3-1: config 204 interface 223 has no altsetting 0
[  126.426874][   T10] usb 3-1: New USB device found, idVendor=0b57, idProduct=5942, bcdDevice=38.7a
[  126.426891][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.426901][   T10] usb 3-1: Product: syz
[  126.426907][   T10] usb 3-1: Manufacturer: syz
[  126.426914][   T10] usb 3-1: SerialNumber: syz
[  127.542037][   T10] usbhid 3-1:204.223: couldn't find an input interrupt endpoint
[  127.572354][   T10] usb 3-1: USB disconnect, device number 2
[  128.619180][    C1] vkms_vblank_simulate: vblank timer overrun
[  128.776686][ T6150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.53'.
[  128.948907][ T6158] netlink: 56 bytes leftover after parsing attributes in process `syz.2.57'.
[  129.003693][ T6161] Zero length message leads to an empty skb
[  129.258468][    C1] vkms_vblank_simulate: vblank timer overrun
[  129.948841][    C1] vkms_vblank_simulate: vblank timer overrun
[  130.108549][    C1] vkms_vblank_simulate: vblank timer overrun
[  130.254940][ T6171] sctp: [Deprecated]: syz.1.61 (pid 6171) Use of int in max_burst socket option deprecated.
[  130.254940][ T6171] Use struct sctp_assoc_value instead
[  130.884720][ T6118] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  131.044656][ T6118] usb 3-1: Using ep0 maxpacket: 32
[  131.048162][ T6118] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  131.048186][ T6118] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.068341][ T6118] usb 3-1: config 0 descriptor??
[  131.320432][ T6118] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  131.348792][ T6118] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  131.352706][ T6118] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  131.352827][ T6118] usb 3-1: media controller created
[  131.494468][ T6192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.68'.
[  131.520637][ T6191] netlink: 56 bytes leftover after parsing attributes in process `syz.0.70'.
[  131.609332][ T6118] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  131.819834][ T6118] az6027: usb out operation failed. (-71)
[  131.823575][ T6118] az6027: usb out operation failed. (-71)
[  131.823586][ T6118] stb0899_attach: Driver disabled by Kconfig
[  131.823591][ T6118] az6027: no front-end attached
[  131.823591][ T6118] 
[  131.829931][ T6118] az6027: usb out operation failed. (-71)
[  131.829947][ T6118] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  131.847637][ T6118] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  132.286653][ T6118] dvb-usb: schedule remote query interval to 400 msecs.
[  132.286678][ T6118] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  132.369015][ T6199] process 'syz.0.71' launched './file0' with NULL argv: empty string added
[  133.155296][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  133.155395][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  133.172829][ T6118] usb 3-1: USB disconnect, device number 3
[  133.795869][ T6118] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  134.183980][ T6222] netlink: 56 bytes leftover after parsing attributes in process `syz.2.81'.
[  136.582648][ T6261] netlink: 32 bytes leftover after parsing attributes in process `syz.1.95'.
[  136.901608][ T6264] mmap: syz.4.96 (6264) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  139.813208][ T6298] netlink: 32 bytes leftover after parsing attributes in process `syz.2.107'.
[  141.356868][ T6315] overlayfs: failed to resolve './file0': -2
[  143.869320][ T6338] netlink: 32 bytes leftover after parsing attributes in process `syz.1.121'.
[  145.548864][ T6357] netlink: 32 bytes leftover after parsing attributes in process `syz.2.127'.
[  147.242984][ T6380] netlink: 'syz.0.131': attribute type 21 has an invalid length.
[  147.243004][ T6380] netlink: 'syz.0.131': attribute type 22 has an invalid length.
[  147.243015][ T6380] netlink: 'syz.0.131': attribute type 23 has an invalid length.
[  147.243026][ T6380] netlink: 136 bytes leftover after parsing attributes in process `syz.0.131'.
[  150.066483][ T6429] netlink: 16 bytes leftover after parsing attributes in process `syz.3.154'.
[  162.002872][ T6524] QAT: failed to copy from user cfg_data.
[  162.356228][ T6533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.187'.
[  172.918807][ T1239] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  173.070492][ T1239] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.070516][ T1239] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  173.070567][ T1239] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  173.070587][ T1239] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.124669][ T1239] usb 2-1: config 0 descriptor??
[  173.165817][ T1239] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  173.165872][ T1239] dvb-usb: bulk message failed: -22 (3/0)
[  173.213504][ T1239] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  173.216853][ T1239] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  173.216912][ T1239] usb 2-1: media controller created
[  173.273802][ T1239] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  175.036850][ T1239] dvb-usb: bulk message failed: -22 (6/0)
[  175.036970][ T1239] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  175.159064][ T1239] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6
[  175.181367][ T1239] dvb-usb: schedule remote query interval to 150 msecs.
[  175.181391][ T1239] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  175.214135][ T1239] usb 2-1: USB disconnect, device number 2
[  175.853314][ T1239] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  176.222603][ T6655] warning: `syz.0.227' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  181.360075][ T5973] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  181.539950][ T5973] usb 4-1: Using ep0 maxpacket: 32
[  181.543356][ T5973] usb 4-1: config 0 has an invalid interface number: 59 but max is 0
[  181.543379][ T5973] usb 4-1: config 0 has no interface number 0
[  181.543409][ T5973] usb 4-1: config 0 interface 59 has no altsetting 0
[  181.583462][ T5973] usb 4-1: New USB device found, idVendor=0bda, idProduct=0139, bcdDevice=73.b2
[  181.583489][ T5973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.583506][ T5973] usb 4-1: Product: syz
[  181.583518][ T5973] usb 4-1: Manufacturer: syz
[  181.583531][ T5973] usb 4-1: SerialNumber: syz
[  181.809184][ T5973] usb 4-1: config 0 descriptor??
[  182.813291][ T5973] rtsx_usb 4-1:0.59: probe with driver rtsx_usb failed with error -22
[  182.862998][ T5973] usb 4-1: USB disconnect, device number 2
[  191.171675][ T6757] netlink: 60 bytes leftover after parsing attributes in process `syz.0.264'.
[  191.229056][ T6761] bridge: RTM_NEWNEIGH with invalid state 0x20
[  193.751887][ T6791] fuse: root generation should be zero
[  194.366174][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  194.367404][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  194.535034][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.103426][    C0] vkms_vblank_simulate: vblank timer overrun
[  195.537994][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.087016][    C0] vkms_vblank_simulate: vblank timer overrun
[  196.535165][    C0] vkms_vblank_simulate: vblank timer overrun
[  197.258280][    C0] vkms_vblank_simulate: vblank timer overrun
[  198.535142][    C0] vkms_vblank_simulate: vblank timer overrun
[  204.839020][ T6892] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  205.213586][ T6892] capability: warning: `syz.0.311' uses deprecated v2 capabilities in a way that may be insecure
[  205.254974][ T6892] =======================================================
[  205.254974][ T6892] WARNING: The mand mount option has been deprecated and
[  205.254974][ T6892]          and is ignored by this kernel. Remove the mand
[  205.254974][ T6892]          option from the mount to silence this warning.
[  205.254974][ T6892] =======================================================
[  205.404874][ T6892] 9pnet_fd: p9_fd_create_tcp (6892): problem connecting socket to 127.0.0.1
[  206.547341][ T5158] Bluetooth: hci2: command 0x0406 tx timeout
[  206.723640][ T5158] Bluetooth: hci4: command 0x0406 tx timeout
[  206.731812][ T5158] Bluetooth: hci0: command 0x0406 tx timeout
[  206.731843][ T5158] Bluetooth: hci3: command 0x0406 tx timeout
[  206.731865][ T5158] Bluetooth: hci1: command 0x0406 tx timeout
[  210.403851][ T5850] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  211.812808][ T6903] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  212.568426][ T6920] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  213.688935][ T6933] kvm_intel: kvm [6927]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x2
[  214.732779][    C1] vkms_vblank_simulate: vblank timer overrun
[  214.944789][    C1] vkms_vblank_simulate: vblank timer overrun
[  215.129013][    C1] vkms_vblank_simulate: vblank timer overrun
[  224.379983][ T7000] netlink: 8 bytes leftover after parsing attributes in process `syz.3.346'.
[  225.402427][ T7004] /dev/nullb0: Can't open blockdev
[  229.456819][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.359'.
[  232.324884][ T7074] netlink: 8 bytes leftover after parsing attributes in process `syz.3.370'.
[  235.673152][ T7107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.381'.
[  240.719196][ T7151] netlink: 8 bytes leftover after parsing attributes in process `syz.4.396'.
[  249.584338][ T7195] netlink: 8 bytes leftover after parsing attributes in process `syz.3.410'.
[  253.036403][ T7230] netlink: 8 bytes leftover after parsing attributes in process `syz.1.424'.
[  255.963711][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  255.963786][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  256.501633][ T7267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.436'.
[  264.261347][ T7320] netlink: 8 bytes leftover after parsing attributes in process `syz.0.451'.
[  271.279989][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.465'.
[  274.048520][ T7382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.471'.
[  276.365021][ T7411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.479'.
[  277.789279][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.1.485'.
[  280.921535][ T7453] tmpfs: Unknown parameter ';'
[  281.320597][ T7454] netlink: 8 bytes leftover after parsing attributes in process `syz.1.493'.
[  282.503858][ T7467] netlink: 12 bytes leftover after parsing attributes in process `syz.3.497'.
[  287.451045][   T37] audit: type=1800 audit(1756148137.111:2): pid=7483 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.503" name="/" dev="9p" ino=2 res=0 errno=0
[  290.218242][ T7528] netlink: 8 bytes leftover after parsing attributes in process `syz.3.517'.
[  290.987738][ T7539] netlink: 12 bytes leftover after parsing attributes in process `syz.4.521'.
[  291.123250][ T7541] netlink: 4 bytes leftover after parsing attributes in process `syz.4.522'.
[  291.123402][ T7541] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  292.492447][ T7541] batman_adv: batadv0: Removing interface: batadv_slave_1
[  294.776153][ T7561] netlink: 8 bytes leftover after parsing attributes in process `syz.2.530'.
[  294.966188][ T7566] netlink: 12 bytes leftover after parsing attributes in process `syz.1.532'.
[  296.809158][    C0] vkms_vblank_simulate: vblank timer overrun
[  297.959957][ T7609] netlink: 12 bytes leftover after parsing attributes in process `syz.0.548'.
[  298.122292][ T7606] netlink: 8 bytes leftover after parsing attributes in process `syz.2.545'.
[  298.259888][    C0] vkms_vblank_simulate: vblank timer overrun
[  298.340553][ T7617] netlink: 51 bytes leftover after parsing attributes in process `syz.0.551'.
[  298.748605][    C0] vkms_vblank_simulate: vblank timer overrun
[  299.216361][    C0] vkms_vblank_simulate: vblank timer overrun
[  299.375488][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.028672][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.095715][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.201671][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.233754][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.367665][    C0] vkms_vblank_simulate: vblank timer overrun
[  301.430877][    C0] vkms_vblank_simulate: vblank timer overrun
[  304.490975][  T102] block nbd0: Attempted send on invalid socket
[  304.491055][  T102] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.497359][ T7676] block nbd0: Attempted send on invalid socket
[  304.497380][ T7676] I/O error, dev nbd0, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.497655][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  304.498064][ T7676] block nbd0: Attempted send on invalid socket
[  304.498079][ T7676] I/O error, dev nbd0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.508513][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  304.512164][ T7676] block nbd0: Attempted send on invalid socket
[  304.512183][ T7676] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.525958][ T7676] block nbd0: Attempted send on invalid socket
[  304.525979][ T7676] I/O error, dev nbd0, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.526079][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  304.526315][ T7676] block nbd0: Attempted send on invalid socket
[  304.526328][ T7676] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.526412][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  304.529538][ T7676] block nbd0: Attempted send on invalid socket
[  304.529558][ T7676] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.530991][ T7676] block nbd0: Attempted send on invalid socket
[  304.531008][ T7676] I/O error, dev nbd0, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.531101][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  304.531302][ T7676] block nbd0: Attempted send on invalid socket
[  304.531315][ T7676] I/O error, dev nbd0, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.531399][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  304.534236][ T7676] block nbd0: Attempted send on invalid socket
[  304.534253][ T7676] I/O error, dev nbd0, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  304.534614][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  304.534853][ T7676] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  304.534870][ T7676] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  312.911106][   T59] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[  313.222642][ T7745] Bluetooth: MGMT ver 1.23
[  313.718363][ T7747] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  313.718476][ T7747] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  314.018146][ T7747] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  314.018228][ T7747] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  314.099818][ T7747] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  314.110272][ T7747] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  314.162512][ T7747] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  314.163901][ T7747] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  315.870439][   T59] Bluetooth: hci1: command 0x0406 tx timeout
[  316.075139][   T59] Bluetooth: hci3: command 0x0406 tx timeout
[  316.323796][ T7768] netlink: 'syz.1.597': attribute type 1 has an invalid length.
