last executing test programs:

27.484912242s ago: executing program 0 (id=3433):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="11000000140025000307f4f9002304000a", 0x11)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000900)=ANY=[@ANYBLOB="15a31ae9b77a306d5d3418def83421daef8bc61f50c603b6e2072bf9aa93746fe11ce6cc33ca4fe0f3cbfd228dd5a2951f1218dacfd2cc0e36966c9fde554cdc4ca8602ee26302ae43760573b94c", @ANYRESDEC=0x0, @ANYBLOB, @ANYRES64, @ANYRES64, @ANYRESHEX, @ANYRES16], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000003c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(0x0, 0x0)
getresgid(&(0x7f0000000500), &(0x7f0000000540)=<r6=>0x0, &(0x7f0000000a40))
fchownat(0xffffffffffffffff, &(0x7f0000000280)='./file1\x00', 0x0, r6, 0x400)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtaction={0x14, 0x30, 0xb, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x6a00}}, 0x14}}, 0x200ce8c4)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6574000000000c000780080012400000000205000500020000000500010006"], 0x58}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="500000000906010200000000000000e1020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0c00"], 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

26.551630582s ago: executing program 0 (id=3438):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000)

25.944058881s ago: executing program 0 (id=3440):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f0000004280)={{0x3, 0xfffffffc, 0x98, 0x7, 0xfffffffe, 0xfff}, 0x90, [0x4, 0xfffffffc, 0x2, 0xfff, 0x3, 0xffff, 0x7, 0x7fff, 0xc72, 0x0, 0x0, 0x100, 0xd, 0x7, 0x8, 0x9, 0x101, 0xfffffffa, 0x0, 0xf61c, 0x4, 0x7, 0x0, 0x8, 0x7fff, 0x6, 0x0, 0x8, 0x7, 0x0, 0xf510, 0x3, 0xfff, 0x1, 0x8, 0x0, 0xfffffffb, 0x4, 0x7, 0x3, 0x0, 0x9, 0x5, 0x0, 0x6061, 0xffffffff, 0x0, 0xd35d, 0xdf301300, 0x0, 0x2, 0x7, 0x4, 0x7, 0x2, 0xad, 0x9, 0x9, 0x6, 0xcc0b, 0x51ce, 0xfffffc01, 0x2, 0x10, 0x0, 0xffffffff, 0x8, 0x80000000, 0xffffffae, 0x9, 0x7, 0x2, 0x5, 0x31, 0xffff, 0x200, 0xa7ac, 0x8000, 0xffffffff, 0x8, 0x832c, 0x7, 0xa8c5, 0x5, 0x0, 0x6, 0x0, 0x7, 0xd9, 0x3, 0x5, 0x2, 0x0, 0x2, 0x2, 0x3, 0x4, 0x7, 0xf, 0x1, 0x7, 0xc00000, 0x5, 0x7fffffff, 0x2, 0x9, 0x5, 0x8, 0x0, 0xcc, 0x3, 0x6, 0x80000001, 0x7, 0x54, 0x5, 0x3, 0x8, 0x5, 0x10000000, 0x1, 0x8, 0x6, 0x1, 0xe, 0xd, 0x4, 0xf6, 0xfffffad2, 0x4, 0x800, 0x200, 0x3, 0x139, 0x3, 0x6b55, 0x80, 0x2, 0x4, 0x0, 0x8, 0x7, 0x2, 0x1b4, 0x0, 0x9, 0xd1, 0x200, 0x525, 0xffff7fff, 0x4, 0xff, 0x8, 0x7425, 0xf8, 0x3, 0xfffffff5, 0x6, 0x8, 0x800, 0x3, 0x400, 0x1, 0x7fffffff, 0x8, 0x9, 0x5, 0xaf4, 0x0, 0x8e, 0x1000100, 0x80000000, 0x2, 0xd1, 0x4, 0x3, 0x0, 0xa, 0x2, 0xffffffff, 0x0, 0x8, 0x253f0d17, 0xa53c, 0xbf, 0x2, 0x4, 0x401, 0xc, 0x876, 0x7, 0x2, 0xa, 0xffffffff, 0xffffffff, 0x94, 0x0, 0xffffffff, 0x3, 0x7, 0x3, 0x6, 0x1, 0x5, 0x9, 0x6, 0x7, 0xf, 0x4, 0x2, 0x7, 0x3d, 0x9, 0x0, 0x6703, 0x4, 0x1, 0x5, 0xc, 0x7, 0x4, 0x4, 0x401, 0x1000, 0x9, 0x9bb8, 0x4, 0x1ff, 0x7, 0xfffffffe, 0x8, 0xc, 0xf52, 0xae, 0xfffffff7, 0x3, 0x401, 0x4a91, 0xe, 0x9, 0x7, 0x9, 0xffff, 0x8, 0x4, 0x3, 0x9e7, 0x5, 0x9, 0x0, 0x7, 0x3, 0x5de3, 0xcd, 0x80000001, 0x8, 0x7, 0xfffffffd, 0x10001, 0x24000, 0xfb93, 0xb, 0x6, 0xfffffe1f, 0x7, 0x6, 0x1, 0xfffff000, 0x7, 0x7, 0x6, 0x0, 0xc7a, 0xe, 0x10001, 0x5, 0x0, 0x8, 0x8, 0xeb, 0x5, 0x3, 0x3ff, 0xb7, 0x443, 0x5, 0xe2, 0x5, 0x1, 0x7fff, 0xfffffffd, 0x3, 0x9, 0xb739, 0xfffffff9, 0x7, 0xfff, 0x9e, 0x8, 0xf7, 0x0, 0xffffff58, 0x8, 0x9, 0x7, 0x30, 0x9, 0x9, 0x7fffffff, 0x0, 0xc0000, 0x883, 0x5, 0x1ff, 0x8, 0x8, 0xfffff801, 0x5c4, 0xff, 0x201, 0x3, 0x1, 0xffffffce, 0x8, 0x3, 0x5, 0x7fff, 0x1, 0x0, 0x3, 0xc, 0x5, 0x7, 0x9, 0x4, 0x80000000, 0x0, 0x1, 0x40000, 0x78, 0x5, 0x6, 0x7, 0x8, 0x6, 0x5f0c, 0x5, 0x1, 0x1, 0x9, 0xff, 0xd, 0x8, 0x3, 0x3, 0x8, 0x0, 0x4, 0x9, 0x85, 0x2, 0x4, 0x6, 0xfffffffc, 0x2, 0xc5, 0x3, 0xfffffffa, 0xfffffffc, 0x0, 0xe3, 0x9, 0x8000000, 0x2, 0x40, 0x8, 0x7fffffff, 0x3, 0x3, 0x2, 0x78, 0x7ff, 0x10, 0x6, 0x101, 0x0, 0x5, 0x9, 0x7, 0x9, 0x6, 0x0, 0x8, 0x7, 0x100, 0x7, 0xffff, 0x7, 0x164, 0x8, 0xfffffffc, 0xfffffffb, 0x7, 0x9, 0x8, 0x1, 0x0, 0x4, 0xb71, 0x6, 0x8, 0x424114da, 0x800, 0x5, 0x5, 0x40, 0xfff, 0x0, 0x2, 0x2, 0xffff, 0x8a7, 0x8, 0x8, 0x80000001, 0xe, 0xbf74, 0x95d0, 0x1, 0x9, 0x800, 0x95d8, 0x9, 0x81, 0x1, 0x6, 0x4, 0x4, 0x200, 0x6, 0x8, 0x1, 0x9, 0x7, 0x5, 0xb7, 0xdf5, 0x8, 0x2, 0x2, 0x3ff, 0x3, 0x9, 0x4, 0x23, 0x4, 0x1, 0x7, 0x5, 0x8, 0x0, 0x8, 0x8, 0x5, 0x7fff, 0x0, 0x0, 0x10001, 0x4, 0x8, 0x8d, 0x9, 0x2, 0x400, 0xb, 0x16d, 0x1, 0x1, 0x8001, 0x7, 0x6, 0xf5b, 0x1000, 0x9, 0x1, 0x4, 0x1, 0xffff0001, 0x7, 0x7f, 0x2, 0x1e34, 0x8, 0x0, 0x4, 0x3, 0x9, 0x1, 0x0, 0x7fff, 0x8c, 0x9, 0x5, 0x80000000, 0x9, 0x1, 0xbf, 0xf28, 0x8, 0x8, 0x2, 0x6, 0xffffffff, 0x9, 0x9, 0x8, 0xffffff81, 0x4, 0x36, 0x9, 0x8, 0x6, 0x7fffffff, 0x7, 0xfffffff0, 0x0, 0x2, 0x7, 0x2, 0x8, 0xfffffffc, 0x5bfd, 0x7f, 0x1, 0x0, 0x7, 0x0, 0x6, 0x1ff, 0xf, 0x4, 0xab7d, 0x1, 0x7, 0x4, 0x6, 0xc7d2, 0x9, 0x8, 0x1, 0x80, 0x5, 0x9, 0x1, 0x8, 0x8c, 0x3, 0x4, 0x1, 0x78, 0x2, 0x1, 0x6, 0x26c, 0x2, 0x1, 0x8, 0x4, 0x8e, 0x6, 0x0, 0x78d, 0x2ea7, 0x1, 0x140, 0xffff, 0x1, 0x3, 0x10, 0x6, 0x3dc, 0x7, 0x30b, 0x8, 0xfff, 0xffff, 0x4, 0xffff, 0x1c1, 0x1, 0x4, 0xc, 0x4, 0x7fff, 0x80, 0x8, 0x4, 0x7, 0xfff, 0x7ff, 0x2, 0xe, 0xfffffff8, 0x9cbd, 0x1ff, 0x9, 0x5, 0x0, 0x5, 0x80000001, 0x7f, 0xffff, 0x80000001, 0x101, 0x1, 0x1, 0x3, 0x4, 0x0, 0x9, 0x5, 0x6, 0xfffff96b, 0x4, 0x8, 0xdb86, 0x4, 0x54, 0x3, 0x8, 0x2, 0x2, 0x80000001, 0x7, 0xffff7fff, 0x4, 0x733, 0x8, 0x6, 0xffff, 0x80, 0x4, 0x7, 0x0, 0x1, 0x2, 0x34, 0x2, 0x0, 0xcc, 0x100, 0x7, 0x9, 0x5, 0x6, 0xfffffffe, 0x5, 0xf, 0x1, 0x10001, 0xfffffffa, 0x8001, 0x8, 0x4, 0xb, 0x100, 0x8, 0xf5, 0x1, 0x1, 0x87000000, 0x2, 0x2, 0x4, 0x10000, 0xc60d, 0x5, 0x1, 0x5, 0xe4b, 0xffff0001, 0x4, 0xd, 0x1, 0x2b, 0x9, 0x4, 0x7ff, 0x5, 0x0, 0x3, 0x3ceb4000, 0x3, 0xfffffffd, 0x8, 0x6, 0xa9, 0x1, 0x200, 0x0, 0x200, 0x3, 0x0, 0x0, 0xfffffff7, 0xe19e, 0x7, 0x7, 0x2, 0x3, 0x5, 0x6, 0x2800, 0xffffffff, 0x2f, 0xa, 0x6, 0x0, 0x2, 0x5, 0xe0b, 0xfffffffa, 0x7, 0x9, 0x15, 0xfba00000, 0x7, 0x0, 0xfff, 0x4, 0x5, 0xfffffffc, 0x4, 0x3, 0x6, 0x8, 0x5, 0x200, 0x10000, 0xffff, 0x5, 0x4, 0x7fffffff, 0x4, 0x8, 0x0, 0xffffffff, 0x6, 0x7ff, 0x0, 0x8, 0xfa03, 0x8, 0x1, 0xc5, 0x4, 0x3881d88b, 0x1ff, 0x2, 0x3, 0x5, 0x0, 0x7, 0x1, 0xf, 0x4, 0x8, 0x9, 0x9, 0x1ff, 0xfffffffc, 0x9, 0x0, 0x6, 0x0, 0x1, 0xffff756e, 0x5, 0xfadd, 0x6, 0x10001, 0x7ff, 0x800, 0x0, 0xff, 0x0, 0x1, 0xffffaaac, 0x0, 0x6, 0x4, 0x0, 0x8, 0x7, 0x80000001, 0x1, 0x200, 0x3, 0x1, 0x1, 0x0, 0x10, 0x9, 0x4, 0x0, 0x0, 0x4, 0x9, 0x10, 0xa, 0x7, 0x554, 0x0, 0xc56b, 0x7, 0x6, 0x2, 0xb8e9, 0x7, 0x6, 0x3, 0x0, 0x4, 0x100, 0xf, 0x2, 0xe, 0xc000, 0x9, 0x4, 0x0, 0x4, 0x1, 0x2a2, 0x0, 0xf, 0xffff9691, 0x7c2e, 0x0, 0x1, 0x0, 0x5, 0x9, 0xfe, 0x5, 0xdf, 0xfffff427, 0x1ba, 0xb7ed, 0x1, 0x1000, 0xffffff23, 0x5, 0x2, 0x1, 0x9, 0x6, 0x2f3, 0x6, 0x2, 0x2, 0x6, 0x6, 0x905, 0x0, 0xf1e, 0xff, 0x8, 0x8001, 0x4, 0x1, 0xe, 0xf53, 0x7251, 0x9479, 0x4, 0x5, 0x80, 0x200, 0x400, 0x6, 0xb034, 0x4, 0xffffffff, 0x8001, 0x2, 0x3, 0x5, 0x40, 0x0, 0x4, 0x101, 0x380, 0x8, 0x2, 0x7bc, 0x9, 0x6, 0x6, 0x0, 0xb1a, 0x4, 0x2, 0x4, 0x3, 0x8001, 0x0, 0x6, 0x4, 0x8, 0xd, 0x8, 0x8, 0x4, 0xd, 0xb, 0x7, 0x1, 0x7f, 0xbef, 0x9, 0x6b5, 0x1, 0x101, 0x80, 0xfffeffff, 0xf, 0x6, 0x8, 0xa, 0x3, 0x1, 0xe44, 0x2, 0x7ff, 0xffff, 0x401, 0x741, 0xad, 0x4, 0x4f, 0x40, 0x8, 0x8, 0x1000, 0x9, 0x5, 0x6, 0x7fffffff, 0x0, 0x7705, 0xbd, 0x2, 0x6, 0xffffffff, 0x80000001, 0x58, 0xf, 0x4, 0x2, 0x7fff, 0x3, 0x0, 0x2, 0x2016, 0x51b83c66, 0x9, 0xb27, 0x6, 0x1, 0x2625322a, 0x7, 0xfffffff6, 0x3, 0x1, 0x6f7, 0x80, 0x6, 0x5, 0xffffffff, 0x4, 0x1, 0x4, 0xc32, 0x4b4e, 0x7, 0x10, 0x400, 0x401, 0x5, 0xfffffffb, 0x2, 0x10, 0xdb44, 0x5, 0x9, 0x7, 0x7, 0x8001, 0x7, 0x3, 0xffffff81, 0x1ff, 0x200, 0x8, 0x6, 0x1c7, 0xffffff10, 0x3, 0x8, 0x5, 0x4, 0x9, 0x4, 0xfff, 0xffffffff, 0x63, 0x4, 0x9, 0xcf, 0x1ff, 0x5, 0x3, 0x101]})

25.782979192s ago: executing program 3 (id=3441):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close(0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
mknodat(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0x400, 0x2)
fchdir(0xffffffffffffffff)
r3 = open(&(0x7f0000000000)='./file1\x00', 0x80242, 0x8)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xfffffffffffffff5, 0x0, {{0x4, 0x1, 0x5, 0x6, 0x3, 0x1, {0x1, 0x180, 0xff, 0x5, 0x100, 0x7cf4, 0x9, 0x7ffffffd, 0xfffffffe, 0x1000, 0x0, 0xee00, 0x0, 0x3ff, 0x1}}, {0x0, 0x19}}}, 0xa0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000002, 0x13, 0xffffffffffffffff, 0x0)
sendfile(r3, r3, &(0x7f0000000080), 0x4d9b6eaf)

24.920884375s ago: executing program 4 (id=3446):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs$pagemap(0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
recvmsg$unix(r0, &(0x7f0000000700)={&(0x7f0000000100)=@abs, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000380)=""/247, 0xf7}, {&(0x7f0000000480)=""/119, 0x77}, {&(0x7f0000000500)=""/29, 0x1d}, {&(0x7f0000000540)=""/127, 0x7f}, {&(0x7f00000005c0)=""/82, 0x52}], 0x5, &(0x7f00000006c0)=[@cred={{0x1c}}], 0x20}, 0x2000)
r2 = io_uring_setup(0x1148, &(0x7f0000000300)={0x0, 0xc95e, 0x80, 0x2, 0x30f})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

24.603074427s ago: executing program 1 (id=3448):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x118f7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0/file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20001)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

23.970399862s ago: executing program 3 (id=3449):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x200000, 0x0, 0xb49, 0x6, 0xc, 0x0, 0x1}, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$dsp(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, 0x0)
pwritev(r3, &(0x7f00000002c0)=[{&(0x7f0000000040)="00214717a7070000000003060000000000000000a8a6761d5874f72cf86d73d32f46381d8fee86d9ca0e6a9c4db5a40fef56", 0x54}], 0x1, 0xe, 0x200004)
prctl$PR_MCE_KILL(0x29, 0x1, 0x2)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
socket$kcm(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)

