last executing test programs:

15m46.304748305s ago: executing program 3 (id=1393):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r4, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x1c)
syz_usbip_server_init(0x1)

15m38.677504123s ago: executing program 3 (id=1397):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x10000000, 0x1c6a8b68, 0x6})

15m36.672039114s ago: executing program 3 (id=1401):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000047000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a876d839240d29c035055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7e8dc34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bb44b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334583239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bf4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc508afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd360000000000000000ae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c97a088a22e8b15c3e233db00002e30d46a0024d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c29c5c0ed5bcdf510c3c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ced92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f68fa8d7c2dfb28e1f05e46b0933c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d588afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda6900002a070886df42b27098773b45198b4a34ac97febd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d63521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07afef12ef060cd4403a099f32468f658000b4082d43e12186195cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea209b53b230ef0f2ab85cbdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bd3339403004b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab900000000000000000000d71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdbf24a0c5441ce046078492b53467cfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89cb349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb15f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c00c57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137df47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b558982016b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8b49e3d0168bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85a3009a5d30f479e293a3302e11350ea857b37e76ca3f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c8ffe0d508dcee3070e8b42ac38545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f98117919472b61b20026d7e646174b55d251f7f8ca5ccc22a5efb33b217eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4444e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24000000000000000000000000000000000000cd3211b3842b68a4eddca2eae28529e97a98d7ec3fd902df1ba8fc2ad2377e72d4e7aeacbbccef5614cd965511558f40720025c022bc9c213e407f6bc4b673c55aa8e729299a37fd6339acd906ac861ba56c9fa9b8b12b5e68a3cdadb906355e1f1d336a243172affe50d0fb36c3718a7498eed3d398f405a34d494414e87ef1ce1845510d43d00171d6b4b762f89564c22d542a119878709cd6822c3a3eb47a849b0737929fe9e1eecd1bff5a2b9880e2a6d8a3b3b7e88a673c96cda4455eff1c530db0e6598a2686aa09aeaf0f1aed95aeb8b0a2cc5ca31c0f56285cc05f7090a0e0583cf540d18cd8817e685c7b4ff176178ac1234f23e54445ec20b2689832d78409897a0307e89ebcd5f4ba042a3d10237a5a8a9a6eda36d2f337dc54537b80e8433341b135b4c5bb0173ffde46ccd260e1d4f2c51e8b07bb256f1317912cb1fc9e491e0bb9109e475cc795c23ad9f4f0042c5e9c655a4d865bc4a266e6a1d3d2b7ee53be9efb33a98933b5ba74ee3ac8d34b6af8c1fdbffade3abc80842b74354162f5b994ab5254cb068bc5e2ae242a1d37d0d49947c9317fa1a46c9e259ce0e1f9db992c53f7830a5e8f4fac6b187eb9f15ba61f730f86d7d7b63bbc7a1d9ff37e87a90a14e0655304da069f9009b62717649b6c6af94fcba713f8ee6fcce25aef44d009966614b61be9369ffc589a79051b0a0000000000000003ebd34c41afe268c33c9322c3a783772aec998f51a6e70fb932a8019e72ef5ab127bb30c79ebfd867441083546305fb39449c40a166ea389a6b77b7c87f66e8bf5806726b8fc50b943627314803a12c33312dce0a10f852da3e000000"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x7}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000380)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x603, 0x60000009, 0x0, 0x0, 0x0, 0x0}, 0x50)

15m34.098179233s ago: executing program 3 (id=1402):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x9, 0x0, &(0x7f0000002000))
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="5a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000080), 0x1)

15m32.61189133s ago: executing program 3 (id=1406):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x108, 0xc, 0x0, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0}, 0xc)

15m32.361825785s ago: executing program 3 (id=1409):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r4, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x1c)
syz_usbip_server_init(0x1)

15m15.525714575s ago: executing program 32 (id=1409):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x6)
bind$netlink(r4, 0x0, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x1c)
syz_usbip_server_init(0x1)

14m1.69565278s ago: executing program 4 (id=1575):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x18)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
r0 = syz_open_dev$dri(0x0, 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_getparam(r1, &(0x7f00000001c0))
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xab402)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x3, 0x2}})
r3 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0x9, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x240408d4)
socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xfff3}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400005d}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

13m59.710784311s ago: executing program 4 (id=1580):
socket$nl_route(0x10, 0x3, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x5})
preadv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000140)=""/126, 0x7e}], 0x2, 0x1, 0x7)

13m57.937430534s ago: executing program 4 (id=1585):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x4000, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYRES8=r0, @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f00000021c0)={0x2020}, 0xfffffe14)
syz_fuse_handle_req(r2, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@bloom_filter={0x1e, 0x4, 0xb3, 0x1, 0x40c00, 0xffffffffffffffff, 0x4, '\x00', 0x0, r1, 0x4, 0x5, 0x3, 0xe}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000003000000000000000040000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af891fc000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000850000002a0000009500000000000000"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
pipe(&(0x7f00000002c0))
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r5, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r5, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@newqdisc={0x88, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x58, 0x2, {{0x0, 0x0, 0x57b2}, [@TCA_NETEM_REORDER={0xc, 0x3, {0xdc, 0x3}}, @TCA_NETEM_LOSS={0x4}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x7, 0x100, 0x40, 0x9, 0x2, 0x94}}]}}}]}, 0x88}}, 0x0)
write(r4, &(0x7f0000000000)="05000000010001", 0x7)

13m57.476363604s ago: executing program 4 (id=1589):
ftruncate(0xffffffffffffffff, 0x80079a0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x2, 0x12, 0xffffffffffffffff, 0x0)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$revoke(0x3, r0)
listen(0xffffffffffffffff, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
timer_create(0x2, 0x0, &(0x7f0000bbdffc))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000)
listen(r1, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x20)
listen(r2, 0x2)
r3 = userfaultfd(0x80001)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
socket$igmp(0x2, 0x3, 0x2)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f00003fe000/0x4000)=nil, 0x4000}})

13m56.677205907s ago: executing program 4 (id=1590):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x18)
syz_open_dev$dri(0x0, 0x1ff, 0x0)
r0 = syz_open_dev$dri(0x0, 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_getparam(r1, &(0x7f00000001c0))
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xab402)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x3, 0x2}})
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0x9, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x240408d4)
socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xfff3}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400005d}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

13m55.750510753s ago: executing program 4 (id=1594):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x50)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0x2, 0x4e23, 0x0, @mcast1, 0x4}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r4, &(0x7f0000000640)={0xa, 0x4e21, 0x7, @empty, 0xfc}, 0x1c)
writev(r5, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac710aa7d0000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
syz_open_dev$sg(0x0, 0x0, 0x40100)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r6 = socket$netlink(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x6000000000000000, 0x0, 0x0)

13m38.576155523s ago: executing program 33 (id=1594):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r3, &(0x7f0000000600)=[{{&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x2000c844)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x50)
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000000)={0x2, 0x4e23, 0x0, @mcast1, 0x4}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(r4, &(0x7f0000000640)={0xa, 0x4e21, 0x7, @empty, 0xfc}, 0x1c)
writev(r5, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff81004e230e227f000001925aa80020007b00090080007f000001e809000000ff0000f03ac710aa7d0000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1)
syz_open_dev$sg(0x0, 0x0, 0x40100)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r6 = socket$netlink(0x10, 0x3, 0x4)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r7 = socket$netlink(0x10, 0x3, 0x0)
writev(r7, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
sendto$inet(r3, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440606769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x6000000000000000, 0x0, 0x0)

8m9.301765149s ago: executing program 2 (id=2145):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000080000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffff9c, 0x0, 0x2, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x800, 0x0, 0x1ff, 0x7d, 0x3, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x3, 0x4, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

8m7.607791438s ago: executing program 2 (id=2149):
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r5, 0xc008ae88, &(0x7f00000002c0)={0xba, 0x0, [{0x400000b4, 0x0, 0xffffffff}]})

8m4.342545524s ago: executing program 2 (id=2150):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0xc, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000004200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@cred={{0x1c}}], 0x20, 0x20004844}}], 0x1, 0x20000010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106)
sendmsg$kcm(r5, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x146)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0)
mmap$qrtrtun(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x100010, r7, 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020)

8m2.47141798s ago: executing program 2 (id=2151):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x3a, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x1, 0x0, 0xc, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x6, 0x4, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @fastopen={0x22, 0x2}]}}}}}}}, 0x0)

7m59.27033845s ago: executing program 2 (id=2158):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="650a00000000000061118000000000001800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="12000000080000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$6lowpan_control(0xffffff9c, 0x0, 0x2, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x800, 0x0, 0x1ff, 0x7d, 0x3, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0x3, 0x4, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r3, 0xffffffffffffffff, 0x0)

7m57.441074549s ago: executing program 2 (id=2161):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x8810)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020d0000100000002f3144a8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cd"], 0x80}}, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0)
ioctl$FE_GET_PROPERTY(r2, 0x80106f53, 0x0)
sendmmsg(r1, &(0x7f00000000c0), 0x2c8, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000880), 0xffffffffffffffff)

7m41.076977832s ago: executing program 34 (id=2161):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4000000000001, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0}}, 0x8810)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000140)=ANY=[@ANYBLOB="020d0000100000002f3144a8edffffff03000600ff18000002004909000100000000000000001e0e080012000200010000d200000000000030006c540203009f7eae02000000adb20200000000f52c000000cd"], 0x80}}, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x0)
ioctl$FE_GET_PROPERTY(r2, 0x80106f53, 0x0)
sendmmsg(r1, &(0x7f00000000c0), 0x2c8, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000880), 0xffffffffffffffff)

25.514924989s ago: executing program 5 (id=2797):
socket$alg(0x26, 0x5, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd"], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000100001000000000000dfff000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e65766530000000000000000000140001006c6f0000000000000000000000000000080002"], 0xb4}}, 0x0)

24.564774133s ago: executing program 5 (id=2799):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r0, 0x80506409, &(0x7f0000000180)={0x0, 0x1, 0x2, 0x6dd, 0x0, 0x200, 0x10, 0x3, 0x20, 0x0, 0x20, 0x7, &(0x7f00000000c0)=[0x4], 0x1, 0x0})

24.327425079s ago: executing program 5 (id=2800):
write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
readv(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1)
r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x5})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$UHID_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0}}, 0x120)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x2010001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x10001, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x728, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x7fffffff, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0xf, 0x4, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x4200003, 0x1, 0x5, 0x80, 0x9, 0x3ff, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x7, 0x1000, 0x7f, 0x5, 0xffffffff, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x8, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)

20.300535947s ago: executing program 5 (id=2802):
io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x1)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800})
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f00000000c0)=0x7)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x4, 0xfffffffa, 0x1f)

20.117638913s ago: executing program 0 (id=2803):
prlimit64(0x0, 0xe, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000004200)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=[@cred={{0x1c}}], 0x20, 0x20004844}}], 0x1, 0x20000010)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0)
r4 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r4, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000100)="a6", 0xfffffcf4}, {0x0}], 0x2, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000005040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b00000009860f5878c37ffe36e1165814d435be5b317c6c8189767d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988c5944741afe403461323110f62055394412158e7a3adb164d641aa40d4ab077fe34232aa8b319d7666d0998a61d7da0c86d70000001010"], 0x10b8}, 0x106)
sendmsg$kcm(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x146)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
mmap$qrtrtun(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x100010, r6, 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000000640)={0x2020}, 0x2020)

19.155361522s ago: executing program 5 (id=2804):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x8000, 0x0)
openat$cgroup_pressure(r1, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
getdents64(r1, &(0x7f0000000680)=""/4067, 0xfe3)
openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x28)
sendmsg$inet(r1, &(0x7f0000001680)={&(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x25}}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000200)="0f1cdb39454b7782165a2d29acbb6ff14201d769be88e74b041469b792c91ff9ca0d216f79462e55219537e680320df3770429e966b17a192f01bc2e0744", 0x3e}, {&(0x7f00000002c0)="30658e33f6fea85c709fc160f18ef7b0d1098fc3ab11dd9cc31dc0bbbe4eaf1c3b2e68c4954d1f931b87b8e48890040f890bce9e8bb1477f6fee1ba5c60fb4b080a038fe6fde7a864dd0284bdb9c3fa5203c18403c1c952e02422c94dee9278fc3d744b6bcf46b48ba8d77a6fd8205dc852775e2027f6d903203107fdd0ca8654e445461b7e6dcc2654166c714b53311398163ffc7924007c60497c2feb8c817872f0e4661cf8f97a658d4be59", 0xad}, {&(0x7f0000000380)}], 0x3, &(0x7f0000000500)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x80}}, @ip_retopts={{0x74, 0x0, 0x7, {[@timestamp_addr={0x44, 0x3c, 0x9d, 0x1, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8}, {@dev={0xac, 0x14, 0x14, 0x34}, 0x6}, {@broadcast, 0x2}, {@multicast2, 0x8}, {@loopback, 0xffff5536}, {@broadcast, 0xa}, {@local, 0x9af}]}, @timestamp_addr={0x44, 0x4, 0xc9, 0x1, 0x1}, @rr={0x7, 0x23, 0xb5, [@dev={0xac, 0x14, 0x14, 0x30}, @private=0xa010102, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100, @remote, @local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xdf}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x8001}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0xd8}, 0x4000014)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$hidraw(&(0x7f0000000000), 0x4, 0x800)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x2000)=nil, 0x0}, 0x68)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4004045)
r3 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f480, 0x0, 0x399})
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xa}, 0x1c)
io_uring_enter(r3, 0x8ae, 0x6933, 0x17, 0x0, 0xeffd)
getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, 0x0)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r3, 0x8010671f, 0x0)
r4 = socket(0xa, 0x3, 0x3a)
getsockopt$MRT6(r4, 0x29, 0xce, 0x0, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x1, 0x7fc00100}]})
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, &(0x7f0000000480))

16.79043029s ago: executing program 5 (id=2807):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/77, 0x4d}], 0x1}, 0x5}], 0x40000, 0x0, 0x0)
shutdown(r2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000028c0))

15.478175766s ago: executing program 0 (id=2808):
syz_usb_connect(0x3, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000080), 0x3, 0x8ac02)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

12.796467862s ago: executing program 0 (id=2810):
write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_open_dev$dvb_dvr(0x0, 0x0, 0x800)
readv(r1, &(0x7f0000000280)=[{0x0}], 0x1)
r2 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x5})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
writev(r3, &(0x7f00000006c0)=[{0x0}], 0x1)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r2, 0x403c6f2b, &(0x7f0000000080)={0x6, {"4b81b0c732e92eb1fd60fbf401687d72", "1cea03ca4fe1c1f1e31253bda1f1fed5", "d80190bae206002cb2a1a28cde21dbfd"}, 0x2, 0x7})
poll(0x0, 0x0, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r5, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0}}, 0x120)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x2010001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x10001, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x728, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x7fffffff, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0xf, 0x4, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x4200003, 0x1, 0x5, 0x80, 0x9, 0x3ff, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x7, 0x1000, 0x7f, 0x5, 0xffffffff, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x8, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r6, 0x8b26, &(0x7f0000000040)={'virt_wifi0\x00', @multicast})

11.063216774s ago: executing program 0 (id=2811):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
readv(0xffffffffffffffff, &(0x7f0000000280)=[{0x0}], 0x1)
r1 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r1, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x4000c, 0x5})
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$UHID_CREATE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', 0x0}}, 0x120)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80000000, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x2010001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x10001, 0x199d, 0x6, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x728, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x7fffffff, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0xf, 0x4, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x4200003, 0x1, 0x5, 0x80, 0x9, 0x3ff, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x7, 0x1000, 0x7f, 0x5, 0xffffffff, 0x4, 0x0, 0x5, 0x3, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x8, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c)

5.701308643s ago: executing program 1 (id=2815):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f0000000280)={0x1f, 0xfffe}, 0xe)
listen(r0, 0x0)
accept4(r0, 0x0, 0x0, 0x0)

4.854750406s ago: executing program 0 (id=2816):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000540)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
write$tun(r0, &(0x7f0000000680)={@val={0x70}, @void, @eth={@broadcast, @remote, @void, {@x25={0x805, {0x0, 0x4, 0x1}}}}}, 0x15)

4.852529582s ago: executing program 1 (id=2817):
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000140)='f2fs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='test_dummy_encryption', &(0x7f0000000240)='v2\x00ul\x00\x00\x00\x00\x00loc\x8d\x8b#\xe0\xb9\xbd\"\xeb.\xc7]\xa67\x97 \xc9\xfc|\x85o7Z\xdc}U\x8c\xdd\n\xaa?4\xafq\x1d\xf6(\xe6\x9em_\x1a\xbfDi\x15\x81\xd47\x8e\x86\xa2u~FC\x9c\xe3\x98\x87\x98\xf7\xa2\xb5\x12\x8cv\xe4_\x91\xa8G!mm\f\xcf\xfb[\xd5Qf\x15\xfe\xc80\xad\xaa\xe9', 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, 0x0, 0x0)
fsopen(&(0x7f0000000180)='proc\x00', 0x1)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000080)={0xc0, 0x0, 0x0, 0x4})
semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x0, 0xffffffffffffffff, 0x0, 0x0, 0x88, 0x2}, 0x0, 0x75d4, 0x0, 0x0, 0x1, 0x0, 0x9})