[  316.357512][   T59] Bluetooth: hci2: command 0x0406 tx timeout
[  316.358511][   T59] Bluetooth: hci4: command 0x0406 tx timeout
[  316.670965][ T7766] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  317.048797][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  317.048929][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  317.862552][ T7776] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  317.862665][ T7776] CIFS: Unable to determine destination address
[  317.973000][   T59] Bluetooth: hci1: command 0x0406 tx timeout
[  318.382052][   T59] Bluetooth: hci4: command 0x0406 tx timeout
[  318.382089][   T59] Bluetooth: hci2: command 0x0406 tx timeout
[  318.382111][   T59] Bluetooth: hci3: command 0x0406 tx timeout
[  323.377353][ T7836] Bluetooth: MGMT ver 1.23
[  325.817596][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.3.623'.
[  326.979429][    C0] vkms_vblank_simulate: vblank timer overrun
[  330.703737][ T7898] syz.3.638 (7898) used greatest stack depth: 18968 bytes left
[  331.365587][ T7915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.644'.
[  331.789747][   T37] audit: type=1326 audit(1756148181.503:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.791463][   T37] audit: type=1326 audit(1756148181.513:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.793917][   T37] audit: type=1326 audit(1756148181.513:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.794443][   T37] audit: type=1326 audit(1756148181.513:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.794707][   T37] audit: type=1326 audit(1756148181.513:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.795348][   T37] audit: type=1326 audit(1756148181.513:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  331.796051][   T37] audit: type=1326 audit(1756148181.513:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7918 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  333.059805][ T5973] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  333.217956][ T5973] usb 5-1: Using ep0 maxpacket: 16
[  333.279764][ T5973] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  333.279800][ T5973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.279813][ T5973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.279834][ T5973] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  333.279848][ T5973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.351989][ T5973] usb 5-1: config 0 descriptor??
[  337.396406][ T7958] netlink: 'syz.1.658': attribute type 1 has an invalid length.
[  339.362683][ T5973] usbhid 5-1:0.0: can't add hid device: -32
[  339.362802][ T5973] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  349.319757][ T8011] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  350.185595][   T37] audit: type=1800 audit(1756148199.916:10): pid=8014 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.675" name="/" dev="9p" ino=2 res=0 errno=0
[  350.214123][   T59] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  350.248279][   T59] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  350.264550][   T59] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  350.269105][   T59] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  350.270394][   T59] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  351.537411][ T5842] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[  352.490319][ T5842] Bluetooth: hci5: command tx timeout
[  353.164798][ T5926] usb 5-1: USB disconnect, device number 2
[  353.997633][ T8015] chnl_net:caif_netlink_parms(): no params data found
[  354.221157][ T8052] netlink: 'syz.0.694': attribute type 1 has an invalid length.
[  354.867147][ T5842] Bluetooth: hci5: command tx timeout
[  356.511462][ T1405] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  356.752108][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  356.864706][ T8063] netlink: 8 bytes leftover after parsing attributes in process `syz.0.688'.
[  356.901966][   T10] usb 4-1: Using ep0 maxpacket: 8
[  356.907843][   T10] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  356.907902][   T10] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  356.907921][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  356.907941][   T10] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  356.907960][   T10] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  356.907996][   T10] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  356.908015][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.246523][   T10] usb 4-1: usb_control_msg returned -71
[  357.246572][   T10] usbtmc 4-1:16.0: can't read capabilities
[  357.295888][   T10] usb 4-1: USB disconnect, device number 3
[  357.348300][ T1405] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.552331][ T5842] Bluetooth: hci5: command tx timeout
[  358.030089][ T1405] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.698786][ T8078] syz.1.692 (8078) used greatest stack depth: 18072 bytes left
[  358.792977][ T5973] libceph: connect (1)[c::]:6789 error -101
[  358.794138][ T5973] libceph: mon0 (1)[c::]:6789 connect error
[  358.813964][ T5973] libceph: connect (1)[c::]:6789 error -101
[  358.814108][ T5973] libceph: mon0 (1)[c::]:6789 connect error
[  359.016187][ T1405] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  359.073361][ T5973] libceph: connect (1)[c::]:6789 error -101
[  359.073488][ T5973] libceph: mon0 (1)[c::]:6789 connect error
[  359.101909][ T8015] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.118679][ T8015] bridge0: port 1(bridge_slave_0) entered disabled state
[  359.118929][ T8015] bridge_slave_0: entered allmulticast mode
[  359.146937][ T8015] bridge_slave_0: entered promiscuous mode
[  359.161496][ T8015] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.179105][ T8015] bridge0: port 2(bridge_slave_1) entered disabled state
[  359.179356][ T8015] bridge_slave_1: entered allmulticast mode
[  359.196910][ T8015] bridge_slave_1: entered promiscuous mode
[  359.356325][ T8085] ceph: No mds server is up or the cluster is laggy
[  359.580629][   T10] libceph: connect (1)[c::]:6789 error -101
[  359.580894][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  359.630132][ T5842] Bluetooth: hci5: command tx timeout
[  359.724174][ T8015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  359.792034][ T8015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.345772][ T8015] team0: Port device team_slave_0 added
[  361.412274][ T8015] team0: Port device team_slave_1 added
[  361.449513][ T5842] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  361.765988][ T8015] batman_adv: batadv0: Adding interface: batadv_slave_0
[  361.766000][ T8015] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  361.766012][ T8015] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  361.767361][ T8015] batman_adv: batadv0: Adding interface: batadv_slave_1
[  361.767369][ T8015] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  361.767381][ T8015] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.005247][ T1405] bridge_slave_1: left allmulticast mode
[  362.018250][ T1405] bridge_slave_1: left promiscuous mode
[  362.029851][ T1405] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.126693][ T1405] bridge_slave_0: left allmulticast mode
[  362.126726][ T1405] bridge_slave_0: left promiscuous mode
[  362.127026][ T1405] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.198487][   T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  362.352959][   T10] usb 4-1: Using ep0 maxpacket: 32
[  362.357572][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  362.359907][   T10] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  362.384747][   T10] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  362.384773][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.384789][   T10] usb 4-1: Product: syz
[  362.384801][   T10] usb 4-1: Manufacturer: syz
[  362.384814][   T10] usb 4-1: SerialNumber: syz
[  362.790344][   T10] usb 4-1: Limiting number of CPorts to U8_MAX
[  362.795395][   T10] usb 4-1: Not enough endpoints found in device, aborting!
[  363.749870][ T8127] overlayfs: failed to resolve './file1': -2
[  363.767564][  T990] usb 4-1: USB disconnect, device number 4
[  364.392999][   T37] audit: type=1326 audit(1756148214.135:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8130 comm="syz.1.711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x0
[  372.352656][ T1405] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  373.631995][ T1405] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  373.741587][ T1405] bond0 (unregistering): Released all slaves
[  373.817982][ T8136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.708'.
[  373.819032][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.3.726'.
[  375.737622][ T8015] hsr_slave_0: entered promiscuous mode
[  375.748320][ T8015] hsr_slave_1: entered promiscuous mode
[  375.761869][ T8015] debugfs: 'hsr0' already exists in 'hsr'
[  375.761895][ T8015] Cannot create hsr debugfs directory
[  376.998220][ T8239] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  378.015204][ T1405] hsr_slave_0: left promiscuous mode
[  378.078496][ T1405] hsr_slave_1: left promiscuous mode
[  378.082366][ T1405] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  378.082450][ T1405] batman_adv: batadv0: Removing interface: batadv_slave_0
[  378.339089][ T1405] veth1_macvtap: left promiscuous mode
[  378.339783][ T1405] veth0_macvtap: left promiscuous mode
[  378.340117][ T1405] veth1_vlan: left promiscuous mode
[  378.343463][ T1405] veth0_vlan: left promiscuous mode
[  378.424702][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  378.424775][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  381.607157][ T1405] team0 (unregistering): Port device team_slave_1 removed
[  381.866644][ T1405] team0 (unregistering): Port device team_slave_0 removed
[  382.408229][   T31] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  382.578162][   T31] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  382.578189][   T31] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  382.578205][   T31] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  382.578255][   T31] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  382.578278][   T31] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  382.584782][   T31] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  382.584807][   T31] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  382.584824][   T31] usb 1-1: Product: syz
[  382.584843][   T31] usb 1-1: Manufacturer: syz
[  382.631666][   T31] cdc_wdm 1-1:1.0: skipping garbage
[  382.631686][   T31] cdc_wdm 1-1:1.0: skipping garbage
[  382.646002][   T31] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  382.646033][   T31] cdc_wdm 1-1:1.0: Unknown control protocol
[  383.151337][    C0] cdc_wdm 1-1:1.0: Unexpected error -71
[  383.153436][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.153612][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.159047][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.159069][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.159314][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.159338][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.159560][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.159576][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.159804][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.159830][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.160052][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.160067][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.160293][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.160310][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.160531][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.160546][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.160761][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.160776][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.161001][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  383.161016][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  383.165981][ T5905] usb 1-1: USB disconnect, device number 3
[  383.166156][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  384.502662][ T8252] netlink: 12 bytes leftover after parsing attributes in process `syz.3.742'.
[  384.534159][ T8258] netlink: 8 bytes leftover after parsing attributes in process `syz.2.744'.
[  388.965979][ T8015] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  389.135853][ T8015] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  389.289047][ T8015] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  389.479750][ T8015] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  389.779137][ T8336] netlink: 12 bytes leftover after parsing attributes in process `syz.2.760'.
[  390.423957][ T8015] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.556405][ T8015] 8021q: adding VLAN 0 to HW filter on device team0
[  391.599071][ T1405] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.599602][ T1405] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.651507][ T1405] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.651737][ T1405] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.578426][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.0.771'.
[  393.736565][ T8015] 8021q: adding VLAN 0 to HW filter on device batadv0
[  396.923884][ T8407] CIFS: Unable to determine destination address
[  397.325892][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz.2.781'.
[  397.600073][ T8015] veth0_vlan: entered promiscuous mode
[  397.683236][ T8015] veth1_vlan: entered promiscuous mode
[  398.029648][ T8015] veth0_macvtap: entered promiscuous mode
[  398.069902][ T8015] veth1_macvtap: entered promiscuous mode
[  398.617340][ T8015] batman_adv: batadv0: Interface activated: batadv_slave_0
[  398.683267][ T8015] batman_adv: batadv0: Interface activated: batadv_slave_1
[  398.728620][ T1405] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  398.732645][ T1405] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  398.740772][ T1405] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  398.782812][ T1405] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  399.326418][   T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.326432][   T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.386848][ T8447] CIFS: Unable to determine destination address
[  399.443233][ T1405] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.443253][ T1405] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.936831][ T5842] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  401.035339][ T8486] CIFS: Unable to determine destination address
[  401.478364][   T37] audit: type=1326 audit(1756148251.248:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.480199][   T37] audit: type=1326 audit(1756148251.248:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.480460][   T37] audit: type=1326 audit(1756148251.248:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.480716][   T37] audit: type=1326 audit(1756148251.248:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.482424][   T37] audit: type=1326 audit(1756148251.248:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.483306][   T37] audit: type=1326 audit(1756148251.248:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.540078][   T37] audit: type=1326 audit(1756148251.308:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.553117][   T37] audit: type=1326 audit(1756148251.318:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.553165][   T37] audit: type=1326 audit(1756148251.318:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  401.553202][   T37] audit: type=1326 audit(1756148251.318:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8495 comm="syz.1.805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f80cbebe9 code=0x7ffc0000
[  402.330745][ T8514] netlink: 8 bytes leftover after parsing attributes in process `syz.3.808'.
[  405.242079][ T8529] CIFS: Unable to determine destination address
[  407.402873][    C1] vkms_vblank_simulate: vblank timer overrun
[  407.530999][    C1] vkms_vblank_simulate: vblank timer overrun
[  407.600159][   T31] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  407.839785][   T31] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  407.839845][   T31] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7
[  407.839871][   T31] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  407.857185][   T31] usb 2-1: language id specifier not provided by device, defaulting to English
[  407.976247][    C1] vkms_vblank_simulate: vblank timer overrun
[  407.995371][   T31] usb 2-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e
[  407.995398][   T31] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.995415][   T31] usb 2-1: Manufacturer: 聣
[  407.995427][   T31] usb 2-1: SerialNumber: syz
[  408.079364][ T8572] CIFS: Unable to determine destination address
[  408.112002][   T31] usb 2-1: config 0 descriptor??
[  408.224542][   T31] em28xx 2-1:0.0: New device 聣  @ 480 Mbps (2013:0251, interface 0, class 0)
[  408.224576][   T31] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  408.420067][   T31] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  408.421206][   T31] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  408.421634][   T31] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  408.421654][   T31] em28xx 2-1:0.0: No AC97 audio processor
[  408.454736][   T31] usb 2-1: USB disconnect, device number 4
[  408.457083][   T31] em28xx 2-1:0.0: Disconnecting em28xx
[  408.710896][    C1] vkms_vblank_simulate: vblank timer overrun
[  408.753421][   T31] em28xx 2-1:0.0: Freeing device
[  409.524611][    C1] vkms_vblank_simulate: vblank timer overrun
[  410.216463][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.367749][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.555123][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.753036][ T8610] netlink: 8 bytes leftover after parsing attributes in process `syz.1.838'.
[  414.178800][ T8635] CIFS: Unable to determine destination address
[  415.596569][ T8665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.858'.
[  417.408372][ T8678] CIFS: Unable to determine destination address
[  417.853944][ T8684] netlink: 'syz.2.863': attribute type 11 has an invalid length.