23.404029289s ago: executing program 2 (id=3451):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200407f9, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000d00)=[{{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000140)="91f8a9849519def28691bbc4173c3d6f357d0272b7319130feaab952ac4703cad04be68907e50e997fc26e4c91ea4feb931647fc5393de2500000000", 0x3c}, {&(0x7f0000000e80)="44900000000056ee66c372f3105eb186dd8062fad2d5b5bfb0ba06f274a8d026bd209da8ffa6826e3b3f8075704a9d0ef9aff7f1e7db24609f02d34e76992c9df9fe6888c6c9a4825c6223be6ac54536025affdea54e527c68b0ff250261953f2da79a78104c2d9e7b16ed86b124945aa9ab7581ebd385fb61d442035db81e18c2d2462d0bb25fff9d3b1ce90b597992b2a4d541611ce77f58dce7c9500118229e7cdf4ca7f6adca92c73d97ce54164c1942b2568635bec8e020b41fb2f8000000000000000000000000000000001c8a9f7956583e26f6f0edc415851d0b8305fe66c2b7c114e3712d87744938848f24a13cb604000000000000000000000000000000c7aa5035897b20a6c23f1fc4af2990c07f784b985a3d", 0x119}, {&(0x7f00000002c0)="641a6a2b863c0dd89801925ab48c844221841a87729aca4f2dd9194838b58523947f720c0ecddddb8e618e16ea418060862fdb55f8799bf9c3ecf3812b886138dc5e474541dc531f94fb9c624173cee8b8e3c30aee406b06e859075700000000bdd2bd8853ecedf6056e713bfa99afecaa4a5228f090006692a76749a831a000"/138, 0x8a}, {&(0x7f00000001c0)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c3506", 0x43}], 0x4}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000b80)="f77d2b5dd5f7d74f0748cf3d2cf218d644566a14103b1c7dd35fd2951bd022f10f2dc7f4ce0d8ac5f4abaca4b97b706153756913b7dd48248b5bfb10460019248bf238743fa2aeb5bef21ce832db670920dc5e911ef2ad63e849901d1001129dbacbfd4924d7545517fd18b5d29978f32a5b5c81755cb89cc0490958ba3211eb99df5cdbbc0f9c941aaa1495893dada02d8188acd26b5afd7476413f322c8f79de769debb56343f3eded2dca93ed6641e50fe595e1e0dbe84ed0f70abb4ed2dfb6648df7dbbd18fa5533a6b0acc138c81a8acbcb2fb79a7d7857d41bca238e0548c5e955d74bbb106fe965274cbb3a29b895df0b4e028b6d65c115b81328e0b660253f1c9a359dde67917fa232e2f566483ddbb93ff9b103c1cac356c9f0f6ab5fe77ea4610f71ec6dc988fddf29b8d0b6aaa82752580b62b5f51800d10077f07319b6ffeff06e4dea184fd7a0a0f4d441763e30d1bc475502a1de1ffbc0e30cb1", 0x161}, {&(0x7f0000000640)="35cef842d9c50636f60fc0cfdac56c75f1687f0c56287423f5eed69f117e766bdbad0c2171ad6227e1173ab6efa2fcb1c420a51a0917861009000000f049c606ccab7cda1f0e3490fbe385ea382294882839a22674037b8910bd8a1420e33eb1be6f10cfb24eb7cccdf1528ef33b34ab07cdb0909a9ba9547e1e343b451d9025c4e153612d4674b9411fb4de295599abbcb388d291aa839a64c1cb1234a1c9098a8bf2ccea26b7b7295b3adb0850f6e03591cadcd0e26a878862516c39ed834f5510ae66be3034cb31f4e7bb5d5d7f3e75257d3ae0cdcac37870d6a9d20fa62c0d503722fde912386a1dfade37e5c4a75d1718d57198f857f5de7cc2", 0xfc}, {&(0x7f0000001300)="e0cda6472d1ccfb4d1d46bf348a3b7ff9e5b6b3e30ef2266c86a085e37271763c50968fe2e2eb13b9472381bade936f9a85e26aac6ebd21115f086751d870434cf07dbd92e0ea2322f163473dad24cffe6d23ffa95b04a2653e8a7c9ab042e4bde850bc9f6147f1a48e86eec8223fd33fc6c1f0b457883374393fbd08a3281a268aff6688fb41eecbdd328ef0fcbe09cd9e34c6b9d641ba6fb677edede912815299a33", 0xa3}], 0x3}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="9d910b8618214bae2e342dc08ae97b143ffc6ab012a1586720306bf83d3388e0c1ac3c108fc990989ac1b22c3dd83b3626fb0fabd889b211911a46bcf8", 0x3d}, {&(0x7f0000000380)="b40978b34848d8f56550e6c1f3306cb0c73974e45c4d76137dff606065e1f2eeb46c557cd921109449369d696cdb497b4e457215ac489460e2717343343bc65a", 0x40}, {&(0x7f0000001e00)="68b3754f09a39c154de25f4603e9b130bdbe1b6224adc0ad0027206f464ea209607536d0fc8781bdf5e419275dd6035da49b43fbac55b302ae0d3596227b7d6d1dc8981658cef1038a0375582e01267d64f8f6f426d7ab8b3909f0b674a925bc8af014c842f477b6847a471aaeb6fb536a6970d3f5c241ac578fc5b783458da5a00a2d75bda879b6cc5147dd65dddb77230d650c624507f9f534c546a90dd328efe67d3b3f0881d5f66f834f8485409472964a83f844a0d9e3cab4942bb43c24186589520691fe935bbae7117fd67b34821f7f899e1426324047b0560924de33341bdb1003d98bb4f1d844e162ef143c085259df227013a8f895a8298338808dc44f0e2db9bee84cb6a53bce2cdf9ef3d158c1816ea44e37733f6c0615867d2df0069c9dd37b91f578142975d4e9647e6252c5ea6f38a87e8cabfabd30c8a8f3945c8ca39ac062f196ae198b95016088c2db69e2e790452aa5441278763effa7123a53508b2dfb3b9a912adf24c6be3930f1274f771fbe335f2f4db33abf2fcd2e3d5b8d1b8cec92b6ec21c555c1e21eb126234ec06bd7aee38cdc30597a1dd8e1d4200765c9653864ed71f9cf8acf8064007647cbd7a3428722ac5c8abaac3ba31e6fd4350ad5ba20a0c3bb296c69459dcbaed12afcf64f7a1dad187d309db4a8677ccdffb1912692a0ac9149f7d84a89b0f5fc209722c1515b451f2ade3d5aae1efea2738253851c3bcae4f0de2578230eb4acb1445e062aa8f72aa3db0cc7b7c971139cd8094de4575dea602d174727e8a6e0884aab58ed69d5d24e0274b16628d079aa14b117fa02fb0bc30ed60ff2f831181f17facd58562fead40490c93c372a728684a6930d058a1561276fbd662d9d78fe4cdafb62ba00712ec6cf1fae67c224d6f9ddb3177857ab893e1dd368723808e3ce8f9aa0ec834341d22e00e7493d7b1db16f61b259e50a327ff781d1d7c946df10559e4255a4e5a2f546597079c9b83b438d28bdce3c5a12860d16a513f2649776b72d4ae5584600b7120950ca406b7aa4b3c3a0c1fa13f559a7c1c20e73de1207ab865a58e6569f1c20c83106eb3405a26d1831d5aac9a56b72b0f0f9a1f7e6145b364fd0d0f5982c023dddac60bb3db0d8bac112ba77001e0f8fe736530f27c30b499495ad660f3e614c6302f9aaba13fe9d31314a38c2623f7c03bf08f2e9bebda9ada32c7e43439c9a5e0025ead70764b17294255cca73f86222fdb99816d5bb19d37a0b9f9cde555fc302cb70f4904153108c30d55a924531727451315d7f77695e123687733131b130f415d3c845bf2549b9781945a25af1db502c250c63dc15a5c4d15c48322709bc24285474da4cef306d34c9ac612f774b98c940d8f976ec580b82771a41533c5400a10df183096d1a6babad07e3d5c330731900d65152974f7cf2548d13318895e316d8a878401074cc51b6e06f9c85c8a84eb60ba9e4f53bde31358451a716ce5fcdd702bccf7bd7128cfa6201729f098b7e8bb734ff52d76e2b37a79ed3b8f6630352c0b9e99ee94127f75ee889ebfc59fe1a41dcd450f876517516ffbdee9b02627c743d43dae577871c5c69bcbfa813add72f360e8e5a6abec837d73baf2c931156712022a07030656ccdb4267c486ae353bba0e82fbce65e7fd8ce43ab5a43eefc460e97726c591df9964a4124a9620d34eac212187c79a44d1dd56c962905c3b2a9b2f7ea1a30d93383b8ef8d37599d26a14fd6afaa30de62907c80dede0dbca03ab5ac8e65afb60bb53715bbae8c0985db801ea95a9dafed8036e3bd0d6eef36b246b204f0358725d3859502605e29f5e9fd17826518b1f4ab27c80dff916189f999d1a2c4783844bc91684d29c0c4644eb9ea196130588cb1740bc26a49f6f8306af79f14d28221904e5f96c76942165a6c3f43f6d097c7147eb0baf2e88d03bcaff50626a33ff6e088afade73cf94990d07392aab66c20485fa7996b09ceeb8708f0cfa114e1bfe6476623e67fa238197c69b7351e9774aa2e008a7e41149d66ba3d1a60071e21e2174b476b6236d8ba03b8441598d8613d32e4a025cf4de53c4e7485aca1d66fc015388e94e29ed98865cbca6426d07512d917b38f02ca91b6e3a2e73bda0638f4d5aef352303f1a20b21f0ba09b36293de7e946b0c360d1ca9ba66763d2b6f490db27be0d3993fb9a8f5b58c8c291d057fb8f512788b39ed035ec48ef9ae25e56da9f13a6c8d23982708529ad46ef53850fcebc4ecbcdb5e8572704840dde607087373b368349cd498202471c07261034c1d6f579dd41ea8f9a7cb30f48877736b0037862409f99ada0a431e458d9c348889f7d0db514fc065f4c4ba537b0ce22bbffb025e995861f865ac83ecc4b895eba005c86ead263f1021a53f85c16f55c331afce37d5b567a3b0a3690b17d34209f05e649cddeab15fdde9ebc9db434caf9f18db3d3a77c1c4addcef06b690d46fcc56421a5380ffaaa053cfbc9929d2a3955601d725685319f125fcd9a5ade0738800836412c8628b7248b64be95cd737e0c93a8bdf84a94ddb323e1081fd4cafc7251c4d0ec3cad92797688a2f515884788c6abc4ae54eda7e49679cefc72dad6b87d2163680cef2ffeead96351a58b9bcb7d495750a836060181a233fa5e96534445a925bafc13fc87f27ca32cfa95c9c43653a2d32be7a71de2ccc13d329efebe0209c3c998327e4369a91d9c9555b1d5c83ed11a62b5f078ae7cfdc462422d7d69f91ce2c5f117266f9ac0eddbd7bd50c8c6c9012ccf314511248f242a740cee0ce5718017066f4131d9d0a85ebdd04ded2343166e7b898f885428bdfd9471935d9782be2e840d1a7fe2d22b5055ac1fabe3c4de528c63623b5b923d3dcc2ac4d4a23210bc3f6fba7267ecbb3cf5537feb6a6d1ae78ae1fc39243c1fd3ff581e3163f5a33499086360c4b777e0ea028b063462aa74a1795cdd9d591808eea0fa18c975566537908e1f717f06f14888ca0bae617d89be0e3a9f86108d8e8d75e17b40a9291b43dd6e645459288b39be12527f3c20548b6f5450b40e7484f5241becbf0641a360d4ef0c7cae1f930d3d1264cbdcfd4c09b8a8f1af997122a4246e23940b8702badcf5fcbb5a5e34e97a68b4ec43e92b48f35e4376c1d0229daeb2c9a608b390c74ce5555aab075adb7885514c840a2eb8aaa12589b294f0e65c4e5aa2373f1ccdc8d534c004f6dfb89322b9472d08deb5dfd5594b2d5b890a5609a695b628d054a6b75a9871889a71e627a751fe888af74aa54a24e421dbdbfb3ac8b949182fe4687fb8d6d971eacdf1e5d2040a72bf7f77d754cc2ec5bddcaf67adac6d72a41fa7b558a630f642414400188b1ffa88054aef5cbacb5d0e2ac890014ddbe7a641e39a9f5d1bdd010d99088a3939f4bdf9f700506d742df288ab10d7236b79cee604e6ddf3aa23fccb7debc6b16d5b2f4a456b68da7821f96ac5bb34c734e8ec7c07a28155013ffcbd70a1b77be5b4be09bb5d9730b6b9f5882ebf11d9a73ffd28d0e5dbe7a2bb66eb61e5066c79339b38e42eb11698dea659997a8f14161d3cacfc144b432648eaa2bc258c2cbd9af40d467651328466390c36fd1bd529f3f9f6dc4e701a390933475a1ed06f97e2f7019ab8dce9bc9bfca660f20c18d2168efa397b7e1acc42deac29e85d0ccfb794b974f1d4e194d6055c614f7d54c338f7cc9af6b926f77e1b6afb5b4a728bbffe0881e211eae46ec36c0618a34a9bdc3af7bfbd574975085262a9b4fb6e67c271873d1cbedc7defdd592bcb6b7fdd6e8ec65c57c408e45418f513b2443acee01a4743e183360bb2119dc596b43b07d393bfd965dce7e16a698234d16a9544bda7fab7a62992e28fcc719fece261a400f89b7720b2f15841f2b49b803f4efafbca6d7d219ae95b26b08a064ea40dad1c946f28f0aa60352bebe46cfd466b116226f555edc3e4b448ed0e10dfb997b4bf55d1024332ab91b850b475eaea5ebf553ced5520c431eb5ca6e1fa24c4d82328aa44e7ef1388f01676742cb13f902300cf399b5f0531afbd293bfa838a954bec855d8ea9b1d9d8748f997e1a96aa5ca1eed6a2f342e78281897174a2f1019a5b13a5c0dc7b83727edfa994ad69a1d325d3849d0ae13b6a51e44d9c726d448697a7d907f6f3974e67bccf3ffdd075f29cee069db123f3cda231c85cc15fb1ac7300c2fd9b88b42d4df4569ede21d43690d9ddaf351fa845f0943212351f457deaff8b955604456fe39d657a29251b5661f9ef9cc78d261e4bc99ec472a3aac7c8e2ce535a14440d58f12e75cdff1269dc67d9da90cb23822f96b19fa0c57a54fedf2e97d742c424b0065dafc85a9e4c73c8102e9a73e96586407e7487c4919ebd7d0cd2300767ec514708c601903d0bbe608e739805ab66967010efbbc555ae60adcb4de6a22b7a995fe56086b0473040faccd4e0dc35401181c59699f0bf9d5697ca25120e7cf0b5c9e490441188e4925dae5e9cc5371e6f253f9ca0c63cb762200c001c25ae7e48fd0d36fa7f3dfc1b511bcadbd7886e53c41d1ebd5293aee96989fc57d71b71e90d2d23a733ea70ab7b82a50f866d22f0bafa6e4129bcb07088999a067e94b197523ee70ea48608ee723ca7543381344d3dc831e5a9028ae528564760cf727a3740dd5108ac718be21026b0d7911ff71ef5b7c42a0806e5fc9c403eb778ad8eecb1cb830a360a38fcf896d4c1692554f022a5499229fe9f440e4031e08bcc2b583bdcffb3d5bf8d682afa2d6c1a638e9cdb4e566b0e3e5a9f2d887f1df93bd7517adc0e3527d7b8d45502b911cb567367a770c51a1e65078511fd0f068c6dee90c6f6b080f8af15d944edebea43f9d89797c408551c34b08ed6449d7124b64e95e352f1db31ea3c869cbb6b054dd46ba784f791c190cb2a8278e0c47bb4affcfeec4237b467af359dc00c7c3f3e5a9dfa5b81cf14a8cd458451", 0xdc4}], 0x3}}], 0x3, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

22.865139671s ago: executing program 0 (id=3452):
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
socket(0x1d, 0x2, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000805}, 0x0)
keyctl$invalidate(0x15, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$nl_xfrm(0x10, 0x3, 0x6)
getresuid(&(0x7f0000000180)=<r2=>0x0, 0x0, &(0x7f0000000340))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_emit_ethernet(0x3e, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa0020000000080800470000300000000000069078ac141400ac1e0001070707000000000000000000", @ANYRES32=0x41424344, @ANYRESHEX=r2, @ANYBLOB="0000000000000020c21944d604000016612f69444755fe9225ff9ae200000000"], 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3)

22.407158158s ago: executing program 2 (id=3453):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f00000003c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1})
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001380)={<r3=>0xffffffffffffffff})
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002e40)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x40080}, 0x4000)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r4, &(0x7f00000014c0)=[{&(0x7f0000000340)=""/191, 0xfffffd90}], 0x1, 0x182, 0x0)

22.327736133s ago: executing program 1 (id=3454):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x3, 0x0, 0x200000f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x8055)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r6, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071120b000000950000008d"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x4, 0x1c}]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r10, 0x400452c8, &(0x7f0000000100))
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7})

22.163935373s ago: executing program 4 (id=3455):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000019100)='net/udp6\x00')
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, r2, 0x0, 0xb, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000080)={0x5, 0x7})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565b, &(0x7f0000000000)={0x6})
r3 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r3, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000880)='*', 0x1}], 0x1}}], 0x2, 0x48000)

21.312642588s ago: executing program 3 (id=3456):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001dc0)=@newtfilter={0x48, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r5, {0x0, 0x4}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0xb}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

21.253001718s ago: executing program 2 (id=3457):
migrate_pages(0x0, 0x5, &(0x7f0000000040)=0x9, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
r2 = dup3(r0, r1, 0x0)
write$FUSE_INTERRUPT(r2, &(0x7f0000002c00)={0x10}, 0x10)
write$eventfd(r2, &(0x7f0000000280)=0x8, 0x8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
socket(0x10, 0x803, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x90, "ff00f7000000000000000020af88008300"})
r4 = syz_open_pts(r3, 0x141601)
epoll_create(0x8001)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x400008, 0x1ffffffe, 0x0, 0x200007, 0x19, "680c1acfa4a5000000070000faffffff000800"})

20.341789532s ago: executing program 3 (id=3458):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
unshare(0xe060400)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, 0x0)

20.283385181s ago: executing program 2 (id=3459):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xca7, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0x4}, {}, {0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffff, 0xfff3}}]}}]}, 0x3c}}, 0x0)

20.083895385s ago: executing program 1 (id=3460):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x9})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

20.033105055s ago: executing program 3 (id=3461):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000006c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x10}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x20040000)

19.937417438s ago: executing program 2 (id=3462):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
openat(r1, &(0x7f0000000100)='./file1\x00', 0x10d443, 0x1ff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
r5 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r5)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, 0x0, 0x0)
unshare(0xe060400)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, 0x0)

19.775102119s ago: executing program 4 (id=3463):
r0 = openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582de", @ANYRESDEC], 0x0)
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4, 0x0, 0x2a240}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8, 0x1, 0x4}, @IFLA_XFRM_IF_ID={0x8, 0x2, 0x1}]}}}, @IFLA_LINK={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x800)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
ioctl$KVM_SET_TSC_KHZ_cpu(r3, 0xaea2, 0x1)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58)
bind$alg(r4, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58)
ftruncate(0xffffffffffffffff, 0xffff)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x7)
ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f00000004c0)=@multiplanar_userptr={0x5, 0x4, 0x4, 0x20, 0x6, {}, {0x3, 0x8, 0x0, 0x3, 0x6, 0xf5, "2af344db"}, 0xddd4, 0x2, {0x0}, 0x2})
ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x8000})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r5=>r4}, './file0\x00'})
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000180)={{0x0, 0x7ff, 0xe, 0x9}, 'syz1\x00', 0x22})