3.177117082s ago: executing program 1 (id=2818):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r0, 0x90004)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c900", @ANYRES8], 0x16)

2.580991809s ago: executing program 1 (id=2819):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="5e022a1173f7dedc04b574482a4d3934eb364ce70fc2f9ba995b7f79fad2552552810ae0c8acb77597804408c01b64c563208d5fdb7aa290732e0c806eb7cb660c2fca84367a604af6e4f04ef21f6c8f8a905f3fb5a9ff788d4f6f65d302bb22902e3db48b0a51306442da614341c3a53583f31f7952239eefe7e282d268f8f71838b9c76b26f81d15d4425dcc8b0954a5b39871e3ac6a0c1bf5effa564533658ceb589ed04058b994415339d6ffcfa1c3fa4e784e437bfa998f09ac808ab72f7916483fadc569d13675ae8ab4f0dc7f14de6c7500925d4ab8d6ea34de61cca9625998b4b04130a35c9fb048c569af51e163b2c7b4acfbd42303a042762d52b0bd45d3112fbdba6680769b766d3e3f946707f515ef74f5e3db55bba47ae0f030957f1354fbf79a1d2877e861d80ead9ae8ddab9a857fb39cc777000e34cb890d2e66803bc2f9850f40ad903488031f3fceac81a073713bf51baa6b18d6744262ec2d70a908b21a713708ce5267df4174990ccdd932a85e7b58930c94e2a6f33417faa628706212cf006744a09e77d07ab99b128be2848c17abd7c6f6a00d0ac24557744c654b272d8e6667fd511550819c8f2a52a7ecaba1142a6e6628a699db89bf7ecebf5db5f682d812f7ed1c3a642ce6ca0da18bf43490d6675e3a48ae9187e063e0c93462c052253b14f0510875f3b15b194285e8ced04f352fd47491a57abb38f30f62b2d9d03dda6424579432f7ac717d761124f68922ebd68486c07cb5d983205a44c30447235d0097c217c91b2c272daa1711a3ead04e6dc61f4d4d5ddf29dd1c1208ad6ebc10e11ee1af3c05ae225e66b4f673b806d6cc12f3dd7d41f9bef597524e3fab90f296650fa92d9939157f6b016cb3ccb681c824bc0593f5a3ec9685ea1ef5fb9d9ccdb0476b5655a45a82a212f386fd0de8b35869dddcaa8320490643ce82fb9c25b9150d9d9552a4962af665c4b47cfecc3b000c38e0afd943b65cf81c0fe3ee8cb1a7eb4bce5f7ddff821e2fca5dd655be560e514539de5ae363399a80a08d23433ea439c53452052468d34417db64220915a23b695614b502c599a3f7d0f23890b2fa41554a0c93387368b5c4b69d9ea5beedb870d4940eb1f42e0e35a6c37aca0c76106d45a224e84b2b88f7bda32583b61646b7923b3e1d86edabb6e429a1914d676702eb010a7dd8a18e62cb00eff870f71926d81d8bf521c211b76ea547c440a51884584370eae698c36299566356c7656403eadac8d1077061f942bb51859d6d157ed71a13d72163986e66dfcabd19839559abcd5df1d7b282234338e4170b777a9ac892c2394ba4138ea2c67b4fb2d576f8ac3c34e9edc10d6fbbc4a50331a4180d1ed7cb3765ebb7475a3f0826f589a1f63c906a64f5a33b2fc0c2205fa5c3060cdefaf7191bac0b054e1cec8d541f506e2aaba6db891b461cfe41d4072a6aaa452248b9df718043b53a77e8ab1b2c8809f141e97f2e5ec81de247bd1d7782940b3f4144d8caa37147331d396e6e975f28eb5be0218b91578e2a11547488d6ada5e2a7fcc235e56a98bbd78caee88681cebeae903b7403cf1b76a8b7223dfa3a48919f35536634017a499d62b01cbcbce3d1e085768f32c907e4df266cc2e8d1f5b6bd5d9382888aa09657922de79241eb4cd9a7f5a841ee6f4a27eddcab348765a48df3446d2729cdb3a0a5a536494f5eba54821bae60881e37a1ffd1a0bd68508c3d843b9a048c4a3b23e1375f01fd47674da1339607db06f123fbd33b6c4f17507238948624eb9b00af5d55e643a0d0a500ff877d48843acf10788dde2de8a598640e4641d5668decdb058407edf8b532c6841faf035141f413430319cfd97e01df317b9d5e1915e43806032bd8c7cdd99a24a812653411d466607802a86c838af0804904cfa932e24c1a7a16c43ff3baa7bab26be9dd4b8af4684fa929dbcbcb41e713a429c885a9054e661ff66b1edca04139816479b83dc4676f262d29f29606d8c0a2082a86ab0a62ec8309a06430f4cad4712e3f6eda47e8ef855e952cfc5757809726b4b9603a206ec3b45b5f83208325068ede98630b74f65a5edd97a22b4f68b461c32164aaf8b73704c1532b550e8bac0bfddef58ca98e946470d4518b24c2972e7631e6bbd11566c0b5eae4ae74004718482ed3e4b668dd60ee6973773a3b3b80d726f13a503b53552694e1cd5dfc074f35125291ee47281ffb078d0dfdfa0b564aab70fc4a388ccbc6060e7c34271ed87de9e80497bbd621e596b8d0a330541d7a723ec0e3b4976316872f21cc09644aec9774c65344e4c109624c74872c42bf9f07c3739f736c2123dd0db4c115626c37aadd5622c5f8a3f1aa5021791bdcf2bbbcc57732d6067556155e76385452099654980f7efbb330af931c2db700b9ebc6fb4656f6c166072d53db9c82cb8466422b52275c6e590dfcfceeb883e96907f92825d5bb81b30732bf782791de9b8d69b7f08b07cb90190a881078e8811426ac942697aa9110e65fcdae0970dd04859dc069c4988c49ee265a68d7f2e12770d60bdf8999fca21cbf98cdf582d89bc39f1ed8f11c00f8cbb5b2c26608f7f09399703643d93d49256762553e3183f1d66d4bcf7ccf7594cbd316884700ca5bfa738e89356a7dff87029aa7b8681088e8483982a74ec1e27018aefb2d680ddecad8d9728a5a5b22dd764c28d094263f93f1831b0676b943459f35ac4f205e638b722be2d3695eaeb071cb3474c98b711114801325ef457e6308d105debf3d240b3c88a0b27995bfe3246a3ac6e022ea972741efaea69ffb41d2f895b2b036e55cebeb30908d6c54b41cd99d3fe2054dd2b036fc9d34e1bedd09c8b640f843e6c60414b253679ad5308d3b7ceb5d69bf539576dc1f773fefb6035c14f59a0803c93efdfa8a236c30953da98afc0d096006194907447fe44b8fa451b41d5e474a6ee503b9c1a85305ba2ed107d0f1a4f3fe628efcdfc27da1c9f9c8ed79f0d8b278084407a08236465ab6b7c50c4757d2a41947634f9e37eedde07601d1e393a1501f4973e2e2a2270914fa7c49297f5d13ed2b7b60c1826b2dd5035a16ca9f8c8a4f728f553ef375095bada1e0764f26e1755a308a8f4f7084573a9be7b52d98eb834350f6ea76a894ea27f2d1d8237810a2b14ef3f75e56c94570deb1f322d2799eeab58f2202b12f1ee0ad56c822932d07b94163668610466e6cfb064bcf08098f85be2f633b6704e2583eeea55a4d7d1a9c14314f2acb84c3996933ec1745764edbddc2e0dd471d09def8a7c12e6e45e4812556e88c6a3d822c621ed56601693e4f1ec2d622fb7e3f2c8955ebf9c4b416d59ec18d386c00323f59e06205dba08299169760d3540187a7c26e57055e40487218a02cdc147ca52f9fb7ed7ec8b8aff8d10d3c40549e76be6b84ba8f57407ee83a8fe3db6ddcbbd75075311a02e684136f449e0aa7c2802a318baacc75e9c61eef5edad3cf481fe3e4a2aac2499a6ffe8f9b088ec6831efee2f4083e05d12515fa9fc8ccf6b133d5556adfb6fe40fa254ba94f2a2bdd056e4162d832c6d40ca9e13c3865585054cb2fddb53bae1548fa9cbab20536821192e1c"], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000004a00037e58dfc300000000000a000000", @ANYBLOB], 0x24}}, 0x400040c0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x40000, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xd)

2.331244856s ago: executing program 0 (id=2820):
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xc, 0xe, &(0x7f0000000100)=ANY=[@ANYRES16], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
openat$snapshot(0xffffff9c, &(0x7f0000000000), 0x20000, 0x0)
openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x2000000000000013, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xb8, &(0x7f0000000140)=""/184, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)='q\xa9', 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0x4)
syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

1.364262374s ago: executing program 1 (id=2821):
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000340)="5b496bd3", 0x4}], 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a70000000090a010400000000000000000a0000040900020073797a310000000008000a40fffffffc0900010073797a3100000000080005400000000d2c00128014000180090001006c61737400000000040002801c0001800c010100636f756e7465720004000280080003400000"], 0x98}, 0x1, 0x0, 0x0, 0x200400c1}, 0x4000000)

1.143460857s ago: executing program 1 (id=2822):
io_uring_setup(0x667, &(0x7f0000000000)={0x0, 0xa14a, 0x1000, 0x2, 0x235})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x800000}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsopen(0x0, 0x1)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800})
ioctl$DMA_BUF_IOCTL_SYNC(r3, 0x40086200, &(0x7f00000000c0)=0x7)
setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x6a, 0x4, 0xfffffffa, 0x1f)

0s ago: executing program 35 (id=2807):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000640)={0x28, 0x0, 0x2710, @local}, 0x10)
recvmmsg(r2, &(0x7f0000000100)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000005c0)=""/77, 0x4d}], 0x1}, 0x5}], 0x40000, 0x0, 0x0)
shutdown(r2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000028c0))

kernel console output (not intermixed with test programs):

