last executing test programs:

7m36.372797652s ago: executing program 2 (id=1024):
socket$inet6(0xa, 0x1, 0x0)
r0 = gettid()
kcmp(r0, r0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
getitimer(0x1, &(0x7f0000000000))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(0x0, 0x2, 0x0)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x0)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='ubifs\x00', 0x0, 0x0)

7m35.860845957s ago: executing program 2 (id=1028):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0x19, 0x0, <r1=>0x0})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0x15, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, r1, 0x0, <r4=>0xffffffffffffffff, 0x1})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_SET_TEMP_MEMORY_LIMIT(r6, 0x3ba0, &(0x7f0000000640)={0x48, 0x9, 0x0, 0x0, 0x15})
r7 = dup3(r0, r5, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ae162})
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f0000000180)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r9, 0x0, <r10=>0xffffffffffffffff})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r7, 0x3ba0, &(0x7f00000004c0)={0x48, 0x8, r10, 0x0, 0x6, 0xffb, &(0x7f00000006c0)="80bf0103cc2fe0a9dab8d8001e423ad537e05201600b1811ca498faee2459733cefbb31b6c3a313b53c7d33181b45316823e8694a411a75108f38c55a050a5d620d92cbe3ba6d3c24cffcb39448676064e18894a8081e75b143a5c3178dd0b1deba7c6e819d5e2d5acf0f0c05d5521fea3e67f036b222ecf355680ddfc726a16059b4d73e541e3f365198a497934f144df2547a162aeb84f86092c41233b8eec630472cc35e741c2eabb4e1c8c07b00af7cf44ab9475367fbc99dac4f64249dd478d77ef16253c2398ef47e1632e51d0819e3da167cbb0594925dd04224af7506af0d0098a79b197d386bad9b41be9c7a78d19c808aeaac3887207a3f23f0fd06c4c5ec9b63b9a6998d6ecdd8f2c4aa256421c7cdc56b06ef34f5bcd8a9a749db0890130f97052b1ddfb803f5aac2eb03008e24b1c631c705b74781e5c542bfc88e82be6131f9c2aac8e2d02c2e6bbf87237fa177a2e301db8263e7783a28992050a6123de72eead11ed7f2df820a02bf820303ca3fe43c1fb26f7fadd5e542fdb1d33440be94a70114fc7ed078db0754bd84af4640f9b58dcd63d041cb8158e28295f3331a5f4d67bfe3aad2f30fa42ddee257adecac5e12530d1196958073263befa4b6a150d9d227f480b77ea3229f7ac88216d06ea129fc9751117c515f5327331bef4c27c94d19e9515295a3978c03cd0ef8f4067434ee31c12992fa3b4102d386228fb801341aa18ede2f7681310cceeb787d40836ac7e683a9c83ab37b32cf8881ce2640b281799f5b2cc1f03986de1f12a68b95a59b3be754fd30ae1832912b7242def5a6045e281d3d04159d01981a42e5886c47f5e5c737146e83bb7733ac6475ad70bd690265db9bd77c073580cc12ff683b8f7a09b61728f546e27ab3c9d77d5399788ce5778af3074d76d61b2d755b33a52649ea5683dac63d14f7796869a37d1e857a810818b93be63a7b273e0b418000810d72fb28b3a4de6eaa4d73e4fc19f72d115f12f6e8a56aa18e3c2656d99e543f4a35d447de10038c4441f6e6351f94f2b2913ee46080af51b7915946cac12029efde0b850b8469d7c330806d7d10352ff9c00a81a4a399a8454d9ccd75f7b3cad1c6f0e2f2cd5afa187bc05dcc4f8a026f45fcb69ee542dd5f0ce5f54cd3cae31061bbb3faa1d89f468766b6adcff8de1148d7390399ab26e9cf11b66cef077cd67e9d4c1e3a1aea62fe238dfc8c11e9a6b3beca0bce93f7dd4f0161cf8c9ca5a315db1f72d5b284a7488053282a761b477e0f60ea13f857609f758009345950c01edb4ccda2cfdc09948c5f7f2dde6e191a0674ef8a5d508498f10b4cb558a0e961f94241426c46e09d65252a3c611f6900528d32c6646061ae17b3d93829a98c810ce8dc3ba31c84b27cd4fb809f692bb9065d22e574b100f38847dfeaad525692e2fa65b97331f7aad473a61828d01d8ab0fe84bfa248ca1ade6d09cb22982d0b66a00217c9c597e9f44e2e5fc9ebcf527e6f86156cc5c29a92a0bc7d6986a9b0677917fe387a007aec222d0610e4dc61b45157922ddc6c55706abd21f4d71fd2627a233eeaadfa7fe1a17e6e23222e554cccc29f6b17a95e66a0de7ff6d9c03a6d8704cf39c6c755d0df98104f2e2f426107e1731f3952b65b26debdc011472ed30c91883c3af89c01b85f0eea5daee82c1850e34fd16423d761d7db65c453e0512ae37335d494310d76b8cd62b1b35f3d9529cd5991c7aca0549d65bbdb291f277b7289a8df142b75850762b0b69f040bffe029a28937a237d818a0a6e943824ce1135ffa6c3a795d3bb4fe7017e36eab9c265be3fe5925b62603a6a9365308b374a3631e4c863e0fda76f0f833e740024f456cc947f1be40ddec728f1411a39a5c7f89a1a117c980c7c041602c27d8a4c809b74fe01b69c1b6f34d3ff0c2d7f6cfe5c169f10cecb2ed7af241eea71a54071dcce72ffb973d67a92238f4e91f383f8a1d99839379ac32f06882662fccf0fc6c579c98c3ad4b1da353035f8feb066bb9ba1265c0c96d08f6d79bd15a2e67d6964caf15fa1a527e97668bb0dc4c344a426bcda2df97a1d3fdf9c51c7812aa6ce9777b031395a2dcf3457315d79e6eb07adc41f0ea480fd87f1370f3592880019f7ad1196e89bb8ec960b370c56a40d992bff5ac1db401a6f5e71ecff359f73c6b70b07f052b74a9f11d9f5979dca0fcee8292d48bbe5ae05264b60246a595e63b17c38ffa9df1d912a0aa74c4e428de7af8794e0a7e933c5e8bebbadd27f0bd31e44aa2a4a00150b26da3c6bf0ad31a817ce9479aefdd67cf2c2d4d8b73d68b8f880a241bdb59bcb8ad8a7efa0dca562ed7928f19efe56bb7730e0847678ece54e6e35c2e261a58a059ef2c16873608faa4c1ad13bfdf7823c437dfc1444c5e0dd7967ebb31342a3aebbeaba3bc989b1570eaa995ebcbd0ecca98aa062908f6d9bd73770136488053f4d39546e599bf2c133e3258e4753aed3263925848a650338a15a4b7457eee964f24c8222c251199cba5d9b570321a9da3ce6268f172a1bcd29169cff515d9826bbb62b04474eaafa14544a002a22d6763df52a8b761caba48245a813c02e8461e4fef216e21186fd3f6e7bb7023093bc3573988c0d418f81d71a0f03246bbdd05653f3d1a19141d2c50751bf1ebc64f227587256aa70966757b426d5105e11e686270563ef879ee9dd480621bb5d0bdb0e171befc5d0fc2f82f943d6acdc1ee46872fabe1b3fe57f697fb25aeeddaaa10761704cb5f3fc04a84dd16d576c2c553c4fab7b804222f67d8936b6e2ebf2c7cda65c607c3a657fca0d640d34364f325bf81c94e688304633106e0ad7938e8d65af35247e1f606c8bc01dfa402189df091f38d5ea4501a45efd67e144e75c622207ee69a02cb6e48e1afe407fed98119649aae9d3bb50d8a8560f171d913d3478833756ab15e521aa458ea52df9572da79a6e11767dca70c390ea2810481fbb701a907a17fc08340fd657166feec69ff442c93d9aa76c8fdc99f64f1d94c92ebc5588934467484ddab55a090abdcd3ee8bef63c657959c0949f6f0c8416855d47aa915ec252391b21dcf2e53f4c8815825a655e7cac8083c362a02d0a71c5dca0154579caee5e292a94cab26ffa0385dd73521d7d5d0bcb9822fccf44d45fee2a1407e8e3383aa299be47ec52ae75ca6fbc473805df28dfa7bcac6263f0ad8012e06e9481cbd79f7cf5f3d0b062982d7f2718a8840dc9ad865cfc1af2c35dcc5d05337c9bca227a0c4ab17a24e795184cdc43b7f25183c48f2778bafd8db9429c37ab3a784157280f186a739f22d08a6dcdf190f19dd71905d0d4d5f8dccd7d67cc1ef87779b66bca0e044217f9ac1107f33d53cc3199c391aa2d5b3819c902851ad2e067b57596a5789948adb6ba85e5e85acfe2ef615ca125b5842ce0330b33134a6d59101ddb063cb2303a0877695b39c0736f4850788a9c93f515d308be881be7739f0c2e579ed366c598c8411b3093e7e60a0cc124317c54e86fd4ec2bde4fc9fc8d13c5627fbff80d2d55bbe5152f78f770822217eb9fdf024a5e8983e18bac0c09010eaad8eb92593f82d516f30d9f8ad4674b411f2e4fe2ad5a03a08ff073cd9c811172fa58ca54871e199a1c0980b4bfbdc19f034301946516af63bea83dc0f158d14ed2f334acf14dc0153ab9cc91c3a9878a397e2341062eb0353aa2f16fb0520a62da22cb14f781bbd69c9fa2093d781e156932f04929745bce19f55cdd7f821527dd8feaad48d02a5f4b3003a69cb78d1eecb590b6d9ebea32081d3e06e5c8110ca230cae37e830edaa5a224c0eb2380e16cf065c3785ac4e784ecb4d86f787d604ee1b303e3db72fc005258811b0c9c0af19522835a62f7fe71b8272b4e53599bda8b855ea53c12d4e9d48c2e76e7d45901eecb7c23b2b2028fa68d3a4aa99d44f4de841e4ed2740cde47e929b98985d20d79199cca045f752b39866978339176d5e9e1bfdcb1dfe013e10df02ba74ca995f7270f28e70c43ae24f163ecfa605a5d4b305442dbe11e1f06e1429f1937790a7f56989d9fced2f5a94e4e5d9a4804802c4ed3a39f5c305d524b757c7aff91bfd73dbdd8554e19dbd01c3dd460f22b5f1aad1430bf8ca8ab5cad4f2f0347a44f564ae83b0212c797f76a7be7f3e09d3756282fd9aa7557fff9ad2fa3bce116dd7606c2bf4b0175a7c49b9c3aa28e4bf071337dbd256bccdbc1408109083c0e0a7c3ceb1cacdef817d332bf3791a242838addd03a14e7dce6cc88091bb0affbc1900fb23ed94846e73442e53f93c3da96b41e06859a1c0e3c501afd839b2127e187d39af25791fc27c6bb8835e7e124a5733fb2640c208f09121f91753a58c2f229d15093c8dcbd2fddde9b04f009cb698e045464e3cc2172271c62e60f124cf93d4d7ab2cc5fc2a9cb12ea44aec40f659dd8951b72b5c1df943322b5a9db6732d00efc2ea63feb20d020e7f68eecfae98a2bc5dbf1ef6b225c84dcfb9600f66e61af132bdf224b51e81c9ea700511a9884033c36fb184d8063882d246e7e191b5a972f5e89e0b0faf0695e81ae1fbc39a98bfe447b229e1549ced81459b7f77ee0ba5df118f484c2389ebf041e301a9ef52985bc470c29281a79cf77c5af8ff71340b6bb2447f0f924d26dd22cbd522b8b738e354cb4ede80cf42d08c0752fcafc7897604982a0faf0288a7600fb6f09948bb7766454924e8048d795d2f2d2b9c8f799155b0b9148303e6ee5cfd6324d7887778da69dc692bb0c5482d84a0bba340a270717e55cc80061660b8453062a7e5c9c4d26d93e0a92f5cc74ca80d2897f3aa39a7ae7e0fb66feac56461fb150138feaae0e8653cd2dc14b8f433882f1109953ace8349e8f14c071d65bf05d419eb5f2ee0cfe4251322bbcb8de795c9aee1da0db04ce0df6ceb2e6c86d73fe456a2e3bcebbb93d034566e5d8803fdf93766763539295fd6e3287a239078417122bf5ea1d7dc1a0e16f87cdc34bc38070e9de6588cf0ea421929560c35762e6e51f431a61317b46e9a754762ab4439bc9324e33da37c25bb283a82fcf970c65a0fe7935bdcb165d613a723192b30e05eb4580a864545c6b65813f7f683714765c969831adfc38f15ed03a591e95ca97c25d2bc650d5ec85fad4a04be845b2e1c0d93a90c1232522ace2fee4012dac348efe194ef4de230004c61b2bb455ee2545c8319fafba09f1f31bf874e6ae0912da226423b38acbb630abc9c63b990fa110f565fe377809a7c5ac76a680e8a7ea9b8f1968be4ecfa70e641d706a7ceedffa7384381390c6aea229f1678fa4d4a5cf54665ce20ea6d90d232d5d74c57b2869bf3b435542fdb759f20e823839fdf278c13e20ca3fc91289fd0d2fce14665c0474251460a01c8f08aac0bacf41717e417d4ea2a341e276375305d6244a707c44543092aefcd5d8a5805cbd88878f8a455a5c6a4eb250d896fffa7650c3cdadfb15cb3def707e8585de51b74517c60c899d4d5456f5ed3116303e0c86dce7f62335ec601305c3d591ef01a90c5d757ddd39719ada44c32013d56d75e5fd9db5c91ab590b2487172804c9db0fda627a8ee3d6246fbba4c52213189dd43bde0578a619af1c951515e723dff4b9f85a5c9d51b1d6d151dd5d2a82612822ad4eed268f72c678f978cd93a0330913aea4f785e34161eb3fb70c114a1d547aeae5525b95e3f156a69617407cf6fbda0ac476c390213e82b8ae08dcb1963e4dd29973f912eb32d2dc8821a44b5bac60e", 0x4})

7m35.553892532s ago: executing program 2 (id=1030):
socket$pppoe(0x18, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = socket(0x2a, 0x800000002, 0x9)
ioctl$SIOCPNENABLEPIPE(r4, 0x5411, 0x1000000000000)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

7m34.328717326s ago: executing program 2 (id=1033):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

7m33.973038236s ago: executing program 2 (id=1036):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0xc0800, 0x80)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mknod$loop(&(0x7f0000000a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1)
rename(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000040)='./file1\x00')

7m33.720997273s ago: executing program 2 (id=1040):
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', 0x800, &(0x7f00000000c0), 0x48)

7m18.119782378s ago: executing program 32 (id=1040):
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0/../file0/../file0/../file0\x00', 0x800, &(0x7f00000000c0), 0x48)

5m29.379678098s ago: executing program 3 (id=1292):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sigaltstack(&(0x7f0000001000)={&(0x7f0000000000)=""/4088, 0x0, 0xff54}, 0x0)
sigaltstack(0x0, &(0x7f0000001280)={0x0})
ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000000640)={@remote, @dev={0xfe, 0x80, '\x00', 0x10}, @empty, 0x9, 0x40, 0x8000, 0x100, 0x0, 0x110227})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20040768, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto(r0, &(0x7f0000000780)="7057dacba2", 0x5, 0x24000011, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000700)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba1e9bb7ec30de54e3d82d4e023f9a336ec7e55fefd0d3c8f30eea40e40a6e32d6873837bb90f2fafc91", 0xffffffffffffff29, 0x80, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x4, 0x8, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xff2, &(0x7f0000000240)=""/4082}, 0x94)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')

5m27.904893471s ago: executing program 3 (id=1294):
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
prctl$PR_SET_SECUREBITS(0x1c, 0x2c)
prlimit64(r0, 0x8, 0x0, &(0x7f0000000180))
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)="8fc8bf70342c6d1600bae5de9614410848dd95e7b8523bfbf4a6cbcc911b443e673a8fa7", 0x24}], 0x1}}], 0x1, 0x488c4)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r3, &(0x7f0000000000)='system.posix_acl_access\x00', 0x0, 0x3c, 0x3)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x224643, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="180000007800010629bd70000000000007"], 0x18}], 0x1}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001b00)={0x18, 0x2d, 0x1, 0xf0bd26, 0x25dfdbfc, {0x4}, [@nested={0x4, 0xd}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

5m26.714355906s ago: executing program 3 (id=1297):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @sack_perm, @window={0x3, 0x3, 0x401}, @window], 0x63)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

5m25.417065776s ago: executing program 3 (id=1301):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x4, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0xc4042, 0xa3)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
removexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)=@random={'trusted.', '/dev/snd/seq\x00'})
sendfile(r0, r1, 0x0, 0x20fffe82)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
pipe(&(0x7f0000000600)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000500)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r8 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040))
r9 = gettid()
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r10, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x5}})
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r10, 0x80045301, &(0x7f00000000c0))
tkill(r9, 0x7)
splice(r5, 0x0, r4, 0x0, 0xffffffffffff8000, 0x0)
write$cgroup_subtree(r6, &(0x7f0000003100)=ANY=[], 0x10448)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="ad4300000000010000000f"], 0x14}, 0x1, 0x0, 0x0, 0x20000054}, 0x0)
pread64(r0, 0x0, 0x0, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r6, 0x0)
ioctl$KVM_RUN(r12, 0xae80, 0x0)

5m22.543603033s ago: executing program 3 (id=1304):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$getregset(0x4204, r2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sigaltstack(&(0x7f0000001000)={&(0x7f0000000000)=""/4088, 0x0, 0xff54}, 0x0)
sigaltstack(0x0, &(0x7f0000001280)={0x0})
ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000000640)={@remote, @dev={0xfe, 0x80, '\x00', 0x10}, @empty, 0x9, 0x40, 0x8000, 0x100, 0x0, 0x110227})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20040768, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto(r0, &(0x7f0000000780)="7057dacba2", 0x5, 0x24000011, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000700)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba1e9bb7ec30de54e3d82d4e023f9a336ec7e55fefd0d3c8f30eea40e40a6e32d6873837bb90f2fafc91", 0xffffffffffffff29, 0x80, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x4, 0x8, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xff2, &(0x7f0000000240)=""/4082}, 0x94)
syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')

5m21.241086887s ago: executing program 3 (id=1307):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)

5m5.087153619s ago: executing program 33 (id=1307):
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x0)
r0 = gettid()
mknod(&(0x7f0000000180)='./file0\x00', 0x1ffa, 0x0)
acct(&(0x7f0000000140)='./file0\x00')
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)