[  417.854049][ T8684] netlink: 448 bytes leftover after parsing attributes in process `syz.2.863'.
[  418.852232][ T8705] netlink: 8 bytes leftover after parsing attributes in process `syz.1.866'.
[  429.528939][   T37] kauditd_printk_skb: 132 callbacks suppressed
[  429.528955][   T37] audit: type=1326 audit(1756148279.305:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.528996][   T37] audit: type=1326 audit(1756148279.305:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.529034][   T37] audit: type=1326 audit(1756148279.305:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.529076][   T37] audit: type=1326 audit(1756148279.305:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.529114][   T37] audit: type=1326 audit(1756148279.305:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.529157][   T37] audit: type=1326 audit(1756148279.315:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.533452][   T37] audit: type=1326 audit(1756148279.315:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.533642][   T37] audit: type=1326 audit(1756148279.315:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.533683][   T37] audit: type=1326 audit(1756148279.315:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  429.533722][   T37] audit: type=1326 audit(1756148279.315:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8758 comm="syz.2.881" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe005cebe9 code=0x7ffc0000
[  430.021342][ T8759] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  430.021365][ T8759] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  430.055483][ T8759] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  430.055504][ T8759] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  430.068941][ T8759] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  430.068961][ T8759] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  430.091015][ T8759] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  430.091038][ T8759] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  430.951185][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.337578][    C0] vkms_vblank_simulate: vblank timer overrun
[  431.887450][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.178406][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.211788][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.211920][ T8792] CIFS: Unable to determine destination address
[  432.548521][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.575376][    C0] vkms_vblank_simulate: vblank timer overrun
[  432.777113][    C0] vkms_vblank_simulate: vblank timer overrun
[  433.507428][    C0] vkms_vblank_simulate: vblank timer overrun
[  433.678309][    C0] vkms_vblank_simulate: vblank timer overrun
[  434.852008][    C0] vkms_vblank_simulate: vblank timer overrun
[  435.211057][    C0] vkms_vblank_simulate: vblank timer overrun
[  435.249523][    C0] vkms_vblank_simulate: vblank timer overrun
[  439.841088][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  439.841134][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  441.707146][ T8871] CIFS: Unable to determine destination address
[  447.458150][ T8915] CIFS: Unable to determine destination address
[  450.894860][ T8943] syz.5.926 (8943) used greatest stack depth: 16760 bytes left
[  454.356903][ T8964] bridge0: entered promiscuous mode
[  454.362297][ T8964] macvlan2: entered promiscuous mode
[  458.648447][ T8977] CIFS: Unable to determine destination address
[  461.690977][   T37] kauditd_printk_skb: 123 callbacks suppressed
[  461.690989][   T37] audit: type=1326 audit(1756148311.493:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9006 comm="syz.5.942" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f802b8cebe9 code=0x0
[  466.024017][ T9024] Illegal XDP return value 906869632 on prog  (id 113) dev N/A, expect packet loss!
[  467.100155][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  467.137855][ T9035] CIFS: Unable to determine destination address
[  467.495113][    T9] usb 4-1: Using ep0 maxpacket: 16
[  467.498001][    T9] usb 4-1: config 0 has an invalid descriptor of length 41, skipping remainder of the config
[  467.498049][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  467.536422][    T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[  467.536450][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.536467][    T9] usb 4-1: Product: syz
[  467.536478][    T9] usb 4-1: Manufacturer: syz
[  467.536491][    T9] usb 4-1: SerialNumber: syz
[  467.578460][    T9] usb 4-1: config 0 descriptor??
[  467.589325][    T9] appledisplay 4-1:0.0: Could not find int-in endpoint
[  467.593012][    T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  467.984716][ T1248] usb 4-1: USB disconnect, device number 5
[  469.992997][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.262592][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.667655][    C0] vkms_vblank_simulate: vblank timer overrun
[  470.883125][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.382283][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.464432][    C0] vkms_vblank_simulate: vblank timer overrun
[  471.886088][    C0] vkms_vblank_simulate: vblank timer overrun
[  472.043280][    C0] vkms_vblank_simulate: vblank timer overrun
[  472.469048][    C0] vkms_vblank_simulate: vblank timer overrun
[  472.636552][    C0] vkms_vblank_simulate: vblank timer overrun
[  473.472677][    C0] vkms_vblank_simulate: vblank timer overrun
[  473.561610][    C0] vkms_vblank_simulate: vblank timer overrun
[  473.941782][    C0] vkms_vblank_simulate: vblank timer overrun
[  474.277532][    C0] vkms_vblank_simulate: vblank timer overrun
[  478.608356][   T37] audit: type=1326 audit(1756148328.411:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.608604][   T37] audit: type=1326 audit(1756148328.411:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.609124][   T37] audit: type=1326 audit(1756148328.411:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.609378][   T37] audit: type=1326 audit(1756148328.411:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.609608][   T37] audit: type=1326 audit(1756148328.411:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.680611][   T37] audit: type=1326 audit(1756148328.482:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.680741][   T37] audit: type=1326 audit(1756148328.482:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  478.680781][   T37] audit: type=1326 audit(1756148328.482:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9108 comm="syz.0.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64d87ebe9 code=0x7ffc0000
[  483.484839][   T37] audit: type=1326 audit(1756148333.294:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.5.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f802b8cebe9 code=0x7ffc0000
[  483.487076][   T37] audit: type=1326 audit(1756148333.294:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9148 comm="syz.5.986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f802b8cebe9 code=0x7ffc0000
[  487.337458][   T37] kauditd_printk_skb: 2 callbacks suppressed
[  487.337473][   T37] audit: type=1326 audit(1756148337.156:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9176 comm="syz.5.997" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f802b8cebe9 code=0x0
[  488.382294][    C0] vkms_vblank_simulate: vblank timer overrun
[  488.429257][    C0] vkms_vblank_simulate: vblank timer overrun
[  490.273391][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.061975][ T9248] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  492.089263][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.120228][ T9248] 9pnet_fd: p9_fd_create_tcp (9248): problem connecting socket to 127.0.0.1
[  492.466123][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.557214][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.584461][    C0] vkms_vblank_simulate: vblank timer overrun
[  492.674528][    C0] vkms_vblank_simulate: vblank timer overrun
[  494.193350][ T5842] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  500.859906][ T9347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  500.934443][ T9347] 9pnet_fd: p9_fd_create_tcp (9347): problem connecting socket to 127.0.0.1
[  501.263995][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  501.264041][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  504.488760][    C1] vkms_vblank_simulate: vblank timer overrun
[  504.655819][    C1] vkms_vblank_simulate: vblank timer overrun
[  504.925296][    C1] vkms_vblank_simulate: vblank timer overrun
[  505.231822][    C1] vkms_vblank_simulate: vblank timer overrun
[  505.790412][    C1] vkms_vblank_simulate: vblank timer overrun
[  506.115242][ T9401] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  506.180258][ T9401] 9pnet_fd: p9_fd_create_tcp (9401): problem connecting socket to 127.0.0.1
[  507.097761][   T37] audit: type=1326 audit(1756148356.926:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9408 comm="syz.5.1068" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f802b8cebe9 code=0x0
[  507.539656][    C1] vkms_vblank_simulate: vblank timer overrun
[  507.685685][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.295737][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.699021][    C1] vkms_vblank_simulate: vblank timer overrun
[  511.437041][ T9453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  511.682142][ T9453] 9pnet_fd: p9_fd_create_tcp (9453): problem connecting socket to 127.0.0.1
[  517.171334][ T5842] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  520.944154][ T9489] trusted_key: syz.3.1086 sent an empty control message without MSG_MORE.
[  524.040004][ T9416] syz.1.1069: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  524.040246][ T9416] CPU: 1 UID: 0 PID: 9416 Comm: syz.1.1069 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  524.040259][ T9416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  524.040270][ T9416] Call Trace:
[  524.040274][ T9416]  <TASK>
[  524.040279][ T9416]  dump_stack_lvl+0x189/0x250
[  524.040303][ T9416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  524.040317][ T9416]  ? __pfx__printk+0x10/0x10
[  524.040328][ T9416]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  524.040338][ T9416]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  524.040349][ T9416]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  524.040361][ T9416]  warn_alloc+0x22e/0x3b0
[  524.040381][ T9416]  ? __pfx_warn_alloc+0x10/0x10
[  524.040399][ T9416]  ? __get_vm_area_node+0x2bc/0x350
[  524.040413][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040430][ T9416]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  524.040455][ T9416]  ? __kasan_kmalloc+0x93/0xb0
[  524.040469][ T9416]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  524.040481][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040496][ T9416]  ? __get_vm_area_node+0x2bc/0x350
[  524.040509][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040523][ T9416]  __vmalloc_node_range_noprof+0x56a/0x12f0
[  524.040536][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040565][ T9416]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  524.040581][ T9416]  ? rcu_is_watching+0x15/0xb0
[  524.040598][ T9416]  __kvmalloc_node_noprof+0x330/0x550
[  524.040611][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040623][ T9416]  ? hash_netiface_create+0x354/0xf90
[  524.040636][ T9416]  ? hash_netiface_create+0x2fe/0xf90
[  524.040651][ T9416]  hash_netiface_create+0x354/0xf90
[  524.040669][ T9416]  ? __nla_parse+0x40/0x60
[  524.040683][ T9416]  ? __pfx_hash_netiface_create+0x10/0x10
[  524.040697][ T9416]  ip_set_create+0xa99/0x1940
[  524.040707][ T9416]  ? ip_set_create+0x4a7/0x1940
[  524.040722][ T9416]  ? __pfx_ip_set_create+0x10/0x10
[  524.040751][ T9416]  nfnetlink_rcv_msg+0xb69/0x1150
[  524.040761][ T9416]  ? __lock_acquire+0xab9/0xd20
[  524.040772][ T9416]  ? nfnetlink_rcv_msg+0x212/0x1150
[  524.040792][ T9416]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  524.040815][ T9416]  ? __pfx_migrate_enable+0x10/0x10
[  524.040828][ T9416]  ? __pfx_migrate_enable+0x10/0x10
[  524.040848][ T9416]  netlink_rcv_skb+0x205/0x470
[  524.040860][ T9416]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  524.040871][ T9416]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  524.040888][ T9416]  ? bpf_lsm_capable+0x9/0x20
[  524.040900][ T9416]  ? security_capable+0x7e/0x2e0
[  524.040917][ T9416]  nfnetlink_rcv+0x26a/0x2530
[  524.040929][ T9416]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  524.040948][ T9416]  ? __dev_queue_xmit+0x26f/0x3b70
[  524.040976][ T9416]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  524.040985][ T9416]  ? __pfx___dev_queue_xmit+0x10/0x10
[  524.041006][ T9416]  ? ref_tracker_free+0x61e/0x7c0
[  524.041018][ T9416]  ? __asan_memcpy+0x40/0x70
[  524.041028][ T9416]  ? __pfx_ref_tracker_free+0x10/0x10
[  524.041039][ T9416]  ? __skb_clone+0x63/0x7a0
[  524.041055][ T9416]  ? __skb_clone+0x483/0x7a0
[  524.041071][ T9416]  ? skb_clone+0x246/0x3a0
[  524.041085][ T9416]  ? __netlink_deliver_tap+0x807/0x850
[  524.041096][ T9416]  ? netlink_deliver_tap+0x2e/0x1b0
[  524.041111][ T9416]  ? netlink_deliver_tap+0x2e/0x1b0
[  524.041126][ T9416]  netlink_unicast+0x843/0xa10
[  524.041141][ T9416]  ? __pfx_netlink_unicast+0x10/0x10
[  524.041152][ T9416]  ? netlink_sendmsg+0x642/0xb30
[  524.041162][ T9416]  ? skb_put+0x11b/0x210
[  524.041176][ T9416]  netlink_sendmsg+0x805/0xb30
[  524.041192][ T9416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  524.041208][ T9416]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  524.041217][ T9416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  524.041229][ T9416]  __sock_sendmsg+0x219/0x270
[  524.041242][ T9416]  ____sys_sendmsg+0x508/0x820
[  524.041258][ T9416]  ? __pfx_____sys_sendmsg+0x10/0x10
[  524.041276][ T9416]  ? import_iovec+0x74/0xa0
[  524.041289][ T9416]  ___sys_sendmsg+0x21f/0x2a0
[  524.041303][ T9416]  ? __pfx____sys_sendmsg+0x10/0x10
[  524.041335][ T9416]  ? __fget_files+0x2a/0x420
[  524.041348][ T9416]  ? __fget_files+0x3a6/0x420
[  524.041366][ T9416]  __x64_sys_sendmsg+0x1a1/0x260
[  524.041380][ T9416]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  524.041399][ T9416]  ? rcu_is_watching+0x15/0xb0
[  524.041415][ T9416]  ? do_syscall_64+0xbe/0x3b0
[  524.041430][ T9416]  do_syscall_64+0xfa/0x3b0
[  524.041441][ T9416]  ? lockdep_hardirqs_on+0x9c/0x150
[  524.041453][ T9416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.041463][ T9416]  ? clear_bhb_loop+0x60/0xb0
[  524.041475][ T9416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  524.041487][ T9416] RIP: 0033:0x7f7f80cbebe9
[  524.041500][ T9416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  524.041508][ T9416] RSP: 002b:00007f7f7ef1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  524.041518][ T9416] RAX: ffffffffffffffda RBX: 00007f7f80ee5fa0 RCX: 00007f7f80cbebe9
[  524.041525][ T9416] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  524.041531][ T9416] RBP: 00007f7f80d41e19 R08: 0000000000000000 R09: 0000000000000000
[  524.041537][ T9416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  524.041542][ T9416] R13: 00007f7f80ee6038 R14: 00007f7f80ee5fa0 R15: 00007ffca1d7a608
[  524.041558][ T9416]  </TASK>
[  524.041565][ T9416] Mem-Info:
[  524.041572][ T9416] active_anon:260 inactive_anon:5620 isolated_anon:0
[  524.041572][ T9416]  active_file:8951 inactive_file:43718 isolated_file:0
[  524.041572][ T9416]  unevictable:768 dirty:97 writeback:0
[  524.041572][ T9416]  slab_reclaimable:11582 slab_unreclaimable:101597
[  524.041572][ T9416]  mapped:30388 shmem:1342 pagetables:1285