19.680116341s ago: executing program 3 (id=3464):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
timer_create(0x3, &(0x7f0000000040)={0x0, 0x11, 0x4}, &(0x7f0000044000))
ptrace$getregset(0x4204, 0x0, 0x1, &(0x7f0000000000)={&(0x7f0000000280)=""/117, 0x75})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x7a, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000540))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0xffffffffffffffff, 0x204001)
syz_usb_disconnect(r5)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000002c0)="66b85ba7ffff0f23c00f21f86635010000000f23f80f20e06635000010000f22e00f71f6b80f01cf66b8fb616ab50f23d80f21f86635800000600f23f8b804008ed8260f0178000f005200260f0059a6660f6b85c9c5", 0x56}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0xc0a0)

19.612890499s ago: executing program 1 (id=3465):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x118f7, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/../file0/file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20001)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)

19.537854025s ago: executing program 0 (id=3466):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x51}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x24008004)

19.308220834s ago: executing program 0 (id=3467):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x200000, 0x0, 0xb49, 0x6, 0xc, 0x0, 0x1}, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$dsp(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r3, 0x0, 0x0, 0xe, 0x200004)
prctl$PR_MCE_KILL(0x29, 0x1, 0x2)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
socket$kcm(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)

17.598214933s ago: executing program 4 (id=3468):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040))
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg2\x00'})
socket(0x10, 0x3, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x4780, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, &(0x7f0000002140)=ANY=[])
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x6, &(0x7f0000006680))
umount2(&(0x7f00000002c0)='./file0\x00', 0xb)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x20202)
syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x101a01)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.stat\x00', 0x275a, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0)

17.248909549s ago: executing program 4 (id=3469):
migrate_pages(0x0, 0x5, &(0x7f0000000040)=0x9, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
r2 = dup3(r0, r1, 0x0)
write$FUSE_INTERRUPT(r2, &(0x7f0000002c00)={0x10}, 0x10)
write$eventfd(r2, &(0x7f0000000280)=0x8, 0x8)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
socket(0x10, 0x803, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0xa, 0x3, 0x3a)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x8040, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000040)={0x0, 0xffffffff, 0x1, 0x0, 0x90, "ff00f7000000000000000020af88008300"})
r4 = syz_open_pts(r3, 0x141601)
epoll_create(0x8001)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
write(r4, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TCSETSF(r4, 0x5404, &(0x7f0000000080)={0x400008, 0x1ffffffe, 0x0, 0x200007, 0x19, "680c1acfa4a5000000070000faffffff000800"})

16.937920242s ago: executing program 2 (id=3470):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x3, 0x0, 0x200000f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x8055)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r6, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071120b000000950000008dc500"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x4, 0x1c}]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r10, 0x400452c8, &(0x7f0000000100))
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7})

16.306927018s ago: executing program 1 (id=3471):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x5c, 0x2, 0x6, 0x101, 0x0, 0x0, {0xa}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xfffc}]}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x5c}}, 0x0)

16.200383778s ago: executing program 4 (id=3472):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xca7, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0x4}, {}, {0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffff, 0xfff3}}]}}]}, 0x3c}}, 0x0)

15.964067115s ago: executing program 1 (id=3473):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x13)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x24, r1, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010025bd7000ffdbdf2500000000", @ANYRES32=r3], 0x20}}, 0x8080)

4.260565696s ago: executing program 32 (id=3467):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x200000, 0x0, 0xb49, 0x6, 0xc, 0x0, 0x1}, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$dsp(r2, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r3, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r3, 0x0, 0x0, 0xe, 0x200004)
prctl$PR_MCE_KILL(0x29, 0x1, 0x2)
syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
socket$kcm(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)

3.979576705s ago: executing program 33 (id=3464):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
timer_create(0x3, &(0x7f0000000040)={0x0, 0x11, 0x4}, &(0x7f0000044000))
ptrace$getregset(0x4204, 0x0, 0x1, &(0x7f0000000000)={&(0x7f0000000280)=""/117, 0x75})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x7a, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000540))
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$NL80211_CMD_SET_NOACK_MAP(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
r5 = syz_open_dev$evdev(&(0x7f0000000040), 0xffffffffffffffff, 0x204001)
syz_usb_disconnect(r5)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f00000002c0)="66b85ba7ffff0f23c00f21f86635010000000f23f80f20e06635000010000f22e00f71f6b80f01cf66b8fb616ab50f23d80f21f86635800000600f23f8b804008ed8260f0178000f005200260f0059a6660f6b85c9c5", 0x56}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
sendmsg$IPSET_CMD_CREATE(r6, 0x0, 0xc0a0)

1.279639283s ago: executing program 34 (id=3470):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8200)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x2, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x800, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x3, 0x0, 0x200000f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xffffffff}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x8055)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r6 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r6, &(0x7f00000004c0)={&(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10, &(0x7f0000000000)=[{&(0x7f0000000140)="9f", 0x1}], 0x1}, 0x4cbe8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000071120b000000950000008dc500"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
r7 = socket$packet(0x11, 0x3, 0x300)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x4, 0x1c}]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="30000000100001000000ce6bb9092919507f3400", @ANYRES32=0x0, @ANYRES32=r1, @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
r10 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r10, 0x400452c8, &(0x7f0000000100))
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{}, {0x18}, 0x0, 0x7})

218.19629ms ago: executing program 35 (id=3473):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x13)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x24, r1, 0x1, 0x4070bd28, 0x1, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x24}}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010025bd7000ffdbdf2500000000", @ANYRES32=r3], 0x20}}, 0x8080)

0s ago: executing program 36 (id=3472):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x3c, 0x2c, 0xca7, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r4, {0x4}, {}, {0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0xffff, 0xfff3}}]}}]}, 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