12.97066631s ago: executing program 1 (id=1915):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r3, r3, 0x1, 0x0, 0x0, 0x9, 0xcb, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz1\x00'})
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1}, 0x48)
munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x2000, 0x2, 0xb, 0xffffffff, 0x0, [{0x81, 0xb, 0x2, '\x00', 0xff}, {0x6, 0x3, 0x5, '\x00', 0xcf}, {0x1, 0x2, 0x91, '\x00', 0x6}, {0x4, 0xfd, 0x8, '\x00', 0x97}, {0x9, 0xb, 0xa, '\x00', 0x8}, {0xfa, 0x8, 0xf, '\x00', 0x6}, {0x7, 0x5, 0x4, '\x00', 0xcf}, {0x7, 0xd, 0xf, '\x00', 0x1}, {0x98, 0x0, 0x4, '\x00', 0x3}, {0x3, 0x1, 0xfb, '\x00', 0x9}, {0xd, 0xfd, 0xcf, '\x00', 0x9}, {0x2, 0x6, 0x7, '\x00', 0x5}, {0x7, 0x6, 0x42, '\x00', 0x7f}, {0x9, 0x1, 0x7, '\x00', 0x8}, {0x81, 0x10, 0x4, '\x00', 0x3d}, {0x1, 0xe, 0x2, '\x00', 0x20}, {0x0, 0xc, 0x20, '\x00', 0x5}, {0x20, 0x40, 0x8, '\x00', 0xfd}, {0xb, 0x2, 0x5, '\x00', 0x4}, {0x81, 0x5, 0x9, '\x00', 0x8}, {0x1, 0x6, 0x5, '\x00', 0xa}, {0x9, 0xfc, 0x90, '\x00', 0x21}, {0x4, 0xeb, 0xc0}, {0x6, 0x5, 0x0, '\x00', 0xb}]}})

10.54721091s ago: executing program 4 (id=1921):
socket$key(0xf, 0x3, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000100)={'vcan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x16, 0x6, 0x4, 0x0, 0x0, 0x1, 0x0, 0x9, 0xff, 0x0, 0x3, 0x0, 0x3}})
r6 = socket(0x400000000010, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@delchain={0x44, 0x65, 0x800, 0x870bd27, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xf, 0x6}, {0xfff1, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x1}}, @TCA_RATE={0x6, 0x5, {0x59, 0x7}}, @TCA_RATE={0x6, 0x5, {0x9, 0x47}}, @TCA_RATE={0x6, 0x5, {0x5, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c050)
recvmsg$can_raw(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0xa000, {0x0, 0x0, 0x0, 0x0, {0x9, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4513}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xca}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="dee6", 0x2, 0x44001, &(0x7f0000000200)={0xa, 0x4e24, 0x4, @local, 0x6}, 0x1c)

10.361263975s ago: executing program 0 (id=1922):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x30}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0xfffffffc}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xa0}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x5d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

8.140952937s ago: executing program 0 (id=1923):
fstat(0xffffffffffffffff, &(0x7f0000000040))

8.140083312s ago: executing program 1 (id=1924):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.138549125s ago: executing program 4 (id=1926):
socket$nl_generic(0x10, 0x3, 0x10)
socket$phonet_pipe(0x23, 0x5, 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7})
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0xd, @vbi={0x0, 0x0, 0x0, 0x4745504d, [], [0xfffffffe]}})
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

8.009118476s ago: executing program 0 (id=1927):
pipe2$watch_queue(&(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
openat$rtc(0xffffff9c, &(0x7f0000001200), 0x600400, 0x0)
sendmmsg$unix(r0, 0x0, 0x0, 0x4000190)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)

7.081876729s ago: executing program 4 (id=1929):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
read$FUSE(r0, &(0x7f0000008340)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r2 = socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4814)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
r4 = syz_io_uring_setup(0x498, &(0x7f0000000f80)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
r7 = eventfd(0x401)
io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f0000000040)=r7, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x8, 0x2000, @fd=r4, 0x4, 0x6, 0xe, 0x14, 0x0, {0x1}})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)
shutdown(r2, 0x0)
sendto$inet6(r2, &(0x7f00000001c0)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c)
fsetxattr$security_ima(r3, &(0x7f0000000100), &(0x7f0000000280)=@v1={0x2, "9ea29b4021b093a058423cf808b9a7cf"}, 0x11, 0x1)

6.819627473s ago: executing program 6 (id=1930):
socket$pppoe(0x18, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = socket(0x2a, 0x800000002, 0x9)
ioctl$SIOCPNENABLEPIPE(r4, 0x5411, 0x1000000000000)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

6.73546558s ago: executing program 4 (id=1931):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$nvram(0xffffffffffffff9c, 0x0, 0x14305, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000740)={0x94, 0x0, 0x2, 0x5, 0x0, 0x0, {0x8, 0x0, 0x2}, [@CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}, @CTA_EXPECT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x5}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @remote}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20048010}, 0x24000000)
set_robust_list(0x0, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, {0x327, 0x2, 0x0, 0x0, 0xfff, 0xfffffffffffffffc}, {}, {0x8f}, 0x70bd29, 0x0, 0xa, 0x4}, [@encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@rand_addr=0x64010102}}, @algo_crypt={0x48, 0x2, {{'cbc-serpent-avx2\x00'}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc001, 0x0)
ioctl$TIOCGSERIAL(r4, 0x541e, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=""/4070})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xa, 0x4, 0x1, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6.167911078s ago: executing program 1 (id=1932):
syz_open_dev$video(&(0x7f0000000040), 0x4, 0x88400)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd, 0xb400}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f000001aa40)=""/102400, 0x19000)

5.619512809s ago: executing program 6 (id=1933):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x2, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x30}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x98}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0xfffffffc}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xa0}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {0x7, 0x0, 0x0, 0x9}, {0x7, 0x0, 0xc}, {0x18, 0x9, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff1, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x5d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

5.595339976s ago: executing program 0 (id=1934):
socket$igmp6(0xa, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r3, &(0x7f0000002940), 0x40000000000017d, 0x811)

4.796867131s ago: executing program 4 (id=1935):
socket$key(0xf, 0x3, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000100)={'vcan0\x00', &(0x7f0000000000)=@ethtool_cmd={0x16, 0x6, 0x4, 0x0, 0x0, 0x1, 0x0, 0x9, 0xff, 0x0, 0x3, 0x0, 0x3}})
r6 = socket(0x400000000010, 0x3, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@delchain={0x44, 0x65, 0x800, 0x870bd27, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xf, 0x6}, {0xfff1, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x1}}, @TCA_RATE={0x6, 0x5, {0x59, 0x7}}, @TCA_RATE={0x6, 0x5, {0x9, 0x47}}, @TCA_RATE={0x6, 0x5, {0x5, 0x1}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c050)
recvmsg$can_raw(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000500)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0xa000, {0x0, 0x0, 0x0, 0x0, {0x9, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x14, 0x1, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS={0x6, 0x1, 0x4513}, @TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA={0x5, 0x3, 0xca}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="dee6", 0x2, 0x44001, &(0x7f0000000200)={0xa, 0x4e24, 0x4, @local, 0x6}, 0x1c)

4.69636503s ago: executing program 1 (id=1936):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r3, r3, 0x1, 0x0, 0x0, 0x9, 0xcb, 0x16bf, 0x5505, 0xc3b8, 0x1, 0x0, 'syz1\x00'})
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x1}, 0x48)
munmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x2000, 0x2, 0xb, 0xffffffff, 0x0, [{0x81, 0xb, 0x2, '\x00', 0xff}, {0x6, 0x3, 0x5, '\x00', 0xcf}, {0x1, 0x2, 0x91, '\x00', 0x6}, {0x4, 0xfd, 0x8, '\x00', 0x97}, {0x9, 0xb, 0xa, '\x00', 0x8}, {0xfa, 0x8, 0xf, '\x00', 0x6}, {0x7, 0x5, 0x4, '\x00', 0xcf}, {0x7, 0xd, 0xf, '\x00', 0x1}, {0x98, 0x0, 0x4, '\x00', 0x3}, {0x3, 0x1, 0xfb, '\x00', 0x9}, {0xd, 0xfd, 0xcf, '\x00', 0x9}, {0x2, 0x6, 0x7, '\x00', 0x5}, {0x7, 0x6, 0x42, '\x00', 0x7f}, {0x9, 0x1, 0x7, '\x00', 0x8}, {0x81, 0x10, 0x4, '\x00', 0x3d}, {0x1, 0xe, 0x2, '\x00', 0x20}, {0x0, 0xc, 0x20, '\x00', 0x5}, {0x20, 0x40, 0x8, '\x00', 0xfd}, {0xb, 0x2, 0x5, '\x00', 0x4}, {0x81, 0x5, 0x9, '\x00', 0x8}, {0x1, 0x6, 0x5, '\x00', 0xa}, {0x9, 0xfc, 0x90, '\x00', 0x21}, {0x4, 0xeb, 0xc0}, {0x6, 0x5, 0x0, '\x00', 0xb}]}})

3.980199542s ago: executing program 6 (id=1937):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000000180), r1, 0x1}}, 0x18)

3.353304841s ago: executing program 6 (id=1938):
socket$nl_generic(0x10, 0x3, 0x10)
socket$phonet_pipe(0x23, 0x5, 0x2)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000300)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x0, 0x20002f7})
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000000)={0xd, @vbi={0x0, 0x0, 0x0, 0x4745504d, [], [0xfffffffe]}})
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

3.101797392s ago: executing program 6 (id=1939):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000440)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000006926000000000000bf67000000000000150700000fff00003506000002000000170600000ee5e50cbf250000000000001f650000000000007507000002000000170700004c0001000f75000000000000bf54000000000000070400000400f9ff2d3501000000000095000000000000000500000000000000950007000000000001722fabb733a0c857c7c45402000000a2d23da04d1ffc187fa1a2ba7ba030c7267c2de00435fd233cc0f0d9b2c3127c46b0f408398d09ee4dc258d726eae098804ce25df627a64ac7efde50fd7f1dd5b17ed764c33b06598bae66ea38541a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07f8a4b6e6155cecc13a5ddfab726eca91bd5fecb254ab358488c400330171128be291297947d47dc570a385a459ef8e6ada84e987cc0000f6991078a21788cab9d53ad890206ab56506ab08b294c09ea4536e0b9bb0627a03a1eb9cbe6958812a98abad49f42a6fb2b69c0880548c39f13f4cca63a87ad7ff8d1006cc6d95e406deb61b9c7ac3f35f1fdb27e70900001fd13d4a22fc90e5f7300c53f2b6e7e001058dc04b434e379fd5526b52990b04b183c21e6b974a4bf85567348c6c6a4404d987f71d81fe988ddc82dac01bbb43e006203a31b02f9519ffb29cd3508d7da829712c98381a672db9fa6a8eb38d784c913a804557c4577a22acb7b73c4aa0e07998734fdfbb0d262ef88b3b8cd1a8518dd8326f6367ed938a05c108cf2639e8799fd7cb018f08453fa863f8fb8178569d26a0a48e4498f88d15abbb22d955a162ac1fd3710c1255fbe3c6d1e84152c81ec0192e54d13dc5beebe3de27967e5d1aa8a6139056e3fb738d0ca46b0a1c63a29002e5b12314390ca075ecb43e0c6cd5af64c8b676316b9bff845ea0b20562f53c5b34314411bf3d4af06bdc3def9f2791d6d076ca72e319e6a9e1098bab878a9f1274a61ddee47abb54d8cf901e78bdb85f47ef37dd0daeb6403820ee8414042904917ea1b80a0000000000004c84018fd19fb3581ca1ff9fb5758d76929ec0502802869c51511c2c9dc56ead1449c038e4d2382d6ef61a7d"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a000000140007800800114000000000080012400000ffff16000300686173683a6e6574"], 0x64}}, 0x0)
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
write$dsp(0xffffffffffffffff, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0)
ioctl$SNDRV_PCM_IOCTL_PREPARE(0xffffffffffffffff, 0x4140, 0x0)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000840)='virtio_transport_alloc_pkt\x00', r6}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r7, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

2.770292065s ago: executing program 1 (id=1940):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
read$FUSE(r0, &(0x7f0000008340)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r2 = socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
sendmsg$NFNL_MSG_COMPAT_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4814)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
r4 = syz_io_uring_setup(0x498, &(0x7f0000000f80)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
r7 = eventfd(0x401)
io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f0000000040)=r7, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x8, 0x2000, @fd=r4, 0x4, 0x6, 0xe, 0x14, 0x0, {0x1}})
io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0)
shutdown(r2, 0x0)
sendto$inet6(r2, &(0x7f00000001c0)="bc", 0x1, 0x4, &(0x7f00000000c0)={0xa, 0x4e20, 0x8, @loopback, 0x1}, 0x1c)
fsetxattr$security_ima(r3, &(0x7f0000000100), &(0x7f0000000280)=@v1={0x2, "9ea29b4021b093a058423cf808b9a7cf"}, 0x11, 0x1)

1.953473371s ago: executing program 6 (id=1941):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x7)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0xe9)

1.911050841s ago: executing program 0 (id=1942):
socket$pppoe(0x18, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r4 = socket(0x2a, 0x800000002, 0x9)
ioctl$SIOCPNENABLEPIPE(r4, 0x5411, 0x1000000000000)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)

1.817037305s ago: executing program 4 (id=1943):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000000)=[{0x6}]})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001800010000000000000000000200000000000006000000000c00090008"], 0x38}}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x64)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0x180, 0x0, &(0x7f0000000500)="353d6274704f254cc8e29a6a468364d2afa6a7b173c0e7b5eeab634ac203000000160d7833c9bc632662078b82ea5391dcac5d289ded2966eddaffffa2be31ee2be7ecd7047218243f92b04da2bae8a05e55ae04000000014b3cd29a83fd3900a0bd561fb5a63c1090f3ed5e617637cd9a94057fb4d6ebceced2afc70463d256f1cd5b516154e307b560d84711a86ab6f4541f06c3700f8c6a16e6c142c0760fd4360777f037d9ce994d3661e8dac3aaf3fed969b99e96f42c90fb9c92f4aa7fe669318773877db8ea94914e181566b0e6744fc55cdbc340663c7c9036cec8f075e98ca49005af", 0x0, 0xe7})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, &(0x7f0000000340)})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r9, 0x4188aec6, &(0x7f0000000040))
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
sendmsg$NL80211_CMD_REGISTER_FRAME(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x20, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, 0x0, 0x0)
mbind(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8000, &(0x7f0000000180), 0xb, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r2, &(0x7f0000000280)='\x00\x00\x00\x00\x00', 0x5, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

685.937599ms ago: executing program 1 (id=1944):
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$nvram(0xffffffffffffff9c, 0x0, 0x14305, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000740)={0x94, 0x0, 0x2, 0x5, 0x0, 0x0, {0x8, 0x0, 0x2}, [@CTA_EXPECT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}, @CTA_EXPECT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x5}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @remote}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x20048010}, 0x24000000)
set_robust_list(0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, {0x327, 0x2, 0x0, 0x0, 0xfff, 0xfffffffffffffffc}, {}, {0x8f}, 0x70bd29, 0x0, 0xa, 0x4}, [@encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@rand_addr=0x64010102}}, @algo_crypt={0x48, 0x2, {{'cbc-serpent-avx2\x00'}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc001, 0x0)
ioctl$TIOCGSERIAL(r3, 0x541e, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=""/4070})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xa, 0x4, 0x1, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

0s ago: executing program 0 (id=1945):
ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f0000006f40)={0x9, @capture={0x0, 0xef102e9af7da97c2, {0x10003, 0x8}, 0x83, 0x8}})
bind$tipc(0xffffffffffffffff, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x9, 0x5, 0x180, 0x4, 0x10, 0xf1, 0x51, 0x7fffffffffffe, 0x5, 0x3, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x122182})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