[  524.041572][ T9416]  sec_pagetables:0 bounce:0
[  524.041572][ T9416]  kernel_misc_reclaimable:0
[  524.041572][ T9416]  free:1287761 free_pcp:9774 free_cma:0
[  524.041598][ T9416] Node 0 active_anon:1040kB inactive_anon:22480kB active_file:35604kB inactive_file:174872kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121552kB dirty:388kB writeback:0kB shmem:3832kB kernel_stack:12932kB pagetables:5000kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  524.041620][ T9416] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  524.041641][ T9416] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  524.041670][ T9416] lowmem_reserve[]: 0 2512 2513 2513 2513
[  524.041686][ T9416] Node 0 DMA32 free:1238832kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1036kB inactive_anon:22432kB active_file:34592kB inactive_file:174804kB unevictable:1536kB writepending:388kB present:3129332kB managed:2572332kB mlocked:0kB bounce:0kB free_pcp:39096kB local_pcp:9056kB free_cma:0kB
[  524.041715][ T9416] lowmem_reserve[]: 0 0 1 1 1
[  524.041731][ T9416] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:48kB active_file:1012kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  524.041757][ T9416] lowmem_reserve[]: 0 0 0 0 0
[  524.041772][ T9416] Node 1 Normal free:3896852kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  524.041800][ T9416] lowmem_reserve[]: 0 0 0 0 0
[  524.041815][ T9416] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  524.041872][ T9416] Node 0 DMA32: 22*4kB (M) 23*8kB (ME) 18*16kB (UME) 3*32kB (UE) 105*64kB (UME) 84*128kB (UME) 50*256kB (UME) 15*512kB (ME) 6*1024kB (UME) 5*2048kB (UME) 289*4096kB (M) = 1238736kB
[  524.041951][ T9416] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  524.042003][ T9416] Node 1 Normal: 273*4kB (UME) 52*8kB (UME) 35*16kB (UME) 224*32kB (UME) 112*64kB (UME) 32*128kB (UME) 18*256kB (UME) 4*512kB (UM) 7*1024kB (UME) 2*2048kB (UE) 942*4096kB (M) = 3896852kB
[  524.042078][ T9416] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.042086][ T9416] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  524.042094][ T9416] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  524.042101][ T9416] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  524.042109][ T9416] 54007 total pagecache pages
[  524.042115][ T9416] 0 pages in swap cache
[  524.042119][ T9416] Free swap  = 124996kB
[  524.042122][ T9416] Total swap = 124996kB
[  524.042126][ T9416] 2097051 pages RAM
[  524.042129][ T9416] 0 pages HighMem/MovableOnly
[  524.042133][ T9416] 422070 pages reserved
[  524.042136][ T9416] 0 pages cma reserved
[  524.446286][    C1] vkms_vblank_simulate: vblank timer overrun
[  524.586428][    C1] vkms_vblank_simulate: vblank timer overrun
[  524.978324][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.191317][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.571980][    C1] vkms_vblank_simulate: vblank timer overrun
[  525.697481][    C1] vkms_vblank_simulate: vblank timer overrun
[  526.331677][    C1] vkms_vblank_simulate: vblank timer overrun
[  526.586594][    C1] vkms_vblank_simulate: vblank timer overrun
[  526.751200][    C1] vkms_vblank_simulate: vblank timer overrun
[  527.043924][    C1] vkms_vblank_simulate: vblank timer overrun
[  527.245686][    C1] vkms_vblank_simulate: vblank timer overrun
[  527.630236][    C1] vkms_vblank_simulate: vblank timer overrun
[  528.667597][    C1] vkms_vblank_simulate: vblank timer overrun
[  529.435175][   T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  529.443821][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  529.445126][   T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  529.449148][   T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  529.449930][   T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  529.460890][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  529.462308][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  529.462679][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  529.464718][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  529.465685][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  529.675340][ T5973] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  530.105446][ T5973] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  530.105468][ T5973] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  530.105502][ T5973] usb 1-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[  530.105525][ T5973] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.897649][ T5973] usb 1-1: config 0 descriptor??
[  531.775182][ T5842] Bluetooth: hci2: command tx timeout
[  531.859176][ T9554] chnl_net:caif_netlink_parms(): no params data found
[  532.074907][ T9572] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  532.074929][ T9572] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  532.620047][ T9554] bridge0: port 1(bridge_slave_0) entered blocking state
[  532.621526][ T9554] bridge0: port 1(bridge_slave_0) entered disabled state
[  532.621674][ T9554] bridge_slave_0: entered allmulticast mode
[  532.650173][ T9554] bridge_slave_0: entered promiscuous mode
[  532.663224][ T9554] bridge0: port 2(bridge_slave_1) entered blocking state
[  532.675118][ T9554] bridge0: port 2(bridge_slave_1) entered disabled state
[  532.675355][ T9554] bridge_slave_1: entered allmulticast mode
[  532.703907][ T9554] bridge_slave_1: entered promiscuous mode
[  532.824332][ T5905] usb 1-1: USB disconnect, device number 4
[  533.518979][ T9554] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  533.543967][ T9554] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  534.098998][    C1] vkms_vblank_simulate: vblank timer overrun
[  534.752025][    C1] vkms_vblank_simulate: vblank timer overrun
[  535.396014][    C1] vkms_vblank_simulate: vblank timer overrun
[  535.627386][    C1] vkms_vblank_simulate: vblank timer overrun
[  535.727938][ T9554] team0: Port device team_slave_0 added
[  535.731327][ T9554] team0: Port device team_slave_1 added
[  536.343958][ T9554] batman_adv: batadv0: Adding interface: batadv_slave_0
[  536.343973][ T9554] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.343986][ T9554] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  536.345399][ T9554] batman_adv: batadv0: Adding interface: batadv_slave_1
[  536.345406][ T9554] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  536.345419][ T9554] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  536.645618][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.915500][    C1] vkms_vblank_simulate: vblank timer overrun
[  538.247019][ T9554] hsr_slave_0: entered promiscuous mode
[  538.262281][ T9554] hsr_slave_1: entered promiscuous mode
[  539.231013][   T37] audit: type=1800 audit(1756148389.061:302): pid=9611 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1117" name="/" dev="9p" ino=2 res=0 errno=0
[  539.818038][ T9416] warn_alloc: 1 callbacks suppressed
[  539.818051][ T9416] syz.1.1069: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  539.818099][ T9416] CPU: 0 UID: 0 PID: 9416 Comm: syz.1.1069 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  539.818111][ T9416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  539.818117][ T9416] Call Trace:
[  539.818121][ T9416]  <TASK>
[  539.818125][ T9416]  dump_stack_lvl+0x189/0x250
[  539.818145][ T9416]  ? __pfx_dump_stack_lvl+0x10/0x10
[  539.818158][ T9416]  ? __pfx__printk+0x10/0x10
[  539.818169][ T9416]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  539.818180][ T9416]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  539.818191][ T9416]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  539.818202][ T9416]  warn_alloc+0x22e/0x3b0
[  539.818222][ T9416]  ? __pfx_warn_alloc+0x10/0x10
[  539.818241][ T9416]  ? __get_vm_area_node+0x2bc/0x350
[  539.818254][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818271][ T9416]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  539.818297][ T9416]  ? __kasan_kmalloc+0x93/0xb0
[  539.818311][ T9416]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  539.818323][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818338][ T9416]  ? __get_vm_area_node+0x2bc/0x350
[  539.818351][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818365][ T9416]  __vmalloc_node_range_noprof+0x56a/0x12f0
[  539.818378][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818415][ T9416]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  539.818431][ T9416]  ? rcu_is_watching+0x15/0xb0
[  539.818448][ T9416]  __kvmalloc_node_noprof+0x330/0x550
[  539.818461][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818473][ T9416]  ? hash_netiface_create+0x354/0xf90
[  539.818486][ T9416]  ? hash_netiface_create+0x2fe/0xf90
[  539.818502][ T9416]  hash_netiface_create+0x354/0xf90
[  539.818519][ T9416]  ? __nla_parse+0x40/0x60
[  539.818533][ T9416]  ? __pfx_hash_netiface_create+0x10/0x10
[  539.818548][ T9416]  ip_set_create+0xa99/0x1940
[  539.818557][ T9416]  ? ip_set_create+0x4a7/0x1940
[  539.818572][ T9416]  ? __pfx_ip_set_create+0x10/0x10
[  539.818601][ T9416]  nfnetlink_rcv_msg+0xb69/0x1150
[  539.818611][ T9416]  ? __lock_acquire+0xab9/0xd20
[  539.818623][ T9416]  ? nfnetlink_rcv_msg+0x212/0x1150
[  539.818642][ T9416]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  539.818666][ T9416]  ? __pfx_migrate_enable+0x10/0x10
[  539.818679][ T9416]  ? __pfx_migrate_enable+0x10/0x10
[  539.818700][ T9416]  netlink_rcv_skb+0x205/0x470
[  539.818712][ T9416]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  539.818723][ T9416]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  539.818740][ T9416]  ? bpf_lsm_capable+0x9/0x20
[  539.818753][ T9416]  ? security_capable+0x7e/0x2e0
[  539.818770][ T9416]  nfnetlink_rcv+0x26a/0x2530
[  539.818781][ T9416]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  539.818800][ T9416]  ? __dev_queue_xmit+0x26f/0x3b70
[  539.818821][ T9416]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  539.818831][ T9416]  ? __pfx___dev_queue_xmit+0x10/0x10
[  539.818851][ T9416]  ? ref_tracker_free+0x61e/0x7c0
[  539.818864][ T9416]  ? __asan_memcpy+0x40/0x70
[  539.818875][ T9416]  ? __pfx_ref_tracker_free+0x10/0x10
[  539.818885][ T9416]  ? __skb_clone+0x63/0x7a0
[  539.818901][ T9416]  ? __skb_clone+0x483/0x7a0
[  539.818917][ T9416]  ? skb_clone+0x246/0x3a0
[  539.818932][ T9416]  ? __netlink_deliver_tap+0x807/0x850
[  539.818943][ T9416]  ? netlink_deliver_tap+0x2e/0x1b0
[  539.818957][ T9416]  ? netlink_deliver_tap+0x2e/0x1b0
[  539.818972][ T9416]  netlink_unicast+0x843/0xa10
[  539.818987][ T9416]  ? __pfx_netlink_unicast+0x10/0x10
[  539.818998][ T9416]  ? netlink_sendmsg+0x642/0xb30
[  539.819008][ T9416]  ? skb_put+0x11b/0x210
[  539.819022][ T9416]  netlink_sendmsg+0x805/0xb30
[  539.819038][ T9416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  539.819053][ T9416]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  539.819063][ T9416]  ? __pfx_netlink_sendmsg+0x10/0x10
[  539.819080][ T9416]  __sock_sendmsg+0x219/0x270
[  539.819092][ T9416]  ____sys_sendmsg+0x508/0x820
[  539.819108][ T9416]  ? __pfx_____sys_sendmsg+0x10/0x10
[  539.819126][ T9416]  ? import_iovec+0x74/0xa0
[  539.819139][ T9416]  ___sys_sendmsg+0x21f/0x2a0
[  539.819153][ T9416]  ? __pfx____sys_sendmsg+0x10/0x10
[  539.819186][ T9416]  ? __fget_files+0x2a/0x420
[  539.819199][ T9416]  ? __fget_files+0x3a6/0x420
[  539.819217][ T9416]  __x64_sys_sendmsg+0x1a1/0x260
[  539.819232][ T9416]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  539.819250][ T9416]  ? rcu_is_watching+0x15/0xb0
[  539.819266][ T9416]  ? do_syscall_64+0xbe/0x3b0
[  539.819281][ T9416]  do_syscall_64+0xfa/0x3b0
[  539.819292][ T9416]  ? lockdep_hardirqs_on+0x9c/0x150
[  539.819304][ T9416]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.819314][ T9416]  ? clear_bhb_loop+0x60/0xb0
[  539.819325][ T9416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.819335][ T9416] RIP: 0033:0x7f7f80cbebe9
[  539.819345][ T9416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.819353][ T9416] RSP: 002b:00007f7f7ef1e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  539.819363][ T9416] RAX: ffffffffffffffda RBX: 00007f7f80ee5fa0 RCX: 00007f7f80cbebe9
[  539.819370][ T9416] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  539.819376][ T9416] RBP: 00007f7f80d41e19 R08: 0000000000000000 R09: 0000000000000000
[  539.819382][ T9416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  539.819388][ T9416] R13: 00007f7f80ee6038 R14: 00007f7f80ee5fa0 R15: 00007ffca1d7a608
[  539.819404][ T9416]  </TASK>
[  539.819407][ T9416] Mem-Info:
[  539.819412][ T9416] active_anon:260 inactive_anon:6018 isolated_anon:0
[  539.819412][ T9416]  active_file:8958 inactive_file:43792 isolated_file:0
[  539.819412][ T9416]  unevictable:768 dirty:88 writeback:0
[  539.819412][ T9416]  slab_reclaimable:11663 slab_unreclaimable:103116
[  539.819412][ T9416]  mapped:35989 shmem:1362 pagetables:1468
[  539.819412][ T9416]  sec_pagetables:0 bounce:0
[  539.819412][ T9416]  kernel_misc_reclaimable:0
[  539.819412][ T9416]  free:1279495 free_pcp:6061 free_cma:0
[  539.819438][ T9416] Node 0 active_anon:1040kB inactive_anon:24072kB active_file:35632kB inactive_file:175168kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143956kB dirty:352kB writeback:0kB shmem:3912kB kernel_stack:13080kB pagetables:5732kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  539.819460][ T9416] Node 1 active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  539.819480][ T9416] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  539.819507][ T9416] lowmem_reserve[]: 0 2512 2513 2513 2513
[  539.819524][ T9416] Node 0 DMA32 free:1205768kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:1036kB inactive_anon:24024kB active_file:34620kB inactive_file:175100kB unevictable:1536kB writepending:352kB present:3129332kB managed:2572332kB mlocked:0kB bounce:0kB free_pcp:24244kB local_pcp:21320kB free_cma:0kB
[  539.819552][ T9416] lowmem_reserve[]: 0 0 1 1 1
[  539.819567][ T9416] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:48kB active_file:1012kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  539.819594][ T9416] lowmem_reserve[]: 0 0 0 0 0
[  539.819609][ T9416] Node 1 Normal free:3896852kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:200kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  539.819636][ T9416] lowmem_reserve[]: 0 0 0 0 0
[  539.819651][ T9416] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  539.819707][ T9416] Node 0 DMA32: 2*4kB (ME) 3*8kB (UME) 3*16kB (UME) 180*32kB (ME) 164*64kB (ME) 84*128kB (ME) 74*256kB (UME) 39*512kB (UME) 9*1024kB (UME) 4*2048kB (ME) 274*4096kB (M) = 1205712kB
[  539.819781][ T9416] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  539.819827][ T9416] Node 1 Normal: 273*4kB (UME) 52*8kB (UME) 35*16kB (UME) 224*32kB (UME) 112*64kB (UME) 32*128kB (UME) 18*256kB (UME) 4*512kB (UM) 7*1024kB (UME) 2*2048kB (UE) 942*4096kB (M) = 3896852kB
[  539.819902][ T9416] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  539.819911][ T9416] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  539.819918][ T9416] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  539.819926][ T9416] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  539.819933][ T9416] 54083 total pagecache pages
[  539.819937][ T9416] 0 pages in swap cache
[  539.819940][ T9416] Free swap  = 124996kB
[  539.819944][ T9416] Total swap = 124996kB
[  539.819948][ T9416] 2097051 pages RAM
[  539.819951][ T9416] 0 pages HighMem/MovableOnly
[  539.819954][ T9416] 422070 pages reserved
[  539.819958][ T9416] 0 pages cma reserved
[  545.349507][ T9666] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1130'.