0
[ 1111.483826][T12877] sierra 5-1:255.252: device disconnected
[ 1112.873606][T15708] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2908'.
[ 1113.311677][   T26] kauditd_printk_skb: 22 callbacks suppressed
[ 1113.311691][   T26] audit: type=1326 audit(1773183136.572:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1113.425547][   T26] audit: type=1326 audit(1773183136.602:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1113.636092][   T26] audit: type=1326 audit(1773183136.602:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1113.673790][   T26] audit: type=1326 audit(1773183136.602:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1113.714768][   T26] audit: type=1326 audit(1773183136.602:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1113.766812][T15737] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1113.958533][   T26] audit: type=1326 audit(1773183136.612:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15724 comm="syz.1.2914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1114.155682][T15745] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1115.791418][ T4271] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1115.812038][ T4271] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1115.823790][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.830446][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.840434][ T4271] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1115.855377][ T4271] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1115.863758][ T4271] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1115.881260][ T4271] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1115.915901][ T4282] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1115.940222][ T4282] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1115.954684][ T4282] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1115.971241][ T4282] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1115.979879][ T4282] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1115.987799][ T4282] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1116.369894][T15759] chnl_net:caif_netlink_parms(): no params data found
[ 1116.681654][T15759] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1116.695878][T15759] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1116.714128][T15759] device bridge_slave_0 entered promiscuous mode
[ 1116.738093][T15759] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1116.761352][T15759] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1116.814382][T15759] device bridge_slave_1 entered promiscuous mode
[ 1117.024384][T15759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1117.141834][T15759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1117.190945][T15759] team0: Port device team_slave_0 added
[ 1117.265380][T15759] team0: Port device team_slave_1 added
[ 1117.331159][T15759] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1117.356185][T15759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1117.475816][T15759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1117.556961][T15759] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1117.579806][T15759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1117.741576][T15759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1117.926716][ T4399] tipc: Disabling bearer <udp:syz2>
[ 1117.977944][T15797] kvm [15796]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100004c00
[ 1118.030575][ T4399] tipc: Disabling bearer <ib:wg1>
[ 1118.034015][T15797] kvm [15796]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x4870
[ 1118.043359][ T4282] Bluetooth: hci5: command 0x0409 tx timeout
[ 1118.078901][T15805] netlink: 'syz.4.2935': attribute type 13 has an invalid length.
[ 1118.091191][ T4399] tipc: Left network mode
[ 1118.164958][T15797] kvm [15796]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[ 1118.196735][T15759] device hsr_slave_0 entered promiscuous mode
[ 1118.210491][T15759] device hsr_slave_1 entered promiscuous mode
[ 1118.231658][T15797] kvm [15796]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x4850
[ 1118.252205][T15759] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1118.293294][T15759] Cannot create hsr debugfs directory
[ 1119.321480][T15832] netlink: 'syz.3.2939': attribute type 1 has an invalid length.
[ 1119.344496][T15832] netlink: 'syz.3.2939': attribute type 2 has an invalid length.
[ 1119.496596][T15832] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2939'.
[ 1120.122479][ T4282] Bluetooth: hci5: command 0x041b tx timeout
[ 1120.131248][T15838] syz.0.2941 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1121.316340][T15861] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2944'.
[ 1121.476088][T15862] team0: Caught tx_queue_len zero misconfig
[ 1121.681489][ T4310] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[ 1121.714532][ T5088] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[ 1121.734122][T15759] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1121.793960][T15873] netlink: 'syz.3.2946': attribute type 1 has an invalid length.
[ 1121.885364][T15873] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1121.893489][ T4310] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1121.922805][ T5088] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[ 1121.937727][ T5088] usb 5-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config
[ 1121.948445][ T5088] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1121.957658][ T5088] usb 5-1: config 1 has no interface number 0
[ 1121.958307][ T4310] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1121.964241][ T5088] usb 5-1: config 1 interface 128 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1121.989896][ T5088] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1122.000458][ T5088] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.008778][ T5088] usb 5-1: Product: syz
[ 1122.016149][ T5088] usb 5-1: Manufacturer: syz
[ 1122.020906][ T5088] usb 5-1: SerialNumber: syz
[ 1122.059220][ T5088] cdc_wdm: probe of 5-1:1.128 failed with error -22
[ 1122.068640][T15759] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1122.086086][ T4310] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1122.139508][ T4310] usb 2-1: Product: syz
[ 1122.157058][ T4310] usb 2-1: Manufacturer: syz
[ 1122.176343][ T4310] usb 2-1: SerialNumber: syz
[ 1122.201220][ T4282] Bluetooth: hci5: command 0x040f tx timeout
[ 1122.238661][ T4310] usb 2-1: config 0 descriptor??
[ 1122.425333][T15759] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1122.439559][T15759] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1122.496954][ T4399] device hsr_slave_0 left promiscuous mode
[ 1122.517011][ T4399] device hsr_slave_1 left promiscuous mode
[ 1122.541156][ T4399] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1122.569767][ T4399] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1122.611406][ T4399] device bridge_slave_1 left promiscuous mode
[ 1122.626835][ T4399] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1122.644236][ T4399] device bridge_slave_0 left promiscuous mode
[ 1122.654452][ T4399] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1122.890066][ T4399] bond1 (unregistering): Released all slaves
[ 1124.281430][ T4282] Bluetooth: hci5: command 0x0419 tx timeout
[ 1124.556267][ T4310] usb 2-1: USB disconnect, device number 20
[ 1124.651103][   T26] audit: type=1326 audit(1773183147.908:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1124.749829][   T26] audit: type=1326 audit(1773183147.948:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1124.890623][T15896] loop6: detected capacity change from 0 to 7
[ 1124.971743][ T8990] Dev loop6: unable to read RDB block 7
[ 1124.977358][ T8990]  loop6: AHDI p2 p3
[ 1125.099609][ T8990] loop6: partition table partially beyond EOD, truncated
[ 1125.276269][ T8990] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1125.289922][   T26] audit: type=1326 audit(1773183147.948:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.315255][   T26] audit: type=1326 audit(1773183147.948:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.353779][   T26] audit: type=1326 audit(1773183147.948:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.490319][ T8990] udevd[8990]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1125.557113][ T4310] usb 5-1: USB disconnect, device number 22
[ 1125.622177][   T26] audit: type=1326 audit(1773183147.948:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.646569][   T26] audit: type=1326 audit(1773183147.948:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.727153][   T26] audit: type=1326 audit(1773183147.958:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.816262][   T26] audit: type=1326 audit(1773183147.958:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1125.931333][   T26] audit: type=1326 audit(1773183147.958:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15890 comm="syz.0.2949" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff64fd9c799 code=0x7ffc0000
[ 1126.621576][ T4399] team0 (unregistering): Port device team_slave_1 removed
[ 1126.809301][ T4399] team0 (unregistering): Port device team_slave_0 removed
[ 1126.953949][ T4399] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1127.022175][ T4399] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1127.553024][ T4399] bond0 (unregistering): Released all slaves
[ 1128.111516][T15759] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1128.159044][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1128.197264][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1128.271171][T15759] 8021q: adding VLAN 0 to HW filter on device team0
[ 1128.349181][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1128.376100][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1128.453532][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1128.460851][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1129.149136][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1129.351266][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1129.457520][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1129.519529][T15954] ipt_ECN: cannot use operation on non-tcp rule
[ 1129.527837][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1129.535065][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1129.626287][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1129.770247][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1129.810858][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1129.829537][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1129.845174][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1129.892165][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1129.903325][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1129.920550][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1129.941647][T15759] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1129.976596][T15759] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1130.024605][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1130.043197][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1130.084057][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1130.395335][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1130.413262][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1130.441931][T15759] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1130.505670][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1130.535441][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1130.604085][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1130.717662][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1130.767699][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1130.802901][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1130.848614][T15759] device veth0_vlan entered promiscuous mode
[ 1130.919802][T15759] device veth1_vlan entered promiscuous mode
[ 1130.933255][T15969] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1130.985014][T15970] netlink: 'syz.4.2960': attribute type 1 has an invalid length.
[ 1131.083053][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1131.097852][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1131.105720][T15970] netlink: 'syz.4.2960': attribute type 2 has an invalid length.
[ 1131.123896][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1131.124645][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1131.137027][T15759] device veth0_macvtap entered promiscuous mode
[ 1131.148901][T15759] device veth1_macvtap entered promiscuous mode
[ 1131.166812][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1131.170064][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1131.190190][T15759] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1131.190292][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1131.190753][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1131.238118][T15759] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1131.238210][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1131.238663][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1131.279581][T15759] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1131.279655][T15759] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1131.279675][T15759] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1131.279689][T15759] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1131.576741][T15952] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1131.584851][T15952] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1131.607561][   T26] kauditd_printk_skb: 14 callbacks suppressed
[ 1131.607575][   T26] audit: type=1326 audit(1773183154.881:865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1131.696382][   T26] audit: type=1326 audit(1773183154.921:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1131.752433][   T26] audit: type=1326 audit(1773183154.921:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1131.819133][T15982] loop6: detected capacity change from 0 to 7
[ 1131.860376][ T8990] Dev loop6: unable to read RDB block 7
[ 1131.866822][ T8990]  loop6: AHDI p2 p3
[ 1131.880669][ T8990] loop6: partition table partially beyond EOD, truncated
[ 1131.894785][   T26] audit: type=1326 audit(1773183154.921:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1131.924118][ T8990] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1132.020536][   T26] audit: type=1326 audit(1773183154.921:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.075905][   T26] audit: type=1326 audit(1773183154.921:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.118066][T15982] Dev loop6: unable to read RDB block 7
[ 1132.134628][T15982]  loop6: AHDI p2 p3
[ 1132.142188][T15982] loop6: partition table partially beyond EOD, truncated
[ 1132.154942][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1132.165427][T15982] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1132.182934][   T26] audit: type=1326 audit(1773183154.921:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.263477][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1132.283435][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1132.333503][   T26] audit: type=1326 audit(1773183154.921:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.366199][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1132.402092][ T8990] udevd[8990]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1132.436337][   T26] audit: type=1326 audit(1773183154.921:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.531892][ T8990] udevd[8990]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1132.617369][   T26] audit: type=1326 audit(1773183154.921:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15975 comm="syz.1.2962" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7efc12d9c799 code=0x7ffc0000
[ 1132.903784][T15987] device syzkaller0 entered promiscuous mode
[ 1133.001288][T15991] netlink: 'syz.0.2963': attribute type 1 has an invalid length.
[ 1133.032125][T15991] netlink: 'syz.0.2963': attribute type 2 has an invalid length.
[ 1134.401452][ T4271] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1134.414382][ T4271] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1134.424381][ T4271] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1134.436930][ T4271] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1134.445692][ T4271] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 1134.454634][ T4271] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1136.523841][ T4282] Bluetooth: hci0: command 0x0409 tx timeout
[ 1137.679620][T15997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2963'.
[ 1137.791947][T16007] netlink: 'syz.3.2966': attribute type 13 has an invalid length.
[ 1138.398625][T16030] netlink: 'syz.0.2969': attribute type 1 has an invalid length.
[ 1138.422203][T16030] netlink: 'syz.0.2969': attribute type 2 has an invalid length.
[ 1138.477542][T16030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2969'.
[ 1138.593009][ T4282] Bluetooth: hci0: command 0x041b tx timeout
[ 1139.089962][T16008] chnl_net:caif_netlink_parms(): no params data found
[ 1139.226220][ T4385] tipc: Left network mode
[ 1139.701921][T16008] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1139.723637][T16008] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1139.789451][T16008] device bridge_slave_0 entered promiscuous mode
[ 1139.996436][T16008] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1140.014588][T16008] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1140.051682][T16008] device bridge_slave_1 entered promiscuous mode
[ 1140.294488][T16008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1140.453452][T16008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1140.672193][ T4282] Bluetooth: hci0: command 0x040f tx timeout
[ 1140.760629][T16008] team0: Port device team_slave_0 added
[ 1140.809418][T16068] netlink: 'syz.3.2974': attribute type 1 has an invalid length.
[ 1140.818409][T16068] netlink: 'syz.3.2974': attribute type 2 has an invalid length.
[ 1140.974581][T16068] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2974'.
[ 1141.057633][T16008] team0: Port device team_slave_1 added
[ 1141.187609][T16008] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1141.248325][T16008] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1141.349572][T16008] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1141.526064][T16008] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1141.559548][T16008] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1141.592276][T16079] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1141.718350][T16008] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1141.907761][T16008] device hsr_slave_0 entered promiscuous mode
[ 1141.949851][T16008] device hsr_slave_1 entered promiscuous mode
[ 1142.810792][ T4282] Bluetooth: hci0: command 0x0419 tx timeout
[ 1143.257413][ T4385] device hsr_slave_0 left promiscuous mode
[ 1143.272496][ T4385] device hsr_slave_1 left promiscuous mode
[ 1143.286273][ T4385] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1143.309640][ T4385] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1143.348197][ T4385] device bridge_slave_1 left promiscuous mode
[ 1143.419802][ T4385] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1143.461074][ T4385] device bridge_slave_0 left promiscuous mode
[ 1143.510919][ T4385] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1144.197887][T16117] vivid-004: =================  START STATUS  =================
[ 1144.208855][T16117] vivid-004: Radio HW Seek Mode: Bounded
[ 1144.250865][T16117] vivid-004: Radio Programmable HW Seek: false
[ 1144.275206][T16117] vivid-004: RDS Rx I/O Mode: Block I/O
[ 1144.299719][T16117] vivid-004: Generate RBDS Instead of RDS: false
[ 1144.325951][T16117] vivid-004: RDS Reception: true
[ 1144.332254][T16117] vivid-004: RDS Program Type: 0 inactive
[ 1144.341707][T16117] vivid-004: RDS PS Name:  inactive
[ 1144.354660][T16117] vivid-004: RDS Radio Text:  inactive
[ 1144.387515][T16117] vivid-004: RDS Traffic Announcement: false inactive
[ 1144.402213][T16117] vivid-004: RDS Traffic Program: false inactive
[ 1144.450010][T16117] vivid-004: RDS Music: false inactive
[ 1144.471106][T16117] vivid-004: ==================  END STATUS  ==================
[ 1144.490774][ T4385] bond2 (unregistering): Released all slaves
[ 1145.221597][ T4385] bond1 (unregistering): Released all slaves
[ 1145.267790][T16126] netlink: 'syz.2.2982': attribute type 1 has an invalid length.
[ 1145.279740][T16126] netlink: 'syz.2.2982': attribute type 2 has an invalid length.
[ 1146.116920][ T4385] team0 (unregistering): Port device team_slave_1 removed
[ 1146.182800][ T4385] team0 (unregistering): Port device team_slave_0 removed
[ 1146.240965][ T4385] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1146.297912][ T4385] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1146.656713][ T4385] bond0 (unregistering): Released all slaves
[ 1146.788194][T16111] netlink: 'syz.0.2979': attribute type 13 has an invalid length.
[ 1146.819002][T16126] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2982'.
[ 1147.128327][T16126] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1147.135914][T16126] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1147.152781][T16133] loop2: detected capacity change from 0 to 7
[ 1147.173428][T16013] Dev loop2: unable to read RDB block 7
[ 1147.195998][T16013]  loop2: AHDI p1 p2 p3
[ 1147.204795][T16013] loop2: partition table partially beyond EOD, truncated
[ 1147.220174][T16013] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1147.266239][T16013] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1147.300696][T16133] Dev loop2: unable to read RDB block 7
[ 1147.306792][T16133]  loop2: AHDI p1 p2 p3
[ 1147.317913][T16133] loop2: partition table partially beyond EOD, truncated
[ 1147.330342][T16133] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1147.365202][T16133] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1147.627310][T16126] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1147.683985][T16126] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1147.885781][ T3638] Dev loop2: unable to read RDB block 7
[ 1147.909716][ T3638]  loop2: AHDI p1 p2 p3
[ 1148.000690][ T3638] loop2: partition table partially beyond EOD, truncated
[ 1148.019373][T16126] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.032080][T16126] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.042153][ T3638] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1148.055645][T16126] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.065476][T16126] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1148.066538][ T3638] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1148.621094][T16138] device syzkaller0 entered promiscuous mode
[ 1149.220521][T16149] netlink: 'syz.2.2988': attribute type 1 has an invalid length.
[ 1149.232498][T16149] netlink: 'syz.2.2988': attribute type 2 has an invalid length.
[ 1149.263045][T16149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2988'.
[ 1150.047470][T16168] netlink: 'syz.4.2990': attribute type 1 has an invalid length.
[ 1150.067123][T16168] netlink: 'syz.4.2990': attribute type 2 has an invalid length.
[ 1150.085354][T16168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2990'.
[ 1150.111357][T16168] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1150.228616][T16168] 8021q: adding VLAN 0 to HW filter on device team0
[ 1150.323931][T16168] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1150.356025][T16008] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1150.483020][T16008] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1150.574694][T16008] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1150.659634][T16008] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1151.075821][T16008] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1151.162582][T16008] 8021q: adding VLAN 0 to HW filter on device team0
[ 1151.211124][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1151.247382][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1151.280576][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1151.301352][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1151.336322][T11374] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1151.343694][T11374] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1151.395125][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1151.428028][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1151.462188][T11374] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1151.469668][T11374] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1151.544493][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1151.589016][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1151.632001][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1151.648292][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1151.680368][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1151.734226][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1151.758666][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1151.787886][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1151.818507][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1151.845531][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1151.921335][T16008] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1151.982326][T16008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1152.004176][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1152.024867][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1152.339314][T16188] batman_adv: batadv0: Adding interface: macsec1
[ 1152.387707][T16188] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1152.414547][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1152.517135][T16188] batman_adv: batadv0: Interface activated: macsec1
[ 1152.814928][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1152.886252][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1152.971725][T16008] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1153.070318][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1153.123923][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1153.236510][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1153.291927][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1153.329683][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1153.380284][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1153.403363][T16008] device veth0_vlan entered promiscuous mode