config 0 has no interface number 0
[  282.704354][ T6440] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  282.708073][ T6440] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  282.708099][ T6440] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  282.708119][ T6440] usb 5-1: Product: syz
[  282.708133][ T6440] usb 5-1: SerialNumber: syz
[  282.772291][ T6440] usb 5-1: config 0 descriptor??
[  282.778177][ T6440] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[  284.158896][ T5846] usb 5-1: USB disconnect, device number 5
[  284.770250][ T5846] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  284.952022][ T5846] usb 2-1: Using ep0 maxpacket: 32
[  285.035207][ T5846] usb 2-1: config 0 interface 0 has no altsetting 0
[  285.038982][ T5846] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  285.039009][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.039027][ T5846] usb 2-1: Product: syz
[  285.039041][ T5846] usb 2-1: Manufacturer: syz
[  285.039054][ T5846] usb 2-1: SerialNumber: syz
[  285.074289][ T5846] usb 2-1: config 0 descriptor??
[  285.485011][ T5846] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  285.680202][   T44] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  285.830199][   T44] usb 5-1: Using ep0 maxpacket: 32
[  285.835376][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  285.835403][   T44] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  285.835415][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.874381][   T44] usb 5-1: config 0 descriptor??
[  285.887989][ T5846] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  285.944610][ T5846] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[  286.096364][ T5846] usb 2-1: USB disconnect, device number 10
[  286.328880][   T44] hid_parser_main: 5 callbacks suppressed
[  286.328896][   T44] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  286.328914][   T44] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  286.328929][   T44] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  286.328943][   T44] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  286.328958][   T44] koneplus 0003:1E7D:2D51.0002: unknown main item tag 0x0
[  286.378603][   T44] koneplus 0003:1E7D:2D51.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.4-1/input0
[  286.527615][   T44] koneplus 0003:1E7D:2D51.0002: couldn't init struct koneplus_device
[  286.527658][   T44] koneplus 0003:1E7D:2D51.0002: couldn't install mouse
[  286.529455][   T44] koneplus 0003:1E7D:2D51.0002: probe with driver koneplus failed with error -71
[  286.560612][   T44] usb 5-1: USB disconnect, device number 6
[  287.583453][ T7843] netlink: 8 bytes leftover after parsing attributes in process `syz.4.564'.
[  288.406198][ T7847] bpf: Bad value for 'uid'
[  288.810688][ T6066] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  288.810711][ T6066] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  288.810725][ T6066] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  288.810739][ T6066] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  288.810754][ T6066] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  288.867043][ T6066] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v8.00 Device [syz0] on syz0
[  289.469841][ T7862] overlayfs: failed to resolve './file1': -2
[  290.441325][ T7877] netlink: 8 bytes leftover after parsing attributes in process `syz.2.578'.
[  292.580128][ T7893] bpf: Bad value for 'uid'
[  293.860950][ T7904] overlayfs: failed to resolve './file0': -2
[  296.950183][   T44] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  297.023389][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.590'.
[  297.881726][   T44] usb 4-1: Using ep0 maxpacket: 8
[  297.886488][   T44] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  297.886506][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.886516][   T44] usb 4-1: Product: syz
[  297.886523][   T44] usb 4-1: Manufacturer: syz
[  297.886530][   T44] usb 4-1: SerialNumber: syz
[  297.961133][   T44] usb 4-1: config 0 descriptor??
[  297.992461][   T44] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  298.426140][ T7926] bpf: Bad value for 'uid'
[  298.704122][   T44] gspca_sonixj: reg_r err -110
[  298.704939][   T44] sonixj 4-1:0.0: probe with driver sonixj failed with error -110
[  300.669540][ T6440] usb 4-1: USB disconnect, device number 5
[  300.814181][ T7948] overlayfs: failed to resolve './file0': -2
[  300.839288][ T7950] capability: warning: `syz.0.596' uses 32-bit capabilities (legacy support in use)
[  301.546173][ T7958] netlink: 8 bytes leftover after parsing attributes in process `syz.4.601'.
[  304.299883][ T7976] syzkaller0: entered promiscuous mode
[  304.299902][ T7976] syzkaller0: entered allmulticast mode
[  305.165264][ T7984] netlink: 4 bytes leftover after parsing attributes in process `syz.1.610'.
[  305.222565][ T7991] overlayfs: failed to resolve './file0': -2
[  307.157670][ T8009] sd 0:0:1:0: device reset
[  307.872847][ T8024] syzkaller0: entered promiscuous mode
[  307.872865][ T8024] syzkaller0: entered allmulticast mode
[  308.839446][ T8030] overlayfs: failed to resolve './file0': -2
[  311.923437][ T8069] overlayfs: failed to resolve './file0': -2
[  312.658191][   T37] audit: type=1800 audit(1758811802.767:12): pid=8082 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.641" name="SYSV00000000" dev="tmpfs" ino=3 res=0 errno=0
[  317.815176][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  317.817100][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  318.830453][   T37] audit: type=1800 audit(1758811808.937:13): pid=8133 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.654" name="SYSV00000000" dev="tmpfs" ino=2 res=0 errno=0
[  320.082753][ T8139] comedi comedi2: Buffer allocation failed
[  321.164659][ T8147] bridge_slave_0: left allmulticast mode
[  321.164689][ T8147] bridge_slave_0: left promiscuous mode
[  321.164946][ T8147] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.675983][ T8151] netlink: 'syz.2.659': attribute type 4 has an invalid length.
[  321.675997][ T8151] netlink: 152 bytes leftover after parsing attributes in process `syz.2.659'.
[  321.701353][ T8147] bridge_slave_1: left allmulticast mode
[  321.701382][ T8147] bridge_slave_1: left promiscuous mode
[  321.701617][ T8147] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.738206][ T8147] bond0: (slave bond_slave_0): Releasing backup interface
[  322.984977][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.200526][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.355310][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.592002][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.882008][    C1] vkms_vblank_simulate: vblank timer overrun
[  323.925437][ T8147] bond0: (slave bond_slave_1): Releasing backup interface
[  323.994995][ T8147] team0: Port device team_slave_0 removed
[  324.036927][ T8147] team0: Port device team_slave_1 removed
[  324.037947][ T8147] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  324.037974][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_0
[  324.071436][ T8147] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  324.071457][ T8147] batman_adv: batadv0: Removing interface: batadv_slave_1
[  324.165235][ T8147] bond1: (slave veth3): Releasing backup interface
[  324.230206][ T8151] : renamed from bond0 (while UP)
[  324.385764][    C1] vkms_vblank_simulate: vblank timer overrun
[  325.193814][    C1] vkms_vblank_simulate: vblank timer overrun
[  325.561778][    C1] vkms_vblank_simulate: vblank timer overrun
[  326.057228][    C1] vkms_vblank_simulate: vblank timer overrun
[  326.659767][    C1] vkms_vblank_simulate: vblank timer overrun
[  326.892159][    C1] vkms_vblank_simulate: vblank timer overrun
[  327.306868][    C1] vkms_vblank_simulate: vblank timer overrun
[  329.607393][ T8218] syzkaller0: entered promiscuous mode
[  329.607422][ T8218] syzkaller0: entered allmulticast mode
[  334.962618][ T8283] tipc: Started in network mode
[  334.962650][ T8283] tipc: Node identity d610d39ab57f, cluster identity 4711
[  334.963427][ T8283] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  335.002868][ T8283] tipc: Resetting bearer <eth:syzkaller0>
[  335.621957][ T8281] tipc: Disabling bearer <eth:syzkaller0>
[  336.164651][ T5837] tipc: Node number set to 1668273050
[  336.513837][ T8286] netlink: 2 bytes leftover after parsing attributes in process `syz.1.695'.
[  338.596111][ T8317] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR
[  341.510725][ T8340] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  341.566995][ T8340] tipc: Resetting bearer <eth:syzkaller0>
[  341.751189][ T8337] tipc: Disabling bearer <eth:syzkaller0>
[  349.021040][ T8382] tipc: Started in network mode
[  349.021069][ T8382] tipc: Node identity 82ff563c52f3, cluster identity 4711
[  349.021263][ T8382] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  349.094230][ T8382] tipc: Resetting bearer <eth:syzkaller0>
[  349.989731][ T8387] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  350.042638][ T5904] tipc: Node number set to 3490469436
[  350.326922][ T8380] tipc: Disabling bearer <eth:syzkaller0>
[  352.882491][ T5151] Bluetooth: hci4: command 0x0406 tx timeout
[  353.255019][ T8416] fuse: Bad value for 'fd'
[  353.842109][ T5846] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  354.650141][ T5846] usb 3-1: Using ep0 maxpacket: 16
[  354.652578][ T5846] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  354.652605][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.689243][ T5846] usb 3-1: config 0 descriptor??
[  354.715515][ T5846] gspca_main: sonixj-2.14.0 probing 0471:0327
[  355.927594][ T5846] gspca_sonixj: reg_r err -110
[  355.927655][ T5846] sonixj 3-1:0.0: probe with driver sonixj failed with error -110
[  356.763530][ T8435] input: syz1 as /devices/virtual/input/input8
[  357.010683][ T5163] usb 3-1: USB disconnect, device number 8
[  359.216608][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.1.745'.
[  363.458670][ T8491] netlink: 20 bytes leftover after parsing attributes in process `syz.3.748'.
[  365.232983][    C1] vkms_vblank_simulate: vblank timer overrun
[  365.522666][    C1] vkms_vblank_simulate: vblank timer overrun
[  366.922780][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.138674][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.680191][ T6259] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  367.731184][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.919742][    C1] vkms_vblank_simulate: vblank timer overrun
[  368.547894][    C1] vkms_vblank_simulate: vblank timer overrun
[  368.636761][ T6259] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  368.636822][ T6259] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  368.636847][ T6259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  368.636872][ T6259] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  368.636897][ T6259] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  368.636939][ T6259] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  368.636960][ T6259] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.660542][ T6259] usb 2-1: config 0 descriptor??
[  368.663471][ T8506] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  368.860739][    C1] vkms_vblank_simulate: vblank timer overrun
[  369.125902][ T6259] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xd
[  369.126483][ T8522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.761'.
[  369.221678][ T6259] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  369.562917][ T5904] usb 2-1: USB disconnect, device number 11
[  369.634606][ T8527] trusted_key: encrypted_key: insufficient parameters specified
[  370.650307][ T8529] syzkaller0: entered promiscuous mode
[  370.650335][ T8529] syzkaller0: entered allmulticast mode
[  370.856102][ T8543] netlink: 20 bytes leftover after parsing attributes in process `syz.0.764'.
[  375.851003][ T8586] netlink: 20 bytes leftover after parsing attributes in process `syz.1.778'.
[  377.014939][ T8597] Invalid source name
[  377.014955][ T8597] UBIFS error (pid: 8597): cannot open "./file0", error -22
[  378.701904][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  378.701957][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  378.917819][ T8611] ieee802154 phy0 wpan0: encryption failed: -22
[  381.003316][ T8631] netlink: 20 bytes leftover after parsing attributes in process `syz.1.792'.
[  382.876755][ T8647] Invalid source name
[  382.876806][ T8647] UBIFS error (pid: 8647): cannot open "./file0", error -22
[  384.130266][ T6440] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  384.280231][ T6440] usb 5-1: Using ep0 maxpacket: 8
[  384.282890][ T6440] usb 5-1: config index 0 descriptor too short (expected 1307, got 27)
[  384.282914][ T6440] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  384.282933][ T6440] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  384.282970][ T6440] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[  384.283009][ T6440] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  384.283033][ T6440] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  384.283054][ T6440] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[  384.288516][ T6440] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  384.288542][ T6440] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.288562][ T6440] usb 5-1: Product: syz
[  384.288575][ T6440] usb 5-1: Manufacturer: syz
[  384.288589][ T6440] usb 5-1: SerialNumber: syz
[  386.034589][ T6440] usb 5-1: config 0 descriptor??
[  386.077105][ T6440] hub 5-1:0.0: bad descriptor, ignoring hub
[  386.077144][ T6440] hub 5-1:0.0: probe with driver hub failed with error -5
[  387.550175][ T6440] usb 5-1: USB disconnect, device number 7
[  389.227184][ T8700] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  389.227482][ T8700] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  396.481291][ T8760] netlink: 'syz.2.833': attribute type 32 has an invalid length.
[  406.151173][ T8838] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  406.152111][ T8838] syzkaller0: entered promiscuous mode
[  406.152136][ T8838] syzkaller0: entered allmulticast mode
[  406.999878][ T8842] block device autoloading is deprecated and will be removed.
[  407.244816][ T8847] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  407.247680][ T8847] bridge0: port 2(bridge_slave_1) entered disabled state
[  407.249202][ T8847] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.262446][ T8851] No control pipe specified
[  410.547953][    C1] vkms_vblank_simulate: vblank timer overrun
[  411.233892][ T8907] netlink: 'syz.4.882': attribute type 2 has an invalid length.
[  411.840174][ T8916] netlink: 8 bytes leftover after parsing attributes in process `syz.4.885'.
[  412.553808][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.053237][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.343879][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.513887][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.872441][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.932577][ T8934] Invalid source name
[  413.932594][ T8934] UBIFS error (pid: 8934): cannot open "./file0", error -22
[  414.773870][    C1] vkms_vblank_simulate: vblank timer overrun
[  414.957066][    C1] vkms_vblank_simulate: vblank timer overrun
[  415.320143][ T6440] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  415.325316][ T8949] netlink: 8 bytes leftover after parsing attributes in process `syz.0.897'.
[  415.474928][ T6440] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  415.474953][ T6440] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  415.476523][ T6440] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  415.476559][ T6440] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  415.476583][ T6440] usb 5-1: SerialNumber: syz
[  415.741549][ T6440] usb 5-1: 0:2 : does not exist
[  415.777405][ T6440] usb 5-1: USB disconnect, device number 8
[  416.060969][ T8962] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  416.526592][ T8964] netlink: 24 bytes leftover after parsing attributes in process `syz.3.902'.
[  418.098474][ T8973] Invalid source name
[  418.098490][ T8973] UBIFS error (pid: 8973): cannot open "./file0", error -22
[  419.412684][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz.1.910'.
[  423.436092][ T5846] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  423.493036][ T9022] Invalid source name
[  423.493053][ T9022] UBIFS error (pid: 9022): cannot open "./file0", error -22
[  423.580112][ T5846] usb 5-1: Using ep0 maxpacket: 8
[  423.583073][ T5846] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  423.583157][ T5846] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  423.583179][ T5846] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  423.583203][ T5846] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  423.583227][ T5846] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  423.583268][ T5846] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  423.583297][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.015007][ T5846] usb 5-1: GET_CAPABILITIES returned 0
[  424.015035][ T5846] usbtmc 5-1:16.0: can't read capabilities
[  424.278362][ T9016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.278788][ T9016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.297079][ T6440] usb 5-1: USB disconnect, device number 9
[  425.430176][ T5846] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  425.575618][ T9032] bpf: Bad value for 'uid'
[  426.003144][ T5846] usb 4-1: New USB device found, idVendor=1943, idProduct=2250, bcdDevice= 0.01
[  426.003173][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.003190][ T5846] usb 4-1: Product: syz
[  426.003202][ T5846] usb 4-1: Manufacturer: syz
[  426.003214][ T5846] usb 4-1: SerialNumber: syz
[  426.022077][ T5846] usb 4-1: config 0 descriptor??
[  426.034470][ T5846] go7007 4-1:0.0: Sensoray 2250 found
[  426.034682][ T5846] go7007 4-1:0.0: probe with driver go7007 failed with error -12
[  426.470387][ T9041] netlink: 8 bytes leftover after parsing attributes in process `syz.0.922'.
[  427.529567][ T6440] usb 4-1: USB disconnect, device number 6
[  428.120189][ T6440] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  428.401582][ T6440] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  428.401599][ T6440] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.401609][ T6440] usb 4-1: Product: syz
[  428.401616][ T6440] usb 4-1: Manufacturer: syz
[  428.401623][ T6440] usb 4-1: SerialNumber: syz
[  428.590159][ T5846] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  429.095138][ T5846] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  429.095168][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.095187][ T5846] usb 3-1: Product: syz
[  429.095200][ T5846] usb 3-1: Manufacturer: syz
[  429.095213][ T5846] usb 3-1: SerialNumber: syz
[  429.186659][ T5846] usb 3-1: config 0 descriptor??
[  429.781070][ T5846] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  430.354301][ T9069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.932'.
[  433.479211][ T6440] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x000000ec. ret = -EPROTO
[  433.479272][ T6440] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to init LTM with error -EPROTO
[  433.479298][ T6440] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  433.501754][ T6440] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  433.540711][ T5846] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  433.547553][ T5846] usb 3-1: USB disconnect, device number 9
[  433.614533][ T6440] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -71
[  434.128058][ T6440] usb 4-1: USB disconnect, device number 7
[  436.042097][ T5846] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  436.367574][ T5846] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  436.367606][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.367630][ T5846] usb 5-1: Product: syz
[  436.367644][ T5846] usb 5-1: Manufacturer: syz
[  436.367658][ T5846] usb 5-1: SerialNumber: syz
[  436.403284][ T5846] usb 5-1: config 0 descriptor??
[  436.592716][ T6440] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  436.592864][ T6259] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  436.726929][ T5846] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  436.813827][ T6440] usb 4-1: Using ep0 maxpacket: 16
[  436.814812][ T6259] usb 3-1: Using ep0 maxpacket: 8
[  436.819737][ T6440] usb 4-1: config 8 has an invalid interface number: 39 but max is 0
[  436.820253][ T6440] usb 4-1: config 8 has no interface number 0
[  436.820303][ T6440] usb 4-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  436.820325][ T6440] usb 4-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 521
[  436.820345][ T6440] usb 4-1: config 8 interface 39 has no altsetting 0
[  436.822787][ T6259] usb 3-1: config 0 interface 0 has no altsetting 0