[    T9] libceph: mon0 (1)[c::]:6789 connect error
[  928.508742][    T9] libceph: connect (1)[c::]:6789 error -101
[  928.509029][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  928.529824][T12486] ceph: No mds server is up or the cluster is laggy
[  928.558431][  T263] team0 (unregistering): Port device team_slave_1 removed
[  928.630963][  T263] team0 (unregistering): Port device team_slave_0 removed
[  928.633767][T12499] fuse: Unknown parameter '0x0000000000000003'
[  933.002369][T12125] hsr_slave_0: entered promiscuous mode
[  933.039065][T12125] hsr_slave_1: entered promiscuous mode
[  933.052191][T12125] debugfs: 'hsr0' already exists in 'hsr'
[  933.052223][T12125] Cannot create hsr debugfs directory
[  937.893280][T12563] fuse: Unknown parameter '0x0000000000000003'
[  939.912474][T12569] ceph: No mds server is up or the cluster is laggy
[  939.951388][    T9] libceph: connect (1)[c::]:6789 error -101
[  939.951590][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  940.720678][    T9] libceph: connect (1)[c::]:6789 error -101
[  940.720848][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  943.003829][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[  948.313822][T12639] fuse: Unknown parameter '0x0000000000000003'
[  951.696403][ T5606] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  951.722405][ T5606] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  951.775130][ T5606] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  951.826004][ T5606] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  951.830280][ T5606] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  951.980165][T10024] Bluetooth: hci2: unexpected event for opcode 0x000c
[  951.980742][T12667] syz.1.2051 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  952.905800][    T9] libceph: connect (1)[c::]:6789 error -101
[  952.906040][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  952.972177][T12674] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2051'.
[  953.183596][   T10] libceph: connect (1)[c::]:6789 error -101
[  953.183795][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  953.315831][T12669] ceph: No mds server is up or the cluster is laggy
[  955.543020][ T5606] Bluetooth: hci4: command tx timeout
[  956.300564][T12704] fuse: Unknown parameter '0x0000000000000003'
[  957.775835][ T5606] Bluetooth: hci4: command tx timeout
[  959.024640][T12724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2058'.
[  959.024671][T12724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2058'.
[  960.310998][ T5606] Bluetooth: hci4: command tx timeout
[  961.234765][  T263] bridge_slave_1: left allmulticast mode
[  961.234933][  T263] bridge_slave_1: left promiscuous mode
[  961.590888][  T263] bridge0: port 2(bridge_slave_1) entered disabled state
[  962.284307][  T263] bridge_slave_0: left allmulticast mode
[  962.284363][  T263] bridge_slave_0: left promiscuous mode
[  962.287318][  T263] bridge0: port 1(bridge_slave_0) entered disabled state
[  962.513828][ T5606] Bluetooth: hci4: command tx timeout
[  962.532562][    T9] libceph: connect (1)[c::]:6789 error -101
[  962.532838][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  962.540646][    T9] libceph: connect (1)[c::]:6789 error -101
[  962.540815][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  963.846361][   T10] libceph: connect (1)[c::]:6789 error -101
[  963.846547][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  964.020213][T12746] ceph: No mds server is up or the cluster is laggy
[  964.380775][    T9] libceph: connect (1)[c::]:6789 error -101
[  964.381003][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  964.857194][T12770] fuse: Unknown parameter 'fd0x0000000000000003'
[  966.220951][  T263] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  967.181338][  T263] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  967.292634][  T263] bond0 (unregistering): Released all slaves
[  967.423150][ T5606] Bluetooth: hci5: unexpected event for opcode 0x043d
[  968.116556][T12800] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2070'.
[  968.116587][T12800] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2070'.
[  969.477589][  T263] hsr_slave_0: left promiscuous mode
[  970.791103][  T263] hsr_slave_1: left promiscuous mode
[  970.805858][  T263] batman_adv: batadv0: Removing interface: batadv_slave_0
[  970.891250][  T263] batman_adv: batadv0: Removing interface: batadv_slave_1
[  972.320174][   T10] libceph: connect (1)[c::]:6789 error -101
[  972.320330][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  972.978456][    T9] libceph: connect (1)[c::]:6789 error -101
[  972.978734][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  973.042294][T12833] ceph: No mds server is up or the cluster is laggy
[  973.426108][ T5606] Bluetooth: hci1: unexpected event for opcode 0x043d
[  974.966163][  T263] team0 (unregistering): Port device team_slave_1 removed
[  974.994252][T12866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2082'.
[  974.994281][T12866] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2082'.
[  975.302971][  T263] team0 (unregistering): Port device team_slave_0 removed
[  980.375523][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[  980.375644][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[  981.228871][ T5714] libceph: connect (1)[c::]:6789 error -101
[  981.229742][ T5714] libceph: mon0 (1)[c::]:6789 connect error
[  981.244180][ T5714] libceph: connect (1)[c::]:6789 error -101
[  981.244393][ T5714] libceph: mon0 (1)[c::]:6789 connect error
[  981.529152][ T5714] libceph: connect (1)[c::]:6789 error -101
[  981.529393][ T5714] libceph: mon0 (1)[c::]:6789 connect error
[  982.065871][ T5714] libceph: connect (1)[c::]:6789 error -101
[  982.066032][ T5714] libceph: mon0 (1)[c::]:6789 connect error
[  982.112166][T12906] ceph: No mds server is up or the cluster is laggy
[  982.285139][T12663] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.285480][T12663] bridge0: port 1(bridge_slave_0) entered disabled state
[  982.287553][T12663] bridge_slave_0: entered allmulticast mode
[  982.337491][T12663] bridge_slave_0: entered promiscuous mode
[  982.353983][T12663] bridge0: port 2(bridge_slave_1) entered blocking state
[  982.354448][T12663] bridge0: port 2(bridge_slave_1) entered disabled state
[  982.354835][T12663] bridge_slave_1: entered allmulticast mode
[  982.360384][T12663] bridge_slave_1: entered promiscuous mode
[  982.511087][T12663] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  982.526497][T12663] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  982.599877][T12663] team0: Port device team_slave_0 added
[  982.607226][T12663] team0: Port device team_slave_1 added
[  982.687147][T12663] batman_adv: batadv0: Adding interface: batadv_slave_0
[  982.687167][T12663] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  982.687198][T12663] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  982.691126][T12663] batman_adv: batadv0: Adding interface: batadv_slave_1
[  982.691145][T12663] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  982.691175][T12663] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  982.868880][T12663] hsr_slave_0: entered promiscuous mode
[  982.871279][T12663] hsr_slave_1: entered promiscuous mode
[  982.873137][T12663] debugfs: 'hsr0' already exists in 'hsr'
[  982.873163][T12663] Cannot create hsr debugfs directory
[  983.739413][T12920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2092'.
[  984.086211][   T10] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  985.433726][   T10] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  985.433761][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  985.433783][   T10] usb 2-1: Product: syz
[  985.433799][   T10] usb 2-1: Manufacturer: syz
[  985.433814][   T10] usb 2-1: SerialNumber: syz
[  985.485295][   T10] usb 2-1: config 0 descriptor??
[  985.833028][   T10] usb 2-1: ignoring: probably an ADSL modem
[  986.060410][   T10] cxacru 2-1:0.0: usbatm_usb_probe: bind failed: -19!
[  986.087910][   T10] usb 2-1: USB disconnect, device number 65
[  986.724097][ T5714] usb 1-1: new full-speed USB device number 89 using dummy_hcd
[  987.344547][ T5714] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  987.344580][ T5714] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.403352][ T5714] usb 1-1: config 0 descriptor??
[  987.437058][ T5714] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  988.821658][ T5714] usb 1-1: USB disconnect, device number 89
[  988.976023][   T32] libceph: connect (1)[c::]:6789 error -101
[  988.976246][   T32] libceph: mon0 (1)[c::]:6789 connect error
[  988.981964][   T32] libceph: connect (1)[c::]:6789 error -101
[  988.996938][   T32] libceph: mon0 (1)[c::]:6789 connect error
[  989.268790][   T32] libceph: connect (1)[c::]:6789 error -101
[  989.298446][   T32] libceph: mon0 (1)[c::]:6789 connect error
[  990.272479][   T32] libceph: connect (1)[c::]:6789 error -101
[  990.272810][   T32] libceph: mon0 (1)[c::]:6789 connect error
[  990.330574][T12954] ceph: No mds server is up or the cluster is laggy
[  990.356937][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2103'.
[  990.356959][T12962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2103'.
[  993.881075][T12663] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  994.017263][T12663] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  994.023711][T12663] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  994.065267][T12663] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  994.068890][T12663] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  994.215146][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  994.288490][T12663] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  994.306193][T12663] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  994.380709][T12663] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  994.402407][   T10] usb 6-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  994.402440][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.402461][   T10] usb 6-1: Product: syz
[  994.402475][   T10] usb 6-1: Manufacturer: syz
[  994.402490][   T10] usb 6-1: SerialNumber: syz
[  994.440026][   T10] usb 6-1: config 0 descriptor??
[  994.670807][   T10] cx82310_eth 6-1:0.0: probe with driver cx82310_eth failed with error -22
[  994.990067][   T32] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  995.609476][   T10] cxacru 6-1:0.0: usbatm_usb_probe: bind failed: -19!
[  995.635724][   T10] usb 6-1: USB disconnect, device number 8
[  995.924939][   T32] usb 3-1: Using ep0 maxpacket: 32
[  995.932064][   T32] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  995.965759][   T32] usb 3-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=aa.5f
[  995.965794][   T32] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  995.965815][   T32] usb 3-1: Product: syz
[  995.965830][   T32] usb 3-1: Manufacturer: syz
[  995.965845][   T32] usb 3-1: SerialNumber: syz
[  996.023742][   T32] usb 3-1: config 0 descriptor??
[  997.571166][ T5714] usb 3-1: USB disconnect, device number 60
[  998.554629][T12663] 8021q: adding VLAN 0 to HW filter on device bond0
[  998.874839][T12663] 8021q: adding VLAN 0 to HW filter on device team0
[ 1002.503276][ T1012] libceph: connect (1)[c::]:6789 error -101
[ 1002.503440][ T1012] libceph: mon0 (1)[c::]:6789 connect error
[ 1002.540099][T12178] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1002.540283][T12178] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1002.555292][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1002.711749][T13028] ceph: No mds server is up or the cluster is laggy
[ 1002.730453][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1003.037154][T12178] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1003.037273][T12178] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1004.080967][ T1012] libceph: connect (1)[c::]:6789 error -101
[ 1004.081219][ T1012] libceph: mon0 (1)[c::]:6789 connect error
[ 1005.065086][T12933] libceph: connect (1)[c::]:6789 error -101
[ 1005.065315][T12933] libceph: mon0 (1)[c::]:6789 connect error
[ 1006.074554][T13049] vivid-001: kernel_thread() failed
[ 1013.992022][   T10] libceph: connect (1)[c::]:6789 error -101
[ 1013.992243][   T10] libceph: mon0 (1)[c::]:6789 connect error
[ 1014.216764][T13101] ceph: No mds server is up or the cluster is laggy
[ 1015.136287][ T1012] libceph: connect (1)[c::]:6789 error -101
[ 1015.178693][ T1012] libceph: mon0 (1)[c::]:6789 connect error
[ 1019.489920][T13167] team0: entered allmulticast mode
[ 1019.490203][T13167] team_slave_0: entered allmulticast mode
[ 1019.491647][T13167] team_slave_1: entered allmulticast mode
[ 1019.645496][T13167] team0: left allmulticast mode
[ 1019.646046][T13167] team_slave_0: left allmulticast mode
[ 1019.649316][T13167] team_slave_1: left allmulticast mode
[ 1020.024298][T10024] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1020.528968][T10024] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1020.645914][T10024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1020.778159][T10024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1020.819242][T10024] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1023.227220][ T5606] Bluetooth: hci0: command tx timeout
[ 1025.397264][ T5606] Bluetooth: hci0: command tx timeout
[ 1027.619603][ T5606] Bluetooth: hci0: command tx timeout
[ 1029.318159][T13245] team0: entered allmulticast mode
[ 1029.318190][T13245] team_slave_0: entered allmulticast mode
[ 1029.318212][T13245] team_slave_1: entered allmulticast mode
[ 1029.318830][T13246] team0: left allmulticast mode
[ 1029.318842][T13246] team_slave_0: left allmulticast mode
[ 1029.318866][T13246] team_slave_1: left allmulticast mode
[ 1029.842348][ T5606] Bluetooth: hci0: command tx timeout
[ 1034.106458][T13289] team0: entered allmulticast mode
[ 1034.106481][T13289] team_slave_0: entered allmulticast mode
[ 1034.106540][T13289] team_slave_1: entered allmulticast mode
[ 1034.121624][T13289] team0: left allmulticast mode
[ 1034.121673][T13289] team_slave_0: left allmulticast mode
[ 1034.121986][T13289] team_slave_1: left allmulticast mode
[ 1040.824529][T13326] team0: entered allmulticast mode
[ 1040.824597][T13326] team_slave_0: entered allmulticast mode
[ 1040.824812][T13326] team_slave_1: entered allmulticast mode
[ 1040.841803][T13326] team0: left allmulticast mode
[ 1040.841860][T13326] team_slave_0: left allmulticast mode
[ 1040.842041][T13326] team_slave_1: left allmulticast mode
[ 1045.953606][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1045.953726][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1046.154668][T13355] fuse: Bad value for 'fd'
[ 1050.353928][T10024] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1050.409783][T10024] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1050.411664][T10024] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1050.459286][T10024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1050.495851][T10024] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1051.678223][T13398] team0: entered allmulticast mode
[ 1051.678247][T13398] team_slave_0: entered allmulticast mode
[ 1051.678278][T13398] team_slave_1: entered allmulticast mode
[ 1051.678746][T13399] team0: left allmulticast mode
[ 1051.678764][T13399] team_slave_0: left allmulticast mode
[ 1051.678788][T13399] team_slave_1: left allmulticast mode
[ 1053.524543][ T5606] Bluetooth: hci3: command tx timeout
[ 1053.797410][T13164] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1053.797870][T13164] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1053.798279][T13164] bridge_slave_0: entered allmulticast mode
[ 1053.842876][T13164] bridge_slave_0: entered promiscuous mode
[ 1054.445529][T13164] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1054.445872][T13164] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1054.446274][T13164] bridge_slave_1: entered allmulticast mode
[ 1054.476687][T13164] bridge_slave_1: entered promiscuous mode
[ 1055.023933][ T3300] bridge_slave_1: left allmulticast mode
[ 1055.023971][ T3300] bridge_slave_1: left promiscuous mode
[ 1055.024283][ T3300] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1055.760738][ T5606] Bluetooth: hci3: command tx timeout
[ 1056.284088][ T3300] bridge_slave_0: left allmulticast mode
[ 1056.284128][ T3300] bridge_slave_0: left promiscuous mode
[ 1056.284418][ T3300] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1057.050261][ T3300] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1057.135270][ T3300] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1057.170892][ T3300] bond0 (unregistering): Released all slaves
[ 1057.346464][T13164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1057.436997][T13164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1058.418230][T13460] team0: entered allmulticast mode
[ 1058.418347][T13460] team_slave_0: entered allmulticast mode
[ 1058.418763][T13460] team_slave_1: entered allmulticast mode
[ 1058.497079][T13461] team0: left allmulticast mode
[ 1058.497200][T13461] team_slave_0: left allmulticast mode
[ 1058.497662][T13461] team_slave_1: left allmulticast mode
[ 1058.592746][T10024] Bluetooth: hci3: command tx timeout
[ 1058.796422][T13164] team0: Port device team_slave_0 added
[ 1058.858699][T13164] team0: Port device team_slave_1 added
[ 1061.098211][T10024] Bluetooth: hci3: command tx timeout
[ 1063.917497][   T10] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1063.973526][ T3300] hsr_slave_0: left promiscuous mode
[ 1064.024967][ T3300] hsr_slave_1: left promiscuous mode
[ 1064.026235][ T3300] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1064.059940][ T3300] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1064.091178][   T10] usb 1-1: Using ep0 maxpacket: 32
[ 1064.129339][   T10] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[ 1064.129421][   T10] usb 1-1: config 0 has no interface number 0
[ 1064.129472][   T10] usb 1-1: config 0 interface 12 has no altsetting 0
[ 1064.221914][   T10] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1064.221987][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1064.222010][   T10] usb 1-1: Product: syz
[ 1064.222025][   T10] usb 1-1: Manufacturer: syz
[ 1064.222040][   T10] usb 1-1: SerialNumber: syz
[ 1064.317653][   T10] usb 1-1: config 0 descriptor??
[ 1068.252008][   T10] f81534 1-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[ 1068.252051][   T10] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[ 1068.252064][   T10] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1068.252130][   T10] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[ 1069.345971][   T10] usb 1-1: USB disconnect, device number 90
[ 1070.339930][ T3300] team0 (unregistering): Port device team_slave_1 removed
[ 1070.503725][ T3300] team0 (unregistering): Port device team_slave_0 removed
[ 1070.754335][T13509] team0: entered allmulticast mode
[ 1070.754359][T13509] team_slave_0: entered allmulticast mode
[ 1070.754398][T13509] team_slave_1: entered allmulticast mode
[ 1070.756570][T13510] team0: left allmulticast mode
[ 1070.756590][T13510] team_slave_0: left allmulticast mode
[ 1070.756617][T13510] team_slave_1: left allmulticast mode
[ 1070.775006][T13164] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1070.775026][T13164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1070.775050][T13164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1070.934983][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1070.959656][T13164] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1070.959669][T13164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1070.959690][T13164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1072.346171][T13164] hsr_slave_0: entered promiscuous mode
[ 1072.348798][T13164] hsr_slave_1: entered promiscuous mode
[ 1072.350783][T13164] debugfs: 'hsr0' already exists in 'hsr'
[ 1072.350810][T13164] Cannot create hsr debugfs directory
[ 1074.616932][ T1012] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1075.428967][ T1012] usb 6-1: Using ep0 maxpacket: 16
[ 1075.499113][ T1012] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[ 1075.499144][ T1012] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1075.499164][ T1012] usb 6-1: config 0 has no interface number 0
[ 1075.956232][ T1012] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1075.956256][ T1012] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1075.956272][ T1012] usb 6-1: Product: syz
[ 1075.956282][ T1012] usb 6-1: Manufacturer: syz
[ 1075.956292][ T1012] usb 6-1: SerialNumber: syz
[ 1076.072463][ T1012] usb 6-1: config 0 descriptor??
[ 1076.139145][ T1012] uvcvideo 6-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 1076.139191][ T1012] uvcvideo 6-1:0.105: No valid video chain found.
[ 1076.351890][ T5714] usb 6-1: USB disconnect, device number 9
[ 1078.970742][T13579] team0: entered allmulticast mode
[ 1078.970821][T13579] team_slave_0: entered allmulticast mode
[ 1078.971153][T13579] team_slave_1: entered allmulticast mode
[ 1078.976854][T13580] team0: left allmulticast mode