[  548.648458][ T9554] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  548.802214][ T9554] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  548.949829][ T9554] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  549.035207][ T9554] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  550.540262][   T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  550.565453][   T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  550.568364][   T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  550.596710][   T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  550.606247][   T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  550.707115][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  550.707513][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  550.708370][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  550.714802][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  550.716689][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  552.562172][   T43] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  552.810235][   T59] Bluetooth: hci3: command tx timeout
[  554.933627][   T59] Bluetooth: hci3: command tx timeout
[  555.076251][   T43] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  555.762987][   T43] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.965175][   T59] Bluetooth: hci3: command tx timeout
[  557.654608][   T43] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.121463][ T9744] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  558.121487][ T9744] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  558.893707][ T9554] 8021q: adding VLAN 0 to HW filter on device bond0
[  558.934016][ T6118] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  558.938718][   T43] bridge_slave_1: left allmulticast mode
[  558.938747][   T43] bridge_slave_1: left promiscuous mode
[  558.940675][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.687392][ T6118] usb 6-1: config 1 has an invalid interface number: 175 but max is 0
[  559.687418][ T6118] usb 6-1: config 1 has no interface number 0
[  559.687448][ T6118] usb 6-1: config 1 interface 175 has no altsetting 0
[  559.690346][ T6118] usb 6-1: New USB device found, idVendor=05ac, idProduct=e7a5, bcdDevice=5d.f4
[  559.690391][ T6118] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.690409][ T6118] usb 6-1: Product: syz
[  559.690421][ T6118] usb 6-1: Manufacturer: syz
[  559.690433][ T6118] usb 6-1: SerialNumber: syz
[  559.919346][   T43] bridge_slave_0: left allmulticast mode
[  559.919379][   T43] bridge_slave_0: left promiscuous mode
[  559.919647][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.137924][    C1] vkms_vblank_simulate: vblank timer overrun
[  560.171578][ T6118] usb 6-1: USB disconnect, device number 2
[  560.643211][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.088620][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.341817][ T9790] netlink: 6 bytes leftover after parsing attributes in process `syz.5.1163'.
[  562.453845][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.860163][    C1] vkms_vblank_simulate: vblank timer overrun
[  563.098523][    C1] vkms_vblank_simulate: vblank timer overrun
[  563.164156][    C1] vkms_vblank_simulate: vblank timer overrun
[  563.615154][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  563.615767][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  570.609881][ T9858] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.1182'.
[  570.698077][ T9860] netlink: 6 bytes leftover after parsing attributes in process `syz.5.1183'.
[  575.190942][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  575.275892][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  575.334323][   T43] bond0 (unregistering): Released all slaves
[  575.500164][ T9702] chnl_net:caif_netlink_parms(): no params data found
[  577.063251][ T9554] 8021q: adding VLAN 0 to HW filter on device team0
[  577.782771][ T9901] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1192'.
[  578.297096][ T6944] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.297613][ T6944] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.723108][ T9702] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.723254][ T9702] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.723492][ T9702] bridge_slave_0: entered allmulticast mode
[  579.726267][ T9702] bridge_slave_0: entered promiscuous mode
[  579.850665][ T1162] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.850767][ T1162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  579.869740][ T9702] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.880176][ T9702] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.880411][ T9702] bridge_slave_1: entered allmulticast mode
[  579.909184][ T9702] bridge_slave_1: entered promiscuous mode
[  580.340140][ T9702] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  580.592576][   T43] hsr_slave_0: left promiscuous mode
[  580.637235][   T43] hsr_slave_1: left promiscuous mode
[  580.639249][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  580.639277][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  580.709633][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  580.709665][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  581.908165][   T43] veth1_macvtap: left promiscuous mode
[  581.908293][   T43] veth0_macvtap: left promiscuous mode
[  581.908587][   T43] veth1_vlan: left promiscuous mode
[  581.908804][   T43] veth0_vlan: left promiscuous mode
[  586.203420][ T9952] 9pnet_fd: p9_fd_create_tcp (9952): problem connecting socket to 127.0.0.1
[  586.988192][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  587.011446][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  587.032522][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  587.037352][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  587.039501][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  587.076533][   T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  587.126242][   T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  587.138393][   T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  587.142245][   T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  587.143048][   T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  589.464355][ T5842] Bluetooth: hci4: command tx timeout
[  589.599842][    C0] vkms_vblank_simulate: vblank timer overrun
[  589.875926][    C0] vkms_vblank_simulate: vblank timer overrun
[  591.026423][    C0] vkms_vblank_simulate: vblank timer overrun
[  591.107614][    C0] vkms_vblank_simulate: vblank timer overrun
[  591.510867][ T5842] Bluetooth: hci4: command tx timeout
[  592.553855][    C0] vkms_vblank_simulate: vblank timer overrun
[  593.021078][    C0] vkms_vblank_simulate: vblank timer overrun
[  593.587291][ T5842] Bluetooth: hci4: command tx timeout
[  595.666185][ T5842] Bluetooth: hci4: command tx timeout
[  596.036898][   T43] team0 (unregistering): Port device team_slave_1 removed
[  596.418181][   T43] team0 (unregistering): Port device team_slave_0 removed
[  596.673459][    C1] vkms_vblank_simulate: vblank timer overrun
[  597.173547][    C1] vkms_vblank_simulate: vblank timer overrun
[  597.432408][    C1] vkms_vblank_simulate: vblank timer overrun
[  597.533610][    C1] vkms_vblank_simulate: vblank timer overrun
[  597.925334][    C1] vkms_vblank_simulate: vblank timer overrun
[  598.084898][    C1] vkms_vblank_simulate: vblank timer overrun
[  598.187700][    C1] vkms_vblank_simulate: vblank timer overrun
[  598.205918][    C1] vkms_vblank_simulate: vblank timer overrun
[  598.567258][    C1] vkms_vblank_simulate: vblank timer overrun
[  599.005027][    C1] vkms_vblank_simulate: vblank timer overrun
[  599.771185][    C1] vkms_vblank_simulate: vblank timer overrun
[  599.879446][    C1] vkms_vblank_simulate: vblank timer overrun
[  600.606032][    C1] vkms_vblank_simulate: vblank timer overrun
[  600.857356][ T9702] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  606.490429][   T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  606.493835][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  606.496544][   T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  606.499152][   T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  606.500011][   T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  608.735475][ T5842] Bluetooth: hci2: command tx timeout
[  610.486181][T10119] CIFS: Unable to determine destination address
[  610.781675][   T59] Bluetooth: hci2: command tx timeout
[  612.249520][ T5973] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  612.408267][ T5973] usb 3-1: Using ep0 maxpacket: 32
[  612.416920][ T5973] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  612.440098][ T5973] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  612.440124][ T5973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.440142][ T5973] usb 3-1: Product: syz
[  612.440168][ T5973] usb 3-1: Manufacturer: syz
[  612.440180][ T5973] usb 3-1: SerialNumber: syz
[  612.489050][ T5973] usb 3-1: config 0 descriptor??
[  612.512788][ T5973] quatech2 3-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected
[  612.735043][ T5973] usb 3-1: qt2_attach - failed to power on unit: -71
[  612.735236][ T5973] quatech2 3-1:0.0: probe with driver quatech2 failed with error -71
[  612.789600][ T5973] usb 3-1: USB disconnect, device number 4
[  612.859252][   T59] Bluetooth: hci2: command tx timeout
[  615.160673][   T59] Bluetooth: hci2: command tx timeout
[  616.295852][T10176] CIFS: Unable to determine destination address
[  616.873405][T10075] chnl_net:caif_netlink_parms(): no params data found
[  616.916084][ T9962] chnl_net:caif_netlink_parms(): no params data found
[  618.939235][T10212] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.1264'.
[  624.304023][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  624.304097][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  624.650113][T10236] CIFS: Unable to determine destination address
[  625.077197][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.077397][ T9962] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.077611][ T9962] bridge_slave_0: entered allmulticast mode
[  625.111211][ T9962] bridge_slave_0: entered promiscuous mode
[  625.280970][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state
[  625.281203][ T9962] bridge0: port 2(bridge_slave_1) entered disabled state
[  625.281433][ T9962] bridge_slave_1: entered allmulticast mode
[  625.321588][ T9962] bridge_slave_1: entered promiscuous mode
[  625.346649][T10075] bridge0: port 1(bridge_slave_0) entered blocking state
[  625.346786][T10075] bridge0: port 1(bridge_slave_0) entered disabled state
[  625.347018][T10075] bridge_slave_0: entered allmulticast mode
[  625.379615][T10075] bridge_slave_0: entered promiscuous mode
[  625.497493][T10075] bridge0: port 2(bridge_slave_1) entered blocking state
[  625.497863][T10075] bridge0: port 2(bridge_slave_1) entered disabled state
[  625.498299][T10075] bridge_slave_1: entered allmulticast mode
[  625.510387][T10075] bridge_slave_1: entered promiscuous mode
[  625.883705][ T9962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  626.109010][ T9962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  626.141775][T10075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  627.424746][T10075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  627.682967][T10263] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  627.716211][T10263] 9pnet_fd: p9_fd_create_tcp (10263): problem connecting socket to 127.0.0.1
[  628.864033][ T9962] team0: Port device team_slave_0 added
[  629.067492][ T9962] team0: Port device team_slave_1 added
[  629.081858][T10075] team0: Port device team_slave_0 added
[  629.138221][T10273] CIFS: Unable to determine destination address
[  630.215501][T10075] team0: Port device team_slave_1 added
[  630.559834][ T9962] batman_adv: batadv0: Adding interface: batadv_slave_0
[  630.559851][ T9962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  630.559874][ T9962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  630.726053][ T9962] batman_adv: batadv0: Adding interface: batadv_slave_1
[  630.726069][ T9962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  630.726091][ T9962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  631.046142][   T43] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.102920][T10075] batman_adv: batadv0: Adding interface: batadv_slave_0
[  631.102930][T10075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.102944][T10075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  631.168240][T10075] batman_adv: batadv0: Adding interface: batadv_slave_1
[  631.168251][T10075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  631.168264][T10075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  631.451296][   T43] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.186620][   T43] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.290438][ T9962] hsr_slave_0: entered promiscuous mode
[  634.301524][ T9962] hsr_slave_1: entered promiscuous mode
[  634.318844][ T9962] debugfs: 'hsr0' already exists in 'hsr'
[  634.318870][ T9962] Cannot create hsr debugfs directory
[  634.461018][ T5924] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  634.559016][T10075] hsr_slave_0: entered promiscuous mode
[  634.584003][T10075] hsr_slave_1: entered promiscuous mode
[  634.587291][T10075] debugfs: 'hsr0' already exists in 'hsr'
[  634.587317][T10075] Cannot create hsr debugfs directory
[  634.638890][ T5924] usb 6-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  634.638934][ T5924] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.638967][ T5924] usb 6-1: Product: syz
[  634.639002][ T5924] usb 6-1: Manufacturer: syz
[  634.639015][ T5924] usb 6-1: SerialNumber: syz
[  634.706110][ T5924] usb 6-1: config 0 descriptor??