[  436.828370][ T6259] usb 3-1: New USB device found, idVendor=1bc7, idProduct=110a, bcdDevice=72.bb
[  436.828403][ T6259] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.828421][ T6259] usb 3-1: Product: syz
[  436.828492][ T6259] usb 3-1: Manufacturer: syz
[  436.828506][ T6259] usb 3-1: SerialNumber: syz
[  436.831649][ T6440] usb 4-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  436.831673][ T6440] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.831692][ T6440] usb 4-1: Product: syz
[  436.831706][ T6440] usb 4-1: Manufacturer: syz
[  436.831718][ T6440] usb 4-1: SerialNumber: syz
[  437.529097][ T6259] usb 3-1: config 0 descriptor??
[  437.535116][ T9096] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  437.795415][ T6259] option 3-1:0.0: GSM modem (1-port) converter detected
[  437.831174][ T6259] usb 3-1: USB disconnect, device number 10
[  437.838322][ T6259] option 3-1:0.0: device disconnected
[  438.140274][ T6440] ipheth 4-1:8.39: ipheth_enable_ncm: usb_control_msg: 0
[  438.209105][ T6440] ipheth 4-1:8.39: Apple iPhone USB Ethernet device attached
[  438.820189][ T5922] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  438.971086][ T5922] usb 3-1: Using ep0 maxpacket: 8
[  438.972967][ T5922] usb 3-1: config 1 interface 0 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  438.973021][ T5922] usb 3-1: config 1 interface 0 has no altsetting 0
[  438.975502][ T5922] usb 3-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[  438.975553][ T5922] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.975564][ T5922] usb 3-1: Product: syz
[  438.975571][ T5922] usb 3-1: Manufacturer: syz
[  438.975578][ T5922] usb 3-1: SerialNumber: syz
[  439.306166][ T5922] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input10
[  439.430868][ T5922] usb 3-1: USB disconnect, device number 11
[  439.564976][ T5922] appletouch 3-1:1.0: input: appletouch disconnected
[  440.084588][ T6440] usb 4-1: USB disconnect, device number 8
[  440.088776][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  440.089090][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  440.667584][ T5846] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  440.676773][ T5846] usb 5-1: USB disconnect, device number 10
[  440.811824][ T6440] ipheth 4-1:8.39: Apple iPhone USB Ethernet now disconnected
[  441.241096][ T9136] Invalid source name
[  441.241107][ T9136] UBIFS error (pid: 9136): cannot open "./file0", error -22
[  441.312326][ T5846] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  441.337925][ T6440] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  441.460169][ T5846] usb 5-1: Using ep0 maxpacket: 32
[  441.462697][ T5846] usb 5-1: config 0 has an invalid interface number: 230 but max is 0
[  441.462728][ T5846] usb 5-1: config 0 has no interface number 0
[  441.462778][ T5846] usb 5-1: config 0 interface 230 has no altsetting 0
[  441.468212][ T5846] usb 5-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  441.468237][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.468256][ T5846] usb 5-1: Product: syz
[  441.468269][ T5846] usb 5-1: Manufacturer: syz
[  441.468282][ T5846] usb 5-1: SerialNumber: syz
[  441.484274][ T5846] usb 5-1: config 0 descriptor??
[  441.505408][ T5846] ums-usbat 5-1:0.230: USB Mass Storage device detected
[  441.542235][ T5846] ums-usbat 5-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  441.551095][ T6440] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  441.551119][ T6440] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  441.551154][ T6440] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  441.551175][ T6440] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.600281][ T6440] usb 4-1: config 0 descriptor??
[  441.937124][ T9132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  441.937548][ T9132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  441.952392][ T6440] usb 4-1: string descriptor 0 read error: -71
[  441.970483][ T6440] usb 4-1: USB disconnect, device number 9
[  444.098935][ T5846] ums-usbat 5-1:0.230: probe with driver ums-usbat failed with error -5
[  444.129305][ T5846] usb 5-1: USB disconnect, device number 11
[  444.239464][ T6440] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  444.330877][ T9165] nbd1: detected capacity change from 0 to 8
[  444.358272][ T9160] block nbd1: shutting down sockets
[  444.410653][ T6440] usb 4-1: Using ep0 maxpacket: 16
[  444.413189][ T6440] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  444.413215][ T6440] usb 4-1: config 0 has no interface number 0
[  444.413262][ T6440] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  444.433212][ T6440] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  444.433242][ T6440] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.433261][ T6440] usb 4-1: Product: syz
[  444.433275][ T6440] usb 4-1: Manufacturer: syz
[  444.433289][ T6440] usb 4-1: SerialNumber: syz
[  444.486835][ T6440] usb 4-1: config 0 descriptor??
[  444.934278][ T6440] usbtouchscreen 4-1:0.214: Failed to read FW rev: 0
[  444.935225][ T6440] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -5
[  445.532835][ T6440] usb 4-1: USB disconnect, device number 10
[  448.593530][ T9232] Invalid source name
[  448.593547][ T9232] UBIFS error (pid: 9232): cannot open "./file0", error -22
[  449.716041][ T9242] netlink: zone id is out of range
[  449.716057][ T9242] netlink: zone id is out of range
[  449.716066][ T9242] netlink: zone id is out of range
[  449.716074][ T9242] netlink: zone id is out of range
[  449.716081][ T9242] netlink: zone id is out of range
[  449.716089][ T9242] netlink: zone id is out of range
[  449.716096][ T9242] netlink: zone id is out of range
[  449.716104][ T9242] netlink: zone id is out of range
[  449.716111][ T9242] netlink: zone id is out of range
[  449.716119][ T9242] netlink: set zone limit has 4 unknown bytes
[  455.391852][   T37] audit: type=1326 audit(1758811945.457:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9285 comm="syz.0.987" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe10674eec9 code=0x0
[  455.740639][ T9296] netlink: 'syz.2.989': attribute type 1 has an invalid length.
[  455.788079][ T9292] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  455.790143][ T5835] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  455.962426][ T9301] bond0: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  455.970216][ T5835] usb 1-1: Using ep0 maxpacket: 16
[  455.972392][ T5835] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  455.972446][ T5835] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  455.972471][ T5835] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  455.972495][ T5835] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  455.975188][ T5835] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  455.975212][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.975230][ T5835] usb 1-1: Product: syz
[  455.975243][ T5835] usb 1-1: Manufacturer: syz
[  455.975256][ T5835] usb 1-1: SerialNumber: syz
[  456.002032][ T5835] usb 1-1: config 0 descriptor??
[  456.170310][ T5835] rc_core: IR keymap rc-xbox-dvd not found
[  456.170332][ T5835] Registered IR keymap rc-empty
[  456.194428][ T5835] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  456.227230][ T5835] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12
[  456.263023][ T9305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'.
[  456.370120][ T9303] veth3: entered promiscuous mode
[  456.375538][ T9303] bond0: (slave veth3): Enslaving as a backup interface with a down link
[  456.463009][ T9305] bridge_slave_1: left allmulticast mode
[  456.463114][ T9305] bridge_slave_1: left promiscuous mode
[  456.463397][ T9305] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.443449][ T9305] bridge_slave_0: left allmulticast mode
[  457.443489][ T9305] bridge_slave_0: left promiscuous mode
[  457.443756][ T9305] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.024257][ T9320] syz.3.996 uses obsolete (PF_INET,SOCK_PACKET)
[  460.002937][ T5835] usb 1-1: USB disconnect, device number 6
[  460.003026][    C0] xbox_remote 1-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  460.327507][ T9321] netlink: 4 bytes leftover after parsing attributes in process `syz.3.996'.
[  461.062369][ T9350] netlink: 'syz.4.1005': attribute type 1 has an invalid length.
[  462.683575][ T9355] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  462.943244][ T9364] veth3: entered promiscuous mode
[  462.959742][ T9364] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  463.055433][ T9370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1009'.
[  464.648040][ T9384] nbd4: detected capacity change from 0 to 8
[  464.657225][   T59] block nbd4: Receive control failed (result -32)
[  464.684529][ T9384] block nbd4: shutting down sockets
[  465.170706][ T6259] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  465.532576][ T6259] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  465.532603][ T6259] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  465.532620][ T6259] usb 1-1: config 0 has no interface number 0
[  465.532665][ T6259] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  465.532684][ T6259] usb 1-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  465.532725][ T6259] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  465.532747][ T6259] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.994342][ T6259] usb 1-1: config 0 descriptor??
[  466.446487][ T9419] netlink: 'syz.4.1023': attribute type 1 has an invalid length.
[  466.487501][ T6259] usb 1-1: can't set config #0, error -71
[  466.496282][ T6259] usb 1-1: USB disconnect, device number 7
[  466.910031][ T9425] Invalid source name
[  466.910048][ T9425] UBIFS error (pid: 9425): cannot open "./file0", error -22
[  467.321139][ T9419] veth5: entered promiscuous mode
[  467.325625][ T9419] bond2: (slave veth5): Enslaving as a backup interface with a down link
[  469.199245][ T9465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1037'.
[  469.370174][ T9471] Invalid source name
[  469.370191][ T9471] UBIFS error (pid: 9471): cannot open "./file0", error -22
[  470.107035][ T9474] netlink: 'syz.0.1042': attribute type 1 has an invalid length.
[  470.176944][ T9474] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  470.343932][ T9474] veth3: entered promiscuous mode
[  470.349958][ T9474] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  470.903215][ T9491] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  471.200684][ T9492] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1046'.
[  471.820894][ T9491] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  480.584170][ T9559] bpf: Bad value for 'uid'
[  481.929578][ T9201] Bluetooth: hci5: Frame reassembly failed (-84)
[  483.052744][ T9580] Invalid source name
[  483.052760][ T9580] UBIFS error (pid: 9580): cannot open "./file0", error -22
[  483.920201][   T59] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  486.942889][ T5151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  486.964324][ T5151] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  486.974700][ T5151] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  486.976056][ T5151] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  486.978799][ T5151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  487.690370][ T9635] tipc: Started in network mode
[  487.690400][ T9635] tipc: Node identity 32e56b39eb2e, cluster identity 4711
[  487.690610][ T9635] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  487.743439][ T9636] syzkaller0: entered promiscuous mode
[  487.743470][ T9636] syzkaller0: entered allmulticast mode
[  487.802010][ T9644] tipc: Resetting bearer <eth:syzkaller0>
[  487.880205][ T9633] tipc: Resetting bearer <eth:syzkaller0>
[  488.085048][ T9633] tipc: Disabling bearer <eth:syzkaller0>
[  490.201853][ T5151] Bluetooth: hci4: command tx timeout
[  492.203683][ T9221] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  492.306877][ T5151] Bluetooth: hci4: command tx timeout
[  492.497347][ T9690] syzkaller0: entered promiscuous mode
[  492.497376][ T9690] syzkaller0: entered allmulticast mode
[  492.719841][ T9697] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  492.733842][ T9698] syzkaller0: entered promiscuous mode
[  492.733871][ T9698] syzkaller0: entered allmulticast mode
[  493.001369][ T9221] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.389410][ T9698] tipc: Resetting bearer <eth:syzkaller0>
[  493.456450][ T9694] tipc: Resetting bearer <eth:syzkaller0>
[  493.808300][ T5921] tipc: Node number set to 3653987129
[  494.373794][ T5151] Bluetooth: hci4: command tx timeout
[  495.152786][ T9694] tipc: Disabling bearer <eth:syzkaller0>
[  496.517778][ T5151] Bluetooth: hci4: command tx timeout
[  497.507296][ T9221] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  498.599532][ T9221] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  499.984100][ T9641] chnl_net:caif_netlink_parms(): no params data found
[  501.527544][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  501.527604][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  501.540437][ T9772] tipc: Started in network mode
[  501.540465][ T9772] tipc: Node identity 2e6005fcea95, cluster identity 4711
[  501.540670][ T9772] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  501.564643][ T9780] syzkaller0: entered promiscuous mode
[  501.564671][ T9780] syzkaller0: entered allmulticast mode
[  502.560238][ T5835] tipc: Node number set to 3304392188
[  502.635153][ T9774] tipc: Resetting bearer <eth:syzkaller0>
[  502.660452][ T9771] tipc: Resetting bearer <eth:syzkaller0>
[  503.759767][ T9771] tipc: Disabling bearer <eth:syzkaller0>
[  503.931784][ T9641] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.932099][ T9641] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.932314][ T9641] bridge_slave_0: entered allmulticast mode
[  504.193416][ T9641] bridge_slave_0: entered promiscuous mode
[  504.285068][ T9641] bridge0: port 2(bridge_slave_1) entered blocking state
[  504.303942][ T9641] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.343421][ T9641] bridge_slave_1: entered allmulticast mode
[  504.439485][ T9641] bridge_slave_1: entered promiscuous mode
[  513.557870][ T9221] bond0 (unregistering): (slave ip6gretap1): Releasing backup interface
[  513.557891][ T9221] bond0 (unregistering): (slave ip6gretap1): the permanent HWaddr of slave - 76:ae:71:f0:31:32 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  517.743934][ T9221]  (unregistering): Released all slaves
[  517.765054][ T9221] bond0 (unregistering): (slave veth3): Releasing backup interface
[  517.824285][ T9221] bond0 (unregistering): Released all slaves
[  517.846955][ T9641] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  518.010310][ T9851] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  518.013164][ T9852] syzkaller0: entered promiscuous mode
[  518.013180][ T9852] syzkaller0: entered allmulticast mode
[  518.184501][ T9860] tipc: Resetting bearer <eth:syzkaller0>
[  518.240861][ T9641] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  519.280491][ T9849] tipc: Resetting bearer <eth:syzkaller0>
[  519.811506][ T9849] tipc: Disabling bearer <eth:syzkaller0>
[  520.150251][ T5921] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  520.323875][ T5921] usb 5-1: config 0 has an invalid interface number: 120 but max is 0
[  520.323911][ T5921] usb 5-1: config 0 has no interface number 0
[  520.324015][ T5921] usb 5-1: config 0 interface 120 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  520.324041][ T5921] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has an invalid bInterval 52, changing to 9
[  520.324066][ T5921] usb 5-1: config 0 interface 120 altsetting 0 endpoint 0x8F has invalid maxpacket 8241, setting to 1024
[  520.324107][ T5921] usb 5-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58
[  520.324129][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  520.329536][ T5921] usb 5-1: config 0 descriptor??
[  520.416822][ T5921] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.120/input/input13
[  520.457015][ T9221] tipc: Left network mode
[  520.485226][    C1] usbtouchscreen 5-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1
[  520.844268][ T5921] usb 5-1: USB disconnect, device number 12
[  520.844418][    C0] usbtouchscreen 5-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -19
[  521.038459][ T9641] team0: Port device team_slave_0 added
[  521.052232][ T9641] team0: Port device team_slave_1 added
[  524.847491][ T9910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1162'.
[  526.161210][ T9641] batman_adv: batadv0: Adding interface: batadv_slave_0
[  526.161227][ T9641] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  526.161251][ T9641] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  526.249528][ T9915] bridge_slave_0: left allmulticast mode
[  526.249558][ T9915] bridge_slave_0: left promiscuous mode
[  526.249826][ T9915] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.427555][ T9915] bridge_slave_1: left allmulticast mode
[  526.427586][ T9915] bridge_slave_1: left promiscuous mode
[  526.427847][ T9915] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.235414][ T9916] syz.1.1164: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  527.235678][ T9916] CPU: 1 UID: 0 PID: 9916 Comm: syz.1.1164 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  527.235691][ T9916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  527.235702][ T9916] Call Trace:
[  527.235713][ T9916]  <TASK>
[  527.235718][ T9916]  dump_stack_lvl+0x189/0x250
[  527.235741][ T9916]  ? __pfx_dump_stack_lvl+0x10/0x10
[  527.235755][ T9916]  ? __pfx__printk+0x10/0x10
[  527.235767][ T9916]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  527.235778][ T9916]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  527.235789][ T9916]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  527.235801][ T9916]  warn_alloc+0x22e/0x3b0
[  527.235816][ T9916]  ? __pfx_warn_alloc+0x10/0x10
[  527.235831][ T9916]  ? __get_vm_area_node+0x2bc/0x350
[  527.235845][ T9916]  ? hash_ipport4_resize+0x1ec/0x1a80
[  527.235863][ T9916]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  527.235892][ T9916]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  527.235909][ T9916]  ? rcu_is_watching+0x15/0xb0
[  527.235927][ T9916]  __kvmalloc_node_noprof+0x330/0x550
[  527.235941][ T9916]  ? hash_ipport4_resize+0x1ec/0x1a80
[  527.235953][ T9916]  ? hash_ipport4_resize+0x1ec/0x1a80
[  527.235970][ T9916]  hash_ipport4_resize+0x1ec/0x1a80
[  527.235988][ T9916]  ? __pfx_hash_ipport4_add+0x10/0x10
[  527.236005][ T9916]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  527.236026][ T9916]  ? call_ad+0x102/0x9c0
[  527.236039][ T9916]  call_ad+0x3c8/0x9c0
[  527.236055][ T9916]  ? __pfx_call_ad+0x10/0x10
[  527.236075][ T9916]  ? __nla_parse+0x40/0x60
[  527.236087][ T9916]  ip_set_ad+0x797/0x940
[  527.236104][ T9916]  ? __pfx_ip_set_ad+0x10/0x10
[  527.236115][ T9916]  ? do_raw_spin_lock+0x121/0x290
[  527.236147][ T9916]  nfnetlink_rcv_msg+0xb66/0x1150
[  527.236159][ T9916]  ? __lock_acquire+0xab9/0xd20
[  527.236172][ T9916]  ? nfnetlink_rcv_msg+0x212/0x1150
[  527.236194][ T9916]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  527.236220][ T9916]  ? __pfx_migrate_enable+0x10/0x10
[  527.236233][ T9916]  ? __pfx_migrate_enable+0x10/0x10
[  527.236254][ T9916]  netlink_rcv_skb+0x205/0x470
[  527.236269][ T9916]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  527.236281][ T9916]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  527.236301][ T9916]  ? bpf_lsm_capable+0x9/0x20
[  527.236314][ T9916]  ? security_capable+0x7e/0x2e0
[  527.236335][ T9916]  nfnetlink_rcv+0x26a/0x2530
[  527.236349][ T9916]  ? __dev_queue_xmit+0x1d3d/0x3b70
[  527.236365][ T9916]  ? __dev_queue_xmit+0x26f/0x3b70
[  527.236384][ T9916]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  527.236396][ T9916]  ? __pfx___dev_queue_xmit+0x10/0x10
[  527.236414][ T9916]  ? ref_tracker_free+0x61e/0x7c0
[  527.236429][ T9916]  ? __asan_memcpy+0x40/0x70
[  527.236440][ T9916]  ? __pfx_ref_tracker_free+0x10/0x10
[  527.236463][ T9916]  ? skb_clone+0x246/0x3a0
[  527.236476][ T9916]  ? __netlink_deliver_tap+0x807/0x850
[  527.236489][ T9916]  ? netlink_deliver_tap+0x2e/0x1b0
[  527.236506][ T9916]  ? netlink_deliver_tap+0x2e/0x1b0
[  527.236523][ T9916]  netlink_unicast+0x843/0xa10
[  527.236540][ T9916]  ? __pfx_netlink_unicast+0x10/0x10
[  527.236554][ T9916]  ? netlink_sendmsg+0x642/0xb30
[  527.236566][ T9916]  ? skb_put+0x11b/0x210
[  527.236583][ T9916]  netlink_sendmsg+0x805/0xb30
[  527.236601][ T9916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  527.236619][ T9916]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  527.236629][ T9916]  ? __pfx_netlink_sendmsg+0x10/0x10
[  527.236643][ T9916]  __sock_sendmsg+0x21c/0x270
[  527.236657][ T9916]  ____sys_sendmsg+0x508/0x820