[ 1078.976918][T13580] team_slave_0: left allmulticast mode
[ 1078.977109][T13580] team_slave_1: left allmulticast mode
[ 1080.387757][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1080.661521][T13389] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1080.661782][T13389] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1080.662098][T13389] bridge_slave_0: entered allmulticast mode
[ 1080.699206][T13389] bridge_slave_0: entered promiscuous mode
[ 1080.726891][T13389] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1080.727315][T13389] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1080.727683][T13389] bridge_slave_1: entered allmulticast mode
[ 1080.768618][T13389] bridge_slave_1: entered promiscuous mode
[ 1080.951858][T13389] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1080.973145][T13389] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1081.066191][T10024] Bluetooth: hci5: unexpected event for opcode 0x043d
[ 1081.464480][ T5606] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1081.524218][ T5606] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1081.572248][ T5606] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1081.643190][ T5606] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1081.660941][ T5606] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1083.871005][T10024] Bluetooth: hci4: command tx timeout
[ 1084.415167][T13389] team0: Port device team_slave_0 added
[ 1085.320502][T10024] Bluetooth: hci2: unexpected event for opcode 0x043d
[ 1085.389643][T13623] team0: entered allmulticast mode
[ 1085.389666][T13623] team_slave_0: entered allmulticast mode
[ 1085.389695][T13623] team_slave_1: entered allmulticast mode
[ 1085.390383][T13624] team0: left allmulticast mode
[ 1085.390402][T13624] team_slave_0: left allmulticast mode
[ 1085.390428][T13624] team_slave_1: left allmulticast mode
[ 1086.094205][T10024] Bluetooth: hci4: command tx timeout
[ 1086.100892][T13389] team0: Port device team_slave_1 added
[ 1088.282674][T13649] netlink: 'syz.0.2243': attribute type 39 has an invalid length.
[ 1088.316502][T10024] Bluetooth: hci4: command tx timeout
[ 1089.446461][T13389] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1089.446533][T13389] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1089.446625][T13389] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1089.829970][T13389] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1089.829987][T13389] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1089.830016][T13389] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1090.308087][T13669] team0: entered allmulticast mode
[ 1090.308175][T13669] team_slave_0: entered allmulticast mode
[ 1090.308513][T13669] team_slave_1: entered allmulticast mode
[ 1090.322435][T13669] team0: left allmulticast mode
[ 1090.322507][T13669] team_slave_0: left allmulticast mode
[ 1090.322721][T13669] team_slave_1: left allmulticast mode
[ 1090.546643][T10024] Bluetooth: hci4: command tx timeout
[ 1091.228481][T13389] hsr_slave_0: entered promiscuous mode
[ 1091.326665][T13389] hsr_slave_1: entered promiscuous mode
[ 1091.338135][T13389] debugfs: 'hsr0' already exists in 'hsr'
[ 1091.338201][T13389] Cannot create hsr debugfs directory
[ 1099.590779][   T43] bridge_slave_1: left allmulticast mode
[ 1099.590820][   T43] bridge_slave_1: left promiscuous mode
[ 1099.591115][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1100.097280][   T43] bridge_slave_0: left allmulticast mode
[ 1100.097339][   T43] bridge_slave_0: left promiscuous mode
[ 1100.289783][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1102.230662][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1102.358772][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1102.445198][   T43] bond0 (unregistering): Released all slaves
[ 1102.486488][T13729] team0: entered allmulticast mode
[ 1102.486513][T13729] team_slave_0: entered allmulticast mode
[ 1102.486580][T13729] team_slave_1: entered allmulticast mode
[ 1102.487302][T13730] team0: left allmulticast mode
[ 1102.487319][T13730] team_slave_0: left allmulticast mode
[ 1102.487344][T13730] team_slave_1: left allmulticast mode
[ 1103.477003][T13760] fuse: Bad value for 'fd'
[ 1105.767149][   T43] hsr_slave_0: left promiscuous mode
[ 1106.377251][   T43] hsr_slave_1: left promiscuous mode
[ 1106.932978][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1107.315182][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1110.740467][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1110.779079][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1111.004155][T13792] team0: entered allmulticast mode
[ 1111.004173][T13792] team_slave_0: entered allmulticast mode
[ 1111.004194][T13792] team_slave_1: entered allmulticast mode
[ 1111.004564][T13793] team0: left allmulticast mode
[ 1111.004581][T13793] team_slave_0: left allmulticast mode
[ 1111.004604][T13793] team_slave_1: left allmulticast mode
[ 1111.403607][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1111.403725][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1112.421785][T13389] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1112.773209][T13389] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1113.376453][T13818] fuse: Bad value for 'fd'
[ 1113.837924][T13169] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1114.092489][T13169] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1114.111563][T13169] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1114.122681][T13169] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1114.133188][T13169] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1116.160626][T13597] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1116.162731][T13597] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1116.163114][T13597] bridge_slave_0: entered allmulticast mode
[ 1116.209875][T13597] bridge_slave_0: entered promiscuous mode
[ 1116.227113][T13853] team0: entered allmulticast mode
[ 1116.227136][T13853] team_slave_0: entered allmulticast mode
[ 1116.227164][T13853] team_slave_1: entered allmulticast mode
[ 1116.228487][T13853] team0: left allmulticast mode
[ 1116.228506][T13853] team_slave_0: left allmulticast mode
[ 1116.228533][T13853] team_slave_1: left allmulticast mode
[ 1116.523817][T13597] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1116.567652][T10024] Bluetooth: hci0: command tx timeout
[ 1116.574654][T13597] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1116.646660][T13597] bridge_slave_1: entered allmulticast mode
[ 1117.034427][T13597] bridge_slave_1: entered promiscuous mode
[ 1118.753617][T10024] Bluetooth: hci0: command tx timeout
[ 1119.623786][T13597] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1119.681698][T13597] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1120.483755][T13872] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1120.483818][T13872] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1120.973626][T13169] Bluetooth: hci0: command tx timeout
[ 1122.317406][T13872] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1122.317450][T13872] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1122.692800][T13890] team0: entered allmulticast mode
[ 1122.692822][T13890] team_slave_0: entered allmulticast mode
[ 1122.692848][T13890] team_slave_1: entered allmulticast mode
[ 1122.911516][T13872] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1122.911548][T13872] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1122.950453][T13890] team0: left allmulticast mode
[ 1122.950480][T13890] team_slave_0: left allmulticast mode
[ 1122.950501][T13890] team_slave_1: left allmulticast mode
[ 1122.967370][T13597] team0: Port device team_slave_0 added
[ 1123.249781][T13169] Bluetooth: hci0: command tx timeout
[ 1123.256352][T13872] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1123.256392][T13872] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1123.397441][T13597] team0: Port device team_slave_1 added
[ 1126.409113][   T12] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1126.409736][   T12] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1126.507223][T13597] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1126.507242][T13597] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1126.507273][T13597] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1126.529784][   T12] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1126.529822][   T12] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1126.587252][T13597] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1126.587266][T13597] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1126.587288][T13597] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1126.589801][   T12] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1126.589837][   T12] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1126.625213][ T1012] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[ 1126.762684][   T12] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1126.762722][   T12] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1126.870041][ T1012] usb 6-1: device descriptor read/all, error -71
[ 1128.140800][T13597] hsr_slave_0: entered promiscuous mode
[ 1128.201013][T13597] hsr_slave_1: entered promiscuous mode
[ 1128.229785][T13597] debugfs: 'hsr0' already exists in 'hsr'
[ 1128.229820][T13597] Cannot create hsr debugfs directory
[ 1131.233478][T13932] team0: entered allmulticast mode
[ 1131.233555][T13932] team_slave_0: entered allmulticast mode
[ 1131.233902][T13932] team_slave_1: entered allmulticast mode
[ 1131.240733][T13933] team0: left allmulticast mode
[ 1131.240810][T13933] team_slave_0: left allmulticast mode
[ 1131.241027][T13933] team_slave_1: left allmulticast mode
[ 1132.474156][T13936] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1132.725019][T13936] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.087096][T13936] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1133.805490][T13936] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1134.548155][ T3300] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.575689][ T3300] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.592596][ T5618] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[ 1134.643078][ T3300] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1134.794364][ T5618] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1134.794996][ T5618] usb 6-1: not running at top speed; connect to a high speed hub
[ 1134.812580][ T5618] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1134.812609][ T5618] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1134.813562][ T5618] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1134.850416][ T5618] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1134.850453][ T5618] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.850475][ T5618] usb 6-1: Product: syz
[ 1134.850491][ T5618] usb 6-1: SerialNumber: syz
[ 1134.959771][ T3300] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1135.774781][   T43] bridge_slave_1: left allmulticast mode
[ 1135.787756][   T43] bridge_slave_1: left promiscuous mode
[ 1135.788641][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1135.858763][T13955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1135.898669][T13955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1135.956810][ T5618] usb 6-1: USB disconnect, device number 12
[ 1135.957829][   T43] bridge_slave_0: left allmulticast mode
[ 1135.957862][   T43] bridge_slave_0: left promiscuous mode
[ 1135.983408][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1138.295865][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1138.633505][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1138.695493][   T43] bond0 (unregistering): Released all slaves
[ 1138.733665][T13965] team0: entered allmulticast mode
[ 1138.733689][T13965] team_slave_0: entered allmulticast mode
[ 1138.733774][T13965] team_slave_1: entered allmulticast mode
[ 1138.734182][T13966] team0: left allmulticast mode
[ 1138.734199][T13966] team_slave_0: left allmulticast mode
[ 1138.734222][T13966] team_slave_1: left allmulticast mode
[ 1138.886374][T13974] netdevsim netdevsim1 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1138.886404][T13974] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.192966][T13974] netdevsim netdevsim1 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1139.192996][T13974] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.368269][T13974] netdevsim netdevsim1 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1139.368313][T13974] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.531017][T13974] netdevsim netdevsim1 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1139.531056][T13974] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1140.635372][   T43] hsr_slave_0: left promiscuous mode
[ 1140.860199][   T43] hsr_slave_1: left promiscuous mode
[ 1140.861150][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1140.910584][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1141.281464][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1141.298830][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1142.087538][  T251] netdevsim netdevsim1 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1142.087579][  T251] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.160538][  T251] netdevsim netdevsim1 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1142.160576][  T251] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.310026][  T251] netdevsim netdevsim1 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1142.310065][  T251] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1142.391594][  T251] netdevsim netdevsim1 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1142.391633][  T251] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1143.296069][ T1012] usb 1-1: new full-speed USB device number 91 using dummy_hcd
[ 1143.384539][T14001] netlink: 'syz.5.2316': attribute type 39 has an invalid length.
[ 1143.554954][ T1012] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1143.576285][ T1012] usb 1-1: not running at top speed; connect to a high speed hub
[ 1143.953564][ T1012] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1143.953586][ T1012] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1143.955607][ T1012] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1144.889207][ T1012] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1144.889247][ T1012] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1144.889261][ T1012] usb 1-1: Product: syz
[ 1144.889272][ T1012] usb 1-1: SerialNumber: syz
[ 1145.789274][T13997] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1145.789710][T13997] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1145.821596][ T1012] usb 1-1: USB disconnect, device number 91
[ 1146.229341][T13819] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1146.229853][T13819] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1146.230221][T13819] bridge_slave_0: entered allmulticast mode
[ 1146.252292][T13819] bridge_slave_0: entered promiscuous mode
[ 1147.260100][T13819] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1147.260754][T13819] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1147.261133][T13819] bridge_slave_1: entered allmulticast mode
[ 1147.264925][T13819] bridge_slave_1: entered promiscuous mode
[ 1147.497312][T10024] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1147.576721][T10024] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1147.606126][T10024] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1147.607768][T10024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1147.612175][T10024] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1148.109116][T13819] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1148.147608][T13819] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1148.495867][T13819] team0: Port device team_slave_0 added
[ 1150.674488][T10024] Bluetooth: hci3: command tx timeout
[ 1150.729854][T14040] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1150.797787][T13819] team0: Port device team_slave_1 added
[ 1150.801699][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1150.967789][T14040] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1151.332025][T14040] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1152.161360][ T1012] usb 2-1: new full-speed USB device number 66 using dummy_hcd
[ 1152.407188][ T1012] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1152.408347][ T1012] usb 2-1: not running at top speed; connect to a high speed hub
[ 1152.410734][ T1012] usb 2-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1152.410762][ T1012] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1152.414825][T14040] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1152.521756][ T1012] usb 2-1: language id specifier not provided by device, defaulting to English
[ 1152.537459][T13819] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1152.537474][T13819] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.537494][T13819] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1152.693073][ T1012] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1152.693103][ T1012] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1152.693121][ T1012] usb 2-1: Product: syz
[ 1152.693134][ T1012] usb 2-1: SerialNumber: syz
[ 1152.857983][T13819] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1152.858004][T13819] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1152.858034][T13819] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1152.911533][T10024] Bluetooth: hci3: command tx timeout
[ 1153.614156][ T3379] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.633254][ T3379] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.633920][ T3379] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1153.658883][ T3379] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.204099][T14074] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1154.288702][T14074] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1154.731196][ T1012] usb 2-1: USB disconnect, device number 66
[ 1154.759530][T13819] hsr_slave_0: entered promiscuous mode
[ 1154.772103][T13819] hsr_slave_1: entered promiscuous mode
[ 1154.786059][T13819] debugfs: 'hsr0' already exists in 'hsr'
[ 1154.786101][T13819] Cannot create hsr debugfs directory
[ 1154.922919][T12933] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[ 1155.634839][T10024] Bluetooth: hci3: command tx timeout
[ 1155.733379][T12933] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1155.736497][T12933] usb 6-1: not running at top speed; connect to a high speed hub
[ 1155.807948][T12933] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1155.807980][T12933] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1155.833635][T12933] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1155.878229][T12933] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1155.878261][T12933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1155.878281][T12933] usb 6-1: Product: syz
[ 1155.878300][T12933] usb 6-1: SerialNumber: syz
[ 1156.552853][T14086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.019545][T14086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.392004][T12933] usb 6-1: USB disconnect, device number 13
[ 1157.818857][T13169] Bluetooth: hci3: command tx timeout
[ 1159.881005][ T5618] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[ 1160.621093][ T5618] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1160.621141][ T5618] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1161.239121][ T5618] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1161.239157][ T5618] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1161.239218][ T5618] usb 2-1: Product: syz
[ 1161.239281][ T5618] usb 2-1: Manufacturer: syz
[ 1161.239350][ T5618] usb 2-1: SerialNumber: syz
[ 1163.037134][ T5618] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 1163.135418][ T5618] usb 2-1: USB disconnect, device number 67
[ 1164.288335][ T5714] usb 2-1: new full-speed USB device number 68 using dummy_hcd
[ 1164.368471][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1164.621688][ T5714] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1164.645152][ T5714] usb 2-1: not running at top speed; connect to a high speed hub
[ 1164.657512][ T5714] usb 2-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1164.657594][ T5714] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1165.397130][ T5714] usb 2-1: language id specifier not provided by device, defaulting to English
[ 1165.422697][ T5714] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1165.422733][ T5714] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1165.422755][ T5714] usb 2-1: Product: syz
[ 1165.422770][ T5714] usb 2-1: SerialNumber: syz
[ 1166.216056][T14140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1166.289031][T14140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1167.237701][ T5714] usb 2-1: USB disconnect, device number 68
[ 1167.628312][ T5618] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1167.818177][ T5618] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1167.818208][ T5618] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1167.848921][ T5618] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1167.848946][ T5618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1167.848961][ T5618] usb 1-1: Product: syz