[ 1153.446542][T16008] device veth1_vlan entered promiscuous mode
[ 1153.541162][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1153.566269][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1153.694678][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1153.706325][ T4424] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1153.722323][T16008] device veth0_macvtap entered promiscuous mode
[ 1153.751966][T16008] device veth1_macvtap entered promiscuous mode
[ 1153.836250][T16008] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1153.886619][T16215] netlink: 'syz.3.2996': attribute type 1 has an invalid length.
[ 1153.894909][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1153.903047][T16215] netlink: 'syz.3.2996': attribute type 2 has an invalid length.
[ 1153.937063][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1153.985393][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1154.038176][T16008] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1154.092441][T16215] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2996'.
[ 1154.117276][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1154.210063][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1154.279003][T16008] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.297142][T16008] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.314310][T16008] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.331070][T16008] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1154.793978][T16008] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: macsec1
[ 1154.872108][T16008] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1154.915532][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1154.983064][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1155.027194][T16226] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1155.060308][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1155.117643][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1155.153300][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1155.199850][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1155.346968][T16232] random: crng reseeded on system resumption
[ 1155.412776][   T26] kauditd_printk_skb: 16 callbacks suppressed
[ 1155.412792][   T26] audit: type=1326 audit(1773183178.683:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1155.603905][   T26] audit: type=1326 audit(1773183178.723:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1155.789344][   T26] audit: type=1326 audit(1773183178.723:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1155.905052][   T26] audit: type=1326 audit(1773183178.723:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1155.996844][   T26] audit: type=1326 audit(1773183178.743:895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1156.168219][T16251] loop2: detected capacity change from 0 to 7
[ 1156.344859][   T26] audit: type=1326 audit(1773183178.743:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1156.386371][T16251] Dev loop2: unable to read RDB block 7
[ 1156.403666][T16251]  loop2: AHDI p1 p2 p3
[ 1156.422520][T16251] loop2: partition table partially beyond EOD, truncated
[ 1156.546287][T16251] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1156.585130][   T26] audit: type=1326 audit(1773183178.743:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1156.594500][T16251] loop2: p2 start 1702059890 is beyond EOD, 
[ 1156.791727][   T26] audit: type=1326 audit(1773183178.753:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1156.934847][T16251] truncated
[ 1157.112243][ T4282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1157.123838][ T4282] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1157.164800][   T26] audit: type=1326 audit(1773183178.753:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1157.164820][ T4282] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1157.232549][ T4282] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1157.240535][ T4282] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[ 1157.248623][ T4282] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1157.439848][   T26] audit: type=1326 audit(1773183178.753:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16237 comm="syz.1.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x7ffc0000
[ 1158.666913][T16265] chnl_net:caif_netlink_parms(): no params data found
[ 1158.860368][T15952] tipc: Left network mode
[ 1158.950819][T16265] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1158.982088][T16265] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1158.992775][T16265] device bridge_slave_0 entered promiscuous mode
[ 1159.208540][T16265] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1159.227686][T16265] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1159.279636][T16265] device bridge_slave_1 entered promiscuous mode
[ 1159.302514][ T4271] Bluetooth: hci1: command 0x0409 tx timeout
[ 1159.418590][T16265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1159.589934][T16265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1159.724659][T16265] team0: Port device team_slave_0 added
[ 1159.779969][T16265] team0: Port device team_slave_1 added
[ 1159.989719][T16265] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1160.029381][T16265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1160.057467][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1160.200788][T16265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1160.300725][T16265] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1160.318530][T16265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1160.347209][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1160.492122][T16265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1160.689876][T16265] device hsr_slave_0 entered promiscuous mode
[ 1160.746962][T16265] device hsr_slave_1 entered promiscuous mode
[ 1160.762544][T16265] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1160.788976][T16265] Cannot create hsr debugfs directory
[ 1161.073093][T15952] bond2: (slave gre1): Releasing backup interface
[ 1161.118305][T15952] bond2: Destroying bond
[ 1161.391505][ T4271] Bluetooth: hci1: command 0x041b tx timeout
[ 1162.003050][T16335] vivid-002: =================  START STATUS  =================
[ 1162.135622][T16335] vivid-002: Radio HW Seek Mode: Bounded
[ 1162.164937][T16335] vivid-002: Radio Programmable HW Seek: false
[ 1162.220335][T16335] vivid-002: RDS Rx I/O Mode: Block I/O
[ 1162.356794][T16335] vivid-002: Generate RBDS Instead of RDS: false
[ 1162.414540][T15952] bond2 (unregistering): Released all slaves
[ 1162.419992][T16335] vivid-002: RDS Reception: true
[ 1162.447365][T16335] vivid-002: RDS Program Type: 0 inactive
[ 1162.522420][T16335] vivid-002: RDS PS Name:  inactive
[ 1162.601329][T16335] vivid-002: RDS Radio Text:  inactive
[ 1163.341648][T16335] vivid-002: RDS Traffic Announcement: false inactive
[ 1163.355874][T16335] vivid-002: RDS Traffic Program: false inactive
[ 1163.408295][T16335] vivid-002: RDS Music: false inactive
[ 1163.460400][ T4271] Bluetooth: hci1: command 0x040f tx timeout
[ 1163.460550][T16335] vivid-002: ==================  END STATUS  ==================
[ 1164.230158][T16364] netlink: 'syz.0.3012': attribute type 1 has an invalid length.
[ 1164.240853][T16364] netlink: 'syz.0.3012': attribute type 2 has an invalid length.
[ 1164.456239][T16364] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3012'.
[ 1164.492072][T16364] batman_adv: batadv0: Interface deactivated: macsec1
[ 1164.540533][T16370] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3014'.
[ 1164.946118][T15952] device hsr_slave_0 left promiscuous mode
[ 1164.972769][T15952] device hsr_slave_1 left promiscuous mode
[ 1165.003503][T15952] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1165.050589][T15952] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1165.084919][T15952] device bridge_slave_1 left promiscuous mode
[ 1165.113118][T15952] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1165.142768][T15952] device bridge_slave_0 left promiscuous mode
[ 1165.160650][T15952] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1165.539986][ T4282] Bluetooth: hci1: command 0x0419 tx timeout
[ 1165.767665][T15952] bond3 (unregistering): Released all slaves
[ 1167.124127][T15952] bond1 (unregistering): Released all slaves
[ 1168.780311][T15952] team0 (unregistering): Port device team_slave_1 removed
[ 1168.940880][T15952] team0 (unregistering): Port device team_slave_0 removed
[ 1169.012462][T15952] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1169.105517][T15952] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1169.792395][T15952] bond0 (unregistering): Released all slaves
[ 1169.913791][T16393] netlink: 'syz.4.3021': attribute type 1 has an invalid length.
[ 1170.256672][T16417] device syzkaller0 entered promiscuous mode
[ 1170.617054][T16265] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1170.681868][T16265] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1170.715195][T16265] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1170.759082][T16265] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1171.231213][T16265] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1171.280489][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1171.314581][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1171.360434][T16442] vivid-003: =================  START STATUS  =================
[ 1171.377231][T16265] 8021q: adding VLAN 0 to HW filter on device team0
[ 1171.386602][T16442] vivid-003: Radio HW Seek Mode: Bounded
[ 1171.405372][T16442] vivid-003: Radio Programmable HW Seek: false
[ 1171.412338][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1171.429028][T16442] vivid-003: RDS Rx I/O Mode: Block I/O
[ 1171.435396][T16442] vivid-003: Generate RBDS Instead of RDS: false
[ 1171.444011][T16442] vivid-003: RDS Reception: true
[ 1171.453312][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1171.461814][T16442] vivid-003: RDS Program Type: 0 inactive
[ 1171.485258][T16442] vivid-003: RDS PS Name:  inactive
[ 1171.504545][T15952] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1171.511860][T15952] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1171.526591][T16442] vivid-003: RDS Radio Text:  inactive
[ 1171.545203][T16442] vivid-003: RDS Traffic Announcement: false inactive
[ 1171.566464][T16442] vivid-003: RDS Traffic Program: false inactive
[ 1171.582042][T16442] vivid-003: RDS Music: false inactive
[ 1171.594086][T16442] vivid-003: ==================  END STATUS  ==================
[ 1171.624684][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1171.672386][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1171.683850][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1171.694312][T15952] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1171.701733][T15952] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1171.714911][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1171.768993][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1171.804216][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1171.835671][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1171.890066][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1171.922822][T16447] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3031'.
[ 1171.945589][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1171.982252][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1172.189450][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1172.206712][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1172.227962][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1172.237576][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1172.251669][T16265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 1172.685808][T12702] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[ 1172.855742][T12702] usb 5-1: device descriptor read/64, error -71
[ 1172.920489][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1172.935139][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1173.018747][T16265] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1173.125617][T12702] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[ 1173.136430][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1173.182796][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1173.226426][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1173.247473][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1173.269216][T16265] device veth0_vlan entered promiscuous mode
[ 1173.280499][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1173.294819][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1173.305463][T12702] usb 5-1: device descriptor read/64, error -71
[ 1173.329427][T16265] device veth1_vlan entered promiscuous mode
[ 1173.389694][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1173.410682][T16469] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1173.421527][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1173.425934][T12702] usb usb5-port1: attempt power cycle
[ 1173.451398][T16265] device veth0_macvtap entered promiscuous mode
[ 1173.469144][T16265] device veth1_macvtap entered promiscuous mode
[ 1173.552660][T16265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1173.590268][T16265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1173.606920][T16265] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1173.615164][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1173.737313][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1173.753831][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1173.764268][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1173.797362][T16265] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1173.820858][T16265] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1173.891386][T16265] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1173.924266][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1173.962489][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1173.995105][T12702] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[ 1174.035690][T12702] usb 5-1: device descriptor read/8, error -71
[ 1174.048574][T16265] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.083275][T16265] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.134995][T16265] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.187621][T16265] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1174.305099][T12702] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[ 1174.366365][T12702] usb 5-1: device descriptor read/8, error -71
[ 1174.505040][T12702] usb usb5-port1: unable to enumerate USB device
[ 1174.533814][T16481] netlink: 'syz.2.3036': attribute type 1 has an invalid length.
[ 1174.559811][T16481] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1174.773469][T16486] IPVS: lblc: FWM 3 0x00000003 - no destination available
[ 1174.792189][ T4399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1174.804925][ T4399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1174.933816][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1174.997077][ T4518] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1175.011412][ T4518] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1175.275499][ T4518] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1176.235987][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1176.275002][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1176.304935][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1176.527918][T16521] netlink: 'syz.2.3048': attribute type 1 has an invalid length.
[ 1176.610447][T16521] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1177.226555][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.233220][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.335838][T16535] netlink: 'syz.1.3050': attribute type 1 has an invalid length.
[ 1177.467986][T16535] netlink: 'syz.1.3050': attribute type 2 has an invalid length.
[ 1177.575986][T16535] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3050'.
[ 1177.801052][ T4282] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1177.815237][ T4282] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1177.825911][ T4282] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1177.838512][ T4282] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1177.848317][ T4282] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1177.888628][ T4282] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1178.623593][T16535] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1178.631181][T16535] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1179.585690][T16535] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1179.640794][T16535] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1179.932619][ T4282] Bluetooth: hci2: command 0x0409 tx timeout
[ 1180.333432][T16535] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1180.352661][T16535] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1180.389441][T16535] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1180.436806][T16535] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1181.196639][T16537] chnl_net:caif_netlink_parms(): no params data found
[ 1181.257030][T16563] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1181.340600][T16537] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1181.348699][T16537] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1181.368116][T16537] device bridge_slave_0 entered promiscuous mode
[ 1181.400502][T16537] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1181.445898][T16537] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1181.478602][T16537] device bridge_slave_1 entered promiscuous mode
[ 1181.675300][T16537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1182.790255][ T4282] Bluetooth: hci2: command 0x041b tx timeout
[ 1183.489719][T16537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1183.638757][T16575] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1183.885146][T16537] team0: Port device team_slave_0 added
[ 1183.922048][T16537] team0: Port device team_slave_1 added
[ 1183.962501][T16537] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1183.995508][T16537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1184.071343][T16537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1184.113772][T16537] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1184.143470][T16537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1184.233297][T16537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1184.381862][T16593] device syzkaller0 entered promiscuous mode
[ 1184.502721][T16599] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1184.540374][T16537] device hsr_slave_0 entered promiscuous mode
[ 1184.554613][T16599] random: crng reseeded on system resumption
[ 1184.563845][T16537] device hsr_slave_1 entered promiscuous mode
[ 1184.571372][ T4310] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1184.599655][T16537] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1184.639840][T16537] Cannot create hsr debugfs directory
[ 1184.805568][ T4310] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1184.816194][ T4282] Bluetooth: hci2: command 0x040f tx timeout
[ 1184.830667][ T4310] usb 2-1: config 0 interface 0 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1184.859709][ T4310] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1184.866636][ T4310] usb 2-1: New USB device found, idVendor=0463, idProduct=1215, bcdDevice= 0.00
[ 1184.876311][ T4310] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1184.914478][ T4310] usb 2-1: config 0 descriptor??
[ 1184.928576][ T4310] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1186.888680][ T4282] Bluetooth: hci2: command 0x0419 tx timeout
[ 1187.247232][T16297] usb 2-1: USB disconnect, device number 21
[ 1188.733326][T16630] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1190.437806][T16641] siw: device registration error -23
[ 1191.747518][T16031] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[ 1191.936356][T16031] usb 2-1: device descriptor read/64, error -71
[ 1192.142320][T16656] netlink: 'syz.2.3074': attribute type 1 has an invalid length.
[ 1192.236204][T16031] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[ 1192.245035][T16656] netlink: 'syz.2.3074': attribute type 2 has an invalid length.
[ 1192.333429][T16652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3074'.
[ 1192.412214][T16652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1192.420896][T16652] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1192.434333][T16652] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1192.447115][T16031] usb 2-1: device descriptor read/64, error -71
[ 1192.454515][T16652] 8021q: adding VLAN 0 to HW filter on device team0
[ 1192.467724][T16652] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1192.577946][T16031] usb usb2-port1: attempt power cycle
[ 1192.691085][ T4716] tipc: Left network mode
[ 1192.714465][T16537] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1192.751111][T16537] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1192.999170][T16031] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[ 1193.079372][T16031] usb 2-1: device descriptor read/8, error -71
[ 1193.168097][T16537] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1193.343608][T16537] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1193.365466][T16031] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[ 1193.641211][T16678] ipt_ECN: cannot use operation on non-tcp rule
[ 1193.660830][T16537] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1193.863862][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1193.888714][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1193.951316][T16537] 8021q: adding VLAN 0 to HW filter on device team0
[ 1194.083034][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1194.102370][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1194.112807][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1194.120448][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1194.155795][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1194.201771][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1194.230554][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1194.238425][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1194.425508][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1194.434474][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1194.494414][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1194.532506][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1194.563186][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1194.611941][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1194.643012][T16682] device syzkaller0 entered promiscuous mode
[ 1194.771157][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1194.784844][T16031] usb 2-1: device descriptor read/8, error -71
[ 1194.809702][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1194.842890][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1194.859825][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1194.878181][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1194.890789][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1194.904861][T16031] usb usb2-port1: unable to enumerate USB device
[ 1195.107234][T16687] device syzkaller0 entered promiscuous mode
[ 1196.204188][T16704] siw: device registration error -23
[ 1200.634289][T16741] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1202.757568][T16749] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1203.418020][T16742] netlink: 'syz.1.3089': attribute type 13 has an invalid length.
[ 1203.918459][ T4716] batman_adv: batadv0: Removing interface: macsec1
[ 1203.981760][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1203.989800][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1204.032073][T16537] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1204.126256][ T4716] device hsr_slave_0 left promiscuous mode
[ 1204.137926][ T4716] device hsr_slave_1 left promiscuous mode
[ 1204.156056][ T4716] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1204.177577][ T4716] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1204.207146][ T4716] device bridge_slave_1 left promiscuous mode
[ 1204.225401][ T4716] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1204.249627][ T4716] device bridge_slave_0 left promiscuous mode
[ 1204.266941][ T4716] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1205.112637][ T4716] bond2 (unregistering): Released all slaves
[ 1207.004102][ T4716] bond1 (unregistering): (slave lo): Releasing backup interface
[ 1207.053509][ T4716] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed
[ 1207.217725][ T4716] bond1 (unregistering): Released all slaves
[ 1209.027082][ T4716] team0 (unregistering): Port device team_slave_1 removed
[ 1209.131962][ T4716] team0 (unregistering): Port device team_slave_0 removed
[ 1209.228764][ T4716] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1209.238532][ T4716] device bond_slave_1 left promiscuous mode
[ 1209.325146][ T4716] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1209.347130][ T4716] device bond_slave_0 left promiscuous mode
[ 1210.120935][ T4716] bond0 (unregistering): Released all slaves
[ 1210.388327][T16793] netlink: 'syz.2.3102': attribute type 1 has an invalid length.
[ 1210.410619][T16775] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3097'.
[ 1210.421167][T16793] netlink: 'syz.2.3102': attribute type 2 has an invalid length.
[ 1210.446931][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1210.456194][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1210.681593][T16793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3102'.
[ 1211.076307][T16802] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3104'.
[ 1211.458240][T16537] device veth0_vlan entered promiscuous mode
[ 1211.555724][T16803] netlink: 'syz.4.3103': attribute type 13 has an invalid length.
[ 1211.631075][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1211.765831][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1211.892213][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1211.907832][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1211.928703][T16537] device veth1_vlan entered promiscuous mode
[ 1211.981531][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1211.992466][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1212.009606][T16537] device veth0_macvtap entered promiscuous mode