[  527.236670][ T9916]  ? __pfx_____sys_sendmsg+0x10/0x10
[  527.236685][ T9916]  ? import_iovec+0x74/0xa0
[  527.236699][ T9916]  ___sys_sendmsg+0x21f/0x2a0
[  527.236715][ T9916]  ? __pfx____sys_sendmsg+0x10/0x10
[  527.236744][ T9916]  ? __fget_files+0x2a/0x420
[  527.236758][ T9916]  ? __fget_files+0x3a6/0x420
[  527.236777][ T9916]  __x64_sys_sendmsg+0x1a1/0x260
[  527.236788][ T9916]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  527.236804][ T9916]  ? rcu_is_watching+0x15/0xb0
[  527.236821][ T9916]  ? do_syscall_64+0xbe/0x3b0
[  527.236834][ T9916]  do_syscall_64+0xfa/0x3b0
[  527.236844][ T9916]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.236853][ T9916]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  527.236863][ T9916]  ? clear_bhb_loop+0x60/0xb0
[  527.236875][ T9916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  527.236887][ T9916] RIP: 0033:0x7fec2dfaeec9
[  527.236901][ T9916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  527.236909][ T9916] RSP: 002b:00007fec2c216038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  527.236920][ T9916] RAX: ffffffffffffffda RBX: 00007fec2e205fa0 RCX: 00007fec2dfaeec9
[  527.236927][ T9916] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000008
[  527.236934][ T9916] RBP: 00007fec2e031f91 R08: 0000000000000000 R09: 0000000000000000
[  527.236940][ T9916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  527.236946][ T9916] R13: 00007fec2e206038 R14: 00007fec2e205fa0 R15: 00007fffa598d528
[  527.236962][ T9916]  </TASK>
[  527.236969][ T9916] Mem-Info:
[  527.236976][ T9916] active_anon:249 inactive_anon:7254 isolated_anon:0
[  527.236976][ T9916]  active_file:5709 inactive_file:37793 isolated_file:0
[  527.236976][ T9916]  unevictable:768 dirty:98 writeback:0
[  527.236976][ T9916]  slab_reclaimable:12279 slab_unreclaimable:105183
[  527.236976][ T9916]  mapped:32212 shmem:4235 pagetables:1052
[  527.236976][ T9916]  sec_pagetables:0 bounce:0
[  527.236976][ T9916]  kernel_misc_reclaimable:0
[  527.236976][ T9916]  free:1319946 free_pcp:4432 free_cma:0
[  527.237004][ T9916] Node 0 active_anon:996kB inactive_anon:29016kB active_file:22632kB inactive_file:151172kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128848kB dirty:392kB writeback:0kB shmem:15404kB kernel_stack:13560kB pagetables:4068kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  527.237028][ T9916] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  527.237050][ T9916] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  527.237084][ T9916] lowmem_reserve[]: 0 2512 2513 2513 2513
[  527.237101][ T9916] Node 0 DMA32 free:1371020kB boost:0kB min:3940kB low:6484kB high:9028kB reserved_highatomic:0KB free_highatomic:0KB active_anon:992kB inactive_anon:28964kB active_file:21624kB inactive_file:151104kB unevictable:1536kB writepending:392kB present:3129332kB managed:2572288kB mlocked:0kB bounce:0kB free_pcp:16884kB local_pcp:11652kB free_cma:0kB
[  527.237132][ T9916] lowmem_reserve[]: 0 0 1 1 1
[  527.237148][ T9916] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:4kB inactive_anon:52kB active_file:1008kB inactive_file:68kB unevictable:0kB writepending:0kB present:1048580kB managed:1132kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  527.237175][ T9916] lowmem_reserve[]: 0 0 0 0 0
[  527.237191][ T9916] Node 1 Normal free:3893404kB boost:0kB min:6364kB low:10472kB high:14580kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:844kB local_pcp:304kB free_cma:0kB
[  527.237220][ T9916] lowmem_reserve[]: 0 0 0 0 0
[  527.237236][ T9916] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  527.237295][ T9916] Node 0 DMA32: 32*4kB (UME) 209*8kB (UM) 493*16kB (UME) 131*32kB (UME) 120*64kB (UME) 44*128kB (UME) 19*256kB (UME) 17*512kB (UM) 7*1024kB (UME) 6*2048kB (ME) 320*4096kB (UM) = 1370936kB
[  527.237372][ T9916] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  527.237421][ T9916] Node 1 Normal: 85*4kB (UE) 55*8kB (UME) 29*16kB (UM) 204*32kB (UME) 97*64kB (UME) 26*128kB (UME) 13*256kB (UM) 4*512kB (UM) 4*1024kB (UM) 2*2048kB (UE) 943*4096kB (M) = 3893404kB
[  527.237498][ T9916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.237506][ T9916] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  527.237514][ T9916] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  527.237545][ T9916] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  527.237553][ T9916] 47733 total pagecache pages
[  527.237559][ T9916] 0 pages in swap cache
[  527.237563][ T9916] Free swap  = 124996kB
[  527.237566][ T9916] Total swap = 124996kB
[  527.237570][ T9916] 2097051 pages RAM
[  527.237574][ T9916] 0 pages HighMem/MovableOnly
[  527.237577][ T9916] 422081 pages reserved
[  527.237581][ T9916] 0 pages cma reserved
[  528.796905][ T9935] genirq: Flags mismatch irq 4. 00202000 (das16m1) vs. 00202080 (ttyS0)
[  528.890867][ T9915] bond0: (slave bond_slave_0): Releasing backup interface
[  529.140311][ T9915] bond0: (slave bond_slave_1): Releasing backup interface
[  529.342868][ T9915] team0: Port device team_slave_0 removed
[  529.469810][ T9915] team0: Port device team_slave_1 removed
[  529.479024][ T9915] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  529.479054][ T9915] batman_adv: batadv0: Removing interface: batadv_slave_0
[  530.013040][ T9915] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  530.015530][ T9915] batman_adv: batadv0: Removing interface: batadv_slave_1
[  530.400773][ T9915] bond1: (slave ip6gretap1): Releasing backup interface
[  530.400796][ T9915] bond1: (slave ip6gretap1): the permanent HWaddr of slave - 32:73:45:8f:95:95 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts
[  530.461175][ T9915] bond1: (slave veth3): Releasing backup interface
[  530.539936][ T9915] bond2: (slave veth5): Releasing backup interface
[  530.890211][ T9641] batman_adv: batadv0: Adding interface: batadv_slave_1
[  530.890228][ T9641] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  530.890252][ T9641] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.790688][ T9963] mmap: syz.0.1176 (9963) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  536.297826][ T9641] hsr_slave_0: entered promiscuous mode
[  536.299207][ T9641] hsr_slave_1: entered promiscuous mode
[  536.334468][ T9641] debugfs: 'hsr0' already exists in 'hsr'
[  536.334500][ T9641] Cannot create hsr debugfs directory
[  537.238092][   T37] audit: type=1326 audit(1758812027.347:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9975 comm="syz.3.1181" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f09907beec9 code=0x0
[  539.167781][T10004] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1189'.
[  539.230172][ T9221] hsr_slave_0: left promiscuous mode
[  539.411041][ T9221] hsr_slave_1: left promiscuous mode
[  539.888853][ T9221] veth1_macvtap: left promiscuous mode
[  539.889125][ T9221] veth0_macvtap: left promiscuous mode
[  539.891371][ T9221] veth1_vlan: left promiscuous mode
[  539.896168][ T9221] veth0_vlan: left promiscuous mode
[  542.064927][ T5837] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  542.210232][ T5837] usb 2-1: Using ep0 maxpacket: 32
[  542.225573][ T5837] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  542.225598][ T5837] usb 2-1: config 0 has no interfaces?
[  542.228582][ T5837] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=f0.bb
[  542.228610][ T5837] usb 2-1: New USB device strings: Mfr=193, Product=2, SerialNumber=3
[  542.228630][ T5837] usb 2-1: Product: syz
[  542.228643][ T5837] usb 2-1: Manufacturer: syz
[  542.228657][ T5837] usb 2-1: SerialNumber: syz
[  542.280680][ T5837] usb 2-1: config 0 descriptor??
[  542.498200][ T5904] usb 2-1: USB disconnect, device number 12
[  545.598007][T10027] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  545.620419][T10027] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  545.623084][T10027] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  545.637300][T10027] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  545.638555][T10027] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  547.681711][T10027] Bluetooth: hci5: command tx timeout
[  548.121427][T10056] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1204'.
[  548.793968][T10062] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  548.793995][T10062] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  548.794097][T10062] vhci_hcd vhci_hcd.0: Device attached
[  549.033767][T10063] vhci_hcd: connection closed
[  549.042401][ T1438] vhci_hcd: stop threads
[  549.042422][ T1438] vhci_hcd: release socket
[  549.050556][ T1438] vhci_hcd: disconnect device
[  549.760093][T10027] Bluetooth: hci5: command tx timeout
[  551.842363][T10027] Bluetooth: hci5: command tx timeout
[  553.581832][T10084] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  553.920213][T10027] Bluetooth: hci5: command tx timeout
[  554.924829][T10026] chnl_net:caif_netlink_parms(): no params data found
[  557.793822][T10026] bridge0: port 1(bridge_slave_0) entered blocking state
[  557.793968][T10026] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.794236][T10026] bridge_slave_0: entered allmulticast mode
[  558.721217][T10026] bridge_slave_0: entered promiscuous mode
[  558.725599][ T9221] bridge_slave_1: left allmulticast mode
[  558.725631][ T9221] bridge_slave_1: left promiscuous mode
[  558.726275][ T9221] bridge0: port 2(bridge_slave_1) entered disabled state
[  558.924157][ T9221] bridge_slave_0: left allmulticast mode
[  558.924187][ T9221] bridge_slave_0: left promiscuous mode
[  558.924455][ T9221] bridge0: port 1(bridge_slave_0) entered disabled state
[  558.969492][T10120] netlink: 'syz.3.1219': attribute type 9 has an invalid length.
[  558.969515][T10120] netlink: 'syz.3.1219': attribute type 7 has an invalid length.
[  558.969528][T10120] netlink: 'syz.3.1219': attribute type 8 has an invalid length.
[  559.714307][ T9221] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  559.903367][ T9221] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  560.034270][ T9221] bond0 (unregistering): Released all slaves
[  561.084419][T10026] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.084758][T10026] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.085396][T10026] bridge_slave_1: entered allmulticast mode
[  561.123467][T10137] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  561.123493][T10137] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  561.127183][T10137] vhci_hcd vhci_hcd.0: Device attached
[  561.174105][T10026] bridge_slave_1: entered promiscuous mode
[  561.662662][ T5921] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  563.063982][T10149] wireguard0: entered promiscuous mode
[  563.064134][T10149] wireguard0: entered allmulticast mode
[  563.115323][T10141] vhci_hcd: connection reset by peer
[  563.145076][   T12] vhci_hcd: stop threads
[  563.145149][   T12] vhci_hcd: release socket
[  563.163628][   T12] vhci_hcd: disconnect device
[  563.580321][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  563.580396][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  566.783893][T10026] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  566.799320][ T5921] vhci_hcd: vhci_device speed not set
[  567.394317][ T9221] hsr_slave_0: left promiscuous mode
[  567.833324][ T9221] hsr_slave_1: left promiscuous mode
[  568.342475][ T9221] batman_adv: batadv0: Removing interface: batadv_slave_0
[  568.689633][ T9221] batman_adv: batadv0: Removing interface: batadv_slave_1
[  568.830419][T10187] 9pnet: Could not find request transport: fd0xffffffffffffffffn¬0xffffffffffffffff
[  570.471459][T10216] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1243'.
[  571.358896][ T9221] team0 (unregistering): Port device team_slave_1 removed
[  571.913290][ T9221] team0 (unregistering): Port device team_slave_0 removed
[  576.456825][T10026] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  576.590658][T10243] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1245'.
[  577.879096][    C0] vkms_vblank_simulate: vblank timer overrun
[  578.249811][T10027] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  578.249829][T10027] CPU: 0 UID: 0 PID: 10027 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  578.249843][T10027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  578.249850][T10027] Workqueue: hci1 hci_rx_work
[  578.249868][T10027] Call Trace:
[  578.249873][T10027]  <TASK>
[  578.249877][T10027]  dump_stack_lvl+0x189/0x250
[  578.249898][T10027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.249912][T10027]  ? __pfx__printk+0x10/0x10
[  578.249927][T10027]  ? kernfs_path_from_node+0x2c/0x280
[  578.249938][T10027]  ? kernfs_path_from_node+0x243/0x280
[  578.249947][T10027]  ? kernfs_path_from_node+0x2c/0x280
[  578.249959][T10027]  sysfs_create_dir_ns+0x259/0x280
[  578.249968][T10027]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  578.249992][T10027]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  578.250011][T10027]  ? rt_spin_unlock+0x65/0x80
[  578.250039][T10027]  kobject_add_internal+0x5a5/0xb50
[  578.250067][T10027]  kobject_add+0x155/0x220
[  578.250091][T10027]  ? __pfx_kobject_add+0x10/0x10
[  578.250119][T10027]  ? get_device_parent+0x370/0x3a0
[  578.250143][T10027]  device_add+0x408/0xb50
[  578.250163][T10027]  hci_conn_add_sysfs+0xd5/0x1e0
[  578.250178][T10027]  le_conn_complete_evt+0xc3a/0x1220
[  578.250201][T10027]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  578.250216][T10027]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  578.250231][T10027]  ? lockdep_hardirqs_on+0x9c/0x150
[  578.250248][T10027]  ? skb_pull_data+0xfb/0x200
[  578.250264][T10027]  hci_le_conn_complete_evt+0x187/0x450
[  578.250282][T10027]  hci_event_packet+0x78f/0x1200
[  578.250296][T10027]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  578.250311][T10027]  ? __pfx_hci_event_packet+0x10/0x10
[  578.250322][T10027]  ? __pfx_migrate_enable+0x10/0x10
[  578.250340][T10027]  ? hci_send_to_monitor+0xe2/0x570
[  578.250357][T10027]  hci_rx_work+0x46a/0xe80
[  578.250373][T10027]  ? process_scheduled_works+0x9ef/0x17b0
[  578.250388][T10027]  process_scheduled_works+0xade/0x17b0
[  578.250416][T10027]  ? __pfx_process_scheduled_works+0x10/0x10
[  578.250438][T10027]  worker_thread+0x8a0/0xda0
[  578.250458][T10027]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  578.250479][T10027]  ? __kthread_parkme+0x7b/0x200
[  578.250499][T10027]  kthread+0x70e/0x8a0
[  578.250516][T10027]  ? __pfx_worker_thread+0x10/0x10
[  578.250528][T10027]  ? __pfx_kthread+0x10/0x10
[  578.250546][T10027]  ? __pfx_kthread+0x10/0x10
[  578.250561][T10027]  ret_from_fork+0x436/0x7d0
[  578.250576][T10027]  ? __pfx_ret_from_fork+0x10/0x10
[  578.250592][T10027]  ? __switch_to_asm+0x39/0x70
[  578.250601][T10027]  ? __switch_to_asm+0x33/0x70
[  578.250609][T10027]  ? __pfx_kthread+0x10/0x10
[  578.250624][T10027]  ret_from_fork_asm+0x1a/0x30
[  578.250642][T10027]  </TASK>
[  578.257346][T10027] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  578.257393][T10027] Bluetooth: hci1: failed to register connection device
[  578.592559][T10026] team0: Port device team_slave_0 added
[  578.644520][T10026] team0: Port device team_slave_1 added
[  579.096062][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.340922][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.516460][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.765860][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.835749][    C0] vkms_vblank_simulate: vblank timer overrun
[  580.084316][T10297] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1263'.
[  580.582309][T10026] batman_adv: batadv0: Adding interface: batadv_slave_0
[  580.582326][T10026] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.582353][T10026] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  580.679355][    C0] vkms_vblank_simulate: vblank timer overrun
[  580.692919][T10026] batman_adv: batadv0: Adding interface: batadv_slave_1
[  580.692935][T10026] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.692959][T10026] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  580.871187][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.271183][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.486040][    C0] vkms_vblank_simulate: vblank timer overrun
[  581.670497][    C0] vkms_vblank_simulate: vblank timer overrun
[  584.850355][T10027] Bluetooth: hci1: command 0x0406 tx timeout
[  585.311555][T10026] hsr_slave_0: entered promiscuous mode
[  585.312995][T10026] hsr_slave_1: entered promiscuous mode
[  585.313949][T10026] debugfs: 'hsr0' already exists in 'hsr'
[  585.313972][T10026] Cannot create hsr debugfs directory
[  586.093896][T10335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1273'.
[  586.386407][T10337] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1275'.
[  588.810767][T10349] 9pnet: Could not find request transport: fd0xffffffffffffffffn¬0xffffffffffffffff
[  589.885151][T10026] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  590.046054][T10026] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  590.196016][T10026] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  590.311970][T10026] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  591.167512][T10026] 8021q: adding VLAN 0 to HW filter on device bond0
[  591.397970][T10026] 8021q: adding VLAN 0 to HW filter on device team0
[  591.465974][ T9218] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.466867][ T9218] bridge0: port 1(bridge_slave_0) entered forwarding state
[  591.519526][ T3493] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.519818][ T3493] bridge0: port 2(bridge_slave_1) entered forwarding state
[  593.484191][T10389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1289'.
[  593.785345][T10026] 8021q: adding VLAN 0 to HW filter on device batadv0
[  596.972363][T10026] veth0_vlan: entered promiscuous mode
[  597.152140][T10026] veth1_vlan: entered promiscuous mode
[  597.461231][T10026] veth0_macvtap: entered promiscuous mode
[  597.487938][T10026] veth1_macvtap: entered promiscuous mode
[  597.744884][T10026] batman_adv: batadv0: Interface activated: batadv_slave_0
[  597.777305][T10026] batman_adv: batadv0: Interface activated: batadv_slave_1
[  597.833490][ T9201] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  597.833850][ T9201] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  597.833889][ T9201] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  597.833924][ T9201] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  597.927663][T10443] 9pnet_virtio: no channels available for device syz
[  600.767788][ T7423] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  600.767807][ T7423] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  603.839382][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  603.839403][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  604.202825][T10479] bpf: Bad value for 'uid'
[  610.949531][T10491] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1313'.
[  613.003922][T10027] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  613.027794][T10027] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  613.029160][T10027] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  613.052658][T10027] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  613.053535][T10027] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  614.629957][T10521] bpf: Bad value for 'uid'
[  615.280166][ T5151] Bluetooth: hci4: command tx timeout
[  617.370440][ T5151] Bluetooth: hci4: command tx timeout
[  618.449266][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.077191][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.232564][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.397238][    C1] vkms_vblank_simulate: vblank timer overrun
[  619.443813][ T5151] Bluetooth: hci4: command tx timeout
[  619.808313][    C1] vkms_vblank_simulate: vblank timer overrun
[  621.264336][    C1] vkms_vblank_simulate: vblank timer overrun
[  621.523924][T10027] Bluetooth: hci4: command tx timeout
[  621.531447][T10027] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  621.544510][T10027] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  621.547459][T10027] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  621.548798][T10027] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  621.550688][T10027] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  623.367362][ T7423] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  623.642664][T10572] lo speed is unknown, defaulting to 1000
[  623.681716][ T5151] Bluetooth: hci0: command tx timeout
[  623.702358][T10572] lo speed is unknown, defaulting to 1000
[  623.718255][T10572] lo speed is unknown, defaulting to 1000
[  623.758352][T10572] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  623.994664][ T7423] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  624.042676][T10572] lo speed is unknown, defaulting to 1000
[  624.049695][T10572] lo speed is unknown, defaulting to 1000