[ 1167.848972][ T5618] usb 1-1: Manufacturer: syz
[ 1167.848982][ T5618] usb 1-1: SerialNumber: syz
[ 1168.219533][T14150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1168.251442][T14150] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1168.302125][ T5618] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[ 1168.322434][ T5618] usb 1-1: USB disconnect, device number 92
[ 1168.917072][ T5618] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1169.127027][ T5618] usb 1-1: Using ep0 maxpacket: 8
[ 1169.217822][ T5618] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[ 1169.217846][ T5618] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1169.217883][ T5618] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1169.217914][ T5618] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1169.217931][ T5618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1169.452259][ T5618] usbtmc 1-1:16.0: bulk endpoints not found
[ 1171.224558][T12933] usb 1-1: USB disconnect, device number 93
[ 1172.999484][T12933] usb 1-1: new full-speed USB device number 94 using dummy_hcd
[ 1173.140462][ T5269] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1173.187823][T12933] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1173.188631][T12933] usb 1-1: not running at top speed; connect to a high speed hub
[ 1173.190279][T12933] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1173.190307][T12933] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1173.191099][T12933] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1173.203566][T12933] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1173.203596][T12933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1173.203633][T12933] usb 1-1: Product: syz
[ 1173.203678][T12933] usb 1-1: SerialNumber: syz
[ 1174.080107][T14194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1174.080643][T14194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1174.106267][T12933] usb 1-1: USB disconnect, device number 94
[ 1175.381181][T14211] binder: 14209:14211 ioctl c0306201 200000000080 returned -14
[ 1175.385940][T14211] binder: 14209:14211 ioctl c0306201 0 returned -14
[ 1176.678466][T14219] cgroup: Name too long
[ 1176.861483][T14041] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1176.861850][T14041] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1176.862241][T14041] bridge_slave_0: entered allmulticast mode
[ 1176.873948][T14041] bridge_slave_0: entered promiscuous mode
[ 1177.014895][T14041] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1177.015342][T14041] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1177.015725][T14041] bridge_slave_1: entered allmulticast mode
[ 1177.052699][T14041] bridge_slave_1: entered promiscuous mode
[ 1177.062838][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.062955][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.322961][   T12] bridge_slave_1: left allmulticast mode
[ 1177.323002][   T12] bridge_slave_1: left promiscuous mode
[ 1177.323308][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1177.410941][   T12] bridge_slave_0: left allmulticast mode
[ 1177.410989][   T12] bridge_slave_0: left promiscuous mode
[ 1177.411276][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1178.803432][T10024] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1178.856334][T10024] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1178.880063][T10024] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1178.900955][T10024] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1178.911143][T10024] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1179.350864][T12933] usb 2-1: new full-speed USB device number 69 using dummy_hcd
[ 1179.529787][T12933] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1179.530573][T12933] usb 2-1: not running at top speed; connect to a high speed hub
[ 1179.541293][T12933] usb 2-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1179.541322][T12933] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1179.542213][T12933] usb 2-1: language id specifier not provided by device, defaulting to English
[ 1179.631788][T12933] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1179.631823][T12933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1179.631844][T12933] usb 2-1: Product: syz
[ 1179.631858][T12933] usb 2-1: SerialNumber: syz
[ 1179.632318][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1179.759092][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1179.850542][   T12] bond0 (unregistering): Released all slaves
[ 1180.810033][T14041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1181.279504][T10024] Bluetooth: hci4: command tx timeout
[ 1181.566094][T14239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1181.566772][T14239] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1181.635389][T12933] usb 2-1: USB disconnect, device number 69
[ 1182.105040][T14041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1183.646589][   T12] hsr_slave_0: left promiscuous mode
[ 1183.689360][   T12] hsr_slave_1: left promiscuous mode
[ 1183.690540][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1183.744808][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1183.808370][T10024] Bluetooth: hci4: command tx timeout
[ 1184.182319][T14270] netlink: 44 bytes leftover after parsing attributes in process `syz.5.2376'.
[ 1184.310066][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1184.374117][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1184.825453][T14041] team0: Port device team_slave_0 added
[ 1184.888679][T14041] team0: Port device team_slave_1 added
[ 1186.072445][T10024] Bluetooth: hci4: command tx timeout
[ 1186.489514][T12933] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[ 1186.664776][T12933] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1186.666129][T12933] usb 6-1: not running at top speed; connect to a high speed hub
[ 1186.668776][T12933] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1186.668804][T12933] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1186.669870][T12933] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1187.308263][T12933] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1187.308296][T12933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1187.308317][T12933] usb 6-1: Product: syz
[ 1187.308333][T12933] usb 6-1: SerialNumber: syz
[ 1188.131917][T14304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1188.153016][T14304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1188.287685][T10024] Bluetooth: hci4: command tx timeout
[ 1188.621592][T12933] usb 6-1: USB disconnect, device number 14
[ 1188.677578][T14041] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1188.677607][T14041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1188.677637][T14041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1188.774634][T14041] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1188.774652][T14041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1188.774681][T14041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1193.465521][T14041] hsr_slave_0: entered promiscuous mode
[ 1193.521952][T14041] hsr_slave_1: entered promiscuous mode
[ 1193.530199][T14041] debugfs: 'hsr0' already exists in 'hsr'
[ 1193.530228][T14041] Cannot create hsr debugfs directory
[ 1195.805480][ T5269] 8021q: adding VLAN 0 to HW filter on device eth8
[ 1198.169577][T12933] usb 1-1: new full-speed USB device number 95 using dummy_hcd
[ 1198.343017][T12933] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1198.343689][T12933] usb 1-1: not running at top speed; connect to a high speed hub
[ 1198.344988][T12933] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1198.345014][T12933] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1198.345681][T12933] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1198.405732][T12933] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1198.405757][T12933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1198.405772][T12933] usb 1-1: Product: syz
[ 1198.405783][T12933] usb 1-1: SerialNumber: syz
[ 1199.364963][T14363] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1199.365774][T14363] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1202.376238][T12933] usb 1-1: USB disconnect, device number 95
[ 1202.983324][T12933] usb 1-1: new full-speed USB device number 96 using dummy_hcd
[ 1203.156012][T12933] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1203.156574][T12933] usb 1-1: not running at top speed; connect to a high speed hub
[ 1203.163016][T12933] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1203.163045][T12933] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1203.163877][T12933] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1203.248165][T12933] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1203.248200][T12933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1203.248229][T12933] usb 1-1: Product: syz
[ 1203.248245][T12933] usb 1-1: SerialNumber: syz
[ 1203.884027][T14397] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1203.923540][T14397] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1204.187254][T12933] usb 1-1: USB disconnect, device number 96
[ 1208.337537][T10024] Bluetooth: hci3: link tx timeout
[ 1208.337744][T10024] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1208.356767][T10024] Bluetooth: hci3: link tx timeout
[ 1208.356826][T10024] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[ 1210.864707][T10024] Bluetooth: hci3: command 0x0406 tx timeout
[ 1212.449995][   T10] usb 1-1: new full-speed USB device number 97 using dummy_hcd
[ 1212.613445][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1212.614029][   T10] usb 1-1: not running at top speed; connect to a high speed hub
[ 1212.638351][   T10] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1212.638378][   T10] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1212.639031][   T10] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1212.698093][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1212.698125][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1212.698145][   T10] usb 1-1: Product: syz
[ 1212.698164][   T10] usb 1-1: SerialNumber: syz
[ 1212.913823][T10024] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1212.984203][T10024] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1212.985867][T10024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1212.989007][T10024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1212.989886][T10024] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1213.506014][T14475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1213.540222][T14475] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1214.642130][   T10] usb 1-1: USB disconnect, device number 97
[ 1215.244042][T13169] Bluetooth: hci0: command tx timeout
[ 1216.363335][T14501] binder: 14500:14501 ioctl c0306201 200000000080 returned -14
[ 1216.584221][T14233] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1216.584654][T14233] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.585057][T14233] bridge_slave_0: entered allmulticast mode
[ 1216.588634][T14233] bridge_slave_0: entered promiscuous mode
[ 1216.649368][T14233] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1216.649690][T14233] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1216.650061][T14233] bridge_slave_1: entered allmulticast mode
[ 1216.653875][T14233] bridge_slave_1: entered promiscuous mode
[ 1217.413062][T13169] Bluetooth: hci0: command tx timeout
[ 1218.791122][T14233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1218.856966][T14233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1219.931459][T13169] Bluetooth: hci0: command tx timeout
[ 1219.963307][   T37] audit: type=1326 audit(1777434620.296:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14524 comm="syz.0.2426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1aec6cdd9 code=0x7ffc0000
[ 1219.963351][   T37] audit: type=1326 audit(1777434620.296:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14524 comm="syz.0.2426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1aec6cdd9 code=0x7ffc0000
[ 1219.963385][   T37] audit: type=1326 audit(1777434620.306:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14524 comm="syz.0.2426" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fa1aec6cdd9 code=0x7ffc0000
[ 1222.409241][T13169] Bluetooth: hci0: command tx timeout
[ 1222.837621][T12129] bridge_slave_1: left allmulticast mode
[ 1222.837669][T12129] bridge_slave_1: left promiscuous mode
[ 1222.837922][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1222.995577][T12129] bridge_slave_0: left allmulticast mode
[ 1223.012112][T12129] bridge_slave_0: left promiscuous mode
[ 1223.012463][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1223.098946][T14552] netlink: 'syz.5.2432': attribute type 39 has an invalid length.
[ 1223.186006][ T5714] usb 1-1: new full-speed USB device number 98 using dummy_hcd
[ 1223.366144][ T5714] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1223.382070][ T5714] usb 1-1: not running at top speed; connect to a high speed hub
[ 1223.575220][ T5714] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1223.587918][ T5714] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1223.631260][ T5714] usb 1-1: language id specifier not provided by device, defaulting to English
[ 1224.127957][ T5714] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1224.128064][ T5714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1224.128083][ T5714] usb 1-1: Product: syz
[ 1224.128094][ T5714] usb 1-1: SerialNumber: syz
[ 1224.382975][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1224.470631][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1224.780547][T14560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1224.844784][T14560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1225.119580][T12129] bond0 (unregistering): Released all slaves
[ 1225.354389][ T5714] usb 1-1: USB disconnect, device number 98
[ 1226.482031][T14233] team0: Port device team_slave_0 added
[ 1226.762272][T12129] hsr_slave_0: left promiscuous mode
[ 1227.341872][T12129] hsr_slave_1: left promiscuous mode
[ 1227.342841][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1227.352718][   T10] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1227.428530][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1227.512859][   T10] usb 6-1: Using ep0 maxpacket: 16
[ 1227.666200][   T10] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[ 1227.666247][   T10] usb 6-1: config 0 has no interface number 0
[ 1227.669432][   T10] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[ 1227.669464][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1227.669485][   T10] usb 6-1: Product: syz
[ 1227.669501][   T10] usb 6-1: Manufacturer: syz
[ 1227.669516][   T10] usb 6-1: SerialNumber: syz
[ 1227.848605][   T10] usb 6-1: config 0 descriptor??
[ 1227.867030][   T10] hub 6-1:0.132: bad descriptor, ignoring hub
[ 1227.867075][   T10] hub 6-1:0.132: probe with driver hub failed with error -5
[ 1227.915159][   T10] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.132/input/input8
[ 1229.744445][T14582] netlink: 'syz.1.2440': attribute type 39 has an invalid length.
[ 1230.793058][   T32] usb 6-1: USB disconnect, device number 15
[ 1231.802038][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1231.948511][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1232.080405][T14594] netlink: 'syz.5.2443': attribute type 39 has an invalid length.
[ 1233.395356][T14233] team0: Port device team_slave_1 added
[ 1235.003914][    T9] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1235.153419][    T9] usb 1-1: device descriptor read/64, error -71
[ 1235.442052][    T9] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1235.667291][    T9] usb 1-1: device descriptor read/64, error -71
[ 1235.795811][    T9] usb usb1-port1: attempt power cycle
[ 1236.245736][    T9] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1236.287589][    T9] usb 1-1: device descriptor read/8, error -71
[ 1237.480794][T14233] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1237.480813][T14233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1237.480844][T14233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1237.538734][T14233] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1237.538753][T14233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1237.538785][T14233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1239.229166][T14233] hsr_slave_0: entered promiscuous mode
[ 1239.243646][T14233] hsr_slave_1: entered promiscuous mode
[ 1239.253745][T14233] debugfs: 'hsr0' already exists in 'hsr'
[ 1239.253779][T14233] Cannot create hsr debugfs directory
[ 1242.331323][T10024] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1242.421142][T10024] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1242.450838][T10024] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1242.478421][T10024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1242.479251][T10024] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1242.718105][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1242.718225][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1243.116659][ T5269] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1243.935671][T12129] bridge_slave_1: left allmulticast mode
[ 1243.935712][T12129] bridge_slave_1: left promiscuous mode
[ 1243.936011][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1244.028591][T12129] bridge_slave_0: left allmulticast mode
[ 1244.028642][T12129] bridge_slave_0: left promiscuous mode
[ 1244.073945][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1244.937979][T13169] Bluetooth: hci3: command tx timeout
[ 1246.211133][T14675] netlink: 'syz.5.2459': attribute type 39 has an invalid length.
[ 1246.605299][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1247.159695][T13169] Bluetooth: hci3: command tx timeout
[ 1247.272045][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1247.359964][T12129] bond0 (unregistering): Released all slaves
[ 1248.490868][T12129] hsr_slave_0: left promiscuous mode
[ 1248.510958][   T32] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[ 1248.535126][T12129] hsr_slave_1: left promiscuous mode
[ 1248.536444][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1248.589937][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1248.687238][   T32] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1248.687273][   T32] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1248.687295][   T32] usb 2-1: Product: syz
[ 1248.687310][   T32] usb 2-1: Manufacturer: syz
[ 1248.687332][   T32] usb 2-1: SerialNumber: syz
[ 1249.390343][T13169] Bluetooth: hci3: command tx timeout
[ 1249.909519][   T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[ 1249.909567][   T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[ 1251.613053][T13169] Bluetooth: hci3: command tx timeout
[ 1251.712791][   T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000000. ret = -EPROTO
[ 1251.712853][   T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1251.856745][   T32] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1251.896203][   T32] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71
[ 1251.953442][   T32] usb 2-1: USB disconnect, device number 70
[ 1252.266069][T14735] netlink: 'syz.5.2471': attribute type 39 has an invalid length.
[ 1252.563911][T14738] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.2470'.
[ 1253.851693][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1253.987628][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1254.078375][T13169] Bluetooth: hci5: command 0x0406 tx timeout
[ 1255.595103][T14468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1255.603988][T14468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1255.605233][T14468] bridge_slave_0: entered allmulticast mode
[ 1255.626154][T14468] bridge_slave_0: entered promiscuous mode
[ 1255.644472][T14468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1255.646538][T14468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1255.646824][T14468] bridge_slave_1: entered allmulticast mode
[ 1255.681656][T14468] bridge_slave_1: entered promiscuous mode
[ 1255.883834][T14468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1255.919627][T14468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1258.880506][T14468] team0: Port device team_slave_0 added
[ 1263.941767][T14468] team0: Port device team_slave_1 added
[ 1264.006938][T14815] netlink: 'syz.1.2483': attribute type 39 has an invalid length.
[ 1264.582362][T14468] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1264.583131][T14468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1264.583177][T14468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1264.951131][T14468] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1264.951150][T14468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1264.951181][T14468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1267.177766][T14468] hsr_slave_0: entered promiscuous mode