[ 1212.032018][T16537] device veth1_macvtap entered promiscuous mode
[ 1212.062858][T16537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1212.127051][T16813] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1212.175169][T16537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1212.230813][T16537] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1212.278389][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1212.322475][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1212.348339][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1212.381026][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1212.416530][T16537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1212.490509][T16537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1212.560064][T16537] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1212.591321][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1212.622230][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1212.667448][T16537] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1212.691047][T16537] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1212.700681][   T26] kauditd_printk_skb: 11 callbacks suppressed
[ 1212.700693][   T26] audit: type=1326 audit(1773183236.002:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16807 comm="syz.1.3106" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x0
[ 1212.795377][T16537] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1212.849200][T16537] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1213.180836][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.235810][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.292482][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1213.321300][T15952] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1213.341500][T15952] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1213.380965][ T4399] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1215.567540][ T4271] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1215.581358][ T4271] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1215.592428][ T4271] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1215.617528][ T4271] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1215.625553][ T4271] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[ 1215.634666][ T4271] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1215.802554][T16840] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3112'.
[ 1216.008018][T16835] chnl_net:caif_netlink_parms(): no params data found
[ 1216.213734][T16845] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1216.256422][  T125] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 1216.304895][T16845] random: crng reseeded on system resumption
[ 1216.491702][T16835] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1216.561297][T16835] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1216.589006][  T125] usb 4-1: too many configurations: 109, using maximum allowed: 8
[ 1216.590223][T16835] device bridge_slave_0 entered promiscuous mode
[ 1216.622461][  T125] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1216.644362][  T125] usb 4-1: can't read configurations, error -61
[ 1216.670038][T16835] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1216.700816][T16835] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1216.718666][T16835] device bridge_slave_1 entered promiscuous mode
[ 1216.803948][  T125] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[ 1216.882699][T16835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1216.923386][T16835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1217.038033][  T125] usb 4-1: too many configurations: 109, using maximum allowed: 8
[ 1217.050491][T16835] team0: Port device team_slave_0 added
[ 1217.076266][  T125] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1217.110191][  T125] usb 4-1: can't read configurations, error -61
[ 1217.136085][ T4399] tipc: Left network mode
[ 1217.154517][  T125] usb usb4-port1: attempt power cycle
[ 1217.160403][T16835] team0: Port device team_slave_1 added
[ 1217.593379][  T125] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[ 1217.645350][  T125] usb 4-1: too many configurations: 109, using maximum allowed: 8
[ 1217.665331][  T125] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1217.674889][ T4282] Bluetooth: hci3: command 0x0409 tx timeout
[ 1217.683396][  T125] usb 4-1: can't read configurations, error -61
[ 1217.843248][  T125] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[ 1217.897512][  T125] usb 4-1: too many configurations: 109, using maximum allowed: 8
[ 1217.918333][  T125] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1217.947849][  T125] usb 4-1: can't read configurations, error -61
[ 1217.983512][  T125] usb usb4-port1: unable to enumerate USB device
[ 1218.210280][T16876] ipt_ECN: cannot use operation on non-tcp rule
[ 1219.752312][ T4282] Bluetooth: hci3: command 0x041b tx timeout
[ 1220.265247][T16887] loop2: detected capacity change from 0 to 7
[ 1220.292310][T16835] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1220.309759][T16835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1220.441171][T16013] Dev loop2: unable to read RDB block 7
[ 1220.458840][T16013]  loop2: AHDI p2 p3
[ 1220.515962][T16013] loop2: partition table partially beyond EOD, truncated
[ 1220.542642][T16835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1220.568185][T16887] Dev loop2: unable to read RDB block 7
[ 1220.591024][T16887]  loop2: AHDI p2 p3
[ 1220.596346][T16887] loop2: partition table partially beyond EOD, truncated
[ 1220.616299][T16835] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1220.632049][T16835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1220.710181][T16835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1221.159228][ T3638] Dev loop2: unable to read RDB block 7
[ 1221.173791][ T3638]  loop2: AHDI p2 p3
[ 1221.201289][T16835] device hsr_slave_0 entered promiscuous mode
[ 1221.218000][ T3638] loop2: partition table partially beyond EOD, truncated
[ 1221.240602][T16835] device hsr_slave_1 entered promiscuous mode
[ 1221.276240][T16835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1221.303325][T16835] Cannot create hsr debugfs directory
[ 1221.845244][ T4282] Bluetooth: hci3: command 0x040f tx timeout
[ 1222.572008][T16918] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1223.696015][ T4399] device hsr_slave_0 left promiscuous mode
[ 1223.921096][ T4282] Bluetooth: hci3: command 0x0419 tx timeout
[ 1225.329061][T16949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3128'.
[ 1225.559215][ T4399] bond1 (unregistering): Released all slaves
[ 1228.515604][ T4399] bond0 (unregistering): Released all slaves
[ 1228.846959][T16971] loop2: detected capacity change from 0 to 7
[ 1228.959480][T16971] Dev loop2: unable to read RDB block 7
[ 1228.965352][T16971]  loop2: AHDI p2 p3
[ 1228.984905][T16835] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1228.992597][T16971] loop2: partition table partially beyond EOD, truncated
[ 1229.013495][T16835] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1229.026805][T16835] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1229.070502][T16835] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1229.086045][ T3638] Dev loop2: unable to read RDB block 7
[ 1229.097315][ T3638]  loop2: AHDI p2 p3
[ 1229.157959][ T3638] loop2: partition table partially beyond EOD, truncated
[ 1229.238049][T16031] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[ 1229.310944][ T3638] Dev loop2: unable to read RDB block 7
[ 1229.332388][ T3638]  loop2: AHDI p2 p3
[ 1229.342943][ T3638] loop2: partition table partially beyond EOD, truncated
[ 1229.354017][T16835] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1229.429179][T16031] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1229.440411][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1229.454228][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1229.466067][T16031] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1229.528208][T16835] 8021q: adding VLAN 0 to HW filter on device team0
[ 1229.541749][T16031] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1229.583284][T16031] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[ 1229.651015][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1229.688140][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1229.697830][T16031] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[ 1229.717502][  T125] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[ 1229.794191][T16031] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1229.813890][ T4385] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1229.821738][ T4385] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1229.862599][T16031] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1229.908808][T16031] usb 2-1: Product: syz
[ 1229.927716][T16031] usb 2-1: Manufacturer: syz
[ 1229.947537][  T125] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1229.964199][T16031] cdc_wdm 2-1:1.0: skipping garbage
[ 1229.986662][T16031] cdc_wdm 2-1:1.0: skipping garbage
[ 1229.992499][  T125] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1230.018106][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1230.034486][T16031] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1230.051065][T16031] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1230.064688][  T125] usb 4-1: config 0 has no interfaces?
[ 1230.065330][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1230.111845][  T125] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1230.112914][ T4385] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1230.130349][ T4385] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1230.154480][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1230.180673][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1230.193279][T16992] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1230.232612][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1230.258331][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1230.267101][  T125] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1230.298103][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1230.327650][  T125] usb 4-1: config 0 descriptor??
[ 1230.378902][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1230.594867][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1230.958994][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1231.114828][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1231.145754][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 1231.244716][T16835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1231.443447][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1231.487933][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1231.910899][ T4310] usb 2-1: USB disconnect, device number 26
[ 1231.949034][T17012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3139'.
[ 1232.825498][T17012] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1232.833088][T17012] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1233.388970][T16031] usb 4-1: USB disconnect, device number 23
[ 1234.451978][T17012] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1234.580542][T17012] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1235.155339][T17012] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1235.169558][T17012] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1235.179653][T17012] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1235.197743][T17012] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1235.366402][T17027] netlink: 'syz.3.3141': attribute type 1 has an invalid length.
[ 1235.727546][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[ 1235.740414][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[ 1235.769932][T16835] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1236.277708][T17094] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1236.867589][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1236.878413][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1236.940669][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1236.982907][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1237.041094][T16835] device veth0_vlan entered promiscuous mode
[ 1237.049818][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1237.070361][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1237.106223][T16835] device veth1_vlan entered promiscuous mode
[ 1237.178636][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[ 1237.188571][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[ 1237.211810][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1237.241378][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1237.317140][T16835] device veth0_macvtap entered promiscuous mode
[ 1237.360994][T16835] device veth1_macvtap entered promiscuous mode
[ 1237.430359][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[ 1237.454487][T15952] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1237.532181][T16835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1237.608732][T16835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1237.695564][T16835] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1237.728060][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1237.769694][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1237.839486][T16835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1237.877087][T17115] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1237.905853][T16835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1237.942079][T16835] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1238.015389][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1238.070563][ T4385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1238.097855][T16835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1238.110806][T16835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1238.146621][T16835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1238.193189][T16835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1238.499802][ T4385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1238.522368][ T4385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1238.555559][ T4716] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[ 1238.567680][T17127] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3155'.
[ 1238.619274][ T4716] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1238.629678][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.642983][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.680800][ T4716] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1238.717257][T11374] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[ 1240.709588][T15762] Bluetooth: hci5: command 0x0406 tx timeout
[ 1240.718330][T17140] netlink: 216 bytes leftover after parsing attributes in process `syz.1.3158'.
[ 1241.926873][T17163] netlink: 'syz.0.3164': attribute type 13 has an invalid length.
[ 1242.157360][T17167] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1244.242704][T17187] netlink: 'syz.4.3167': attribute type 1 has an invalid length.
[ 1244.250632][T17187] netlink: 'syz.4.3167': attribute type 2 has an invalid length.
[ 1244.788405][T17202] netlink: 'syz.0.3171': attribute type 1 has an invalid length.
[ 1244.812141][T17202] netlink: 'syz.0.3171': attribute type 2 has an invalid length.
[ 1244.836255][T17202] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3171'.
[ 1247.339029][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1247.898375][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1248.125657][T17243] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3180'.
[ 1248.388373][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1248.687769][T12702] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[ 1249.028315][T12702] usb 5-1: too many configurations: 109, using maximum allowed: 8
[ 1249.090588][T12702] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1249.128013][T12702] usb 5-1: can't read configurations, error -61
[ 1249.180163][T17252] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1249.190148][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1249.267066][T17253] netlink: 'syz.3.3182': attribute type 1 has an invalid length.
[ 1249.282831][T17253] netlink: 'syz.3.3182': attribute type 2 has an invalid length.
[ 1249.327455][T12702] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[ 1249.468050][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1249.518109][T12702] usb 5-1: too many configurations: 109, using maximum allowed: 8
[ 1249.538088][T12702] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1249.557354][T12702] usb 5-1: can't read configurations, error -61
[ 1249.565521][T12702] usb usb5-port1: attempt power cycle
[ 1249.929073][T17257] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3183'.
[ 1249.977210][T12702] usb 5-1: new full-speed USB device number 29 using dummy_hcd
[ 1250.054859][T12702] usb 5-1: too many configurations: 109, using maximum allowed: 8
[ 1250.185571][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1250.196725][T12702] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1250.226401][T12702] usb 5-1: can't read configurations, error -61
[ 1250.406917][T12702] usb 5-1: new full-speed USB device number 30 using dummy_hcd
[ 1250.537242][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1250.560809][T12702] usb 5-1: too many configurations: 109, using maximum allowed: 8
[ 1250.609017][T12702] usb 5-1: unable to read config index 0 descriptor/start: -61
[ 1250.674178][T12702] usb 5-1: can't read configurations, error -61
[ 1250.693197][T12702] usb usb5-port1: unable to enumerate USB device
[ 1250.936831][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1251.586562][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1251.916200][ T4310] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[ 1252.126146][ T4310] usb 2-1: Using ep0 maxpacket: 32
[ 1252.133254][ T4310] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1252.354620][ T4310] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1252.375260][ T4310] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1252.393629][ T4310] usb 2-1: Product: syz
[ 1252.403454][ T4310] usb 2-1: Manufacturer: syz
[ 1252.413431][ T4310] usb 2-1: SerialNumber: syz
[ 1252.470825][ T4310] usb 2-1: config 0 descriptor??
[ 1252.481009][T17275] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[ 1252.620013][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1253.665521][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1253.976516][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1254.695076][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1254.743292][T12702] usb 2-1: USB disconnect, device number 27
[ 1255.735878][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1255.885223][T17311] ipt_ECN: cannot use operation on non-tcp rule
[ 1256.824392][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1257.013814][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1257.898357][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1258.598207][T17357] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1258.967826][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1259.001765][T17357] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1259.077781][   T26] audit: type=1326 audit(1773183282.405:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17344 comm="syz.2.3208" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e78f9c799 code=0x0
[ 1259.129214][T17350] ucma_write: process 232 (syz.2.3208) changed security contexts after opening file descriptor, this is not allowed.
[ 1259.733814][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1259.982410][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1260.052842][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1260.562797][T17379] ipt_ECN: cannot use operation on non-tcp rule
[ 1260.845126][   T26] audit: type=1326 audit(1773183284.176:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1260.872126][T17383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3216'.
[ 1260.894938][T17383] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3216'.
[ 1260.926789][T17385] loop6: detected capacity change from 0 to 7
[ 1260.941653][   T26] audit: type=1326 audit(1773183284.216:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1260.975027][T16013] Dev loop6: unable to read RDB block 7
[ 1260.982278][T16013]  loop6: AHDI p2 p3
[ 1260.996232][T16013] loop6: partition table partially beyond EOD, truncated
[ 1261.012311][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1261.035536][T16013] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1261.055828][   T26] audit: type=1326 audit(1773183284.226:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1261.109391][T17385] Dev loop6: unable to read RDB block 7
[ 1261.117408][T17385]  loop6: AHDI p2 p3
[ 1261.122974][T17385] loop6: partition table partially beyond EOD, truncated
[ 1261.171566][ T4282] Bluetooth: hci0: command 0x0406 tx timeout
[ 1261.180671][T17385] loop6: p2 size 157513074 extends beyond EOD, truncated
[ 1261.208263][   T26] audit: type=1326 audit(1773183284.226:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1261.320145][   T26] audit: type=1326 audit(1773183284.226:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1261.428192][T16013] udevd[16013]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1261.500315][   T26] audit: type=1326 audit(1773183284.226:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1261.598082][T16013] udevd[16013]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[ 1261.805843][   T26] audit: type=1326 audit(1773183284.226:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1262.001146][   T26] audit: type=1326 audit(1773183284.226:921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1262.055049][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1262.146078][   T26] audit: type=1326 audit(1773183284.226:922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17384 comm="syz.0.3218" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7b71d9c799 code=0x7ffc0000
[ 1263.090962][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1263.104813][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1264.082134][ T8954] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1264.130279][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1264.303668][ T8954] usb 4-1: Using ep0 maxpacket: 16
[ 1264.312166][ T8954] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1264.361691][ T8954] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 1264.399984][ T8954] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1264.439875][ T8954] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1264.466835][ T8954] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1264.493988][ T8954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1264.524685][ T8954] usb 4-1: Product: syz
[ 1264.529148][ T8954] usb 4-1: Manufacturer: syz
[ 1264.570431][ T8954] usb 4-1: SerialNumber: syz
[ 1264.844402][ T8954] usb 4-1: 0:2 : does not exist
[ 1264.907797][ T8954] usb 4-1: USB disconnect, device number 24
[ 1265.183794][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1265.587957][T17449] relay: one or more items not logged [item size (56) > sub-buffer size (3)]
[ 1266.129316][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1266.193076][T17452] ipt_ECN: cannot use operation on non-tcp rule
[ 1266.222127][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1266.624433][T17456] device syzkaller0 entered promiscuous mode
[ 1266.888645][  T125] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[ 1267.094067][  T125] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1267.124524][  T125] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1267.157700][  T125] usb 3-1: Product: syz
[ 1267.173554][  T125] usb 3-1: Manufacturer: syz
[ 1267.188570][  T125] usb 3-1: SerialNumber: syz
[ 1267.248653][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1267.419393][  T125] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[ 1267.513615][  T125] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[ 1267.564541][  T125] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[ 1267.606163][  T125] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1267.634856][  T125] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1267.692862][  T125] lan78xx: probe of 3-1:1.0 failed with error -71
[ 1267.751909][  T125] usb 3-1: USB disconnect, device number 19
[ 1268.298398][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1268.634160][   T26] kauditd_printk_skb: 35 callbacks suppressed
[ 1268.634178][   T26] audit: type=1326 audit(1773183291.970:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17469 comm="syz.3.3241" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb3ead9c799 code=0x0
[ 1269.038033][T17492] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1269.168242][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1269.328510][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1269.344044][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1269.352752][T17514] loop2: detected capacity change from 0 to 7
[ 1269.353985][T16013] Dev loop2: unable to read RDB block 7
[ 1269.354006][T16013]  loop2: AHDI p2 p3
[ 1269.354022][T16013] loop2: partition table partially beyond EOD, truncated
[ 1269.399703][T17514] Dev loop2: unable to read RDB block 7
[ 1269.399724][T17514]  loop2: AHDI p2 p3
[ 1269.399737][T17514] loop2: partition table partially beyond EOD, truncated
[ 1269.803970][T16668] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1269.804181][T16668] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1269.804481][T16668] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1269.804661][T16668] rtc_cmos 00:00: Alarms can be up to one day in the future
[ 1269.804672][T16668] rtc rtc0: __rtc_set_alarm: err=-22
[ 1270.367148][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1271.406779][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1272.215343][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1272.446160][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1273.486142][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1274.009698][T17489] tipc: Started in network mode
[ 1274.014871][T17489] tipc: Node identity aa02398e59bf, cluster identity 4711