[  634.726583][ T5924] gspca_main: sq930x-2.14.0 probing 2770:930c
[  635.092210][   T43] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  635.233559][ T5924] gspca_sq930x: reg_r 001f failed -110
[  635.233655][ T5924] sq930x 6-1:0.0: probe with driver sq930x failed with error -110
[  636.391720][ T1239] usb 6-1: USB disconnect, device number 3
[  637.237198][T10328] input: syz1 as /devices/virtual/input/input10
[  637.972457][T10330] CIFS: Unable to determine destination address
[  639.715635][   T43] bridge_slave_1: left allmulticast mode
[  639.715670][   T43] bridge_slave_1: left promiscuous mode
[  639.715934][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.032002][   T43] bridge_slave_0: left allmulticast mode
[  640.032023][   T43] bridge_slave_0: left promiscuous mode
[  640.032198][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.194366][   T43] bridge_slave_1: left allmulticast mode
[  640.194404][   T43] bridge_slave_1: left promiscuous mode
[  640.194673][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.420040][   T43] bridge_slave_0: left allmulticast mode
[  640.420073][   T43] bridge_slave_0: left promiscuous mode
[  640.420326][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.541884][   T43] bridge_slave_1: left allmulticast mode
[  640.541918][   T43] bridge_slave_1: left promiscuous mode
[  640.542172][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  640.639134][   T43] bridge_slave_0: left allmulticast mode
[  640.639165][   T43] bridge_slave_0: left promiscuous mode
[  640.639418][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  641.588800][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  641.698605][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  641.941749][   T43] bond0 (unregistering): Released all slaves
[  643.427928][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  643.488512][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  643.551138][   T43] bond0 (unregistering): Released all slaves
[  645.923968][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  645.965729][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  645.975327][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  645.991842][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  645.992722][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  646.237124][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  646.320910][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  646.339136][   T43] bond0 (unregistering): Released all slaves
[  647.471317][T10428] CIFS: Unable to determine destination address
[  648.050469][   T59] Bluetooth: hci3: command tx timeout
[  650.124998][   T59] Bluetooth: hci3: command tx timeout
[  650.214961][ T1239] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  650.426387][ T1239] usb 3-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64
[  650.426415][ T1239] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.426432][ T1239] usb 3-1: Product: syz
[  650.426444][ T1239] usb 3-1: Manufacturer: syz
[  650.426456][ T1239] usb 3-1: SerialNumber: syz
[  650.432088][T10449] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  650.488147][T10450] 9pnet_fd: p9_fd_create_tcp (10450): problem connecting socket to 127.0.0.1
[  650.524435][ T1239] usb 3-1: config 0 descriptor??
[  650.539352][ T1239] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state.
[  650.539405][ T1239] pctv452e: pctv452e_power_ctrl: 1
[  650.539405][ T1239] 
[  650.539444][ T1239] usb 3-1: selecting invalid altsetting 3
[  650.539461][ T1239] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22
[  650.539461][ T1239] 
[  650.539475][ T1239] dvb-usb: bulk message failed: -22 (5/0)
[  650.607464][ T1239] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  650.650332][ T1239] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19)
[  651.186074][    T9] usb 3-1: USB disconnect, device number 5
[  652.204344][   T59] Bluetooth: hci3: command tx timeout
[  652.218237][T10075] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  652.386485][T10075] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  652.505731][T10075] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  652.755072][T10075] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  653.023867][   T43] hsr_slave_0: left promiscuous mode
[  653.043948][   T43] hsr_slave_1: left promiscuous mode
[  653.044872][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.098580][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.293663][   T43] hsr_slave_0: left promiscuous mode
[  653.337214][   T43] hsr_slave_1: left promiscuous mode
[  653.338136][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  653.338163][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  653.386105][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  653.386132][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  653.530591][   T43] veth1_macvtap: left promiscuous mode
[  653.530714][   T43] veth0_macvtap: left promiscuous mode
[  653.531017][   T43] veth1_vlan: left promiscuous mode
[  653.531223][   T43] veth0_vlan: left promiscuous mode
[  654.446043][   T59] Bluetooth: hci3: command tx timeout
[  655.813741][T10490] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1315'.
[  656.944811][T10499] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  657.035082][T10499] 9pnet_fd: p9_fd_create_tcp (10499): problem connecting socket to 127.0.0.1
[  658.494236][   T43] team0 (unregistering): Port device team_slave_1 removed
[  658.644692][   T43] team0 (unregistering): Port device team_slave_0 removed
[  662.437280][T10527] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1325'.
[  664.940362][   T43] team0 (unregistering): Port device team_slave_1 removed
[  665.310192][   T43] team0 (unregistering): Port device team_slave_0 removed
[  666.832831][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  666.874922][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  666.877431][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  666.893922][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  666.930632][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  667.950760][T10075] kthread_run failed with err -4
[  668.585029][T10416] chnl_net:caif_netlink_parms(): no params data found
[  669.014783][ T5842] Bluetooth: hci4: command tx timeout
[  671.114620][ T5842] Bluetooth: hci4: command tx timeout
[  671.650205][T10416] bridge0: port 1(bridge_slave_0) entered blocking state
[  671.650351][T10416] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.650580][T10416] bridge_slave_0: entered allmulticast mode
[  671.655830][T10416] bridge_slave_0: entered promiscuous mode
[  671.722098][T10416] bridge0: port 2(bridge_slave_1) entered blocking state
[  671.722262][T10416] bridge0: port 2(bridge_slave_1) entered disabled state
[  671.722678][T10416] bridge_slave_1: entered allmulticast mode
[  672.029772][T10416] bridge_slave_1: entered promiscuous mode
[  673.156730][ T5842] Bluetooth: hci4: command tx timeout
[  673.597453][T10416] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  673.694286][T10416] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  674.419336][T10598] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1339'.
[  675.238253][ T5842] Bluetooth: hci4: command tx timeout
[  675.647646][T10416] team0: Port device team_slave_0 added
[  675.709948][T10416] team0: Port device team_slave_1 added
[  676.309284][T10416] batman_adv: batadv0: Adding interface: batadv_slave_0
[  676.309302][T10416] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  676.309327][T10416] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  676.364248][T10546] chnl_net:caif_netlink_parms(): no params data found
[  676.393997][T10416] batman_adv: batadv0: Adding interface: batadv_slave_1
[  676.394014][T10416] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  676.394038][T10416] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  679.325426][T10416] hsr_slave_0: entered promiscuous mode
[  679.326905][T10416] hsr_slave_1: entered promiscuous mode
[  680.465201][T10546] bridge0: port 1(bridge_slave_0) entered blocking state
[  680.465366][T10546] bridge0: port 1(bridge_slave_0) entered disabled state
[  680.465607][T10546] bridge_slave_0: entered allmulticast mode
[  680.468326][T10546] bridge_slave_0: entered promiscuous mode
[  680.617101][T10546] bridge0: port 2(bridge_slave_1) entered blocking state
[  680.617257][T10546] bridge0: port 2(bridge_slave_1) entered disabled state
[  680.617479][T10546] bridge_slave_1: entered allmulticast mode
[  680.620429][T10546] bridge_slave_1: entered promiscuous mode
[  681.149069][T10546] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  681.190330][T10546] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  682.839383][T10546] team0: Port device team_slave_0 added
[  682.884964][T10546] team0: Port device team_slave_1 added
[  684.006514][T10546] batman_adv: batadv0: Adding interface: batadv_slave_0
[  684.006530][T10546] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  684.006554][T10546] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  684.594053][T10546] batman_adv: batadv0: Adding interface: batadv_slave_1
[  684.594069][T10546] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  684.594095][T10546] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  684.603639][T10688] CIFS: Unable to determine destination address
[  684.719498][T10675] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  684.719523][T10675] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  684.909025][T10675] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  684.909047][T10675] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  685.865969][    C0] vkms_vblank_simulate: vblank timer overrun
[  685.977985][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  685.978062][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  687.113029][    C0] vkms_vblank_simulate: vblank timer overrun
[  688.201706][    C0] vkms_vblank_simulate: vblank timer overrun
[  688.452753][    C0] vkms_vblank_simulate: vblank timer overrun
[  689.112591][    C0] vkms_vblank_simulate: vblank timer overrun
[  689.249821][    C0] vkms_vblank_simulate: vblank timer overrun
[  689.656616][T10546] hsr_slave_0: entered promiscuous mode
[  689.727245][T10546] hsr_slave_1: entered promiscuous mode
[  689.734856][T10546] debugfs: 'hsr0' already exists in 'hsr'
[  689.734884][T10546] Cannot create hsr debugfs directory
[  691.602196][T10745] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  691.699641][T10746] 9pnet_fd: p9_fd_create_tcp (10746): problem connecting socket to 127.0.0.1
[  693.762037][T10416] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  694.111559][T10416] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  694.291911][T10416] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  694.728067][T10416] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  694.804307][   T57] bridge_slave_1: left allmulticast mode
[  694.804350][   T57] bridge_slave_1: left promiscuous mode
[  694.804625][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  694.880581][   T57] bridge_slave_0: left allmulticast mode
[  694.880613][   T57] bridge_slave_0: left promiscuous mode
[  694.883823][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  694.969041][   T57] bridge_slave_1: left allmulticast mode
[  694.969072][   T57] bridge_slave_1: left promiscuous mode
[  694.969316][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  695.040629][   T57] bridge_slave_0: left allmulticast mode
[  695.040664][   T57] bridge_slave_0: left promiscuous mode
[  695.040913][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  695.476031][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  695.552025][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  695.637191][   T57] bond0 (unregistering): Released all slaves
[  695.889322][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  695.952187][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  696.026170][   T57] bond0 (unregistering): Released all slaves
[  696.773270][   T57] hsr_slave_0: left promiscuous mode
[  696.821342][   T57] hsr_slave_1: left promiscuous mode
[  696.822293][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.869768][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  697.008260][   T57] hsr_slave_0: left promiscuous mode
[  697.028459][   T57] hsr_slave_1: left promiscuous mode
[  697.029348][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  697.101309][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  698.111418][    C0] vkms_vblank_simulate: vblank timer overrun
[  698.462269][    C0] vkms_vblank_simulate: vblank timer overrun
[  698.916444][    C0] vkms_vblank_simulate: vblank timer overrun
[  699.055998][    C0] vkms_vblank_simulate: vblank timer overrun
[  699.519815][   T57] team0 (unregistering): Port device team_slave_1 removed
[  699.628230][   T57] team0 (unregistering): Port device team_slave_0 removed
[  700.847052][   T57] team0 (unregistering): Port device team_slave_1 removed
[  700.979553][   T57] team0 (unregistering): Port device team_slave_0 removed
[  701.188331][    C0] vkms_vblank_simulate: vblank timer overrun
[  703.175726][T10416] 8021q: adding VLAN 0 to HW filter on device bond0
[  703.278657][T10416] 8021q: adding VLAN 0 to HW filter on device team0
[  703.396017][ T1170] bridge0: port 1(bridge_slave_0) entered blocking state
[  703.396163][ T1170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  703.578839][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.623520][ T1170] bridge0: port 2(bridge_slave_1) entered blocking state
[  703.623676][ T1170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  704.249302][    C1] vkms_vblank_simulate: vblank timer overrun
[  704.421945][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.165581][T10546] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  705.303514][T10546] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  705.377009][T10546] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  705.472780][T10546] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  705.901367][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.470465][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.648287][    C1] vkms_vblank_simulate: vblank timer overrun
[  706.941826][    C1] vkms_vblank_simulate: vblank timer overrun
[  707.439267][    C1] vkms_vblank_simulate: vblank timer overrun
[  707.518359][   T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  707.566529][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  707.567785][   T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  707.569150][   T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  707.576532][   T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  707.642920][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  707.643351][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  707.643753][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  707.667930][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  707.668810][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  707.752322][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.016805][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.294540][ T1239] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  708.449237][ T1239] usb 3-1: Using ep0 maxpacket: 8
[  708.867715][ T1239] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  708.867742][ T1239] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.146595][ T1239] pvrusb2: Hardware description: Terratec Grabster AV400
[  709.146612][ T1239] pvrusb2: **********
[  709.146619][ T1239] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  709.146629][ T1239] pvrusb2: Important functionality might not be entirely working.