[ 1267.200484][T14468] hsr_slave_1: entered promiscuous mode
[ 1267.239576][T14468] debugfs: 'hsr0' already exists in 'hsr'
[ 1267.239608][T14468] Cannot create hsr debugfs directory
[ 1278.540469][T12129] bridge_slave_1: left allmulticast mode
[ 1278.540508][T12129] bridge_slave_1: left promiscuous mode
[ 1278.540811][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1278.909483][T12129] bridge_slave_0: left allmulticast mode
[ 1278.999185][T12129] bridge_slave_0: left promiscuous mode
[ 1279.103574][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1279.706205][T13169] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1279.764540][T13169] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1279.776281][T13169] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1279.852614][T13169] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1279.861485][T13169] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1282.316752][T13169] Bluetooth: hci4: command tx timeout
[ 1282.463779][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1283.670551][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1284.519814][T13169] Bluetooth: hci4: command tx timeout
[ 1284.859341][T12129] bond0 (unregistering): Released all slaves
[ 1286.705673][T14965] comedi comedi0: Minor 2 could not be opened
[ 1286.739651][T14653] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1286.740066][T14653] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1286.740479][T14653] bridge_slave_0: entered allmulticast mode
[ 1286.745878][T14653] bridge_slave_0: entered promiscuous mode
[ 1286.821380][T14653] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1286.821619][T14653] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1286.821915][T14653] bridge_slave_1: entered allmulticast mode
[ 1286.830702][T14653] bridge_slave_1: entered promiscuous mode
[ 1286.911039][T13169] Bluetooth: hci4: command tx timeout
[ 1287.023782][T12129] hsr_slave_0: left promiscuous mode
[ 1287.066288][T12129] hsr_slave_1: left promiscuous mode
[ 1287.067438][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1287.110561][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1288.178539][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1288.253128][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1289.129680][T13169] Bluetooth: hci4: command tx timeout
[ 1290.124060][T14653] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1290.200285][T14653] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1290.415135][T14653] team0: Port device team_slave_0 added
[ 1290.429141][T14653] team0: Port device team_slave_1 added
[ 1291.166822][T14653] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1291.166933][T14653] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1291.166965][T14653] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1291.252112][T14653] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1291.252131][T14653] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1291.252161][T14653] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1292.823413][T15015] comedi comedi0: Minor 2 could not be opened
[ 1293.064010][T14653] hsr_slave_0: entered promiscuous mode
[ 1293.103203][T14653] hsr_slave_1: entered promiscuous mode
[ 1293.192647][T14653] debugfs: 'hsr0' already exists in 'hsr'
[ 1293.192677][T14653] Cannot create hsr debugfs directory
[ 1297.465159][T12933] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[ 1297.637246][T12933] usb 2-1: Using ep0 maxpacket: 16
[ 1297.700000][T12933] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[ 1297.700031][T12933] usb 2-1: config 0 has an invalid descriptor of length 120, skipping remainder of the config
[ 1297.700055][T12933] usb 2-1: config 0 has no interface number 0
[ 1297.707165][T12933] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1297.707197][T12933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1297.707222][T12933] usb 2-1: Product: syz
[ 1297.707232][T12933] usb 2-1: Manufacturer: syz
[ 1297.707242][T12933] usb 2-1: SerialNumber: syz
[ 1298.614635][T12933] usb 2-1: config 0 descriptor??
[ 1299.016374][T12933] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 1299.016772][T12933] uvcvideo 2-1:0.105: No valid video chain found.
[ 1299.144214][T12933] usb 2-1: USB disconnect, device number 71
[ 1308.423602][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1308.423704][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1308.770732][T14924] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1308.771044][T14924] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1308.771448][T14924] bridge_slave_0: entered allmulticast mode
[ 1308.775252][T14924] bridge_slave_0: entered promiscuous mode
[ 1308.828331][T14924] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1308.828735][T14924] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1308.829271][T14924] bridge_slave_1: entered allmulticast mode
[ 1308.869154][T14924] bridge_slave_1: entered promiscuous mode
[ 1312.549727][T10024] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1312.604131][T10024] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1312.626080][T10024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1312.696054][T10024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1312.698789][T10024] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1314.259500][T14924] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1314.335175][T14924] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1314.834878][T14924] team0: Port device team_slave_0 added
[ 1314.875153][T14924] team0: Port device team_slave_1 added
[ 1315.214022][T14924] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1315.214040][T14924] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1315.214070][T14924] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1315.274040][T14924] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1315.274060][T14924] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1315.274091][T14924] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1315.418886][T13169] Bluetooth: hci0: command tx timeout
[ 1319.726783][T13169] Bluetooth: hci0: command tx timeout
[ 1321.078677][T14924] hsr_slave_0: entered promiscuous mode
[ 1321.108196][T14924] hsr_slave_1: entered promiscuous mode
[ 1321.127269][T14924] debugfs: 'hsr0' already exists in 'hsr'
[ 1321.127301][T14924] Cannot create hsr debugfs directory
[ 1321.899713][T13169] Bluetooth: hci0: command tx timeout
[ 1322.469137][   T32] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1322.907237][   T32] usb 1-1: Using ep0 maxpacket: 16
[ 1322.912336][   T32] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[ 1322.912368][   T32] usb 1-1: config 0 has an invalid descriptor of length 88, skipping remainder of the config
[ 1322.912390][   T32] usb 1-1: config 0 has no interface number 0
[ 1322.916288][   T32] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[ 1322.916321][   T32] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1322.916343][   T32] usb 1-1: Product: syz
[ 1322.916358][   T32] usb 1-1: Manufacturer: syz
[ 1322.916374][   T32] usb 1-1: SerialNumber: syz
[ 1323.941481][   T32] usb 1-1: config 0 descriptor??
[ 1324.093741][T13169] Bluetooth: hci0: command tx timeout
[ 1324.138437][   T32] uvcvideo 1-1:0.105: Found UVC 0.00 device syz (046d:08f3)
[ 1324.138478][   T32] uvcvideo 1-1:0.105: No valid video chain found.
[ 1325.267001][   T32] usb 1-1: USB disconnect, device number 103
[ 1327.566467][T12129] bridge_slave_1: left allmulticast mode
[ 1327.566508][T12129] bridge_slave_1: left promiscuous mode
[ 1327.566929][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1328.195760][T12129] bridge_slave_0: left allmulticast mode
[ 1328.195789][T12129] bridge_slave_0: left promiscuous mode
[ 1328.196032][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1330.174725][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1331.187162][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1331.269372][T12129] bond0 (unregistering): Released all slaves
[ 1337.301579][T12129] hsr_slave_0: left promiscuous mode
[ 1337.549273][T12129] hsr_slave_1: left promiscuous mode
[ 1337.555898][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1339.384577][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1342.491750][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1343.527745][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1345.147982][T15423] cgroup: Name too long
[ 1347.328126][T10024] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1347.435927][T10024] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1347.480245][T10024] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1347.525296][T10024] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1347.561321][T10024] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1350.106002][T10024] Bluetooth: hci3: command tx timeout
[ 1350.527972][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1352.314777][T10024] Bluetooth: hci3: command tx timeout
[ 1352.865133][T10335] kworker/u8:19 (10335) used greatest stack depth: 18688 bytes left
[ 1353.909105][T15172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1353.958060][T15172] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1353.958363][T15172] bridge_slave_0: entered allmulticast mode
[ 1354.010507][T15172] bridge_slave_0: entered promiscuous mode
[ 1354.051327][T15172] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1354.051561][T15172] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1354.051902][T15172] bridge_slave_1: entered allmulticast mode
[ 1354.131457][T15172] bridge_slave_1: entered promiscuous mode
[ 1354.776936][T10024] Bluetooth: hci3: command tx timeout
[ 1355.566727][T15172] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1355.632354][T15172] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1356.008882][T15172] team0: Port device team_slave_0 added
[ 1356.106198][T15172] team0: Port device team_slave_1 added
[ 1356.456857][T15508] cgroup: Name too long
[ 1356.921440][T10024] Bluetooth: hci3: command tx timeout
[ 1359.899834][T15172] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1359.899848][T15172] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1359.899869][T15172] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1359.973759][T15172] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1359.973778][T15172] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1359.973810][T15172] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1360.038841][ T5269] 8021q: adding VLAN 0 to HW filter on device eth6
[ 1360.233375][T15172] hsr_slave_0: entered promiscuous mode
[ 1360.250498][T15172] hsr_slave_1: entered promiscuous mode
[ 1360.267378][T15172] debugfs: 'hsr0' already exists in 'hsr'
[ 1360.267405][T15172] Cannot create hsr debugfs directory
[ 1363.708328][T15547] cgroup: Name too long
[ 1365.023009][T15562] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2617'.
[ 1370.815799][T12129] bridge_slave_1: left allmulticast mode
[ 1370.815836][T12129] bridge_slave_1: left promiscuous mode
[ 1370.816107][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1370.916977][T12129] bridge_slave_0: left allmulticast mode
[ 1370.917025][T12129] bridge_slave_0: left promiscuous mode
[ 1370.917337][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1371.124808][    T9] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[ 1371.291512][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1371.291575][    T9] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1371.291605][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1371.291634][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1371.291658][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1371.297152][    T9] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1371.297184][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1371.297207][    T9] usb 6-1: Product: syz
[ 1371.297222][    T9] usb 6-1: Manufacturer: syz
[ 1371.297237][    T9] usb 6-1: SerialNumber: syz
[ 1371.321896][    T9] usb 6-1: config 0 descriptor??
[ 1372.065932][    T9] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -110
[ 1372.066309][    T9] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[ 1372.229195][    T9] usb 6-1: USB disconnect, device number 16
[ 1372.459438][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1373.683991][T15614] cgroup: Name too long
[ 1373.732355][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1373.817900][T12129] bond0 (unregistering): Released all slaves
[ 1374.022418][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1374.022536][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1374.153639][ T5269] 8021q: adding VLAN 0 to HW filter on device eth7
[ 1374.766048][T15628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2627'.
[ 1374.768290][T12129] hsr_slave_0: left promiscuous mode
[ 1374.790565][T13169] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1375.930001][T13169] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1375.964735][T13169] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1376.048907][T12129] hsr_slave_1: left promiscuous mode
[ 1376.050266][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1376.268397][T13169] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1376.278280][T13169] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1377.595835][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1378.199510][    T9] usb 6-1: new full-speed USB device number 17 using dummy_hcd
[ 1378.370558][    T9] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1378.371264][    T9] usb 6-1: not running at top speed; connect to a high speed hub
[ 1378.372698][    T9] usb 6-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1378.372723][    T9] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1378.373415][    T9] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1378.394429][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1378.394509][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1378.394570][    T9] usb 6-1: Product: syz
[ 1378.394614][    T9] usb 6-1: SerialNumber: syz
[ 1378.617662][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1378.679819][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1379.277045][T15647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1379.279043][T15647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1379.328577][T10024] Bluetooth: hci4: command tx timeout
[ 1379.411124][    T9] usb 6-1: USB disconnect, device number 17
[ 1381.437818][T15667] cgroup: Name too long
[ 1381.550258][T10024] Bluetooth: hci4: command tx timeout
[ 1382.026425][T15440] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1382.026784][T15440] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1382.029275][T15440] bridge_slave_0: entered allmulticast mode
[ 1382.075950][T15440] bridge_slave_0: entered promiscuous mode
[ 1382.113224][T15440] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1382.113579][T15440] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1382.117383][T15440] bridge_slave_1: entered allmulticast mode
[ 1382.153785][T15440] bridge_slave_1: entered promiscuous mode
[ 1382.291069][T15440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1382.323463][T15440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1383.782854][T10024] Bluetooth: hci4: command tx timeout
[ 1384.575149][T15440] team0: Port device team_slave_0 added
[ 1384.620599][T15440] team0: Port device team_slave_1 added
[ 1385.230525][T15440] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1385.230545][T15440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1385.230574][T15440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1385.264729][T15440] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1385.264746][T15440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1385.264781][T15440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1386.289741][T10024] Bluetooth: hci4: command tx timeout
[ 1386.751688][T15440] hsr_slave_0: entered promiscuous mode
[ 1386.759358][T15440] hsr_slave_1: entered promiscuous mode
[ 1386.771594][T15440] debugfs: 'hsr0' already exists in 'hsr'
[ 1386.771623][T15440] Cannot create hsr debugfs directory
[ 1386.789324][   T10] usb 2-1: new full-speed USB device number 72 using dummy_hcd
[ 1386.952540][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1386.953491][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[ 1386.955476][   T10] usb 2-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[ 1386.955503][   T10] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[ 1386.956459][   T10] usb 2-1: language id specifier not provided by device, defaulting to English
[ 1386.997625][T12129] bridge_slave_1: left allmulticast mode
[ 1386.997664][T12129] bridge_slave_1: left promiscuous mode
[ 1386.998447][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1387.036244][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1387.036278][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1387.036300][   T10] usb 2-1: Product: syz
[ 1387.036316][   T10] usb 2-1: SerialNumber: syz
[ 1387.164478][T12129] bridge_slave_0: left allmulticast mode
[ 1387.164517][T12129] bridge_slave_0: left promiscuous mode
[ 1387.164818][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1387.844646][T15703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1387.845308][T15703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1388.410160][   T10] usb 2-1: USB disconnect, device number 72
[ 1388.509151][T12129] bridge_slave_1: left allmulticast mode
[ 1388.509192][T12129] bridge_slave_1: left promiscuous mode
[ 1388.509495][T12129] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1388.676503][T12129] bridge_slave_0: left allmulticast mode
[ 1388.676550][T12129] bridge_slave_0: left promiscuous mode
[ 1388.676886][T12129] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1389.259656][T15719] cgroup: Name too long
[ 1389.524847][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1390.262298][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1390.349548][T12129] bond0 (unregistering): Released all slaves
[ 1390.659832][T12129] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1390.775271][T12129] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1390.842242][T12129] bond0 (unregistering): Released all slaves
[ 1391.582878][ T5269] 8021q: adding VLAN 0 to HW filter on device eth8
[ 1392.619662][T10024] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1392.619731][T10024] CPU: 0 UID: 0 PID: 10024 Comm: kworker/u9:1 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1392.619764][T10024] Tainted: [L]=SOFTLOCKUP
[ 1392.619773][T10024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1392.619788][T10024] Workqueue: hci2 hci_rx_work
[ 1392.619840][T10024] Call Trace:
[ 1392.619850][T10024]  <TASK>
[ 1392.619860][T10024]  dump_stack_lvl+0xe8/0x150
[ 1392.619897][T10024]  sysfs_create_dir_ns+0x271/0x2a0
[ 1392.619922][T10024]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1392.619951][T10024]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1392.619980][T10024]  ? rt_spin_unlock+0x160/0x200
[ 1392.620008][T10024]  kobject_add_internal+0x631/0xd10
[ 1392.620056][T10024]  kobject_add+0x163/0x240
[ 1392.620097][T10024]  ? __pfx_kobject_add+0x10/0x10
[ 1392.620140][T10024]  ? get_device_parent+0x370/0x3a0
[ 1392.620171][T10024]  device_add+0x408/0xbb0
[ 1392.620203][T10024]  hci_conn_add_sysfs+0xd5/0x210
[ 1392.620237][T10024]  le_conn_complete_evt+0x10e6/0x16b0
[ 1392.620273][T10024]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1392.620296][T10024]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1392.620329][T10024]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1392.620362][T10024]  ? skb_pull_data+0xfb/0x200
[ 1392.620402][T10024]  hci_le_conn_complete_evt+0x187/0x470
[ 1392.620447][T10024]  hci_event_packet+0x659/0xef0
[ 1392.620487][T10024]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1392.620510][T10024]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1392.620544][T10024]  ? __pfx_hci_event_packet+0x10/0x10
[ 1392.620572][T10024]  ? rt_spin_unlock+0x14f/0x200
[ 1392.620607][T10024]  ? hci_send_to_monitor+0xe2/0x590
[ 1392.620636][T10024]  hci_rx_work+0x3ee/0x1040
[ 1392.620685][T10024]  ? process_one_work+0x8b7/0x1710
[ 1392.620713][T10024]  process_one_work+0x9a3/0x1710
[ 1392.620767][T10024]  ? __pfx_process_one_work+0x10/0x10
[ 1392.620793][T10024]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1392.620843][T10024]  worker_thread+0xba8/0x11e0
[ 1392.620884][T10024]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1392.620916][T10024]  ? __kthread_parkme+0x7a/0x1f0
[ 1392.620949][T10024]  ? __kthread_parkme+0x19c/0x1f0
[ 1392.620987][T10024]  kthread+0x388/0x470
[ 1392.621020][T10024]  ? __pfx_worker_thread+0x10/0x10
[ 1392.621046][T10024]  ? __pfx_kthread+0x10/0x10
[ 1392.621082][T10024]  ret_from_fork+0x514/0xb70
[ 1392.621114][T10024]  ? __pfx_ret_from_fork+0x10/0x10
[ 1392.621143][T10024]  ? __switch_to+0xc79/0x1410
[ 1392.621171][T10024]  ? __pfx_kthread+0x10/0x10