[ 1274.022486][T17489] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1274.030198][T17490] device syzkaller0 entered promiscuous mode
[ 1274.042199][T17532] device syzkaller0 entered promiscuous mode
[ 1274.123231][T17490] tipc: Resetting bearer <eth:syzkaller0>
[ 1274.275247][T17490] tipc: Disabling bearer <eth:syzkaller0>
[ 1274.367329][T17551] device syzkaller0 entered promiscuous mode
[ 1274.542843][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1275.002500][T17576] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1275.248437][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1275.564605][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1276.613997][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1276.656624][T17633] device syzkaller0 entered promiscuous mode
[ 1277.344207][ T8954] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[ 1277.543309][ T8954] usb 3-1: Using ep0 maxpacket: 16
[ 1277.553761][ T8954] usb 3-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[ 1277.592251][ T8954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.648593][ T8954] usb 3-1: Product: syz
[ 1277.665067][ T8954] usb 3-1: Manufacturer: syz
[ 1277.688706][ T8954] usb 3-1: SerialNumber: syz
[ 1277.720714][T16031] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1277.738641][ T8954] usb 3-1: config 0 descriptor??
[ 1277.769585][ T8954] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1277.828276][ T8954] hub: probe of 3-1:0.0 failed with error -5
[ 1278.283811][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1278.763903][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1278.922953][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1279.802417][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1280.022387][ T8954] usb 3-1: USB disconnect, device number 20
[ 1280.205854][T17680] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1280.844666][T12702] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1281.326294][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1281.641289][ T4282] Bluetooth: hci1: command 0x0406 tx timeout
[ 1281.883949][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1282.926078][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1283.745868][T17723] trusted_key: encrypted_key: key user:syz not found
[ 1283.976775][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.152248][   T26] audit: type=1326 audit(1773183307.498:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17714 comm="syz.1.3297" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f42d2f9c799 code=0x0
[ 1284.360741][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.433248][T17734] tipc: Failed to remove unknown binding: 66,1,1/0:327458070/327458072
[ 1284.681637][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.690488][ T8954] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1284.999939][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1286.049492][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1286.180841][T17749] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1286.619384][T17753] device syzkaller0 entered promiscuous mode
[ 1287.088732][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1287.718509][  T125] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1287.820514][T17777] loop2: detected capacity change from 0 to 7
[ 1287.833741][T16013] Dev loop2: unable to read RDB block 7
[ 1287.855167][T16013]  loop2: AHDI p2 p3
[ 1287.877931][T16013] loop2: partition table partially beyond EOD, truncated
[ 1287.951842][T17777] Dev loop2: unable to read RDB block 7
[ 1287.957752][T17777]  loop2: AHDI p2 p3
[ 1288.074034][T17777] loop2: partition table partially beyond EOD, truncated
[ 1288.107597][T17783] device syzkaller1 entered promiscuous mode
[ 1288.118648][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.173285][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.424741][T17803] tipc: Failed to remove unknown binding: 66,1,1/0:797658770/797658772
[ 1289.728684][T17816] ipt_ECN: cannot use operation on non-tcp rule
[ 1289.798207][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.809326][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1289.834242][T17819] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1290.207302][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1290.756935][ T4310] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1291.246900][T16668] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1291.544983][T17829] device syzkaller1 entered promiscuous mode
[ 1291.927631][T17837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1291.937999][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1292.060657][T17837] netlink: 'syz.3.3328': attribute type 1 has an invalid length.
[ 1292.072842][T17837] netlink: 'syz.3.3328': attribute type 2 has an invalid length.
[ 1292.092707][T17837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3328'.
[ 1292.936631][T17837] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1292.944830][T17837] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1293.515412][ T4310] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[ 1293.719497][ T4310] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1293.776397][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1293.911524][ T4310] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1294.000142][T17863] tipc: Failed to remove unknown binding: 66,1,1/0:2263621718/2263621720
[ 1294.029931][ T4310] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1294.100978][ T4310] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1294.123364][ T4310] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1294.139166][ T4310] usb 2-1: Manufacturer: syz
[ 1294.178100][ T4310] usb 2-1: config 0 descriptor??
[ 1294.197976][T17837] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1294.652954][ T4310] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[ 1294.672710][ T4310] appleir 0003:05AC:8243.0005: No inputs registered, leaving
[ 1294.905182][ T4310] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[ 1295.002773][ T4310] usb 2-1: USB disconnect, device number 28
[ 1295.130320][T17870] fido_id[17870]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1295.350940][T17837] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.368962][T17837] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.391084][T17837] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1295.445149][T17837] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1296.387809][T17885] tipc: Started in network mode
[ 1296.407851][T17885] tipc: Node identity ac14140f, cluster identity 4711
[ 1296.442941][T17885] tipc: New replicast peer: 255.255.255.255
[ 1296.484639][T17885] tipc: Enabled bearer <udp:syz1>, priority 10
[ 1296.513633][T17886] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3342'.
[ 1296.651310][T17886] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1296.663216][T17886] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1297.520100][T16297] tipc: Node number set to 2886997007
[ 1297.803330][  T125] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1298.083048][  T125] usb 5-1: Using ep0 maxpacket: 8
[ 1298.107505][  T125] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1298.373079][  T125] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1298.447716][  T125] usb 5-1: New USB device found, idVendor=0402, idProduct=5602, bcdDevice=35.76
[ 1298.482071][  T125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1298.534971][  T125] usb 5-1: Product: syz
[ 1298.550865][  T125] usb 5-1: Manufacturer: syz
[ 1298.572771][  T125] usb 5-1: SerialNumber: syz
[ 1298.606937][  T125] usb 5-1: config 0 descriptor??
[ 1299.733651][T17932] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[ 1299.754012][T17930] netlink: 'syz.3.3353': attribute type 1 has an invalid length.
[ 1299.762560][T17930] netlink: 'syz.3.3353': attribute type 2 has an invalid length.
[ 1299.778122][T17930] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3353'.
[ 1300.035741][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.042516][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.351974][T17944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3359'.
[ 1300.984514][ T8954] usb 5-1: USB disconnect, device number 31
[ 1302.111181][ T4282] Bluetooth: hci2: command 0x0406 tx timeout
[ 1302.493967][T17971] device syzkaller0 entered promiscuous mode
[ 1305.280391][T17986] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1305.484860][T17992] MPTCP: kernel_bind error, err=-98
[ 1305.686966][T17942] Set syz1 is full, maxelem 65536 reached
[ 1306.255072][T18001] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3374'.
[ 1307.045154][T16297] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[ 1307.264304][T18006] netlink: 'syz.0.3375': attribute type 1 has an invalid length.
[ 1307.273357][T18006] netlink: 'syz.0.3375': attribute type 2 has an invalid length.
[ 1307.347384][T16297] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1307.371032][T16297] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1307.425260][T16297] usb 2-1: config 0 has no interfaces?
[ 1307.442302][T16297] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1307.464750][T16297] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1307.476558][T16297] usb 2-1: config 0 descriptor??
[ 1308.738048][T18006] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3375'.
[ 1309.242332][T18020] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3378'.
[ 1309.389369][T18027] netlink: 'syz.3.3381': attribute type 10 has an invalid length.
[ 1309.404699][T18027] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1309.451790][T18028] tipc: Failed to remove unknown binding: 66,1,1/0:3479860550/3479860552
[ 1309.552156][T18025] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3379'.
[ 1309.692751][ T8954] usb 2-1: USB disconnect, device number 29
[ 1310.306724][T18042] trusted_key: encrypted_key: insufficient parameters specified
[ 1312.513589][T18061] netlink: 'syz.3.3389': attribute type 1 has an invalid length.
[ 1312.529696][T18061] netlink: 'syz.3.3389': attribute type 2 has an invalid length.
[ 1312.544529][T18061] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3389'.
[ 1312.728221][T18069] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[ 1313.288440][T18076] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3393'.
[ 1313.815164][T16297] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[ 1314.128687][T18087] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3396'.
[ 1314.141822][T16297] usb 5-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1314.285446][T16297] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1314.302195][T16297] usb 5-1: config 0 has no interfaces?
[ 1314.314427][T16297] usb 5-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1314.334637][T16297] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1314.369909][T16297] usb 5-1: config 0 descriptor??
[ 1314.432839][T18095] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3398'.
[ 1316.882566][T18116] trusted_key: encrypted_key: key user:syz not found
[ 1316.991304][ T8954] usb 5-1: USB disconnect, device number 32
[ 1317.296227][T18124] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3408'.
[ 1317.723250][ T8954] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1317.883131][ T8954] usb 5-1: device descriptor read/64, error -71
[ 1318.162993][ T8954] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1318.238867][T18135] kAFS: unable to lookup cell '(,c¾Ì'
[ 1319.032629][ T8954] usb 5-1: device descriptor read/64, error -71
[ 1319.163015][ T8954] usb usb5-port1: attempt power cycle
[ 1319.333964][T18143] netlink: 'syz.0.3411': attribute type 13 has an invalid length.
[ 1319.355285][T18143] gretap0: refused to change device tx_queue_len
[ 1319.362068][T18143] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1319.585060][T18148] netlink: 'syz.1.3413': attribute type 1 has an invalid length.
[ 1319.592408][ T8954] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1319.611856][T18148] netlink: 'syz.1.3413': attribute type 2 has an invalid length.
[ 1319.626078][T18148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3413'.
[ 1319.636647][ T8954] usb 5-1: device descriptor read/8, error -71
[ 1319.846660][T18148] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1319.861343][T18148] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1319.883766][T18148] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1319.899565][T18148] 8021q: adding VLAN 0 to HW filter on device team0
[ 1319.922230][ T8954] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1319.946202][T18148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1319.971185][ T8954] usb 5-1: device descriptor read/8, error -71
[ 1320.103142][ T8954] usb usb5-port1: unable to enumerate USB device
[ 1320.617027][T18162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3417'.
[ 1320.991547][  T125] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[ 1321.673633][  T125] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1321.711392][  T125] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1321.780079][  T125] usb 3-1: config 0 has no interfaces?
[ 1321.787463][  T125] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1321.799050][  T125] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1321.816959][  T125] usb 3-1: config 0 descriptor??
[ 1322.001475][T16668] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1322.192670][T16668] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1322.267433][T16668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1322.381096][T16668] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1322.444560][T16668] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1322.530671][T16668] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1322.594291][T16668] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1322.655624][T16668] usb 5-1: Manufacturer: syz
[ 1322.708127][T16668] usb 5-1: config 0 descriptor??
[ 1323.138110][T16668] appleir 0003:05AC:8243.0006: unknown main item tag 0x0
[ 1323.154299][T16668] appleir 0003:05AC:8243.0006: No inputs registered, leaving
[ 1323.220806][T16668] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[ 1323.339019][T16668] usb 5-1: USB disconnect, device number 37
[ 1323.475506][T18193] fido_id[18193]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[ 1323.906943][T15927] usb 3-1: USB disconnect, device number 21
[ 1324.165369][T18201] netlink: 'syz.4.3429': attribute type 1 has an invalid length.
[ 1324.199054][T18201] netlink: 'syz.4.3429': attribute type 2 has an invalid length.
[ 1324.230146][T18201] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3429'.
[ 1324.502999][T18201] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1324.510161][T18201] bridge0: port 2(bridge_slave_1) entered listening state
[ 1324.683201][T18201] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1324.709755][T18201] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1324.736356][T18201] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1324.765160][T18215] netlink: 'syz.1.3432': attribute type 13 has an invalid length.
[ 1324.837464][T18215] gretap0: refused to change device tx_queue_len
[ 1324.856096][T18215] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[ 1325.325801][T18222] device syzkaller1 entered promiscuous mode
[ 1330.124352][T18288] netlink: 'syz.1.3454': attribute type 1 has an invalid length.
[ 1330.134676][T18288] netlink: 'syz.1.3454': attribute type 2 has an invalid length.
[ 1330.153404][T18288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3454'.
[ 1332.555983][ T8954] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1332.767369][ T8954] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024
[ 1332.813461][ T8954] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[ 1332.848811][ T8954] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 1332.870387][ T8954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1332.891347][ T8954] usb 5-1: config 0 descriptor??
[ 1332.916185][T18324] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[ 1335.429788][T18364] netlink: 'syz.2.3470': attribute type 1 has an invalid length.
[ 1335.442800][T18364] netlink: 'syz.2.3470': attribute type 2 has an invalid length.
[ 1337.943253][T15762] Bluetooth: hci3: command 0x0406 tx timeout
[ 1350.489335][T15762] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1350.502455][T15762] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1350.512024][T15762] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1350.521432][T15762] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1350.529961][T15762] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1350.539101][T15762] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1350.791590][T15762] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1350.804803][T15762] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1350.814954][T15762] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1350.823343][T15762] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1350.833425][T15762] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[ 1350.841767][T15762] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1351.064054][T15762] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[ 1351.077583][T15762] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[ 1351.088842][T15762] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[ 1351.102394][T15762] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[ 1351.115443][T15762] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[ 1351.123843][T15762] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[ 1352.457166][ T4282] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[ 1352.471810][ T4282] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[ 1352.486335][ T4271] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[ 1352.502543][ T4271] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[ 1352.514827][ T4271] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[ 1352.524237][ T4271] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[ 1352.533081][ T4271] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[ 1352.543157][ T4271] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[ 1352.552029][ T4271] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[ 1352.560699][ T4271] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[ 1352.570480][ T4271] Bluetooth: hci4: command 0x0409 tx timeout
[ 1352.579120][ T4271] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[ 1352.588235][ T4271] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[ 1352.885796][T18400] Bluetooth: hci6: command 0x0409 tx timeout
[ 1353.205529][T18400] Bluetooth: hci7: command 0x0409 tx timeout
[ 1354.645006][T18400] Bluetooth: hci9: command 0x0409 tx timeout
[ 1354.645097][ T4282] Bluetooth: hci8: command 0x0409 tx timeout
[ 1354.652347][T18400] Bluetooth: hci4: command 0x041b tx timeout
[ 1354.974728][T18400] Bluetooth: hci6: command 0x041b tx timeout
[ 1355.047394][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[ 1355.284408][T18400] Bluetooth: hci7: command 0x041b tx timeout
[ 1356.723908][T18400] Bluetooth: hci4: command 0x040f tx timeout
[ 1356.730000][T18400] Bluetooth: hci8: command 0x041b tx timeout
[ 1356.736294][ T4271] Bluetooth: hci9: command 0x041b tx timeout
[ 1357.053705][T18400] Bluetooth: hci6: command 0x040f tx timeout
[ 1357.363484][T18400] Bluetooth: hci7: command 0x040f tx timeout
[ 1358.802851][T18400] Bluetooth: hci4: command 0x0419 tx timeout
[ 1358.809236][T18400] Bluetooth: hci8: command 0x040f tx timeout
[ 1358.815739][ T4271] Bluetooth: hci9: command 0x040f tx timeout
[ 1359.122581][T18400] Bluetooth: hci6: command 0x0419 tx timeout
[ 1359.442493][T18400] Bluetooth: hci7: command 0x0419 tx timeout
[ 1360.892460][T18400] Bluetooth: hci8: command 0x0419 tx timeout
[ 1360.899507][T18400] Bluetooth: hci9: command 0x0419 tx timeout
[ 1361.445460][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.452049][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1385.109538][    C0] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1385.116978][    C0] bridge0: topology change detected, propagating
[ 1413.333357][ T4282] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[ 1413.358123][ T4282] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[ 1413.372755][ T4282] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[ 1413.384140][ T4282] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[ 1413.392485][ T4282] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[ 1413.405467][ T4282] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[ 1413.474029][T18400] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[ 1413.490318][T18400] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[ 1413.505795][T18400] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[ 1413.514914][T18400] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[ 1413.524479][T18400] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[ 1413.533136][T18400] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[ 1414.360442][T15762] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[ 1414.385162][T15762] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[ 1414.397612][T15762] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[ 1414.424969][T15762] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[ 1414.433569][T15762] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[ 1414.441588][T15762] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[ 1414.489016][ T4271] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[ 1414.502395][ T4271] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[ 1414.512797][ T4271] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[ 1414.523431][ T4271] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[ 1414.532987][ T4271] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[ 1414.541318][ T4271] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[ 1414.595584][T15762] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[ 1414.611237][T15762] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[ 1414.621432][T15762] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[ 1414.637887][T15762] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[ 1414.646782][T15762] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[ 1414.655701][T15762] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[ 1415.494465][T15762] Bluetooth: hci10: command 0x0409 tx timeout
[ 1415.574616][T15762] Bluetooth: hci11: command 0x0409 tx timeout
[ 1416.534009][T15762] Bluetooth: hci12: command 0x0409 tx timeout
[ 1416.614033][T15762] Bluetooth: hci13: command 0x0409 tx timeout
[ 1416.693893][T15762] Bluetooth: hci14: command 0x0409 tx timeout
[ 1417.573290][T15762] Bluetooth: hci10: command 0x041b tx timeout
[ 1417.653344][T15762] Bluetooth: hci11: command 0x041b tx timeout
[ 1418.612804][T15762] Bluetooth: hci12: command 0x041b tx timeout
[ 1418.692937][T15762] Bluetooth: hci13: command 0x041b tx timeout
[ 1418.782771][T15762] Bluetooth: hci14: command 0x041b tx timeout
[ 1419.652366][T15762] Bluetooth: hci10: command 0x040f tx timeout
[ 1419.732284][T15762] Bluetooth: hci11: command 0x040f tx timeout
[ 1420.701849][T15762] Bluetooth: hci12: command 0x040f tx timeout
[ 1420.781854][T15762] Bluetooth: hci13: command 0x040f tx timeout
[ 1420.851798][T15762] Bluetooth: hci14: command 0x040f tx timeout
[ 1421.731346][T15762] Bluetooth: hci10: command 0x0419 tx timeout
[ 1421.811310][T15762] Bluetooth: hci11: command 0x0419 tx timeout
[ 1422.770832][T15762] Bluetooth: hci12: command 0x0419 tx timeout
[ 1422.850812][T15762] Bluetooth: hci13: command 0x0419 tx timeout
[ 1422.857703][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.867025][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.930571][T15762] Bluetooth: hci14: command 0x0419 tx timeout
[ 1473.793346][ T4271] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[ 1473.811218][ T4271] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[ 1473.821407][ T4271] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[ 1473.830577][ T4282] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[ 1473.838906][ T4271] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3
[ 1473.849966][ T4271] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[ 1474.008214][T15762] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[ 1474.020422][T15762] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[ 1474.031717][T18400] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[ 1474.040957][T18400] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[ 1474.049342][T18400] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3
[ 1474.057178][T18400] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[ 1474.889458][T18400] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[ 1474.906503][T18400] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[ 1474.924660][T18400] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[ 1474.936986][T18400] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[ 1474.947352][T18400] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3
[ 1474.954965][T18400] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[ 1475.040101][ T4271] Bluetooth: hci18: unexpected cc 0x0c03 length: 249 > 1
[ 1475.051799][ T4271] Bluetooth: hci18: unexpected cc 0x1003 length: 249 > 9
[ 1475.065841][ T4271] Bluetooth: hci18: unexpected cc 0x1001 length: 249 > 9
[ 1475.073897][ T4271] Bluetooth: hci18: unexpected cc 0x0c23 length: 249 > 4
[ 1475.083638][ T4282] Bluetooth: hci19: unexpected cc 0x0c03 length: 249 > 1
[ 1475.100796][ T4271] Bluetooth: hci18: unexpected cc 0x0c25 length: 249 > 3
[ 1475.104544][ T4282] Bluetooth: hci19: unexpected cc 0x1003 length: 249 > 9
[ 1475.120467][ T4282] Bluetooth: hci18: unexpected cc 0x0c38 length: 249 > 2
[ 1475.135138][T18400] Bluetooth: hci19: unexpected cc 0x1001 length: 249 > 9
[ 1475.170564][T18437] Bluetooth: hci19: unexpected cc 0x0c23 length: 249 > 4
[ 1475.179736][T18400] Bluetooth: hci19: unexpected cc 0x0c25 length: 249 > 3
[ 1475.187396][T18400] Bluetooth: hci19: unexpected cc 0x0c38 length: 249 > 2
[ 1475.944237][T18400] Bluetooth: hci15: command 0x0409 tx timeout
[ 1476.104362][T18400] Bluetooth: hci4: command 0x0406 tx timeout
[ 1476.111083][T18400] Bluetooth: hci6: command 0x0406 tx timeout
[ 1476.118820][T15762] Bluetooth: hci8: command 0x0406 tx timeout
[ 1476.128804][T18437] Bluetooth: hci9: command 0x0406 tx timeout