[  709.146637][ T1239] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  709.146648][ T1239] pvrusb2: **********
[  709.221607][T10901] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1411'.
[  709.267394][ T2372] pvrusb2: Invalid write control endpoint
[  709.487761][T10904] 9pnet_fd: Insufficient options for proto=fd
[  709.498748][T10893] pvrusb2: Invalid write control endpoint
[  709.627075][ T2372] pvrusb2: Invalid write control endpoint
[  709.631635][ T2372] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  709.631647][ T2372] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  709.631655][ T2372] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  709.631664][ T2372] pvrusb2: Device being rendered inoperable
[  709.649831][ T2372] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  709.649892][ T2372] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  709.704334][ T5842] Bluetooth: hci2: command tx timeout
[  709.763196][ T2372] pvrusb2: Attached sub-driver cx25840
[  709.763212][ T2372] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  709.763221][ T2372] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  711.080865][    T9] usb 3-1: USB disconnect, device number 6
[  711.802015][ T5842] Bluetooth: hci2: command tx timeout
[  712.260762][T10939] 9pnet_fd: p9_fd_create_tcp (10939): problem connecting socket to 127.0.0.1
[  713.121612][T10546] 8021q: adding VLAN 0 to HW filter on device bond0
[  713.914000][ T5842] Bluetooth: hci2: command tx timeout
[  714.108384][T10885] chnl_net:caif_netlink_parms(): no params data found
[  714.370247][T10546] 8021q: adding VLAN 0 to HW filter on device team0
[  714.972260][T10033] bridge0: port 1(bridge_slave_0) entered blocking state
[  714.972402][T10033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  716.195906][ T5842] Bluetooth: hci2: command tx timeout
[  716.634851][ T6495] bridge0: port 2(bridge_slave_1) entered blocking state
[  716.637232][ T6495] bridge0: port 2(bridge_slave_1) entered forwarding state
[  717.290609][T10885] bridge0: port 1(bridge_slave_0) entered blocking state
[  717.312408][T10885] bridge0: port 1(bridge_slave_0) entered disabled state
[  717.312648][T10885] bridge_slave_0: entered allmulticast mode
[  717.315326][T10885] bridge_slave_0: entered promiscuous mode
[  717.446321][T10885] bridge0: port 2(bridge_slave_1) entered blocking state
[  717.446472][T10885] bridge0: port 2(bridge_slave_1) entered disabled state
[  717.446705][T10885] bridge_slave_1: entered allmulticast mode
[  717.449417][T10885] bridge_slave_1: entered promiscuous mode
[  718.788558][T10999] 9pnet_fd: Insufficient options for proto=fd
[  719.063998][T10885] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  719.107200][T10885] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  719.727560][   T57] bridge_slave_1: left allmulticast mode
[  719.727593][   T57] bridge_slave_1: left promiscuous mode
[  719.727838][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  719.794201][   T57] bridge_slave_0: left allmulticast mode
[  719.794233][   T57] bridge_slave_0: left promiscuous mode
[  719.795246][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  723.740537][T11031] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1438'.
[  723.860994][T11032] netlink: 5 bytes leftover after parsing attributes in process `syz.0.1438'.
[  724.887502][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  724.950734][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  724.988145][   T57] bond0 (unregistering): Released all slaves
[  725.094230][T10885] team0: Port device team_slave_0 added
[  725.204529][T11031] gretap0: entered promiscuous mode
[  725.279061][T11032] 0{X功: renamed from gretap0
[  725.500164][T11032] 0{X功: left promiscuous mode
[  725.500182][T11032] 0{X功: entered allmulticast mode
[  725.502139][T11032] A link change request failed with some changes committed already. Interface 
30{X功 may have been left with an inconsistent configuration, please check.
[  725.513673][T10885] team0: Port device team_slave_1 added
[  726.580252][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.104737][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.159573][T10885] batman_adv: batadv0: Adding interface: batadv_slave_0
[  727.159590][T10885] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  727.159613][T10885] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  727.216474][T11051] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.1444'.
[  727.540442][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.936507][   T59] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  727.961185][   T59] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  727.979357][   T59] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  727.980821][   T59] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  727.980981][   T57] hsr_slave_0: left promiscuous mode
[  727.982062][   T59] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  728.069477][   T57] hsr_slave_1: left promiscuous mode
[  728.084860][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  728.093776][T11057] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  728.093800][T11057] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  728.133232][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  728.257446][T11057] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  728.257557][T11057] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  728.273815][T11070] 9pnet_fd: Insufficient options for proto=fd
[  728.940676][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.172113][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.243709][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.351400][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.519154][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.631973][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.684975][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.918007][   T57] team0 (unregistering): Port device team_slave_1 removed
[  729.937999][    C0] vkms_vblank_simulate: vblank timer overrun
[  730.039098][    C0] vkms_vblank_simulate: vblank timer overrun
[  730.832937][   T57] team0 (unregistering): Port device team_slave_0 removed
[  730.853817][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.473932][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.806571][    C0] vkms_vblank_simulate: vblank timer overrun
[  732.089263][    C0] vkms_vblank_simulate: vblank timer overrun
[  732.660685][    C0] vkms_vblank_simulate: vblank timer overrun
[  733.108532][    C0] vkms_vblank_simulate: vblank timer overrun
[  733.693242][T11095] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1454'.
[  734.357906][T10885] batman_adv: batadv0: Adding interface: batadv_slave_1
[  734.357923][T10885] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  734.357946][T10885] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  735.084583][T10885] hsr_slave_0: entered promiscuous mode
[  735.116413][T10885] hsr_slave_1: entered promiscuous mode
[  738.377788][T11135] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1467'.
[  741.287256][T11056] chnl_net:caif_netlink_parms(): no params data found
[  746.727845][T11056] bridge0: port 1(bridge_slave_0) entered blocking state
[  746.727988][T11056] bridge0: port 1(bridge_slave_0) entered disabled state
[  746.728191][T11056] bridge_slave_0: entered allmulticast mode
[  746.752245][T11056] bridge_slave_0: entered promiscuous mode
[  746.858898][T11056] bridge0: port 2(bridge_slave_1) entered blocking state
[  746.859039][T11056] bridge0: port 2(bridge_slave_1) entered disabled state
[  746.859247][T11056] bridge_slave_1: entered allmulticast mode
[  746.868810][T11056] bridge_slave_1: entered promiscuous mode
[  746.899188][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  746.899290][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  747.465900][T11056] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  747.565247][T11056] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  750.865687][   T57] bridge_slave_1: left allmulticast mode
[  750.868850][   T57] bridge_slave_1: left promiscuous mode
[  750.869127][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  751.134143][   T57] bridge_slave_0: left allmulticast mode
[  751.134176][   T57] bridge_slave_0: left promiscuous mode
[  751.134491][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  758.212045][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  758.275314][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  758.327112][   T57] bond0 (unregistering): Released all slaves
[  758.381082][T11056] team0: Port device team_slave_0 added
[  758.487517][T10885] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  758.543192][T11056] team0: Port device team_slave_1 added
[  758.548736][T10885] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  759.826693][T10885] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  760.039311][T10885] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  760.124975][T11056] batman_adv: batadv0: Adding interface: batadv_slave_0
[  760.124991][T11056] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  760.125014][T11056] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  760.352476][   T57] hsr_slave_0: left promiscuous mode
[  760.428247][   T57] hsr_slave_1: left promiscuous mode
[  760.429142][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  760.478847][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  761.738102][T11306] capability: warning: `syz.5.1510' uses 32-bit capabilities (legacy support in use)
[  762.065598][T11315] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  762.121589][T11315] 9pnet_fd: p9_fd_create_tcp (11315): problem connecting socket to 127.0.0.1
[  765.657391][   T57] team0 (unregistering): Port device team_slave_1 removed
[  765.946021][   T57] team0 (unregistering): Port device team_slave_0 removed
[  766.387120][   T59] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  766.396494][   T59] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  766.406966][   T59] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  766.446955][   T59] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  766.488763][   T59] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  766.536474][ T5842] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  766.540012][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  766.542320][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  766.565539][ T5842] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  766.576544][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  768.645932][ T5842] Bluetooth: hci4: command tx timeout
[  769.277732][T11365] 9pnet_fd: p9_fd_create_tcp (11365): problem connecting socket to 127.0.0.1
[  770.735666][ T5842] Bluetooth: hci4: command tx timeout
[  770.738796][T10885] kthread_run failed with err -4
[  770.755240][T11056] batman_adv: batadv0: Adding interface: batadv_slave_1
[  770.755257][T11056] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  770.755280][T11056] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  772.681370][T11056] hsr_slave_0: entered promiscuous mode
[  772.690926][T11056] hsr_slave_1: entered promiscuous mode
[  772.693632][T11056] debugfs: 'hsr0' already exists in 'hsr'
[  772.693655][T11056] Cannot create hsr debugfs directory
[  772.806154][ T5842] Bluetooth: hci4: command tx timeout
[  774.884161][ T5842] Bluetooth: hci4: command tx timeout
[  776.378482][T11413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  776.412264][T11413] 9pnet_fd: p9_fd_create_tcp (11413): problem connecting socket to 127.0.0.1
[  780.374871][T11440] 0{X功: left allmulticast mode
[  780.479346][T11440] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  783.135578][T11472] comedi comedi4: bad chanlist[1]=0x74656e2f chan=28207 range length=2
[  785.361198][T11341] chnl_net:caif_netlink_parms(): no params data found
[  788.991138][T11529] 9pnet_fd: Insufficient options for proto=fd
[  789.763588][   T59] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  789.779022][   T59] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  790.477391][   T59] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  790.497683][   T59] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  790.508297][   T59] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  792.163864][T11341] bridge0: port 1(bridge_slave_0) entered blocking state
[  792.164004][T11341] bridge0: port 1(bridge_slave_0) entered disabled state
[  792.164234][T11341] bridge_slave_0: entered allmulticast mode
[  792.166980][T11341] bridge_slave_0: entered promiscuous mode
[  792.485256][T11341] bridge0: port 2(bridge_slave_1) entered blocking state
[  792.485400][T11341] bridge0: port 2(bridge_slave_1) entered disabled state
[  792.485645][T11341] bridge_slave_1: entered allmulticast mode
[  792.488398][T11341] bridge_slave_1: entered promiscuous mode
[  792.639201][   T59] Bluetooth: hci2: command tx timeout
[  794.718412][   T59] Bluetooth: hci2: command tx timeout
[  795.476647][T11341] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  795.541427][T11341] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  795.825111][T11605] 9pnet_fd: Insufficient options for proto=fd
[  796.227329][T11341] team0: Port device team_slave_0 added
[  796.261448][T11341] team0: Port device team_slave_1 added
[  796.298399][   T57] bridge_slave_1: left allmulticast mode
[  796.298431][   T57] bridge_slave_1: left promiscuous mode
[  796.298648][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  796.378757][   T57] bridge_slave_0: left allmulticast mode
[  796.378780][   T57] bridge_slave_0: left promiscuous mode
[  796.381013][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  796.797486][   T59] Bluetooth: hci2: command tx timeout
[  797.180770][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  798.270571][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  798.362832][   T57] bond0 (unregistering): Released all slaves
[  798.879252][   T59] Bluetooth: hci2: command tx timeout
[  799.092034][T11631] 9pnet_fd: p9_fd_create_tcp (11631): problem connecting socket to 127.0.0.1
[  799.174903][T11341] batman_adv: batadv0: Adding interface: batadv_slave_0
[  799.174919][T11341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  799.174944][T11341] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  799.976742][   T57] hsr_slave_0: left promiscuous mode
[  800.412358][   T57] hsr_slave_1: left promiscuous mode
[  800.413291][   T57] batman_adv: batadv0: Removing interface: batadv_slave_0
[  800.487401][   T57] batman_adv: batadv0: Removing interface: batadv_slave_1
[  802.465071][T11656] 9pnet_fd: Insufficient options for proto=fd
[  803.030294][   T57] team0 (unregistering): Port device team_slave_1 removed
[  803.320451][   T57] team0 (unregistering): Port device team_slave_0 removed
[  803.685087][T11666] evm: overlay not supported
[  804.943334][T11341] batman_adv: batadv0: Adding interface: batadv_slave_1
[  804.943349][T11341] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  804.943382][T11341] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  805.283655][T11679] erofs (device nbd0): cannot find valid erofs superblock
[  805.846295][T11341] hsr_slave_0: entered promiscuous mode
[  805.847725][T11341] hsr_slave_1: entered promiscuous mode
[  805.987167][T11686] 
[  805.987180][T11686] ======================================================
[  805.987188][T11686] WARNING: possible circular locking dependency detected
[  805.987201][T11686] syzkaller #0 Not tainted
[  805.987211][T11686] ------------------------------------------------------
[  805.987219][T11686] syz.2.1590/11686 is trying to acquire lock:
[  805.987230][T11686] ffff8880b8823d90 ((softirq_ctrl.lock)){+.+.}-{3:3}, at: __local_bh_disable_ip+0x264/0x400
[  805.987290][T11686] 
[  805.987290][T11686] but task is already holding lock:
[  805.987296][T11686] ffffffff8efa6548 (smc_v4_hashinfo.lock){++.+}-{3:3}, at: smc_diag_dump_proto+0x174/0x1fb0
[  805.987340][T11686] 
[  805.987340][T11686] which lock already depends on the new lock.