[ 1392.621207][T10024]  ret_from_fork_asm+0x1a/0x30
[ 1392.621259][T10024]  </TASK>
[ 1392.621326][T10024] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1392.621370][T10024] Bluetooth: hci2: failed to register connection device
[ 1393.276690][T12129] hsr_slave_0: left promiscuous mode
[ 1393.317628][T12129] hsr_slave_1: left promiscuous mode
[ 1393.318503][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1393.817986][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1394.507491][T12129] hsr_slave_0: left promiscuous mode
[ 1394.566955][T12129] hsr_slave_1: left promiscuous mode
[ 1394.594228][T12129] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1394.626084][T12129] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1396.217798][T13169] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[ 1396.217831][T13169] CPU: 1 UID: 0 PID: 13169 Comm: kworker/u9:3 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1396.217865][T13169] Tainted: [L]=SOFTLOCKUP
[ 1396.217873][T13169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1396.217889][T13169] Workqueue: hci1 hci_rx_work
[ 1396.217925][T13169] Call Trace:
[ 1396.217934][T13169]  <TASK>
[ 1396.217945][T13169]  dump_stack_lvl+0xe8/0x150
[ 1396.217980][T13169]  sysfs_create_dir_ns+0x271/0x2a0
[ 1396.218005][T13169]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1396.218032][T13169]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1396.218061][T13169]  ? rt_spin_unlock+0x160/0x200
[ 1396.218089][T13169]  kobject_add_internal+0x631/0xd10
[ 1396.218135][T13169]  kobject_add+0x163/0x240
[ 1396.218175][T13169]  ? __pfx_kobject_add+0x10/0x10
[ 1396.218218][T13169]  ? get_device_parent+0x370/0x3a0
[ 1396.218250][T13169]  device_add+0x408/0xbb0
[ 1396.218280][T13169]  hci_conn_add_sysfs+0xd5/0x210
[ 1396.218313][T13169]  le_conn_complete_evt+0x10e6/0x16b0
[ 1396.218356][T13169]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1396.218380][T13169]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1396.218412][T13169]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1396.218445][T13169]  ? skb_pull_data+0xfb/0x200
[ 1396.218485][T13169]  hci_le_conn_complete_evt+0x187/0x470
[ 1396.218530][T13169]  hci_event_packet+0x659/0xef0
[ 1396.218569][T13169]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[ 1396.218592][T13169]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1396.218624][T13169]  ? __pfx_hci_event_packet+0x10/0x10
[ 1396.218653][T13169]  ? rt_spin_unlock+0x14f/0x200
[ 1396.218688][T13169]  ? hci_send_to_monitor+0xe2/0x590
[ 1396.218715][T13169]  hci_rx_work+0x3ee/0x1040
[ 1396.218757][T13169]  ? process_one_work+0x8b7/0x1710
[ 1396.218782][T13169]  process_one_work+0x9a3/0x1710
[ 1396.218835][T13169]  ? __pfx_process_one_work+0x10/0x10
[ 1396.218860][T13169]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1396.218909][T13169]  worker_thread+0xba8/0x11e0
[ 1396.218948][T13169]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1396.218981][T13169]  ? __kthread_parkme+0x7a/0x1f0
[ 1396.219012][T13169]  ? __kthread_parkme+0x19c/0x1f0
[ 1396.219050][T13169]  kthread+0x388/0x470
[ 1396.219084][T13169]  ? __pfx_worker_thread+0x10/0x10
[ 1396.219110][T13169]  ? __pfx_kthread+0x10/0x10
[ 1396.219145][T13169]  ret_from_fork+0x514/0xb70
[ 1396.219177][T13169]  ? __pfx_ret_from_fork+0x10/0x10
[ 1396.219207][T13169]  ? __switch_to+0xc79/0x1410
[ 1396.219234][T13169]  ? __pfx_kthread+0x10/0x10
[ 1396.219270][T13169]  ret_from_fork_asm+0x1a/0x30
[ 1396.219321][T13169]  </TASK>
[ 1396.219362][T13169] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1396.219404][T13169] Bluetooth: hci1: failed to register connection device
[ 1397.276560][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1397.379283][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1399.056175][T15805] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2671'.
[ 1399.591139][T12129] team0 (unregistering): Port device team_slave_1 removed
[ 1399.722944][T12129] team0 (unregistering): Port device team_slave_0 removed
[ 1408.613472][T15864] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2684'.
[ 1408.969899][T15631] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1408.970223][T15631] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1408.970530][T15631] bridge_slave_0: entered allmulticast mode
[ 1408.975970][T15631] bridge_slave_0: entered promiscuous mode
[ 1409.013386][ T5269] 8021q: adding VLAN 0 to HW filter on device eth9
[ 1409.014509][T15631] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1409.014756][T15631] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1409.015023][T15631] bridge_slave_1: entered allmulticast mode
[ 1409.035518][T15631] bridge_slave_1: entered promiscuous mode
[ 1409.084659][   T32] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1409.370441][   T32] usb 6-1: config 0 has too many interfaces: 253, using maximum allowed: 32
[ 1409.370472][   T32] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 253
[ 1409.373296][   T32] usb 6-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac
[ 1409.373331][   T32] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.373346][   T32] usb 6-1: Product: syz
[ 1409.373356][   T32] usb 6-1: Manufacturer: syz
[ 1409.373367][   T32] usb 6-1: SerialNumber: syz
[ 1409.378202][   T32] usb 6-1: config 0 descriptor??
[ 1409.537691][   T32] gspca_main: sunplus-2.14.0 probing 055f:c630
[ 1409.823877][T15631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1409.863889][T15631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1409.964331][   T32] usb 6-1: USB disconnect, device number 18
[ 1410.568483][T10024] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1410.623772][T10024] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1410.677305][T10024] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1410.680145][T10024] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1410.680924][T10024] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1412.756826][T15631] team0: Port device team_slave_0 added
[ 1412.843425][T15631] team0: Port device team_slave_1 added
[ 1412.927557][T13169] Bluetooth: hci0: command tx timeout
[ 1414.663717][T15631] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1414.663731][T15631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1414.663752][T15631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1414.789648][T15631] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1414.789661][T15631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1414.789683][T15631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1415.138591][T13169] Bluetooth: hci0: command tx timeout
[ 1415.297795][T15631] hsr_slave_0: entered promiscuous mode
[ 1415.311590][T15631] hsr_slave_1: entered promiscuous mode
[ 1415.321769][T15631] debugfs: 'hsr0' already exists in 'hsr'
[ 1415.321822][T15631] Cannot create hsr debugfs directory
[ 1417.386702][T13169] Bluetooth: hci0: command tx timeout
[ 1419.551444][ T5269] 8021q: adding VLAN 0 to HW filter on device eth10
[ 1421.081297][T10024] Bluetooth: hci0: command tx timeout
[ 1422.223799][T10334] bridge_slave_1: left allmulticast mode
[ 1422.223897][T10334] bridge_slave_1: left promiscuous mode
[ 1422.224190][T10334] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1422.580737][T10334] bridge_slave_0: left allmulticast mode
[ 1422.580775][T10334] bridge_slave_0: left promiscuous mode
[ 1422.581070][T10334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1424.801026][T10334] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1425.131945][T10334] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1425.914287][T10334] bond0 (unregistering): Released all slaves
[ 1425.977287][T15981] netlink: 'syz.5.2710': attribute type 39 has an invalid length.
[ 1428.143561][T10334] hsr_slave_0: left promiscuous mode
[ 1428.212348][T10334] hsr_slave_1: left promiscuous mode
[ 1428.213587][T10334] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1428.265907][T16008] netlink: 'syz.1.2715': attribute type 39 has an invalid length.
[ 1428.311525][T10334] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1431.296617][T10334] team0 (unregistering): Port device team_slave_1 removed
[ 1431.363641][T10334] team0 (unregistering): Port device team_slave_0 removed
[ 1431.643029][T16034] netlink: 'syz.5.2721': attribute type 39 has an invalid length.
[ 1436.544054][T16073] netlink: 'syz.1.2731': attribute type 39 has an invalid length.
[ 1437.882638][T15875] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1437.882996][T15875] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1437.883335][T15875] bridge_slave_0: entered allmulticast mode
[ 1437.887744][T15875] bridge_slave_0: entered promiscuous mode
[ 1437.895114][T15875] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1437.895561][T15875] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1437.895989][T15875] bridge_slave_1: entered allmulticast mode
[ 1437.901690][T15875] bridge_slave_1: entered promiscuous mode
[ 1438.729475][T15875] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1438.758962][T15875] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1438.836774][T15875] team0: Port device team_slave_0 added
[ 1438.849261][T15875] team0: Port device team_slave_1 added
[ 1438.917248][T15875] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1438.917267][T15875] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1438.917297][T15875] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1438.973527][T15875] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1438.973546][T15875] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1438.973576][T15875] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1439.687982][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1439.688120][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1439.719675][T16096] netlink: 'syz.1.2734': attribute type 39 has an invalid length.
[ 1439.769912][ T5618] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1439.857185][T15875] hsr_slave_0: entered promiscuous mode
[ 1439.865011][T15875] hsr_slave_1: entered promiscuous mode
[ 1439.886259][T15875] debugfs: 'hsr0' already exists in 'hsr'
[ 1439.886291][T15875] Cannot create hsr debugfs directory
[ 1439.955816][ T5618] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1439.955877][ T5618] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1439.955902][ T5618] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1440.068624][ T5618] usb 1-1: config 0 descriptor??
[ 1440.116068][ T5618] pwc: Askey VC010 type 2 USB webcam detected.
[ 1440.454578][T13169] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1440.576981][T13169] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1440.585199][T13169] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1440.627679][T13169] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1440.628901][T13169] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1440.671358][ T5618] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1440.812979][ T5618] pwc: recv_control_msg error -32 req 02 val 2700
[ 1440.822261][ T5618] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1441.038318][ T5618] pwc: recv_control_msg error -71 req 04 val 1300
[ 1441.038847][ T5618] pwc: recv_control_msg error -71 req 04 val 1400
[ 1441.039342][ T5618] pwc: recv_control_msg error -71 req 02 val 2000
[ 1441.039861][ T5618] pwc: recv_control_msg error -71 req 02 val 2100
[ 1441.045115][ T5618] pwc: recv_control_msg error -71 req 04 val 1500
[ 1441.048205][ T5618] pwc: recv_control_msg error -71 req 02 val 2500
[ 1441.053002][ T5618] pwc: recv_control_msg error -71 req 02 val 2400
[ 1441.053574][ T5618] pwc: recv_control_msg error -71 req 02 val 2600
[ 1441.054144][ T5618] pwc: recv_control_msg error -71 req 02 val 2900
[ 1441.059354][ T5618] pwc: recv_control_msg error -71 req 02 val 2800
[ 1441.076925][ T5618] pwc: recv_control_msg error -71 req 04 val 1100
[ 1441.097725][ T5618] pwc: recv_control_msg error -71 req 04 val 1200
[ 1441.370767][ T5618] pwc: Registered as video103.
[ 1441.406003][ T5618] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input9
[ 1441.594686][ T5618] usb 1-1: USB disconnect, device number 104
[ 1442.836840][T10024] Bluetooth: hci3: command tx timeout
[ 1442.959312][T16141] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2740'.
[ 1445.081024][T10024] Bluetooth: hci3: command tx timeout
[ 1445.344887][T16146] netlink: 'syz.0.2741': attribute type 12 has an invalid length.
[ 1445.583934][   T43] bridge_slave_1: left allmulticast mode
[ 1445.583974][   T43] bridge_slave_1: left promiscuous mode
[ 1445.584297][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1445.672513][   T43] bridge_slave_0: left allmulticast mode
[ 1445.672553][   T43] bridge_slave_0: left promiscuous mode
[ 1445.672867][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1445.707169][T16175] netlink: 'syz.0.2745': attribute type 39 has an invalid length.
[ 1447.176069][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1447.283486][T10024] Bluetooth: hci3: command tx timeout
[ 1448.084849][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1448.170876][   T43] bond0 (unregistering): Released all slaves
[ 1449.629071][T10024] Bluetooth: hci3: command tx timeout
[ 1453.213940][ T5736] kworker/0:5 (5736) used greatest stack depth: 15704 bytes left
[ 1456.672412][T16275] netlink: 'syz.1.2758': attribute type 39 has an invalid length.
[ 1456.728760][   T43] hsr_slave_0: left promiscuous mode
[ 1456.771416][   T43] hsr_slave_1: left promiscuous mode
[ 1456.772641][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1456.967262][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1461.089508][   T43] team0 (unregistering): Port device team_slave_1 removed
[ 1461.144449][   T43] team0 (unregistering): Port device team_slave_0 removed
[ 1462.507094][T16313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2769'.
[ 1462.828682][T15875] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1463.588844][T15875] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1463.662068][T15875] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1463.750687][T15875] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1463.759555][T15875] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1463.869244][T15875] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1463.877110][T15875] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1464.000104][T15875] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1464.362574][   T32] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1464.620759][   T32] usb 1-1: Using ep0 maxpacket: 32
[ 1464.649088][   T32] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[ 1464.649122][   T32] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1464.829594][T10024] Bluetooth: hci5: unexpected event for opcode 0x0402
[ 1465.749072][   T32] usb 1-1: config 0 descriptor??
[ 1465.774919][   T32] as10x_usb: device has been detected
[ 1465.780677][   T32] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[ 1465.810033][   T32] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[ 1468.523367][   T32] as10x_usb: error during firmware upload part1
[ 1468.531564][   T32] Registered device nBox DVB-T Dongle
[ 1468.551070][   T32] usb 1-1: USB disconnect, device number 105
[ 1468.810911][   T32] Unregistered device nBox DVB-T Dongle
[ 1468.813510][   T32] as10x_usb: device has been disconnected
[ 1468.948455][T16106] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1468.949631][T16106] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1468.950009][T16106] bridge_slave_0: entered allmulticast mode
[ 1468.976278][T16106] bridge_slave_0: entered promiscuous mode
[ 1468.989031][T16106] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1468.998907][T16106] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1468.999284][T16106] bridge_slave_1: entered allmulticast mode
[ 1469.003060][T16106] bridge_slave_1: entered promiscuous mode
[ 1469.143507][T16106] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1469.169979][T16106] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1469.271598][T16375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2779'.
[ 1469.376324][T16106] team0: Port device team_slave_0 added
[ 1469.773394][T16106] team0: Port device team_slave_1 added
[ 1471.980842][   T32] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[ 1472.151615][   T32] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1472.151648][   T32] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1472.151670][   T32] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1472.151721][   T32] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1472.151749][   T32] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1472.155416][   T32] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1472.155449][   T32] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1472.155477][   T32] usb 2-1: Product: syz
[ 1472.155492][   T32] usb 2-1: Manufacturer: syz
[ 1472.256285][   T32] cdc_wdm 2-1:1.0: skipping garbage
[ 1472.256308][   T32] cdc_wdm 2-1:1.0: skipping garbage
[ 1472.263650][   T32] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1472.263674][   T32] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1475.847403][T16106] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1475.847422][T16106] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1475.847450][T16106] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1475.850302][ T1012] usb 2-1: USB disconnect, device number 73
[ 1475.887533][T16106] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1475.887588][T16106] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1475.887667][T16106] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1476.139876][T16106] hsr_slave_0: entered promiscuous mode
[ 1476.142270][T16106] hsr_slave_1: entered promiscuous mode
[ 1476.144258][T16106] debugfs: 'hsr0' already exists in 'hsr'
[ 1476.144285][T16106] Cannot create hsr debugfs directory
[ 1477.109838][ T5618] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1477.435997][ T5618] usb 6-1: device descriptor read/64, error -71
[ 1477.772176][ T5618] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1477.828528][T13169] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1477.875460][T13169] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1477.895518][T13169] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1477.949554][T13169] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1477.958648][ T5618] usb 6-1: device descriptor read/64, error -71
[ 1478.013499][T13169] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1478.039990][T16417] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2786'.
[ 1478.075816][ T5618] usb usb6-port1: attempt power cycle
[ 1478.488564][T16430] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2789'.
[ 1478.573460][ T5618] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[ 1478.624420][ T5618] usb 6-1: device descriptor read/8, error -71
[ 1478.891596][ T5618] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1478.925385][ T5618] usb 6-1: device descriptor read/8, error -71
[ 1479.078320][ T5618] usb usb6-port1: unable to enumerate USB device
[ 1479.867923][T16106] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1480.112694][T16106] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[ 1480.127497][T16106] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1480.218433][T16106] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[ 1480.451808][ T5618] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1480.461864][T13169] Bluetooth: hci0: command tx timeout
[ 1480.620646][ T5618] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1480.620709][ T5618] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1480.620736][ T5618] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1480.670264][ T5618] usb 6-1: config 0 descriptor??
[ 1480.693614][ T5618] pwc: Askey VC010 type 2 USB webcam detected.
[ 1481.071514][T16106] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1481.261029][ T5618] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1481.269963][ T5618] pwc: recv_control_msg error -32 req 02 val 2700
[ 1481.270900][ T5618] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1481.286194][ T5618] pwc: recv_control_msg error -32 req 04 val 1000
[ 1481.287307][ T5618] pwc: recv_control_msg error -32 req 04 val 1300
[ 1481.289157][ T5618] pwc: recv_control_msg error -32 req 04 val 1400
[ 1481.292008][ T5618] pwc: recv_control_msg error -32 req 02 val 2000
[ 1481.328261][ T5618] pwc: recv_control_msg error -32 req 02 val 2100
[ 1481.587481][ T5618] pwc: recv_control_msg error -71 req 02 val 2500
[ 1481.588033][ T5618] pwc: recv_control_msg error -71 req 02 val 2400
[ 1481.588534][ T5618] pwc: recv_control_msg error -71 req 02 val 2600
[ 1481.589012][ T5618] pwc: recv_control_msg error -71 req 02 val 2900
[ 1481.589487][ T5618] pwc: recv_control_msg error -71 req 02 val 2800
[ 1481.590168][ T5618] pwc: recv_control_msg error -71 req 04 val 1100
[ 1481.590644][ T5618] pwc: recv_control_msg error -71 req 04 val 1200
[ 1481.767546][T16457] input: syz1 as /devices/virtual/input/input10