[  624.085948][T10572] lo speed is unknown, defaulting to 1000
[  624.093552][T10572] lo speed is unknown, defaulting to 1000
[  624.095114][T10572] lo speed is unknown, defaulting to 1000
[  624.096601][T10572] lo speed is unknown, defaulting to 1000
[  624.108441][T10561] lo speed is unknown, defaulting to 1000
[  624.112328][T10507] chnl_net:caif_netlink_parms(): no params data found
[  624.411234][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  624.411308][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  624.464066][T10581] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  624.533579][T10581] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  624.635610][ T7423] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.044105][    C1] vkms_vblank_simulate: vblank timer overrun
[  625.546800][ T7423] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  625.970156][ T5151] Bluetooth: hci0: command tx timeout
[  626.454855][T10507] bridge0: port 1(bridge_slave_0) entered blocking state
[  626.454992][T10507] bridge0: port 1(bridge_slave_0) entered disabled state
[  626.455230][T10507] bridge_slave_0: entered allmulticast mode
[  626.482072][T10507] bridge_slave_0: entered promiscuous mode
[  626.624834][T10507] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.625058][T10507] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.625251][T10507] bridge_slave_1: entered allmulticast mode
[  626.670231][T10507] bridge_slave_1: entered promiscuous mode
[  627.121552][T10507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  627.202031][T10507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  627.400112][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.110738][ T5151] Bluetooth: hci0: command tx timeout
[  629.011543][T10507] team0: Port device team_slave_0 added
[  629.011955][ T7423] bridge_slave_1: left allmulticast mode
[  629.011973][ T7423] bridge_slave_1: left promiscuous mode
[  629.014830][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.131027][ T7423] bridge_slave_0: left allmulticast mode
[  629.131048][ T7423] bridge_slave_0: left promiscuous mode
[  629.131207][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.160379][ T5151] Bluetooth: hci0: command tx timeout
[  636.556251][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.121030][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.176458][ T7423] bond0 (unregistering): Released all slaves
[  637.266598][T10507] team0: Port device team_slave_1 added
[  640.302164][T10724] Invalid source name
[  640.302209][T10724] UBIFS error (pid: 10724): cannot open "./file0", error -22
[  641.292798][T10507] batman_adv: batadv0: Adding interface: batadv_slave_0
[  641.292814][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.292837][T10507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  641.295550][T10507] batman_adv: batadv0: Adding interface: batadv_slave_1
[  641.295562][T10507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.295585][T10507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  642.381117][T10561] chnl_net:caif_netlink_parms(): no params data found
[  643.360107][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.582654][T10507] hsr_slave_0: entered promiscuous mode
[  643.583995][T10507] hsr_slave_1: entered promiscuous mode
[  643.585027][T10507] debugfs: 'hsr0' already exists in 'hsr'
[  643.585052][T10507] Cannot create hsr debugfs directory
[  643.860262][ T7423] hsr_slave_0: left promiscuous mode
[  643.880374][ T7423] hsr_slave_1: left promiscuous mode
[  643.881107][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  643.881227][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  643.940417][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  643.940440][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  644.195576][ T7423] veth1_macvtap: left promiscuous mode
[  644.195703][ T7423] veth0_macvtap: left promiscuous mode
[  644.199460][ T7423] veth1_vlan: left promiscuous mode
[  644.199698][ T7423] veth0_vlan: left promiscuous mode
[  646.668846][    C1] vkms_vblank_simulate: vblank timer overrun
[  647.268287][    C1] vkms_vblank_simulate: vblank timer overrun
[  647.321062][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  647.581015][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  649.913112][ T6440] lo speed is unknown, defaulting to 1000
[  650.322120][T10772] netlink: 'syz.0.1397': attribute type 12 has an invalid length.
[  651.171895][T10561] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.172051][T10561] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.172233][T10561] bridge_slave_0: entered allmulticast mode
[  651.287143][T10561] bridge_slave_0: entered promiscuous mode
[  651.326231][T10561] bridge0: port 2(bridge_slave_1) entered blocking state
[  651.326360][T10561] bridge0: port 2(bridge_slave_1) entered disabled state
[  651.326544][T10561] bridge_slave_1: entered allmulticast mode
[  651.330317][T10561] bridge_slave_1: entered promiscuous mode
[  651.879127][T10561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  652.399861][T10561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  652.988489][T10561] team0: Port device team_slave_0 added
[  653.036895][T10561] team0: Port device team_slave_1 added
[  654.287806][T10561] batman_adv: batadv0: Adding interface: batadv_slave_0
[  654.287817][T10561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  654.287832][T10561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  654.321097][T10561] batman_adv: batadv0: Adding interface: batadv_slave_1
[  654.321112][T10561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  654.321137][T10561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  656.356463][T10561] hsr_slave_0: entered promiscuous mode
[  656.357748][T10561] hsr_slave_1: entered promiscuous mode
[  656.358668][T10561] debugfs: 'hsr0' already exists in 'hsr'
[  656.358691][T10561] Cannot create hsr debugfs directory
[  657.138284][T10840] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1415'.
[  657.801185][ T7423] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.856464][T10841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1415'.
[  659.533579][ T5922] libceph: connect (1)[c::]:6789 error -101
[  659.534221][ T5922] libceph: mon0 (1)[c::]:6789 connect error
[  659.603656][ T7423] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  659.628263][ T5922] libceph: connect (1)[c::]:6789 error -101
[  659.628489][ T5922] libceph: mon0 (1)[c::]:6789 connect error
[  659.661683][T10849] ceph: No mds server is up or the cluster is laggy
[  659.966226][ T5922] libceph: connect (1)[c::]:6789 error -101
[  659.966921][ T5922] libceph: mon0 (1)[c::]:6789 connect error
[  660.581476][ T5922] libceph: connect (1)[c::]:6789 error -101
[  660.581685][ T5922] libceph: mon0 (1)[c::]:6789 connect error
[  660.985369][ T7423] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.780891][T10878] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  661.780911][T10878] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  661.780968][T10878] vhci_hcd vhci_hcd.0: Device attached
[  662.219060][ T5922] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  665.858918][T10880] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  665.901537][T10878] net_ratelimit: 1 callbacks suppressed
[  665.901549][T10878] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  665.902927][ T7197] vhci_hcd: stop threads
[  665.902938][ T7197] vhci_hcd: release socket
[  665.902991][ T7197] vhci_hcd: disconnect device
[  666.638437][ T7423] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  666.679106][T10888] netlink: 'syz.0.1425': attribute type 32 has an invalid length.
[  666.704826][T10885] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR
[  669.671119][T10917] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1431'.
[  670.995892][ T5922] vhci_hcd: vhci_device speed not set
[  671.213301][T10928] netlink: 'syz.4.1434': attribute type 32 has an invalid length.
[  671.594271][ T7423] bridge_slave_1: left allmulticast mode
[  671.594304][ T7423] bridge_slave_1: left promiscuous mode
[  671.596348][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.144508][ T7423] bridge_slave_0: left allmulticast mode
[  672.144541][ T7423] bridge_slave_0: left promiscuous mode
[  672.156004][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  672.267141][T10027] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  672.278886][T10027] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  672.295517][T10027] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  672.297045][T10027] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  672.311068][T10027] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  674.252421][T10953] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1440'.
[  674.389990][T10027] Bluetooth: hci5: command tx timeout
[  676.494464][T10027] Bluetooth: hci5: command tx timeout
[  677.918857][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  677.978968][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  678.002648][ T7423] bond0 (unregistering): Released all slaves
[  678.306807][ T5151] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  678.346417][ T5151] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  678.347566][ T5151] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  678.376817][ T5151] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  678.416105][ T5151] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  678.555966][T10027] Bluetooth: hci5: command tx timeout
[  678.718647][ T7423] bond1 (unregistering): (slave veth3): Releasing backup interface
[  678.781934][ T7423] bond1 (unregistering): Released all slaves
[  679.428458][ T7423] bond2 (unregistering): (slave veth5): Releasing backup interface
[  679.491969][ T7423] bond2 (unregistering): Released all slaves
[  680.429452][ T7423] tipc: Left network mode
[  680.467143][T10027] Bluetooth: hci4: command tx timeout
[  680.627500][T10027] Bluetooth: hci5: command tx timeout
[  682.546093][T10027] Bluetooth: hci4: command tx timeout
[  683.798383][T10975] lo speed is unknown, defaulting to 1000
[  684.356549][T10938] lo speed is unknown, defaulting to 1000
[  684.625105][T10027] Bluetooth: hci4: command tx timeout
[  684.816951][ T7423] hsr_slave_0: left promiscuous mode
[  685.284643][ T7423] hsr_slave_1: left promiscuous mode
[  685.285273][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  685.285291][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  685.360110][ T7423] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  685.360140][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  686.673315][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  686.673363][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  686.704371][T10027] Bluetooth: hci4: command tx timeout
[  686.752968][ T7423] veth1_macvtap: left promiscuous mode
[  686.753558][ T7423] veth0_macvtap: left promiscuous mode
[  686.757168][ T7423] veth1_vlan: left promiscuous mode
[  686.758627][ T7423] veth0_vlan: left promiscuous mode
[  690.772370][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  690.952914][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  697.267395][T10938] chnl_net:caif_netlink_parms(): no params data found
[  697.379933][T10975] chnl_net:caif_netlink_parms(): no params data found
[  703.187481][T11131] overlayfs: failed to resolve './file1': -2
[  704.309347][T10938] bridge0: port 1(bridge_slave_0) entered blocking state
[  704.309564][T10938] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.309803][T10938] bridge_slave_0: entered allmulticast mode
[  704.312494][T10938] bridge_slave_0: entered promiscuous mode
[  704.320139][T10975] bridge0: port 1(bridge_slave_0) entered blocking state
[  704.320290][T10975] bridge0: port 1(bridge_slave_0) entered disabled state
[  704.320497][T10975] bridge_slave_0: entered allmulticast mode
[  704.323111][T10975] bridge_slave_0: entered promiscuous mode
[  704.325992][T10938] bridge0: port 2(bridge_slave_1) entered blocking state
[  704.326144][T10938] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.326318][T10938] bridge_slave_1: entered allmulticast mode
[  704.330026][T10938] bridge_slave_1: entered promiscuous mode
[  704.333479][T10975] bridge0: port 2(bridge_slave_1) entered blocking state
[  704.333608][T10975] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.333786][T10975] bridge_slave_1: entered allmulticast mode
[  704.338289][T10975] bridge_slave_1: entered promiscuous mode
[  707.884366][T10938] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  707.950465][T10975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  708.052642][T10938] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  708.647908][T10975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  712.223358][T10938] team0: Port device team_slave_0 added
[  712.225916][T10975] team0: Port device team_slave_0 added
[  712.301626][T10938] team0: Port device team_slave_1 added
[  712.547285][T10975] team0: Port device team_slave_1 added
[  713.056974][T10938] batman_adv: batadv0: Adding interface: batadv_slave_0
[  713.056991][T10938] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  713.057022][T10938] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  713.238804][T10938] batman_adv: batadv0: Adding interface: batadv_slave_1
[  713.238822][T10938] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  713.238852][T10938] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  713.242173][T10975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  713.242189][T10975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  713.242214][T10975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  713.412310][T10975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  713.412327][T10975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  713.412362][T10975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  716.318437][T10938] hsr_slave_0: entered promiscuous mode
[  716.541216][T10938] hsr_slave_1: entered promiscuous mode
[  716.676201][T10975] hsr_slave_0: entered promiscuous mode
[  716.682329][T10975] hsr_slave_1: entered promiscuous mode
[  716.709601][T10975] debugfs: 'hsr0' already exists in 'hsr'
[  716.709811][T10975] Cannot create hsr debugfs directory
[  717.577657][T11239] netlink: 'syz.1.1517': attribute type 12 has an invalid length.
[  721.893425][T11261] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  724.342180][T11276] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1526'.
[  724.342214][T11276] netlink: 'syz.4.1526': attribute type 7 has an invalid length.
[  724.342227][T11276] netlink: 'syz.4.1526': attribute type 8 has an invalid length.
[  724.342239][T11276] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1526'.
[  726.426110][T11292] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  728.241388][ T7423] bridge_slave_1: left allmulticast mode
[  728.241423][ T7423] bridge_slave_1: left promiscuous mode
[  728.241757][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.441177][ T7423] bridge_slave_0: left allmulticast mode
[  728.441198][ T7423] bridge_slave_0: left promiscuous mode
[  728.441365][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.564984][ T7423] bridge_slave_1: left allmulticast mode
[  728.565015][ T7423] bridge_slave_1: left promiscuous mode
[  728.565261][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  728.863632][ T7423] bridge_slave_0: left allmulticast mode
[  728.863653][ T7423] bridge_slave_0: left promiscuous mode
[  728.863808][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  728.940885][T11316] Invalid source name
[  728.940901][T11316] UBIFS error (pid: 11316): cannot open "./file0", error -22
[  731.252080][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  731.451701][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  731.584906][ T7423] bond0 (unregistering): Released all slaves
[  732.553646][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  732.749402][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  732.778995][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  732.780609][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  732.805485][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  732.809078][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  732.869778][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  733.544741][ T7423] bond0 (unregistering): Released all slaves
[  734.027275][T11313] bond_slave_0: entered promiscuous mode
[  734.027327][T11313] bond_slave_1: entered promiscuous mode
[  734.028548][T11313] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  734.104890][T11313] bond_slave_0: left promiscuous mode
[  734.104942][T11313] bond_slave_1: left promiscuous mode
[  734.969744][ T5151] Bluetooth: hci0: command tx timeout
[  736.998753][ T5151] Bluetooth: hci0: command tx timeout
[  738.022411][ T7423] hsr_slave_0: left promiscuous mode
[  738.181008][ T7423] hsr_slave_1: left promiscuous mode
[  738.181945][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  738.208206][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  739.134814][ T5151] Bluetooth: hci0: command tx timeout
[  739.194269][T11388] overlayfs: failed to resolve './file0': -2
[  739.305179][ T7423] hsr_slave_0: left promiscuous mode
[  739.347672][ T7423] hsr_slave_1: left promiscuous mode
[  739.348627][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  739.699044][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  739.718369][T10027] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  739.756864][T10027] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  739.772068][T10027] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  739.795260][T10027] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  739.810342][T10027] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  741.487074][ T5151] Bluetooth: hci0: command tx timeout
[  741.867028][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  741.876359][ T5151] Bluetooth: hci6: command tx timeout
[  742.026319][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  742.996267][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  743.139242][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  743.955343][ T5151] Bluetooth: hci6: command tx timeout
[  744.187029][T11416] overlayfs: failed to resolve './file0': -2
[  744.337015][T11407] bond_slave_0: entered promiscuous mode
[  744.337073][T11407] bond_slave_1: entered promiscuous mode
[  744.359529][T11407] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  744.583158][T11407] bond_slave_0: left promiscuous mode
[  744.583252][T11407] bond_slave_1: left promiscuous mode
[  746.483917][ T5151] Bluetooth: hci6: command tx timeout
[  746.577793][T11350] lo speed is unknown, defaulting to 1000
[  747.866857][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  747.866933][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  748.210912][T11392] lo speed is unknown, defaulting to 1000
[  748.395673][T11446] overlayfs: failed to resolve './file0': -2
[  748.512989][ T5151] Bluetooth: hci6: command tx timeout
[  751.111776][  T989] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  751.274256][  T989] usb 1-1: config index 0 descriptor too short (expected 39, got 27)
[  751.274318][  T989] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  751.274341][  T989] usb 1-1: config 0 interface 0 has no altsetting 0
[  751.277475][  T989] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  751.277501][  T989] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  751.277521][  T989] usb 1-1: Product: syz
[  751.277536][  T989] usb 1-1: Manufacturer: syz
[  751.277550][  T989] usb 1-1: SerialNumber: syz
[  751.368995][  T989] usb 1-1: config 0 descriptor??
[  751.382676][  T989] hub 1-1:0.0: bad descriptor, ignoring hub
[  751.382709][  T989] hub 1-1:0.0: probe with driver hub failed with error -5
[  751.460048][  T989] usb 1-1: selecting invalid altsetting 0
[  754.427293][T11487] fuse: Unknown parameter 'user_id00000000000000000000'
[  755.393100][  T989] usb 1-1: USB disconnect, device number 8
[  758.476954][T11350] chnl_net:caif_netlink_parms(): no params data found
[  758.869773][T11518] fuse: Unknown parameter 'user_id00000000000000000000'
[  759.160027][T11522] netlink: 'syz.0.1598': attribute type 32 has an invalid length.
[  759.295261][T11392] chnl_net:caif_netlink_parms(): no params data found
[  761.964515][T11549] fuse: Unknown parameter 'user_id00000000000000000000'
[  762.172611][T11556] netlink: 'syz.4.1608': attribute type 32 has an invalid length.
[  764.653512][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880367fc400: rx timeout, send abort
[  764.774186][T11581] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1615'.
[  765.103129][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805e927800: rx timeout, send abort