[  805.987340][T11686] 
[  805.987346][T11686] 
[  805.987346][T11686] the existing dependency chain (in reverse order) is:
[  805.987353][T11686] 
[  805.987353][T11686] -> #1 (smc_v4_hashinfo.lock){++.+}-{3:3}:
[  805.987378][T11686]        lock_acquire+0x120/0x360
[  805.987399][T11686]        rt_write_lock+0x6a/0x110
[  805.987415][T11686]        smc_hash_sk+0x8f/0x2a0
[  805.987431][T11686]        smc_sk_init+0x5a1/0x7f0
[  805.987447][T11686]        __smc_create+0x10d/0x280
[  805.987467][T11686]        __sock_create+0x4b3/0x9f0
[  805.987483][T11686]        __sys_socket+0xd7/0x1b0
[  805.987499][T11686]        __x64_sys_socket+0x7a/0x90
[  805.987516][T11686]        do_syscall_64+0xfa/0x3b0
[  805.987535][T11686]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.987552][T11686] 
[  805.987552][T11686] -> #0 ((softirq_ctrl.lock)){+.+.}-{3:3}:
[  805.987576][T11686]        validate_chain+0xb9b/0x2140
[  805.987597][T11686]        __lock_acquire+0xab9/0xd20
[  805.987616][T11686]        reacquire_held_locks+0x127/0x1d0
[  805.987638][T11686]        lock_release+0x1b4/0x3e0
[  805.987656][T11686]        __local_bh_enable_ip+0x10c/0x270
[  805.987675][T11686]        sock_i_ino+0xa9/0xc0
[  805.987695][T11686]        smc_diag_dump_proto+0xa4c/0x1fb0
[  805.987712][T11686]        smc_diag_dump+0x27/0xa0
[  805.987728][T11686]        netlink_dump+0x6e4/0xe90
[  805.987745][T11686]        __netlink_dump_start+0x5cb/0x7e0
[  805.987762][T11686]        smc_diag_handler_dump+0x178/0x210
[  805.987779][T11686]        sock_diag_rcv_msg+0x4c9/0x600
[  805.987796][T11686]        netlink_rcv_skb+0x205/0x470
[  805.987812][T11686]        netlink_unicast+0x843/0xa10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  805.987827][T11686]        netlink_sendmsg+0x805/0xb30
[  805.987846][T11686]        __sock_sendmsg+0x219/0x270
[  805.987861][T11686]        ____sys_sendmsg+0x508/0x820
[  805.987880][T11686]        ___sys_sendmsg+0x21f/0x2a0
[  805.987900][T11686]        __x64_sys_sendmsg+0x1a1/0x260
[  805.987921][T11686]        do_syscall_64+0xfa/0x3b0
[  805.987940][T11686]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.987956][T11686] 
[  805.987956][T11686] other info that might help us debug this:
[  805.987956][T11686] 
[  805.987962][T11686]  Possible unsafe locking scenario:
[  805.987962][T11686] 
[  805.987968][T11686]        CPU0                    CPU1
[  805.987974][T11686]        ----                    ----
[  805.987980][T11686]   rlock(smc_v4_hashinfo.lock);
[  805.987993][T11686]                                lock((softirq_ctrl.lock));
[  805.988005][T11686]                                lock(smc_v4_hashinfo.lock);
[  805.988019][T11686]   lock((softirq_ctrl.lock));
[  805.988031][T11686] 
[  805.988031][T11686]  *** DEADLOCK ***
[  805.988031][T11686] 
[  805.988036][T11686] 3 locks held by syz.2.1590/11686:
[  805.988047][T11686]  #0: ffff88806b366908 (nlk_cb_mutex-SOCK_DIAG){+.+.}-{4:4}, at: __netlink_dump_start+0xfe/0x7e0
[  805.988090][T11686]  #1: ffffffff8efa6548 (smc_v4_hashinfo.lock){++.+}-{3:3}, at: smc_diag_dump_proto+0x174/0x1fb0
[  805.988133][T11686]  #2: ffffffff8d9a8b80 (rcu_read_lock){....}-{1:3}, at: rt_read_lock+0x1f8/0x360
[  805.988174][T11686] 
[  805.988174][T11686] stack backtrace:
[  805.988186][T11686] CPU: 0 UID: 0 PID: 11686 Comm: syz.2.1590 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  805.988206][T11686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  805.988218][T11686] Call Trace:
[  805.988225][T11686]  <TASK>
[  805.988233][T11686]  dump_stack_lvl+0x189/0x250
[  805.988277][T11686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  805.988301][T11686]  ? __pfx__printk+0x10/0x10
[  805.988320][T11686]  ? print_lock_name+0xde/0x100
[  805.988340][T11686]  print_circular_bug+0x2ee/0x310
[  805.988359][T11686]  check_noncircular+0x134/0x160
[  805.988387][T11686]  validate_chain+0xb9b/0x2140
[  805.988413][T11686]  ? rcu_is_watching+0x15/0xb0
[  805.988437][T11686]  ? trace_irq_disable+0x37/0x110
[  805.988456][T11686]  ? preempt_schedule_irq+0xde/0x150
[  805.988476][T11686]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  805.988501][T11686]  __lock_acquire+0xab9/0xd20
[  805.988526][T11686]  reacquire_held_locks+0x127/0x1d0
[  805.988549][T11686]  ? __local_bh_disable_ip+0x264/0x400
[  805.988572][T11686]  lock_release+0x1b4/0x3e0
[  805.988593][T11686]  ? __local_bh_enable_ip+0x100/0x270
[  805.988615][T11686]  __local_bh_enable_ip+0x10c/0x270
[  805.988636][T11686]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  805.988659][T11686]  ? rt_read_unlock+0x65/0xa0
[  805.988677][T11686]  ? sock_i_ino+0x24/0xc0
[  805.988700][T11686]  sock_i_ino+0xa9/0xc0
[  805.988723][T11686]  smc_diag_dump_proto+0xa4c/0x1fb0
[  805.988752][T11686]  ? __pfx_smc_diag_dump_proto+0x10/0x10
[  805.988772][T11686]  ? irqentry_exit+0x74/0x90
[  805.988793][T11686]  ? lockdep_hardirqs_on+0x9c/0x150
[  805.988818][T11686]  ? __phys_addr+0xd3/0x180
[  805.988841][T11686]  ? __kasan_kmalloc_large+0x85/0xa0
[  805.988864][T11686]  ? rcu_is_watching+0x15/0xb0
[  805.988888][T11686]  ? rcu_is_watching+0x15/0xb0
[  805.988912][T11686]  ? trace_kmalloc+0x1f/0xd0
[  805.988931][T11686]  ? __kmalloc_node_track_caller_noprof+0x213/0x450
[  805.988957][T11686]  ? __build_skb_around+0x257/0x3e0
[  805.988981][T11686]  smc_diag_dump+0x27/0xa0
[  805.988998][T11686]  netlink_dump+0x6e4/0xe90
[  805.989018][T11686]  ? __pfx_netlink_dump+0x10/0x10
[  805.989035][T11686]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  805.989058][T11686]  ? lockdep_hardirqs_on+0x9c/0x150
[  805.989088][T11686]  __netlink_dump_start+0x5cb/0x7e0
[  805.989111][T11686]  smc_diag_handler_dump+0x178/0x210
[  805.989132][T11686]  ? __pfx_smc_diag_handler_dump+0x10/0x10
[  805.989152][T11686]  ? __pfx_smc_diag_dump+0x10/0x10
[  805.989174][T11686]  ? __rcu_read_unlock+0x84/0xe0
[  805.989197][T11686]  sock_diag_rcv_msg+0x4c9/0x600
[  805.989217][T11686]  netlink_rcv_skb+0x205/0x470
[  805.989236][T11686]  ? rcu_is_watching+0x15/0xb0
[  805.989266][T11686]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  805.989286][T11686]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  805.989311][T11686]  ? netlink_deliver_tap+0x2e/0x1b0
[  805.989335][T11686]  netlink_unicast+0x843/0xa10
[  805.989357][T11686]  ? __pfx_netlink_unicast+0x10/0x10
[  805.989376][T11686]  ? netlink_sendmsg+0x642/0xb30
[  805.989395][T11686]  ? skb_put+0x11b/0x210
[  805.989418][T11686]  netlink_sendmsg+0x805/0xb30
[  805.989438][T11686]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  805.989465][T11686]  ? __pfx_netlink_sendmsg+0x10/0x10
[  805.989488][T11686]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  805.989505][T11686]  ? __pfx_netlink_sendmsg+0x10/0x10
[  805.989525][T11686]  __sock_sendmsg+0x219/0x270
[  805.989545][T11686]  ____sys_sendmsg+0x508/0x820
[  805.989569][T11686]  ? __pfx_____sys_sendmsg+0x10/0x10
[  805.989595][T11686]  ? import_iovec+0x74/0xa0
[  805.989615][T11686]  ___sys_sendmsg+0x21f/0x2a0
[  805.989638][T11686]  ? __pfx____sys_sendmsg+0x10/0x10
[  805.989675][T11686]  ? __fget_files+0x2a/0x420
[  805.989697][T11686]  ? __fget_files+0x3a6/0x420
[  805.989723][T11686]  __x64_sys_sendmsg+0x1a1/0x260
[  805.989746][T11686]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  805.989774][T11686]  ? rcu_is_watching+0x15/0xb0
[  805.989799][T11686]  ? do_syscall_64+0xbe/0x3b0
[  805.989822][T11686]  do_syscall_64+0xfa/0x3b0
[  805.989843][T11686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.989860][T11686]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  805.989877][T11686]  ? clear_bhb_loop+0x60/0xb0
[  805.989896][T11686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  805.989914][T11686] RIP: 0033:0x7efe005cebe9
[  805.989930][T11686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  805.989946][T11686] RSP: 002b:00007efdfe7f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  805.989965][T11686] RAX: ffffffffffffffda RBX: 00007efe007f6180 RCX: 00007efe005cebe9
[  805.989979][T11686] RDX: 0000000000000600 RSI: 0000200000000540 RDI: 0000000000000006
[  805.989991][T11686] RBP: 00007efe00651e19 R08: 0000000000000000 R09: 0000000000000000
[  805.990003][T11686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  805.990015][T11686] R13: 00007efe007f6218 R14: 00007efe007f6180 R15: 00007ffde9597d38
[  805.990036][T11686]  </TASK>
[  808.316135][ T1325] ieee802154 phy0 wpan0: encryption failed: -22
[  808.316167][ T1325] ieee802154 phy1 wpan1: encryption failed: -22
[  809.495909][   T57] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.730929][   T57] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  809.980776][   T57] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.215810][   T57] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.517633][   T57] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.765840][   T57] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  810.989447][   T57] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  811.250067][   T57] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  811.596993][   T57] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  811.826968][   T57] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.024902][   T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.255899][   T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  812.486446][   T57] bridge_slave_1: left allmulticast mode
[  812.486472][   T57] bridge_slave_1: left promiscuous mode
[  812.486629][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.543597][   T57] bridge_slave_0: left allmulticast mode
[  812.543631][   T57] bridge_slave_0: left promiscuous mode
[  812.543744][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.653419][   T57] bridge_slave_1: left allmulticast mode
[  812.653445][   T57] bridge_slave_1: left promiscuous mode
[  812.653609][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.723670][   T57] bridge_slave_0: left allmulticast mode
[  812.723688][   T57] bridge_slave_0: left promiscuous mode
[  812.723793][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.795899][   T57] bridge_slave_1: left allmulticast mode
[  812.795925][   T57] bridge_slave_1: left promiscuous mode
[  812.796077][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  812.863547][   T57] bridge_slave_0: left allmulticast mode
[  812.863586][   T57] bridge_slave_0: left promiscuous mode
[  812.863691][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  812.934644][   T57] bridge_slave_1: left allmulticast mode
[  812.934663][   T57] bridge_slave_1: left promiscuous mode
[  812.934758][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.005655][   T57] bridge_slave_0: left allmulticast mode
[  813.005674][   T57] bridge_slave_0: left promiscuous mode
[  813.005778][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  813.083269][   T57] bridge_slave_1: left allmulticast mode
[  813.083294][   T57] bridge_slave_1: left promiscuous mode
[  813.083439][   T57] bridge0: port 2(bridge_slave_1) entered disabled state
[  813.153754][   T57] bridge_slave_0: left allmulticast mode
[  813.153780][   T57] bridge_slave_0: left promiscuous mode
[  813.153932][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.903019][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  814.964943][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  814.984314][   T57] bond0 (unregistering): Released all slaves
[  815.172953][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  815.255670][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  815.315660][   T57] bond0 (unregistering): Released all slaves