[ 1481.994626][T16106] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[ 1482.481113][T16106] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1482.671694][ T5618] pwc: Registered as video103.
[ 1482.674514][T13169] Bluetooth: hci0: command tx timeout
[ 1482.714501][ T5618] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input11
[ 1484.055309][ T5618] usb 6-1: USB disconnect, device number 23
[ 1484.137546][T16106] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[ 1484.907813][T13169] Bluetooth: hci0: command tx timeout
[ 1487.121145][T13169] Bluetooth: hci0: command tx timeout
[ 1494.450434][   T10] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1494.696506][   T10] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1494.696546][   T10] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1494.696588][   T10] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1494.696612][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1494.794528][T16526] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1494.866404][   T10] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[ 1495.649093][ T3379] bridge_slave_1: left allmulticast mode
[ 1495.649145][ T3379] bridge_slave_1: left promiscuous mode
[ 1495.649461][ T3379] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1495.748452][ T3379] bridge_slave_0: left allmulticast mode
[ 1495.748490][ T3379] bridge_slave_0: left promiscuous mode
[ 1495.748855][ T3379] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1495.796354][    T9] usb 1-1: USB disconnect, device number 106
[ 1497.678489][ T3379] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1497.885146][ T3379] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1497.953452][ T3379] bond0 (unregistering): Released all slaves
[ 1500.328175][ T3379] hsr_slave_0: left promiscuous mode
[ 1500.991651][ T3379] hsr_slave_1: left promiscuous mode
[ 1501.002367][ T3379] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1501.042932][ T3379] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1502.490222][ T3379] team0 (unregistering): Port device team_slave_1 removed
[ 1502.562048][ T3379] team0 (unregistering): Port device team_slave_0 removed
[ 1504.637521][T16420] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1504.637978][T16420] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1504.638358][T16420] bridge_slave_0: entered allmulticast mode
[ 1504.679311][T16420] bridge_slave_0: entered promiscuous mode
[ 1504.709048][T16420] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1504.709399][T16420] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1504.709757][T16420] bridge_slave_1: entered allmulticast mode
[ 1504.757576][T16420] bridge_slave_1: entered promiscuous mode
[ 1505.024289][T16420] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1505.785386][ T1337] ieee802154 phy0 wpan0: encryption failed: -22
[ 1505.785543][ T1337] ieee802154 phy1 wpan1: encryption failed: -22
[ 1505.825149][T16420] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1505.989348][T10024] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1506.154301][T10024] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1506.170328][T10024] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1506.206868][T10024] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1506.226517][T10024] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1506.365462][T10024] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[ 1508.192970][ T5269] 8021q: adding VLAN 0 to HW filter on device eth5
[ 1508.210207][T16420] team0: Port device team_slave_0 added
[ 1508.233631][T16420] team0: Port device team_slave_1 added
[ 1508.282594][T16597] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1508.300441][T16597] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1508.643681][T16420] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1508.643697][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1508.643720][T16420] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1508.654802][T16420] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1508.654821][T16420] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1508.654866][T16420] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1508.773487][T13169] Bluetooth: hci4: command tx timeout
[ 1508.889731][T16597] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1508.974825][T16597] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1508.974927][T16597] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1509.044276][T16597] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1509.126323][T16420] hsr_slave_0: entered promiscuous mode
[ 1509.128726][T16420] hsr_slave_1: entered promiscuous mode
[ 1509.130663][T16420] debugfs: 'hsr0' already exists in 'hsr'
[ 1509.162436][T16597] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1509.193511][T16420] Cannot create hsr debugfs directory
[ 1509.263639][T16597] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1509.263864][T16597] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1509.263968][T16597] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1509.376303][T16597] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1509.502557][T16597] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1509.502633][T16597] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1509.602787][T16597] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1509.604844][T16597] ==================================================================
[ 1509.604863][T16597] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x92/0x190
[ 1509.604911][T16597] Read of size 8 at addr ffff88806159d780 by task syz.0.2820/16597
[ 1509.604930][T16597] 
[ 1509.604952][T16597] CPU: 0 UID: 0 PID: 16597 Comm: syz.0.2820 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1509.604984][T16597] Tainted: [L]=SOFTLOCKUP
[ 1509.604993][T16597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1509.605009][T16597] Call Trace:
[ 1509.605018][T16597]  <TASK>
[ 1509.605027][T16597]  dump_stack_lvl+0xe8/0x150
[ 1509.605060][T16597]  print_address_description+0x55/0x1e0
[ 1509.605090][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.605127][T16597]  print_report+0x58/0x70
[ 1509.605152][T16597]  kasan_report+0x117/0x150
[ 1509.605183][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.605223][T16597]  __list_del_entry_valid_or_report+0x92/0x190
[ 1509.605263][T16597]  bt_accept_unlink+0x39/0x260
[ 1509.605297][T16597]  l2cap_sock_teardown_cb+0x17e/0x490
[ 1509.605329][T16597]  l2cap_chan_del+0xb5/0x610
[ 1509.605357][T16597]  ? l2cap_conn_del+0x331/0x570
[ 1509.605383][T16597]  l2cap_conn_del+0x33d/0x570
[ 1509.605411][T16597]  l2cap_connect_cfm+0x12b/0x1560
[ 1509.605441][T16597]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1509.605474][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.605506][T16597]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1509.605537][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.605567][T16597]  ? mutex_lock_nested+0x152/0x1d0
[ 1509.605588][T16597]  ? hci_conn_failed+0x165/0x340
[ 1509.605610][T16597]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1509.605634][T16597]  hci_conn_failed+0x1ce/0x340
[ 1509.605656][T16597]  ? hci_abort_conn_sync+0xa7b/0x1190
[ 1509.605678][T16597]  hci_abort_conn_sync+0xdd0/0x1190
[ 1509.605704][T16597]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[ 1509.605726][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.605754][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.605778][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.605803][T16597]  hci_disconnect_all_sync+0x1b5/0x350
[ 1509.605830][T16597]  hci_suspend_sync+0x417/0xd20
[ 1509.605857][T16597]  ? __pfx_hci_suspend_sync+0x10/0x10
[ 1509.605881][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.605911][T16597]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1509.605939][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.605970][T16597]  ? mutex_lock_nested+0x152/0x1d0
[ 1509.605992][T16597]  ? hci_suspend_dev+0x285/0x540
[ 1509.606024][T16597]  hci_suspend_dev+0x28d/0x540
[ 1509.606056][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.606087][T16597]  ? __pfx_hci_suspend_dev+0x10/0x10
[ 1509.606124][T16597]  hci_suspend_notifier+0xf2/0x2f0
[ 1509.606157][T16597]  notifier_call_chain+0x1ad/0x3d0
[ 1509.606195][T16597]  blocking_notifier_call_chain_robust+0x85/0x100
[ 1509.606234][T16597]  pm_notifier_call_chain_robust+0x2c/0x60
[ 1509.606269][T16597]  snapshot_open+0x1a2/0x290
[ 1509.606304][T16597]  ? __pfx_snapshot_open+0x10/0x10
[ 1509.606337][T16597]  misc_open+0x2de/0x350
[ 1509.606362][T16597]  chrdev_open+0x4d0/0x5f0
[ 1509.606395][T16597]  ? __pfx_chrdev_open+0x10/0x10
[ 1509.606428][T16597]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[ 1509.606469][T16597]  ? __pfx_chrdev_open+0x10/0x10
[ 1509.606501][T16597]  do_dentry_open+0x83d/0x13e0
[ 1509.606529][T16597]  vfs_open+0x3b/0x350
[ 1509.606548][T16597]  ? path_openat+0x2e2b/0x38a0
[ 1509.606577][T16597]  path_openat+0x2e43/0x38a0
[ 1509.606624][T16597]  ? __pfx_path_openat+0x10/0x10
[ 1509.606655][T16597]  ? kasan_save_track+0x4f/0x80
[ 1509.606678][T16597]  ? kasan_save_track+0x3e/0x80
[ 1509.606701][T16597]  ? __kasan_slab_alloc+0x6c/0x80
[ 1509.606726][T16597]  ? kmem_cache_alloc_noprof+0x33b/0x680
[ 1509.606758][T16597]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1509.606791][T16597]  do_file_open+0x23e/0x4a0
[ 1509.606818][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.606867][T16597]  ? __pfx_do_file_open+0x10/0x10
[ 1509.606894][T16597]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1509.606931][T16597]  ? alloc_fd+0x64e/0x6c0
[ 1509.606958][T16597]  do_sys_openat2+0x113/0x200
[ 1509.606980][T16597]  ? __se_sys_futex+0x3a8/0x450
[ 1509.607003][T16597]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1509.607028][T16597]  ? rcu_is_watching+0x15/0xb0
[ 1509.607053][T16597]  __x64_sys_openat+0x138/0x170
[ 1509.607078][T16597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.607102][T16597]  do_syscall_64+0x15f/0xf80
[ 1509.607130][T16597]  ? trace_irq_disable+0x3b/0x140
[ 1509.607160][T16597]  ? clear_bhb_loop+0x40/0x90
[ 1509.607186][T16597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.607209][T16597] RIP: 0033:0x7fa1aec6cdd9
[ 1509.607240][T16597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1509.607261][T16597] RSP: 002b:00007fa1acec6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1509.607286][T16597] RAX: ffffffffffffffda RBX: 00007fa1aeee5fa0 RCX: 00007fa1aec6cdd9
[ 1509.607303][T16597] RDX: 0000000000020000 RSI: 0000200000000000 RDI: 00000000ffffff9c
[ 1509.607318][T16597] RBP: 00007fa1aed02d69 R08: 0000000000000000 R09: 0000000000000000
[ 1509.607332][T16597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1509.607345][T16597] R13: 00007fa1aeee6038 R14: 00007fa1aeee5fa0 R15: 00007ffe7d779e58
[ 1509.607372][T16597]  </TASK>
[ 1509.607380][T16597] 
[ 1509.607385][T16597] Allocated by task 16586:
[ 1509.607396][T16597]  kasan_save_track+0x3e/0x80
[ 1509.607419][T16597]  __kasan_kmalloc+0x93/0xb0
[ 1509.607443][T16597]  __kmalloc_noprof+0x3e7/0x7b0
[ 1509.607475][T16597]  sk_prot_alloc+0xe7/0x210
[ 1509.607500][T16597]  sk_alloc+0x3a/0x390
[ 1509.607523][T16597]  bt_sock_alloc+0x3b/0x310
[ 1509.607551][T16597]  l2cap_sock_create+0x147/0x330
[ 1509.607575][T16597]  bt_sock_create+0x163/0x240
[ 1509.607605][T16597]  __sock_create+0x4e3/0x960
[ 1509.607624][T16597]  __sys_socket+0xd9/0x330
[ 1509.607643][T16597]  __x64_sys_socket+0x7a/0x90
[ 1509.607662][T16597]  do_syscall_64+0x15f/0xf80
[ 1509.607688][T16597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.607709][T16597] 
[ 1509.607714][T16597] Freed by task 16585:
[ 1509.607723][T16597]  kasan_save_track+0x3e/0x80
[ 1509.607744][T16597]  kasan_save_free_info+0x46/0x50
[ 1509.607776][T16597]  __kasan_slab_free+0x5c/0x80
[ 1509.607800][T16597]  kfree+0x1c5/0x6c0
[ 1509.607822][T16597]  __sk_destruct+0x74b/0x9d0
[ 1509.607848][T16597]  l2cap_sock_release+0x1c1/0x270
[ 1509.607871][T16597]  __sock_release+0xb9/0x250
[ 1509.607904][T16597]  sock_close+0x1c/0x30
[ 1509.607936][T16597]  __fput+0x461/0xa70
[ 1509.607955][T16597]  task_work_run+0x1d9/0x270
[ 1509.607974][T16597]  exit_to_user_mode_loop+0xed/0x480
[ 1509.608005][T16597]  do_syscall_64+0x33e/0xf80
[ 1509.608033][T16597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.608054][T16597] 
[ 1509.608060][T16597] The buggy address belongs to the object at ffff88806159d000
[ 1509.608060][T16597]  which belongs to the cache kmalloc-2k of size 2048
[ 1509.608079][T16597] The buggy address is located 1920 bytes inside of
[ 1509.608079][T16597]  freed 2048-byte region [ffff88806159d000, ffff88806159d800)
[ 1509.608102][T16597] 
[ 1509.608108][T16597] The buggy address belongs to the physical page:
[ 1509.608132][T16597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61598
[ 1509.608158][T16597] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1509.608176][T16597] flags: 0x80000000000040(head|node=0|zone=1)
[ 1509.608200][T16597] page_type: f5(slab)
[ 1509.608223][T16597] raw: 0080000000000040 ffff88813fe16000 dead000000000100 dead000000000122
[ 1509.608242][T16597] raw: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1509.608263][T16597] head: 0080000000000040 ffff88813fe16000 dead000000000100 dead000000000122
[ 1509.608282][T16597] head: 0000000000000000 0000000800080008 00000000f5000000 0000000000000000
[ 1509.608303][T16597] head: 0080000000000003 fffffffffffffe01 00000000ffffffff 00000000ffffffff
[ 1509.608321][T16597] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[ 1509.608333][T16597] page dumped because: kasan: bad access detected
[ 1509.608350][T16597] page_owner tracks the page as allocated
[ 1509.608358][T16597] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd28c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5604, tgid 5604 (syz-executor), ts 110361362327, free_ts 0
[ 1509.608395][T16597]  post_alloc_hook+0x1f9/0x250
[ 1509.608420][T16597]  get_page_from_freelist+0x27d6/0x2850
[ 1509.608456][T16597]  __alloc_frozen_pages_noprof+0x18d/0x380
[ 1509.608485][T16597]  allocate_slab+0x74/0x5e0
[ 1509.608502][T16597]  refill_objects+0x33c/0x3d0
[ 1509.608533][T16597]  __pcs_replace_empty_main+0x373/0x720
[ 1509.608553][T16597]  __kmalloc_node_track_caller_noprof+0x60b/0x7e0
[ 1509.608579][T16597]  pskb_expand_head+0x230/0x1390
[ 1509.608607][T16597]  netlink_trim+0x1b3/0x2c0
[ 1509.608627][T16597]  netlink_broadcast_filtered+0x80/0xea0
[ 1509.608649][T16597]  nlmsg_notify+0xf0/0x1a0
[ 1509.608671][T16597]  rtnetlink_event+0x224/0x270
[ 1509.608693][T16597]  notifier_call_chain+0x1ad/0x3d0
[ 1509.608721][T16597]  netif_set_mac_address+0x39f/0x4e0
[ 1509.608747][T16597]  do_setlink+0x9bb/0x45a0
[ 1509.608770][T16597]  rtnl_newlink+0x15ad/0x1bb0
[ 1509.608792][T16597] page_owner free stack trace missing
[ 1509.608800][T16597] 
[ 1509.608806][T16597] Memory state around the buggy address:
[ 1509.608818][T16597]  ffff88806159d680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1509.608835][T16597]  ffff88806159d700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1509.608850][T16597] >ffff88806159d780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1509.608863][T16597]                    ^
[ 1509.608874][T16597]  ffff88806159d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1509.608889][T16597]  ffff88806159d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1509.608902][T16597] ==================================================================
[ 1509.608925][T16597] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1509.608951][T16597] CPU: 0 UID: 0 PID: 16597 Comm: syz.0.2820 Tainted: G             L      syzkaller #0 PREEMPT_{RT,(full)} 
[ 1509.608982][T16597] Tainted: [L]=SOFTLOCKUP
[ 1509.608991][T16597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[ 1509.609005][T16597] Call Trace:
[ 1509.609015][T16597]  <TASK>
[ 1509.609024][T16597]  vpanic+0x56c/0xa60
[ 1509.609059][T16597]  ? __pfx_vpanic+0x10/0x10
[ 1509.609095][T16597]  panic+0xc5/0xd0
[ 1509.609125][T16597]  ? __pfx_panic+0x10/0x10
[ 1509.609157][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609199][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609236][T16597]  check_panic_on_warn+0x89/0xb0
[ 1509.609271][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609307][T16597]  end_report+0x73/0x170
[ 1509.609336][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609371][T16597]  kasan_report+0x128/0x150
[ 1509.609401][T16597]  ? __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609443][T16597]  __list_del_entry_valid_or_report+0x92/0x190
[ 1509.609488][T16597]  bt_accept_unlink+0x39/0x260
[ 1509.609523][T16597]  l2cap_sock_teardown_cb+0x17e/0x490
[ 1509.609555][T16597]  l2cap_chan_del+0xb5/0x610
[ 1509.609584][T16597]  ? l2cap_conn_del+0x331/0x570
[ 1509.609610][T16597]  l2cap_conn_del+0x33d/0x570
[ 1509.609640][T16597]  l2cap_connect_cfm+0x12b/0x1560
[ 1509.609670][T16597]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1509.609695][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.609725][T16597]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1509.609755][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.609785][T16597]  ? mutex_lock_nested+0x152/0x1d0
[ 1509.609807][T16597]  ? hci_conn_failed+0x165/0x340
[ 1509.609829][T16597]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[ 1509.609855][T16597]  hci_conn_failed+0x1ce/0x340
[ 1509.609878][T16597]  ? hci_abort_conn_sync+0xa7b/0x1190
[ 1509.609901][T16597]  hci_abort_conn_sync+0xdd0/0x1190
[ 1509.609928][T16597]  ? __pfx_hci_abort_conn_sync+0x10/0x10
[ 1509.609951][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.609979][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.610003][T16597]  ? hci_disconnect_all_sync+0x2e/0x350
[ 1509.610028][T16597]  hci_disconnect_all_sync+0x1b5/0x350
[ 1509.610057][T16597]  hci_suspend_sync+0x417/0xd20
[ 1509.610084][T16597]  ? __pfx_hci_suspend_sync+0x10/0x10
[ 1509.610109][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.610139][T16597]  ? lockdep_hardirqs_on+0x7a/0x110
[ 1509.610168][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.610197][T16597]  ? mutex_lock_nested+0x152/0x1d0
[ 1509.610219][T16597]  ? hci_suspend_dev+0x285/0x540
[ 1509.610253][T16597]  hci_suspend_dev+0x28d/0x540
[ 1509.610283][T16597]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[ 1509.610315][T16597]  ? __pfx_hci_suspend_dev+0x10/0x10
[ 1509.610353][T16597]  hci_suspend_notifier+0xf2/0x2f0
[ 1509.610386][T16597]  notifier_call_chain+0x1ad/0x3d0
[ 1509.610423][T16597]  blocking_notifier_call_chain_robust+0x85/0x100
[ 1509.610469][T16597]  pm_notifier_call_chain_robust+0x2c/0x60
[ 1509.610507][T16597]  snapshot_open+0x1a2/0x290
[ 1509.610562][T16597]  ? __pfx_snapshot_open+0x10/0x10
[ 1509.610597][T16597]  misc_open+0x2de/0x350
[ 1509.610623][T16597]  chrdev_open+0x4d0/0x5f0
[ 1509.610658][T16597]  ? __pfx_chrdev_open+0x10/0x10
[ 1509.610691][T16597]  ? fsnotify_open_perm_and_set_mode+0x13b/0x6e0
[ 1509.610724][T16597]  ? __pfx_chrdev_open+0x10/0x10
[ 1509.610756][T16597]  do_dentry_open+0x83d/0x13e0
[ 1509.610785][T16597]  vfs_open+0x3b/0x350
[ 1509.610803][T16597]  ? path_openat+0x2e2b/0x38a0
[ 1509.610832][T16597]  path_openat+0x2e43/0x38a0
[ 1509.610880][T16597]  ? __pfx_path_openat+0x10/0x10
[ 1509.610910][T16597]  ? kasan_save_track+0x4f/0x80
[ 1509.610934][T16597]  ? kasan_save_track+0x3e/0x80
[ 1509.610957][T16597]  ? __kasan_slab_alloc+0x6c/0x80
[ 1509.610983][T16597]  ? kmem_cache_alloc_noprof+0x33b/0x680
[ 1509.611015][T16597]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1509.611051][T16597]  do_file_open+0x23e/0x4a0
[ 1509.611077][T16597]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[ 1509.611109][T16597]  ? __pfx_do_file_open+0x10/0x10
[ 1509.611135][T16597]  ? rt_mutex_slowunlock+0x4a7/0x8b0
[ 1509.611172][T16597]  ? alloc_fd+0x64e/0x6c0
[ 1509.611200][T16597]  do_sys_openat2+0x113/0x200
[ 1509.611223][T16597]  ? __se_sys_futex+0x3a8/0x450
[ 1509.611247][T16597]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1509.611273][T16597]  ? rcu_is_watching+0x15/0xb0
[ 1509.611299][T16597]  __x64_sys_openat+0x138/0x170
[ 1509.611324][T16597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.611348][T16597]  do_syscall_64+0x15f/0xf80
[ 1509.611377][T16597]  ? trace_irq_disable+0x3b/0x140
[ 1509.611407][T16597]  ? clear_bhb_loop+0x40/0x90
[ 1509.611434][T16597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1509.611465][T16597] RIP: 0033:0x7fa1aec6cdd9
[ 1509.611486][T16597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1509.611506][T16597] RSP: 002b:00007fa1acec6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1509.611530][T16597] RAX: ffffffffffffffda RBX: 00007fa1aeee5fa0 RCX: 00007fa1aec6cdd9
[ 1509.611548][T16597] RDX: 0000000000020000 RSI: 0000200000000000 RDI: 00000000ffffff9c
[ 1509.611564][T16597] RBP: 00007fa1aed02d69 R08: 0000000000000000 R09: 0000000000000000
[ 1509.611580][T16597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1509.611594][T16597] R13: 00007fa1aeee6038 R14: 00007fa1aeee5fa0 R15: 00007ffe7d779e58
[ 1509.611631][T16597]  </TASK>
[ 1509.612483][T16597] Kernel Offset: disabled