[  765.154280][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880367fc400: abort rx timeout. Force session deactivation
[  765.199421][T11350] bridge0: port 1(bridge_slave_0) entered blocking state
[  765.199567][T11350] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.199824][T11350] bridge_slave_0: entered allmulticast mode
[  765.202938][T11350] bridge_slave_0: entered promiscuous mode
[  765.342494][T11586] fuse: Bad value for 'fd'
[  765.547275][T11350] bridge0: port 2(bridge_slave_1) entered blocking state
[  765.547363][T11350] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.547542][T11350] bridge_slave_1: entered allmulticast mode
[  765.550104][T11350] bridge_slave_1: entered promiscuous mode
[  765.696879][ T7423] bridge_slave_1: left allmulticast mode
[  765.696912][ T7423] bridge_slave_1: left promiscuous mode
[  765.697269][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.765918][ T7423] bridge_slave_0: left allmulticast mode
[  765.765951][ T7423] bridge_slave_0: left promiscuous mode
[  765.766209][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  765.825722][ T7423] bridge_slave_1: left allmulticast mode
[  765.825748][ T7423] bridge_slave_1: left promiscuous mode
[  765.825905][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  765.865315][ T7423] bridge_slave_0: left allmulticast mode
[  765.865336][ T7423] bridge_slave_0: left promiscuous mode
[  765.865505][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  767.652670][T11601] netlink: 'syz.4.1621': attribute type 32 has an invalid length.
[  768.804941][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  768.913684][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  769.003120][ T7423] bond0 (unregistering): Released all slaves
[  769.304075][T11614] fuse: Bad value for 'fd'
[  770.452743][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  770.512642][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  770.574546][ T7423] bond0 (unregistering): Released all slaves
[  776.209072][T11392] bridge0: port 1(bridge_slave_0) entered blocking state
[  776.209218][T11392] bridge0: port 1(bridge_slave_0) entered disabled state
[  776.209432][T11392] bridge_slave_0: entered allmulticast mode
[  776.212143][T11392] bridge_slave_0: entered promiscuous mode
[  776.276825][T11350] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  776.301222][T11392] bridge0: port 2(bridge_slave_1) entered blocking state
[  776.301368][T11392] bridge0: port 2(bridge_slave_1) entered disabled state
[  776.301619][T11392] bridge_slave_1: entered allmulticast mode
[  776.308487][T11392] bridge_slave_1: entered promiscuous mode
[  776.346786][T11350] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  776.424026][T11644] fuse: Bad value for 'fd'
[  776.572361][T11651] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1639'.
[  776.572395][T11651] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1639'.
[  780.184164][T11669] netlink: 'syz.4.1641': attribute type 32 has an invalid length.
[  780.398142][T11392] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  780.619405][T11350] team0: Port device team_slave_0 added
[  780.630908][T11392] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  780.648612][T11350] team0: Port device team_slave_1 added
[  786.444036][ T7423] hsr_slave_0: left promiscuous mode
[  786.484223][ T7423] hsr_slave_1: left promiscuous mode
[  786.486799][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  786.537516][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  786.983997][ T7423] hsr_slave_0: left promiscuous mode
[  787.063837][ T7423] hsr_slave_1: left promiscuous mode
[  787.064613][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  787.187861][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  788.470136][T11703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1649'.
[  788.470172][T11703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1649'.
[  788.953710][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  789.056403][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  790.032996][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  790.142765][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  792.085923][T11392] team0: Port device team_slave_0 added
[  792.093617][T11392] team0: Port device team_slave_1 added
[  792.335896][T11392] batman_adv: batadv0: Adding interface: batadv_slave_0
[  792.335913][T11392] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  792.335937][T11392] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  792.356743][T11392] batman_adv: batadv0: Adding interface: batadv_slave_1
[  792.356758][T11392] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  792.356784][T11392] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  793.410604][T11392] hsr_slave_0: entered promiscuous mode
[  793.418685][T11392] hsr_slave_1: entered promiscuous mode
[  794.948921][T10027] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  794.959840][T10027] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  794.975186][T10027] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  794.978363][T10027] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  794.979796][T10027] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  795.229084][T11732] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  795.229110][T11732] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  795.229206][T11732] vhci_hcd vhci_hcd.0: Device attached
[  795.353798][T11733] vhci_hcd: connection closed
[  795.353987][ T7435] vhci_hcd: stop threads
[  795.354003][ T7435] vhci_hcd: release socket
[  795.354036][ T7435] vhci_hcd: disconnect device
[  797.179485][ T5151] Bluetooth: hci0: command tx timeout
[  797.798227][T11724] lo speed is unknown, defaulting to 1000
[  797.897170][T11749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1660'.
[  797.897212][T11749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1660'.
[  799.036882][T11759] bridge1: entered promiscuous mode
[  799.299120][ T5151] Bluetooth: hci0: command tx timeout
[  800.367254][T11771] kAFS: No cell specified
[  800.370529][ T7423] bridge_slave_1: left allmulticast mode
[  800.370559][ T7423] bridge_slave_1: left promiscuous mode
[  800.370813][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  800.493376][ T7423] bridge_slave_0: left allmulticast mode
[  800.493407][ T7423] bridge_slave_0: left promiscuous mode
[  800.493702][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  800.732467][T10027] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  800.834048][T10027] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  800.861761][T10027] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  800.906307][T10027] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  800.937969][T10027] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  801.376547][ T5151] Bluetooth: hci0: command tx timeout
[  802.486868][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  803.094895][ T5151] Bluetooth: hci4: command tx timeout
[  803.156160][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  803.272406][ T7423] bond0 (unregistering): Released all slaves
[  803.495503][ T5151] Bluetooth: hci0: command tx timeout
[  805.124577][ T5151] Bluetooth: hci4: command tx timeout
[  806.712758][T11724] chnl_net:caif_netlink_parms(): no params data found
[  807.229790][ T5151] Bluetooth: hci4: command tx timeout
[  808.412204][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  808.718758][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  808.720315][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  809.154703][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  809.292888][ T5151] Bluetooth: hci4: command tx timeout
[  811.377089][T11825] bond_slave_0: entered promiscuous mode
[  811.377124][T11825] bond_slave_1: entered promiscuous mode
[  811.555465][T11825] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  812.428918][T11825] bond_slave_0: left promiscuous mode
[  812.428965][T11825] bond_slave_1: left promiscuous mode
[  812.922755][T11775] lo speed is unknown, defaulting to 1000
[  814.521778][T11724] bridge0: port 1(bridge_slave_0) entered blocking state
[  814.521930][T11724] bridge0: port 1(bridge_slave_0) entered disabled state
[  814.522171][T11724] bridge_slave_0: entered allmulticast mode
[  814.524911][T11724] bridge_slave_0: entered promiscuous mode
[  814.603615][T11724] bridge0: port 2(bridge_slave_1) entered blocking state
[  814.603742][T11724] bridge0: port 2(bridge_slave_1) entered disabled state
[  814.603956][T11724] bridge_slave_1: entered allmulticast mode
[  814.606395][T11724] bridge_slave_1: entered promiscuous mode
[  814.736059][  T989] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  814.892337][  T989] usb 5-1: config index 0 descriptor too short (expected 39, got 27)
[  814.892398][  T989] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  814.892422][  T989] usb 5-1: config 0 interface 0 has no altsetting 0
[  814.895583][  T989] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  814.895610][  T989] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  814.895631][  T989] usb 5-1: Product: syz
[  814.895654][  T989] usb 5-1: Manufacturer: syz
[  814.895667][  T989] usb 5-1: SerialNumber: syz
[  814.929095][T11892] binder: 11886:11892 ioctl c0306201 200000000040 returned -22
[  815.095656][  T989] usb 5-1: config 0 descriptor??
[  815.107370][  T989] hub 5-1:0.0: bad descriptor, ignoring hub
[  815.107409][  T989] hub 5-1:0.0: probe with driver hub failed with error -5
[  815.135510][  T989] usb 5-1: selecting invalid altsetting 0
[  815.256309][T11724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  815.303119][T11724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  815.962889][ T7423] bridge_slave_1: left allmulticast mode
[  815.962910][ T7423] bridge_slave_1: left promiscuous mode
[  815.963078][ T7423] bridge0: port 2(bridge_slave_1) entered disabled state
[  816.054634][ T7423] bridge_slave_0: left allmulticast mode
[  816.054655][ T7423] bridge_slave_0: left promiscuous mode
[  816.059160][ T7423] bridge0: port 1(bridge_slave_0) entered disabled state
[  816.489759][T11900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1708'.
[  816.737279][    C1] vcan0: j1939_tp_rxtimer: 0xffff888036807c00: rx timeout, send abort
[  816.762621][T11906] Invalid source name
[  816.762632][T11906] UBIFS error (pid: 11906): cannot open "./file0", error -22
[  816.810915][ T7423] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  816.890581][ T7423] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  816.954591][ T7423] bond0 (unregistering): Released all slaves
[  817.000921][T11724] team0: Port device team_slave_0 added
[  817.214712][T11724] team0: Port device team_slave_1 added
[  817.651360][ T7423] hsr_slave_0: left promiscuous mode
[  818.493803][ T7423] hsr_slave_1: left promiscuous mode
[  818.498088][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_0
[  818.579420][ T7423] batman_adv: batadv0: Removing interface: batadv_slave_1
[  818.638237][T10483] usb 5-1: USB disconnect, device number 13
[  819.021245][T11919] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14
[  821.007433][ T7423] team0 (unregistering): Port device team_slave_1 removed
[  821.137140][ T7423] team0 (unregistering): Port device team_slave_0 removed
[  821.986232][T11724] batman_adv: batadv0: Adding interface: batadv_slave_0
[  821.986248][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  821.986273][T11724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  821.997670][T11939] Invalid source name
[  821.997685][T11939] UBIFS error (pid: 11939): cannot open "./file0", error -22
[  822.054157][T11724] batman_adv: batadv0: Adding interface: batadv_slave_1
[  822.054175][T11724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  822.054200][T11724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  822.468136][T11951] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1721'.
[  822.676940][T11954] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes.
[  822.777737][T11775] chnl_net:caif_netlink_parms(): no params data found
[  822.857806][T11724] hsr_slave_0: entered promiscuous mode
[  822.863708][T11724] hsr_slave_1: entered promiscuous mode
[  826.371896][   T37] audit: type=1326 audit(1758812828.563:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11985 comm="syz.0.1730" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe10674eec9 code=0x0
[  827.767949][T11997] Invalid source name
[  827.767966][T11997] UBIFS error (pid: 11997): cannot open "./file0", error -22
[  828.013723][T12002] netlink: 360 bytes leftover after parsing attributes in process `syz.0.1734'.
[  828.092193][T11775] bridge0: port 1(bridge_slave_0) entered blocking state
[  828.092388][T11775] bridge0: port 1(bridge_slave_0) entered disabled state
[  828.092528][T11775] bridge_slave_0: entered allmulticast mode
[  828.121502][T11775] bridge_slave_0: entered promiscuous mode
[  828.171114][T11775] bridge0: port 2(bridge_slave_1) entered blocking state
[  828.171256][T11775] bridge0: port 2(bridge_slave_1) entered disabled state
[  828.171449][T11775] bridge_slave_1: entered allmulticast mode
[  828.198827][T11775] bridge_slave_1: entered promiscuous mode
[  830.293700][T12006] bond_slave_0: entered promiscuous mode
[  830.293767][T12006] bond_slave_1: entered promiscuous mode
[  830.295796][T12006] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  830.387063][T12006] bond_slave_0: left promiscuous mode
[  830.388952][T12006] bond_slave_1: left promiscuous mode
[  830.561947][ T6259] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  830.685771][T11775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  830.734019][ T6259] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[  830.734077][ T6259] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  830.734100][ T6259] usb 2-1: config 0 interface 0 has no altsetting 0
[  830.811940][ T6259] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  830.811972][ T6259] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  830.811992][ T6259] usb 2-1: Product: syz
[  830.812005][ T6259] usb 2-1: Manufacturer: syz
[  830.812019][ T6259] usb 2-1: SerialNumber: syz
[  830.826203][ T6259] usb 2-1: config 0 descriptor??
[  830.864071][T11775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  831.012518][ T6259] hub 2-1:0.0: bad descriptor, ignoring hub
[  831.012572][ T6259] hub 2-1:0.0: probe with driver hub failed with error -5
[  831.017487][ T6259] usb 2-1: selecting invalid altsetting 0
[  833.294481][T11775] team0: Port device team_slave_0 added
[  833.326218][T11775] team0: Port device team_slave_1 added
[  833.469229][T12032] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1743'.
[  833.469262][T12032] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1743'.
[  833.823428][T11775] batman_adv: batadv0: Adding interface: batadv_slave_0
[  833.823490][T11775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.823520][T11775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  833.914120][T11775] batman_adv: batadv0: Adding interface: batadv_slave_1
[  833.914136][T11775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  833.914162][T11775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  834.204492][T12042] Invalid source name
[  834.204531][T12042] UBIFS error (pid: 12042): cannot open "./file0", error -22
[  836.181268][ T5922] usb 2-1: USB disconnect, device number 13
[  837.075589][T11775] hsr_slave_0: entered promiscuous mode
[  837.080427][T11775] hsr_slave_1: entered promiscuous mode
[  837.083109][T11775] debugfs: 'hsr0' already exists in 'hsr'
[  837.083134][T11775] Cannot create hsr debugfs directory
[  837.436708][T12059] netlink: 'syz.1.1750': attribute type 32 has an invalid length.
[  837.821752][T11724] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  837.952148][T11724] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  838.153643][T11724] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  838.270179][T11724] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  838.532472][T12075] kAFS: No cell specified
[  838.632522][T12076] Invalid source name
[  838.632561][T12076] UBIFS error (pid: 12076): cannot open "./file0", error -22
[  839.836655][T12088] netlink: 'syz.4.1759': attribute type 1 has an invalid length.
[  841.624083][T12099] netlink: 'syz.1.1762': attribute type 32 has an invalid length.
[  841.745649][T12106] fuse: Bad value for 'fd'
[  842.157663][T11775] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  842.194801][T11775] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  842.252964][T11775] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  842.294770][T11775] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  842.390043][T11724] 8021q: adding VLAN 0 to HW filter on device bond0
[  842.551708][T11724] 8021q: adding VLAN 0 to HW filter on device team0
[  842.639064][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  842.640881][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  844.090558][ T7423] bridge0: port 2(bridge_slave_1) entered blocking state
[  844.090647][ T7423] bridge0: port 2(bridge_slave_1) entered forwarding state
[  845.771017][T11775] 8021q: adding VLAN 0 to HW filter on device bond0
[  845.853552][T11775] 8021q: adding VLAN 0 to HW filter on device team0
[  845.918375][ T6033] bridge0: port 1(bridge_slave_0) entered blocking state
[  845.918530][ T6033] bridge0: port 1(bridge_slave_0) entered forwarding state
[  845.995889][ T9221] bridge0: port 2(bridge_slave_1) entered blocking state
[  845.996189][ T9221] bridge0: port 2(bridge_slave_1) entered forwarding state
[  847.286794][T11724] 8021q: adding VLAN 0 to HW filter on device batadv0
[  848.661640][T11775] 8021q: adding VLAN 0 to HW filter on device batadv0
[  848.937871][T11724] veth0_vlan: entered promiscuous mode
[  848.983356][T11724] veth1_vlan: entered promiscuous mode
[  849.929279][T11724] veth0_macvtap: entered promiscuous mode
[  849.960189][T11724] veth1_macvtap: entered promiscuous mode
[  850.006634][T11724] batman_adv: batadv0: Interface activated: batadv_slave_0
[  850.034869][T11724] batman_adv: batadv0: Interface activated: batadv_slave_1
[  850.084326][ T7423] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  850.142801][ T7423] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  850.151216][ T7423] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  850.179428][ T7423] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  850.740413][    C0] vkms_vblank_simulate: vblank timer overrun
[  850.791760][    C0] vkms_vblank_simulate: vblank timer overrun
[  850.935174][    C0] vkms_vblank_simulate: vblank timer overrun
[  852.020031][ T9204] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  852.020052][ T9204] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  852.068004][T11775] veth0_vlan: entered promiscuous mode
[  852.318736][T11775] veth1_vlan: entered promiscuous mode
[  852.379286][ T7423] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  852.379313][ T7423] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  852.803062][T11775] veth0_macvtap: entered promiscuous mode
[  852.846011][T11775] veth1_macvtap: entered promiscuous mode
[  852.886065][T11775] batman_adv: batadv0: Interface activated: batadv_slave_0
[  852.924645][T11775] batman_adv: batadv0: Interface activated: batadv_slave_1
[  852.947538][ T7423] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  852.947883][ T7423] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  852.947922][ T7423] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  852.947955][ T7423] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  853.386687][ T7435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  853.386707][ T7435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  853.503465][ T9204] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  853.503485][ T9204] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  854.190970][T12216] netlink: 'syz.1.1786': attribute type 32 has an invalid length.
[  855.016367][    C0] vkms_vblank_simulate: vblank timer overrun
[  855.710891][T12230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  855.726851][T12230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  855.734072][T12230] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  855.743160][T12230] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  855.744071][T12230] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  856.179768][T12244] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1794'.
[  858.119906][T12230] Bluetooth: hci5: command tx timeout
[  858.520595][T12268] netlink: 'syz.4.1798': attribute type 32 has an invalid length.
[  859.045954][T12280] Invalid source name
[  859.045996][T12280] UBIFS error (pid: 12280): cannot open "./file0", error -22
[  859.860870][ T9214] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  860.014447][T12227] lo speed is unknown, defaulting to 1000
[  860.227101][T12230] Bluetooth: hci5: command tx timeout
[  860.259109][T12287] input: syz1 as /devices/virtual/input/input15
[  860.583325][ T9214] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  861.108268][ T9214] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.483697][T12230] Bluetooth: hci5: command tx timeout
[  862.558534][ T9214] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.736767][T12313] Invalid source name
[  863.736785][T12313] UBIFS error (pid: 12313): cannot open "./file0", error -22
[  864.547863][T12230] Bluetooth: hci5: command tx timeout
[  865.560467][T12227] chnl_net:caif_netlink_parms(): no params data found
[  865.715787][T12327] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1818'.
[  865.823722][T12333] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input16
[  865.925108][T12338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1821'.
[  865.925140][T12338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1821'.
[  866.096830][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802fd60800: rx timeout, send abort
[  866.996004][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880366fb400: rx timeout, send abort
[  866.996044][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802fd60800: abort rx timeout. Force session deactivation
[  868.052045][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880366fb400: abort rx timeout. Force session deactivation
[  868.360139][T12351] netlink: 'syz.4.1824': attribute type 32 has an invalid length.
[  868.388073][T12227] bridge0: port 1(bridge_slave_0) entered blocking state
[  868.388210][T12227] bridge0: port 1(bridge_slave_0) entered disabled state
[  868.388427][T12227] bridge_slave_0: entered allmulticast mode
[  868.413485][T12227] bridge_slave_0: entered promiscuous mode
[  868.476731][T12227] bridge0: port 2(bridge_slave_1) entered blocking state
[  868.476943][T12227] bridge0: port 2(bridge_slave_1) entered disabled state
[  868.477142][T12227] bridge_slave_1: entered allmulticast mode
[  868.479247][T12227] bridge_slave_1: entered promiscuous mode
[  869.174665][T12227] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  869.179120][T12227] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  870.425438][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[  870.425514][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[  870.453353][T12230] Bluetooth: hci5: command tx timeout
[  870.616786][T12390] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1834'.
[  870.624540][T12392] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input17
[  870.794752][ T9214] bridge_slave_1: left allmulticast mode
[  870.794785][ T9214] bridge_slave_1: left promiscuous mode
[  870.796978][ T9214] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.895580][    C0] vcan0: j1939_tp_rxtimer: 0xffff888036807c00: rx timeout, send abort
[  870.963516][ T9214] bridge_slave_0: left allmulticast mode
[  870.963548][ T9214] bridge_slave_0: left promiscuous mode
[  870.963839][ T9214] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.445161][    C0] vcan0: j1939_tp_rxtimer: 0xffff888036805800: rx timeout, send abort
[  871.447384][    C0] vcan0: j1939_tp_rxtimer: 0xffff888036807c00: abort rx timeout. Force session deactivation
[  872.111890][    C0] vcan0: j1939_tp_rxtimer: 0xffff888036805800: abort rx timeout. Force session deactivation
[  873.849459][T12423] fuse: Bad value for 'fd'
[  874.746635][ T9214] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  874.910448][ T9214] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  875.584749][ T9214] bond0 (unregistering): Released all slaves
[  875.958135][T12227] team0: Port device team_slave_0 added
[  876.003257][T12227] team0: Port device team_slave_1 added
[  878.827964][  T989] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  878.937899][T12455] fuse: Bad value for 'fd'
[  879.070316][  T989] usb 2-1: config index 0 descriptor too short (expected 39, got 27)
[  879.070377][  T989] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  879.070406][  T989] usb 2-1: config 0 interface 0 has no altsetting 0
[  879.104581][  T989] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  879.104611][  T989] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  879.104632][  T989] usb 2-1: Product: syz
[  879.104646][  T989] usb 2-1: Manufacturer: syz
[  879.104660][  T989] usb 2-1: SerialNumber: syz
[  879.165001][  T989] usb 2-1: config 0 descriptor??
[  879.191000][  T989] hub 2-1:0.0: bad descriptor, ignoring hub
[  879.191038][  T989] hub 2-1:0.0: probe with driver hub failed with error -5
[  879.212233][  T989] usb 2-1: selecting invalid altsetting 0
[  881.587391][T12227] batman_adv: batadv0: Adding interface: batadv_slave_0
[  881.587407][T12227] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  881.587432][T12227] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  881.712100][T12227] batman_adv: batadv0: Adding interface: batadv_slave_1
[  881.712118][T12227] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  881.712144][T12227] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  884.839197][ T5904] usb 2-1: USB disconnect, device number 14
[  886.630266][T12227] hsr_slave_0: entered promiscuous mode
[  886.631619][T12227] hsr_slave_1: entered promiscuous mode
[  886.632485][T12227] debugfs: 'hsr0' already exists in 'hsr'
[  886.632508][T12227] Cannot create hsr debugfs directory
[  888.642907][ T9214] hsr_slave_0: left promiscuous mode
[  889.652604][ T9214] hsr_slave_1: left promiscuous mode
[  889.653204][ T9214] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  889.653222][ T9214] batman_adv: batadv0: Removing interface: batadv_slave_0
[  889.857891][ T9214] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  889.857922][ T9214] batman_adv: batadv0: Removing interface: batadv_slave_1
[  889.991374][ T9214] veth1_macvtap: left promiscuous mode
[  889.991490][ T9214] veth0_macvtap: left promiscuous mode
[  889.991768][ T9214] veth1_vlan: left promiscuous mode
[  889.991999][ T9214] veth0_vlan: left promiscuous mode
[  890.349694][T12540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1874'.
[  890.349728][T12540] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1874'.
[  890.581550][T12543] binder: 12536:12543 ioctl c0306201 200000000040 returned -14
[  893.850757][ T9214] team0 (unregistering): Port device team_slave_1 removed
[  894.071760][ T9214] team0 (unregistering): Port device team_slave_0 removed
[  897.672844][ T5835] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  898.698141][ T5835] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  898.698172][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  898.698190][ T5835] usb 1-1: Product: syz
[  898.698204][ T5835] usb 1-1: Manufacturer: syz
[  898.698217][ T5835] usb 1-1: SerialNumber: syz
[  899.244074][T12593] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1890'.
[  899.244099][T12593] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1890'.
[  899.845772][ T5835] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  899.845830][ T5835] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  899.874916][ T5835] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  899.901649][ T5835] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71
[  899.927587][ T5835] usb 1-1: USB disconnect, device number 9
[  902.421889][T12629] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1901'.
[  902.421924][T12629] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1901'.
[  902.619682][T12227] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  902.660516][T12227] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  902.784582][T12227] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  902.886822][T12227] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  909.651900][T12227] 8021q: adding VLAN 0 to HW filter on device bond0
[  909.701995][T12227] 8021q: adding VLAN 0 to HW filter on device team0
[  909.716500][ T7423] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.717245][ T7423] bridge0: port 1(bridge_slave_0) entered forwarding state
[  909.745045][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  909.745763][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  910.386056][T12677] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input18
[  911.341534][T12227] 8021q: adding VLAN 0 to HW filter on device batadv0
[  917.319426][T12735] netlink: 'syz.4.1931': attribute type 32 has an invalid length.
[  917.335750][ T5151] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  917.385970][ T5151] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  917.397292][ T5151] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  917.413686][ T5151] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  917.414487][ T5151] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  918.383864][T12742] lo speed is unknown, defaulting to 1000
[  919.402125][T12761] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input19
[  919.474770][ T5151] Bluetooth: hci0: command tx timeout
[  921.978942][ T5151] Bluetooth: hci0: command tx timeout
[  922.273527][   T37] audit: type=1326 audit(1758812924.521:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12782 comm="syz.4.1943" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff548e8eec9 code=0x0
[  922.375158][T12785] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1943'.
[  922.386080][T12779] sp0: Synchronizing with TNC
[  922.967297][T12786] sp0: Found TNC
[ 1028.122988][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[ 1028.123005][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P12794/1:b..l
[ 1028.123024][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=49917, q=1911 ncpus=2)
[ 1028.123035][    C1] task:syz.0.1945      state:R  running task     stack:27336 pid:12794 tgid:12792 ppid:5832   task_flags:0x400040 flags:0x00004000
[ 1028.123065][    C1] Call Trace:
[ 1028.123069][    C1]  <TASK>
[ 1028.123075][    C1]  __schedule+0x16f3/0x4c20
[ 1028.123107][    C1]  ? __pfx___schedule+0x10/0x10
[ 1028.123128][    C1]  ? preempt_schedule_irq+0xaa/0x150
[ 1028.123142][    C1]  preempt_schedule_irq+0xb5/0x150
[ 1028.123155][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[ 1028.123171][    C1]  ? rcu_irq_exit_check_preempt+0xdf/0x210
[ 1028.123186][    C1]  irqentry_exit+0x6f/0x90
[ 1028.123198][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1028.123208][    C1] RIP: 0010:lock_acquire+0xd5/0x360
[ 1028.123221][    C1] Code: 8b 04 25 08 40 f6 91 83 b8 1c 0b 00 00 00 0f 85 d5 00 00 00 48 c7 44 24 30 00 00 00 00 9c 8f 44 24 30 4c 89 74 24 10 4d 89 fe <4c> 8b 7c 24 30 fa 48 c7 c7 87 e0 04 8d e8 c9 28 5b 09 65 ff 05 32
[ 1028.123229][    C1] RSP: 0018:ffffc9000503f238 EFLAGS: 00000246
[ 1028.123236][    C1] RAX: ffff888031fb1dc0 RBX: 0000000000000000 RCX: 7206e1d954164f00
[ 1028.123243][    C1] RDX: 0000000000000000 RSI: ffffffff8172c182 RDI: 1ffffffff1b351b0
[ 1028.123249][    C1] RBP: ffffffff8172c165 R08: 0000000000000000 R09: 0000000000000000
[ 1028.123255][    C1] R10: ffffc9000503f3f8 R11: ffffffff81aaf310 R12: 0000000000000002
[ 1028.123261][    C1] R13: ffffffff8d9a8d80 R14: 0000000000000000 R15: 0000000000000000
[ 1028.123269][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1028.123281][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1028.123292][    C1]  ? unwind_next_frame+0xc2/0x2390
[ 1028.123310][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1028.123321][    C1]  ? kvm_create_vm_debugfs+0x459/0x900
[ 1028.123334][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1028.123345][    C1]  unwind_next_frame+0xc2/0x2390
[ 1028.123356][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1028.123370][    C1]  ? unwind_next_frame+0xa5/0x2390
[ 1028.123381][    C1]  ? debugfs_create_file_full+0x3f/0x60
[ 1028.123396][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1028.123406][    C1]  arch_stack_walk+0x11c/0x150
[ 1028.123422][    C1]  ? kvm_create_vm_debugfs+0x459/0x900
[ 1028.123436][    C1]  stack_trace_save+0x9c/0xe0
[ 1028.123445][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[ 1028.123458][    C1]  ? do_raw_spin_lock+0x121/0x290
[ 1028.123475][    C1]  kasan_save_track+0x3e/0x80
[ 1028.123485][    C1]  ? kasan_save_track+0x3e/0x80
[ 1028.123493][    C1]  ? __kasan_slab_alloc+0x6c/0x80
[ 1028.123503][    C1]  ? kmem_cache_alloc_lru_noprof+0x14c/0x310
[ 1028.123514][    C1]  ? __d_alloc+0x36/0x7b0
[ 1028.123522][    C1]  ? d_alloc_parallel+0xe5/0x1600
[ 1028.123530][    C1]  ? __lookup_slow+0x11c/0x3d0
[ 1028.123538][    C1]  ? simple_start_creating+0xfd/0x1e0
[ 1028.123551][    C1]  ? start_creating+0x10f/0x180
[ 1028.123561][    C1]  ? __debugfs_create_file+0x79/0x4f0
[ 1028.123571][    C1]  ? debugfs_create_file_full+0x3f/0x60
[ 1028.123582][    C1]  ? kvm_create_vm_debugfs+0x459/0x900
[ 1028.123614][    C1]  ? __d_alloc+0x36/0x7b0
[ 1028.123623][    C1]  __kasan_slab_alloc+0x6c/0x80
[ 1028.123633][    C1]  ? __d_alloc+0x36/0x7b0
[ 1028.123640][    C1]  kmem_cache_alloc_lru_noprof+0x14c/0x310
[ 1028.123655][    C1]  __d_alloc+0x36/0x7b0
[ 1028.123667][    C1]  d_alloc_parallel+0xe5/0x1600
[ 1028.123677][    C1]  ? try_to_take_rt_mutex+0x840/0xb00
[ 1028.123690][    C1]  ? look_up_lock_class+0x74/0x170
[ 1028.123703][    C1]  ? register_lock_class+0x51/0x320
[ 1028.123713][    C1]  ? rtlock_slowlock_locked+0xd8/0x4010
[ 1028.123723][    C1]  ? arch_stack_walk+0xfc/0x150
[ 1028.123738][    C1]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 1028.123750][    C1]  ? __rt_spin_lock_init+0x3e/0x50
[ 1028.123759][    C1]  ? __init_waitqueue_head+0xae/0x160
[ 1028.123772][    C1]  __lookup_slow+0x11c/0x3d0
[ 1028.123783][    C1]  ? __pfx___lookup_slow+0x10/0x10
[ 1028.123799][    C1]  ? lookup_noperm_common+0x241/0x430
[ 1028.123809][    C1]  ? d_lookup+0xaa/0xc0
[ 1028.123819][    C1]  ? lookup_noperm+0x111/0x240
[ 1028.123829][    C1]  simple_start_creating+0xfd/0x1e0
[ 1028.123841][    C1]  ? __pfx_simple_start_creating+0x10/0x10
[ 1028.123852][    C1]  ? rt_spin_unlock+0x65/0x80
[ 1028.123868][    C1]  start_creating+0x10f/0x180
[ 1028.123880][    C1]  __debugfs_create_file+0x79/0x4f0
[ 1028.123895][    C1]  debugfs_create_file_full+0x3f/0x60
[ 1028.123908][    C1]  kvm_create_vm_debugfs+0x459/0x900
[ 1028.123925][    C1]  ? __pfx_kvm_create_vm_debugfs+0x10/0x10
[ 1028.123940][    C1]  ? __rt_spin_lock_init+0x3e/0x50
[ 1028.123952][    C1]  kvm_dev_ioctl+0x15a0/0x1980
[ 1028.123968][    C1]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1028.123979][    C1]  ? __fget_files+0x2a/0x420
[ 1028.123993][    C1]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1028.124003][    C1]  ? __pfx_kvm_dev_ioctl+0x10/0x10
[ 1028.124014][    C1]  __se_sys_ioctl+0xfc/0x170
[ 1028.124026][    C1]  do_syscall_64+0xfa/0x3b0
[ 1028.124034][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1028.124046][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.124054][    C1]  ? clear_bhb_loop+0x60/0xb0
[ 1028.124065][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1028.124073][    C1] RIP: 0033:0x7fe10674eec9
[ 1028.124081][    C1] RSP: 002b:00007fe1049ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1028.124089][    C1] RAX: ffffffffffffffda RBX: 00007fe1069a5fa0 RCX: 00007fe10674eec9
[ 1028.124096][    C1] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
[ 1028.124101][    C1] RBP: 00007fe1067d1f91 R08: 0000000000000000 R09: 0000000000000000
[ 1028.124107][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1028.124112][    C1] R13: 00007fe1069a6038 R14: 00007fe1069a5fa0 R15: 00007ffe323b8218
[ 1028.124126][    C1]  </TASK>
[ 1028.124133][    C1] rcu: rcu_preempt kthread starved for 4392 jiffies! g49917 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[ 1028.124144][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[ 1028.124148][    C1] rcu: RCU grace-period kthread stack dump:
[ 1028.124152][    C1] task:rcu_preempt     state:R  running task     stack:26968 pid:18    tgid:18    ppid:2      task_flags:0x208040 flags:0x00004000
[ 1028.124178][    C1] Call Trace:
[ 1028.124181][    C1]  <TASK>
[ 1028.124186][    C1]  __schedule+0x16f3/0x4c20
[ 1028.124208][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1028.124220][    C1]  ? __pfx___schedule+0x10/0x10
[ 1028.124239][    C1]  ? schedule+0x91/0x360
[ 1028.124252][    C1]  schedule+0x165/0x360
[ 1028.124264][    C1]  schedule_timeout+0x12b/0x270
[ 1028.124276][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[ 1028.124286][    C1]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 1028.124299][    C1]  ? __pfx_process_timeout+0x10/0x10
[ 1028.124311][    C1]  ? prepare_to_swait_event+0x341/0x380
[ 1028.124325][    C1]  rcu_gp_fqs_loop+0x301/0x1540
[ 1028.124342][    C1]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[ 1028.124354][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[ 1028.124371][    C1]  rcu_gp_kthread+0x99/0x390
[ 1028.124384][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1028.124395][    C1]  ? __kthread_parkme+0x7b/0x200
[ 1028.124407][    C1]  ? __kthread_parkme+0x1a1/0x200
[ 1028.124420][    C1]  kthread+0x70e/0x8a0
[ 1028.124434][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[ 1028.124445][    C1]  ? __pfx_kthread+0x10/0x10
[ 1028.124464][    C1]  ? __pfx_kthread+0x10/0x10
[ 1028.124477][    C1]  ret_from_fork+0x436/0x7d0
[ 1028.124489][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[ 1028.124503][    C1]  ? __switch_to_asm+0x39/0x70
[ 1028.124511][    C1]  ? __switch_to_asm+0x33/0x70
[ 1028.124518][    C1]  ? __pfx_kthread+0x10/0x10
[ 1028.124530][    C1]  ret_from_fork_asm+0x1a/0x30
[ 1028.124546][    C1]  </TASK>
[ 1028.124549][    C1] rcu: Stack dump where RCU GP kthread last ran:
[ 1028.124557][    C1] Sending NMI from CPU 1 to CPUs 0:
[ 1028.124585][    C0] NMI backtrace for cpu 0
[ 1028.124600][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[ 1028.124617][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1028.124625][    C0] RIP: 0010:pv_native_safe_halt+0x13/0x20
SYZFAIL: failed to send rpc
fd=3 want=7912 sent=0 n=-1 (errno 32: Broken pipe)
[ 1028.124645][    C0] Code: 13 b3 03 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 13 26 11 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1028.124658][    C0] RSP: 0018:ffffffff8d607d80 EFLAGS: 000002c6
[ 1028.124670][    C0] RAX: 127b76fe0776f800 RBX: ffffffff81955f48 RCX: 127b76fe0776f800
[ 1028.124682][    C0] RDX: 0000000000000001 RSI: ffffffff8d03ad79 RDI: ffffffff8b621680
[ 1028.124693][    C0] RBP: ffffffff8d607eb8 R08: ffff8880b883341b R09: 1ffff11017106683
[ 1028.124711][    C0] R10: dffffc0000000000 R11: ffffed1017106684 R12: ffffffff8f1d6330
[ 1028.124723][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1ae0620
[ 1028.124733][    C0] FS:  0000000000000000(0000) GS:ffff8881268bc000(0000) knlGS:0000000000000000
[ 1028.124746][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1028.124756][    C0] CR2: 00007f52909efa75 CR3: 0000000048bb2000 CR4: 00000000003526f0
[ 1028.124770][    C0] Call Trace:
[ 1028.124776][    C0]  <TASK>
[ 1028.124781][    C0]  default_idle+0x13/0x20
[ 1028.124796][    C0]  default_idle_call+0x74/0xb0
[ 1028.124811][    C0]  do_idle+0x1e8/0x510
[ 1028.124828][    C0]  ? __pfx_do_idle+0x10/0x10
[ 1028.124850][    C0]  cpu_startup_entry+0x44/0x60
[ 1028.124864][    C0]  rest_init+0x2de/0x300
[ 1028.124881][    C0]  start_kernel+0x3a9/0x410
[ 1028.124902][    C0]  x86_64_start_reservations+0x24/0x30
[ 1028.124917][    C0]  x86_64_start_kernel+0x143/0x1c0
[ 1028.124932][    C0]  common_startup_64+0x13e/0x147
[ 1028.124954][    C0]  </TASK>
[ 1038.179320][ T1321] ieee802154 phy0 wpan0: encryption failed: -22
[ 1038.179387][ T1321] ieee802154 phy1 wpan1: encryption failed: -22
[ 1038.188020][T12230] Bluetooth: hci0: command tx timeout
[ 1038.468177][   T69] kworker/u8:5 (69) used greatest stack depth: 12360 bytes left
[ 1039.167713][T10027] Bluetooth: hci4: command 0x0406 tx timeout
[ 1040.207575][ T5151] Bluetooth: hci0: command tx timeout
[ 1041.586549][ T6033] bridge_slave_1: left allmulticast mode
[ 1041.586576][ T6033] bridge_slave_1: left promiscuous mode
[ 1041.586745][ T6033] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1041.678089][ T6033] bridge_slave_0: left allmulticast mode
[ 1041.678121][ T6033] bridge_slave_0: left promiscuous mode
[ 1041.678370][ T6033] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1043.376430][ T6033] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1043.469951][ T6033] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1043.518360][ T6033] bond0 (unregistering): Released all slaves
[ 1043.862566][ T6033] hsr_slave_0: left promiscuous mode
[ 1043.912103][ T6033] hsr_slave_1: left promiscuous mode
[ 1043.912805][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1043.946481][ T6033] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1045.015757][ T6033] team0 (unregistering): Port device team_slave_1 removed
[ 1045.275202][ T6033] team0 (unregistering): Port device team_slave_0 removed