[ 1476.135274][ T4282] Bluetooth: hci16: command 0x0409 tx timeout
[ 1476.142830][ T4282] Bluetooth: hci7: command 0x0406 tx timeout
[ 1476.993660][T18439] Bluetooth: hci17: command 0x0409 tx timeout
[ 1477.143811][T18439] Bluetooth: hci18: command 0x0409 tx timeout
[ 1477.233922][T18439] Bluetooth: hci19: command 0x0409 tx timeout
[ 1478.023163][T18439] Bluetooth: hci15: command 0x041b tx timeout
[ 1478.193140][T18439] Bluetooth: hci16: command 0x041b tx timeout
[ 1479.062618][T18439] Bluetooth: hci17: command 0x041b tx timeout
[ 1479.222756][T18439] Bluetooth: hci18: command 0x041b tx timeout
[ 1479.302822][T18439] Bluetooth: hci19: command 0x041b tx timeout
[ 1480.102160][T18439] Bluetooth: hci15: command 0x040f tx timeout
[ 1480.272142][T18439] Bluetooth: hci16: command 0x040f tx timeout
[ 1481.141420][T18439] Bluetooth: hci17: command 0x040f tx timeout
[ 1481.301518][T18439] Bluetooth: hci18: command 0x040f tx timeout
[ 1481.391711][T18439] Bluetooth: hci19: command 0x040f tx timeout
[ 1482.181053][T18439] Bluetooth: hci15: command 0x0419 tx timeout
[ 1482.341028][T18439] Bluetooth: hci16: command 0x0419 tx timeout
[ 1483.220389][T18439] Bluetooth: hci17: command 0x0419 tx timeout
[ 1483.380606][T18439] Bluetooth: hci18: command 0x0419 tx timeout
[ 1483.460737][T18439] Bluetooth: hci19: command 0x0419 tx timeout
[ 1484.263023][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.269456][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[ 1494.495435][   T28] INFO: task kworker/u4:13:4399 blocked for more than 143 seconds.
[ 1494.503386][   T28]       Not tainted syzkaller #0
[ 1494.523294][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1494.536623][   T28] task:kworker/u4:13   state:D stack:22320 pid:4399  ppid:2      flags:0x00004000
[ 1494.573647][   T28] Workqueue: events_unbound fsnotify_mark_destroy_workfn
[ 1494.585631][   T28] Call Trace:
[ 1494.589070][   T28]  <TASK>
[ 1494.592181][   T28]  __schedule+0x11d1/0x40e0
[ 1494.660875][   T28]  ? __sched_text_start+0x8/0x8
[ 1494.681077][   T28]  ? kthread_data+0x4b/0xc0
[ 1494.698478][   T28]  ? wq_worker_sleeping+0x60/0x280
[ 1494.703884][   T28]  schedule+0xb9/0x180
[ 1494.733925][   T28]  schedule_timeout+0xbd/0x2d0
[ 1494.749757][   T28]  ? console_conditional_schedule+0x40/0x40
[ 1494.771803][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1494.797926][   T28]  ? lock_chain_count+0x20/0x20
[ 1494.802937][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1494.840022][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1494.850863][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1494.865483][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1494.870897][   T28]  ? wait_for_completion+0x276/0x5a0
[ 1494.889623][   T28]  wait_for_completion+0x2c7/0x5a0
[ 1494.904694][   T28]  ? io_schedule+0xd0/0xd0
[ 1494.909187][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1494.926804][   T28]  ? debug_object_active_state+0x6a/0x380
[ 1494.932937][   T28]  __synchronize_srcu+0x2b9/0x350
[ 1494.967474][   T28]  ? synchronize_srcu_expedited+0x20/0x20
[ 1494.973361][   T28]  ? rcu_read_lock_any_held+0x130/0x130
[ 1495.007578][   T28]  ? __rwlock_init+0x140/0x140
[ 1495.012583][   T28]  ? ktime_get_mono_fast_ns+0x199/0x1b0
[ 1495.026810][   T28]  ? synchronize_srcu+0x192/0x1b0
[ 1495.031897][   T28]  ? process_one_work+0x7b0/0x1160
[ 1495.048631][   T28]  fsnotify_mark_destroy_workfn+0x106/0x2f0
[ 1495.065796][   T28]  ? fsnotify_connector_destroy_workfn+0xa0/0xa0
[ 1495.072630][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1495.089152][   T28]  ? process_one_work+0x7b0/0x1160
[ 1495.100793][   T28]  process_one_work+0x8a2/0x1160
[ 1495.114207][   T28]  ? worker_detach_from_pool+0x240/0x240
[ 1495.128850][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1495.134030][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1495.154042][   T28]  ? kthread_data+0x4b/0xc0
[ 1495.163593][   T28]  worker_thread+0xaa2/0x1270
[ 1495.177596][   T28]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 1495.183568][   T28]  ? __kthread_parkme+0x162/0x1c0
[ 1495.200955][   T28]  kthread+0x29d/0x330
[ 1495.212030][   T28]  ? worker_clr_flags+0x1a0/0x1a0
[ 1495.224539][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1495.229457][   T28]  ret_from_fork+0x1f/0x30
[ 1495.233950][   T28]  </TASK>
[ 1495.249594][   T28] INFO: task kworker/u4:4:15952 blocked for more than 144 seconds.
[ 1495.269637][   T28]       Not tainted syzkaller #0
[ 1495.281556][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1495.299634][   T28] task:kworker/u4:4    state:D stack:24664 pid:15952 ppid:2      flags:0x00004000
[ 1495.314160][   T28] Workqueue: events_unbound fsnotify_connector_destroy_workfn
[ 1495.323837][   T28] Call Trace:
[ 1495.333556][   T28]  <TASK>
[ 1495.337221][   T28]  __schedule+0x11d1/0x40e0
[ 1495.343620][   T28]  ? __sched_text_start+0x8/0x8
[ 1495.368225][   T28]  ? kthread_data+0x4b/0xc0
[ 1495.373155][   T28]  ? wq_worker_sleeping+0x60/0x280
[ 1495.392940][   T28]  schedule+0xb9/0x180
[ 1495.405519][   T28]  schedule_timeout+0xbd/0x2d0
[ 1495.410991][   T28]  ? console_conditional_schedule+0x40/0x40
[ 1495.429083][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1495.445827][   T28]  ? lock_chain_count+0x20/0x20
[ 1495.451385][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1495.469958][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1495.483880][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1495.495137][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1495.501976][   T28]  ? wait_for_completion+0x276/0x5a0
[ 1495.519105][   T28]  wait_for_completion+0x2c7/0x5a0
[ 1495.532263][   T28]  ? io_schedule+0xd0/0xd0
[ 1495.541821][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1495.557461][   T28]  ? debug_object_active_state+0x6a/0x380
[ 1495.563878][   T28]  __synchronize_srcu+0x2b9/0x350
[ 1495.580120][   T28]  ? synchronize_srcu_expedited+0x20/0x20
[ 1495.590256][   T28]  ? rcu_read_lock_any_held+0x130/0x130
[ 1495.600456][   T28]  ? __rwlock_init+0x140/0x140
[ 1495.609497][   T28]  ? ktime_get_mono_fast_ns+0x199/0x1b0
[ 1495.619005][   T28]  ? synchronize_srcu+0x192/0x1b0
[ 1495.628522][   T28]  ? process_one_work+0x7b0/0x1160
[ 1495.633811][   T28]  fsnotify_connector_destroy_workfn+0x40/0xa0
[ 1495.646990][   T28]  ? process_one_work+0x7b0/0x1160
[ 1495.652252][   T28]  process_one_work+0x8a2/0x1160
[ 1495.667329][   T28]  ? worker_detach_from_pool+0x240/0x240
[ 1495.677656][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1495.682833][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1495.695744][   T28]  ? kthread_data+0x4b/0xc0
[ 1495.700408][   T28]  worker_thread+0xaa2/0x1270
[ 1495.723698][   T28]  ? __kthread_parkme+0x162/0x1c0
[ 1495.738494][   T28]  kthread+0x29d/0x330
[ 1495.742924][   T28]  ? worker_clr_flags+0x1a0/0x1a0
[ 1495.759888][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1495.769840][   T28]  ret_from_fork+0x1f/0x30
[ 1495.780099][   T28]  </TASK>
[ 1495.789179][   T28] INFO: task kworker/1:2:16031 blocked for more than 144 seconds.
[ 1495.801678][   T28]       Not tainted syzkaller #0
[ 1495.812077][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1495.826365][   T28] task:kworker/1:2     state:D stack:24016 pid:16031 ppid:2      flags:0x00004000
[ 1495.840622][   T28] Workqueue: ipv6_addrconf addrconf_verify_work
[ 1495.851487][   T28] Call Trace:
[ 1495.859319][   T28]  <TASK>
[ 1495.862305][   T28]  __schedule+0x11d1/0x40e0
[ 1495.879627][   T28]  ? __sched_text_start+0x8/0x8
[ 1495.890432][   T28]  ? __mutex_trylock_common+0x86/0x260
[ 1495.906387][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1495.913120][   T28]  schedule+0xb9/0x180
[ 1495.931263][   T28]  schedule_preempt_disabled+0xf/0x20
[ 1495.953533][   T28]  __mutex_lock+0x562/0xaf0
[ 1495.962288][   T28]  ? __mutex_lock+0x3b2/0xaf0
[ 1495.975944][   T28]  ? addrconf_verify_work+0x15/0x30
[ 1495.982023][   T28]  ? mutex_lock_nested+0x10/0x10
[ 1496.002045][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1496.019553][   T28]  ? read_lock_is_recursive+0x10/0x10
[ 1496.031451][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1496.047592][   T28]  ? _raw_spin_unlock+0x40/0x40
[ 1496.053841][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1496.072361][   T28]  ? process_one_work+0x7b0/0x1160
[ 1496.089666][   T28]  addrconf_verify_work+0x15/0x30
[ 1496.110632][   T28]  process_one_work+0x8a2/0x1160
[ 1496.123083][   T28]  ? worker_detach_from_pool+0x240/0x240
[ 1496.139592][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1496.150874][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1496.164451][   T28]  ? kthread_data+0x4b/0xc0
[ 1496.169915][   T28]  worker_thread+0xaa2/0x1270
[ 1496.188453][   T28]  ? __kthread_parkme+0x162/0x1c0
[ 1496.202567][   T28]  kthread+0x29d/0x330
[ 1496.213405][   T28]  ? worker_clr_flags+0x1a0/0x1a0
[ 1496.226659][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1496.231551][   T28]  ret_from_fork+0x1f/0x30
[ 1496.247309][   T28]  </TASK>
[ 1496.251037][   T28] INFO: task syz.3.3464:18325 blocked for more than 145 seconds.
[ 1496.272935][   T28]       Not tainted syzkaller #0
[ 1496.282845][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1496.303514][   T28] task:syz.3.3464      state:D stack:22928 pid:18325 ppid:16265  flags:0x00004004
[ 1496.324288][   T28] Call Trace:
[ 1496.329130][   T28]  <TASK>
[ 1496.333076][   T28]  __schedule+0x11d1/0x40e0
[ 1496.353637][   T28]  ? __sched_text_start+0x8/0x8
[ 1496.366204][   T28]  ? __update_load_avg_cfs_rq+0x6f5/0xc20
[ 1496.373358][   T28]  schedule+0xb9/0x180
[ 1496.390818][   T28]  schedule_timeout+0xbd/0x2d0
[ 1496.403530][   T28]  ? console_conditional_schedule+0x40/0x40
[ 1496.416542][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1496.423324][   T28]  ? lock_chain_count+0x20/0x20
[ 1496.440575][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1496.452912][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1496.469526][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1496.481716][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1496.496651][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1496.502383][   T28]  ? wait_for_completion+0x276/0x5a0
[ 1496.520123][   T28]  wait_for_completion+0x2c7/0x5a0
[ 1496.531893][   T28]  ? io_schedule+0xd0/0xd0
[ 1496.546565][   T28]  ? try_to_wake_up+0x67c/0x1080
[ 1496.552294][   T28]  kthread_stop+0x197/0x650
[ 1496.567724][   T28]  kvm_put_kvm+0x325/0x1950
[ 1496.584690][   T28]  ? kvm_vm_compat_ioctl+0x3a0/0x3a0
[ 1496.590753][   T28]  kvm_vm_release+0x42/0x50
[ 1496.607649][   T28]  __fput+0x22c/0x920
[ 1496.611966][   T28]  task_work_run+0x1d0/0x260
[ 1496.627948][   T28]  ? task_work_cancel+0x220/0x220
[ 1496.633311][   T28]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1496.649536][   T28]  exit_to_user_mode_loop+0xe6/0x110
[ 1496.662390][   T28]  exit_to_user_mode_prepare+0xee/0x180
[ 1496.677550][   T28]  syscall_exit_to_user_mode+0x16/0x40
[ 1496.683366][   T28]  do_syscall_64+0x58/0xa0
[ 1496.701529][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1496.713391][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1496.728998][   T28]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1496.742117][   T28] RIP: 0033:0x7fb3ead9c799
[ 1496.756369][   T28] RSP: 002b:00007ffea6ffab98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1496.777669][   T28] RAX: 0000000000000000 RBX: 00007fb3eb017da0 RCX: 00007fb3ead9c799
[ 1496.796851][   T28] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1496.815816][   T28] RBP: 00007fb3eb017da0 R08: 0000000000000006 R09: 0000000000000000
[ 1496.837538][   T28] R10: 00007fb3eb017cb0 R11: 0000000000000246 R12: 0000000000145fa1
[ 1496.853517][   T28] R13: 00007fb3eb01627c R14: 0000000000145f57 R15: 00007fb3eb016270
[ 1496.861764][   T28]  </TASK>
[ 1496.883515][   T28] INFO: task syz.3.3464:18331 blocked for more than 145 seconds.
[ 1496.891566][   T28]       Not tainted syzkaller #0
[ 1496.938532][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1496.958540][   T28] task:syz.3.3464      state:D stack:24472 pid:18331 ppid:16265  flags:0x00004004
[ 1496.983506][   T28] Call Trace:
[ 1496.986950][   T28]  <TASK>
[ 1496.990069][   T28]  __schedule+0x11d1/0x40e0
[ 1497.018701][   T28]  ? __sched_text_start+0x8/0x8
[ 1497.029638][   T28]  schedule+0xb9/0x180
[ 1497.063569][   T28]  schedule_timeout+0xbd/0x2d0
[ 1497.068405][   T28]  ? console_conditional_schedule+0x40/0x40
[ 1497.093586][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1497.100084][   T28]  ? lock_chain_count+0x20/0x20
[ 1497.123582][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1497.129025][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1497.168312][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1497.173966][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1497.179385][   T28]  ? wait_for_completion+0x276/0x5a0
[ 1497.203346][   T28]  wait_for_completion+0x2c7/0x5a0
[ 1497.209229][   T28]  ? io_schedule+0xd0/0xd0
[ 1497.239035][   T28]  ? try_to_wake_up+0x67c/0x1080
[ 1497.244205][   T28]  kvm_vm_create_worker_thread+0x19c/0x270
[ 1497.250181][   T28]  ? kvm_mmu_post_init_vm+0x90/0x90
[ 1497.273317][   T28]  ? hardware_disable_nolock+0x160/0x160
[ 1497.279642][   T28]  ? kvm_create_vm_debugfs+0x898/0x980
[ 1497.290321][   T28]  ? kvm_mmu_post_init_vm+0x90/0x90
[ 1497.295643][   T28]  ? __raw_spin_lock_init+0x41/0x100
[ 1497.300973][   T28]  kvm_mmu_post_init_vm+0x3e/0x90
[ 1497.311666][   T28]  kvm_dev_ioctl+0x1444/0x1800
[ 1497.316578][   T28]  ? hardware_enable_nolock+0x220/0x220
[ 1497.322439][   T28]  ? bpf_lsm_file_ioctl+0x5/0x10
[ 1497.332772][   T28]  ? security_file_ioctl+0x7c/0xa0
[ 1497.338174][   T28]  ? hardware_enable_nolock+0x220/0x220
[ 1497.349927][   T28]  __se_sys_ioctl+0xfa/0x170
[ 1497.354675][   T28]  do_syscall_64+0x4c/0xa0
[ 1497.359218][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1497.369408][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1497.374259][   T28]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1497.380522][   T28] RIP: 0033:0x7fb3ead9c799
[ 1497.403253][   T28] RSP: 002b:00007fb3ebc1c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1497.423873][   T28] RAX: ffffffffffffffda RBX: 00007fb3eb016180 RCX: 00007fb3ead9c799
[ 1497.432101][   T28] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 000000000000000c
[ 1497.483346][   T28] RBP: 00007fb3eae32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1497.491508][   T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1497.523229][   T28] R13: 00007fb3eb016218 R14: 00007fb3eb016180 R15: 00007ffea6ffaa38
[ 1497.531293][   T28]  </TASK>
[ 1497.557331][   T28] INFO: task kvm-nx-lpage-re:18332 blocked for more than 146 seconds.
[ 1497.594453][   T28]       Not tainted syzkaller #0
[ 1497.599548][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1497.627167][   T28] task:kvm-nx-lpage-re state:D stack:28784 pid:18332 ppid:2      flags:0x00024000
[ 1497.643205][   T28] Call Trace:
[ 1497.646537][   T28]  <TASK>
[ 1497.649485][   T28]  __schedule+0x11d1/0x40e0
[ 1497.663155][   T28]  ? __sched_text_start+0x8/0x8
[ 1497.668097][   T28]  ? __mutex_trylock_common+0x86/0x260
[ 1497.694144][   T28]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1497.700468][   T28]  schedule+0xb9/0x180
[ 1497.717844][   T28]  schedule_preempt_disabled+0xf/0x20
[ 1497.748330][   T28]  __mutex_lock+0x562/0xaf0
[ 1497.753073][   T28]  ? __mutex_lock+0x3b2/0xaf0
[ 1497.758080][   T28]  ? cgroup_attach_task_all+0x22/0xe0
[ 1497.789152][   T28]  ? mutex_lock_nested+0x10/0x10
[ 1497.794301][   T28]  ? __lock_acquire+0x7d10/0x7d10
[ 1497.799969][   T28]  ? kvm_vm_worker_thread+0x181/0x540
[ 1497.820230][   T28]  cgroup_attach_task_all+0x22/0xe0
[ 1497.838609][   T28]  ? kvm_vm_worker_thread+0x181/0x540
[ 1497.853327][   T28]  kvm_vm_worker_thread+0x38a/0x540
[ 1497.858874][   T28]  ? kvm_mmu_post_init_vm+0x90/0x90
[ 1497.888095][   T28]  kthread+0x29d/0x330
[ 1497.892278][   T28]  ? kvm_vm_create_worker_thread+0x270/0x270
[ 1497.907078][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1497.911765][   T28]  ret_from_fork+0x1f/0x30
[ 1497.938164][   T28]  </TASK>
[ 1497.941420][   T28] INFO: task syz.0.3467:18338 blocked for more than 146 seconds.
[ 1497.968432][   T28]       Not tainted syzkaller #0
[ 1497.973579][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1497.982349][   T28] task:syz.0.3467      state:D stack:25424 pid:18338 ppid:16537  flags:0x00004004
[ 1498.021265][   T28] Call Trace:
[ 1498.047981][   T28]  <TASK>
[ 1498.051240][   T28]  __schedule+0x11d1/0x40e0
[ 1498.056062][   T28]  ? __sched_text_start+0x8/0x8
[ 1498.060934][   T28]  ? wq_worker_last_func+0x40/0x40
[ 1498.088593][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1498.095150][   T28]  ? prepare_to_wait_event+0x430/0x470
[ 1498.100987][   T28]  schedule+0xb9/0x180
[ 1498.128923][   T28]  synchronize_rcu_expedited+0x6e6/0x890
[ 1498.134752][   T28]  ? synchronize_rcu+0x3f0/0x3f0
[ 1498.139734][   T28]  ? sync_rcu_exp_done_unlocked+0x140/0x140
[ 1498.176379][   T28]  ? __might_sleep+0xd0/0xd0
[ 1498.181141][   T28]  ? wake_bit_function+0x200/0x200
[ 1498.208159][   T28]  dev_deactivate_many+0x635/0xcb0
[ 1498.213544][   T28]  ? kernel_text_address+0x9c/0xd0
[ 1498.218871][   T28]  __dev_close_many+0x162/0x2b0
[ 1498.248723][   T28]  ? dev_close_many+0x400/0x400
[ 1498.262821][   T28]  ? stack_trace_save+0xa6/0xf0
[ 1498.267878][   T28]  dev_close_many+0x21f/0x400
[ 1498.272688][   T28]  ? __dev_open+0x430/0x430
[ 1498.292981][   T28]  unregister_netdevice_many+0x487/0x1930
[ 1498.299104][   T28]  ? __mutex_trylock_common+0x155/0x260
[ 1498.322634][   T28]  ? alloc_netdev_mqs+0xf00/0xf00
[ 1498.339773][   T28]  ? trace_contention_end+0x5f/0x170
[ 1498.368514][   T28]  ? __mutex_lock+0x1ab/0xaf0
[ 1498.375222][   T28]  unregister_netdevice_queue+0x324/0x370
[ 1498.381189][   T28]  ? list_netdevice+0x6c0/0x6c0
[ 1498.402768][   T28]  ppp_release+0xec/0x1f0
[ 1498.407808][   T28]  ? ppp_open+0x70/0x70
[ 1498.412186][   T28]  __fput+0x22c/0x920
[ 1498.452732][   T28]  task_work_run+0x1d0/0x260
[ 1498.457503][   T28]  ? task_work_cancel+0x220/0x220
[ 1498.468526][   T28]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1498.482704][   T28]  exit_to_user_mode_loop+0xe6/0x110
[ 1498.488158][   T28]  exit_to_user_mode_prepare+0xee/0x180
[ 1498.517570][   T28]  syscall_exit_to_user_mode+0x16/0x40
[ 1498.523228][   T28]  do_syscall_64+0x58/0xa0
[ 1498.527760][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1498.532456][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1498.577560][   T28]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1498.584413][   T28] RIP: 0033:0x7f7b71d9c799
[ 1498.588964][   T28] RSP: 002b:00007ffe455f0ad8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1498.612647][   T28] RAX: 0000000000000000 RBX: 00007f7b72017da0 RCX: 00007f7b71d9c799
[ 1498.620950][   T28] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1498.654662][   T28] RBP: 00007f7b72017da0 R08: 0000000000000006 R09: 0000000000000000
[ 1498.684565][   T28] R10: 00007f7b72017cb0 R11: 0000000000000246 R12: 0000000000145a1c
[ 1498.704751][   T28] R13: 00007f7b7201618c R14: 00000000001457c5 R15: 00007f7b72016180
[ 1498.722591][   T28]  </TASK>
[ 1498.725687][   T28] INFO: task kvm-nx-lpage-re:18356 blocked for more than 147 seconds.
[ 1498.753343][   T28]       Not tainted syzkaller #0
[ 1498.758345][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1498.797897][   T28] task:kvm-nx-lpage-re state:D stack:28752 pid:18356 ppid:2      flags:0x00004000
[ 1498.817423][   T28] Call Trace:
[ 1498.820757][   T28]  <TASK>
[ 1498.837482][   T28]  __schedule+0x11d1/0x40e0
[ 1498.842107][   T28]  ? __sched_text_start+0x8/0x8
[ 1498.857379][   T28]  ? kasan_check_range+0x7d/0x290
[ 1498.862615][   T28]  schedule+0xb9/0x180
[ 1498.866891][   T28]  schedule_preempt_disabled+0xf/0x20
[ 1498.872386][   T28]  __mutex_lock+0x562/0xaf0
[ 1498.907417][   T28]  ? __mutex_lock+0x3b2/0xaf0
[ 1498.912261][   T28]  ? synchronize_rcu_expedited+0x3c0/0x890
[ 1498.937474][   T28]  ? mutex_lock_nested+0x10/0x10
[ 1498.942572][   T28]  ? do_raw_spin_lock+0x128/0x2f0
[ 1498.972467][   T28]  ? __rwlock_init+0x140/0x140
[ 1498.977413][   T28]  ? do_raw_spin_unlock+0x11d/0x230
[ 1499.002445][   T28]  synchronize_rcu_expedited+0x3c0/0x890
[ 1499.008512][   T28]  ? synchronize_rcu+0x3f0/0x3f0
[ 1499.037197][   T28]  ? mark_lock+0x94/0x320
[ 1499.041703][   T28]  ? __lock_acquire+0x13cf/0x7d10
[ 1499.069963][   T28]  ? __lock_acquire+0x13cf/0x7d10
[ 1499.075162][   T28]  synchronize_rcu+0x128/0x3f0
[ 1499.080150][   T28]  ? schedule_delayed_monitor_work+0x160/0x160
[ 1499.107388][   T28]  ? mark_lock+0x94/0x320
[ 1499.111810][   T28]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1499.138340][   T28]  ? lock_chain_count+0x20/0x20
[ 1499.143533][   T28]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1499.148618][   T28]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1499.182364][   T28]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1499.189571][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1499.232354][   T28]  rcu_sync_enter+0x221/0x350
[ 1499.237219][   T28]  ? rcu_sync_enter_start+0x80/0x80
[ 1499.247447][   T28]  ? read_lock_is_recursive+0x10/0x10
[ 1499.262342][   T28]  ? rcu_is_watching+0x11/0xa0
[ 1499.267802][   T28]  percpu_down_write+0x69/0x2f0
[ 1499.282314][   T28]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1499.288358][   T28]  cgroup_attach_task_all+0x2c/0xe0
[ 1499.312293][   T28]  kvm_vm_worker_thread+0xce/0x540
[ 1499.317996][   T28]  ? kvm_mmu_post_init_vm+0x90/0x90
[ 1499.332301][   T28]  kthread+0x29d/0x330
[ 1499.336658][   T28]  ? kvm_vm_create_worker_thread+0x270/0x270
[ 1499.357576][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1499.363171][   T28]  ret_from_fork+0x1f/0x30
[ 1499.368177][   T28]  </TASK>
[ 1499.371259][   T28] INFO: task syz.2.3470:18364 blocked for more than 148 seconds.
[ 1499.427136][   T28]       Not tainted syzkaller #0
[ 1499.432348][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1499.441476][   T28] task:syz.2.3470      state:D stack:23632 pid:18364 ppid:15759  flags:0x00004004
[ 1499.497119][   T28] Call Trace:
[ 1499.500460][   T28]  <TASK>
[ 1499.503445][   T28]  __schedule+0x11d1/0x40e0
[ 1499.508005][   T28]  ? __sched_text_start+0x8/0x8
[ 1499.537010][   T28]  ? __mutex_trylock_common+0x86/0x260
[ 1499.542913][   T28]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1499.549294][   T28]  schedule+0xb9/0x180
[ 1499.572185][   T28]  schedule_preempt_disabled+0xf/0x20
[ 1499.578379][   T28]  __mutex_lock+0x562/0xaf0
[ 1499.602186][   T28]  ? __mutex_lock+0x3b2/0xaf0
[ 1499.607043][   T28]  ? rtnetlink_rcv_msg+0x824/0xfc0
[ 1499.667489][   T28]  ? mutex_lock_nested+0x10/0x10
[ 1499.692239][   T28]  ? rtnetlink_rcv_msg+0x226/0xfc0
[ 1499.697786][   T28]  rtnetlink_rcv_msg+0x824/0xfc0
[ 1499.732137][   T28]  ? rtnetlink_bind+0x80/0x80
[ 1499.737082][   T28]  ? mark_lock+0x94/0x320
[ 1499.741895][   T28]  ? __lock_acquire+0x12f4/0x7d10
[ 1499.762239][   T28]  ? verify_lock_unused+0x140/0x140
[ 1499.767740][   T28]  ? verify_lock_unused+0x140/0x140
[ 1499.802167][   T28]  ? __sched_text_start+0x8/0x8
[ 1499.807221][   T28]  ? lock_chain_count+0x20/0x20
[ 1499.842061][   T28]  netlink_rcv_skb+0x1fb/0x450
[ 1499.847177][   T28]  ? rtnetlink_bind+0x80/0x80
[ 1499.872166][   T28]  ? netlink_ack+0x1170/0x1170
[ 1499.878183][   T28]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1499.922184][   T28]  netlink_unicast+0x74d/0x8d0
[ 1499.927936][   T28]  netlink_sendmsg+0x8ad/0xbd0
[ 1499.942153][   T28]  ? netlink_getsockopt+0x550/0x550
[ 1499.947828][   T28]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[ 1499.982122][   T28]  ? aa_sock_msg_perm+0x94/0x150
[ 1499.987232][   T28]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[ 1500.012125][   T28]  ? security_socket_sendmsg+0x7c/0xa0
[ 1500.017820][   T28]  ? netlink_getsockopt+0x550/0x550
[ 1500.072050][   T28]  ____sys_sendmsg+0x5be/0x970
[ 1500.077200][   T28]  ? __sanitizer_cov_trace_const_cmp8+0x4/0x80
[ 1500.102328][   T28]  ? __sys_sendmsg_sock+0x30/0x30
[ 1500.107539][   T28]  ? __import_iovec+0x315/0x500
[ 1500.142036][   T28]  ? import_iovec+0x6f/0xa0
[ 1500.146903][   T28]  ___sys_sendmsg+0x2a2/0x360
[ 1500.151624][   T28]  ? __sys_sendmsg+0x290/0x290
[ 1500.191963][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1500.197371][   T28]  __se_sys_sendmsg+0x1bb/0x2a0
[ 1500.221969][   T28]  ? __x64_sys_sendmsg+0x80/0x80
[ 1500.227361][   T28]  ? lockdep_hardirqs_on+0x94/0x140
[ 1500.262089][   T28]  do_syscall_64+0x4c/0xa0
[ 1500.266605][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1500.271586][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1500.302061][   T28]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1500.308236][   T28] RIP: 0033:0x7f7e78f9c799
[ 1500.321804][   T28] RSP: 002b:00007f7e79e18028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1500.341814][   T28] RAX: ffffffffffffffda RBX: 00007f7e79216180 RCX: 00007f7e78f9c799
[ 1500.361789][   T28] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000a
[ 1500.371367][   T28] RBP: 00007f7e79032c99 R08: 0000000000000000 R09: 0000000000000000
[ 1500.421872][   T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1500.430559][   T28] R13: 00007f7e79216218 R14: 00007f7e79216180 R15: 00007ffc0f05b928
[ 1500.471831][   T28]  </TASK>
[ 1500.481745][   T28] INFO: task syz.2.3470:18365 blocked for more than 149 seconds.
[ 1500.490453][   T28]       Not tainted syzkaller #0
[ 1500.511773][   T28] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1500.521147][   T28] task:syz.2.3470      state:D stack:28080 pid:18365 ppid:15759  flags:0x00004006
[ 1500.551721][   T28] Call Trace:
[ 1500.555067][   T28]  <TASK>
[ 1500.558100][   T28]  __schedule+0x11d1/0x40e0
[ 1500.591672][   T28]  ? __sched_text_start+0x8/0x8
[ 1500.598237][   T28]  ? do_raw_spin_lock+0x128/0x2f0
[ 1500.631694][   T28]  ? prepare_to_wait_event+0x430/0x470
[ 1500.637636][   T28]  schedule+0xb9/0x180
[ 1500.661692][   T28]  synchronize_rcu_expedited+0x7ad/0x890
[ 1500.667728][   T28]  ? synchronize_rcu+0x3f0/0x3f0
[ 1500.681890][   T28]  ? wake_bit_function+0x200/0x200
[ 1500.687673][   T28]  ? packet_release+0x966/0xc00
[ 1500.711651][   T28]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[ 1500.717803][   T28]  ? __might_sleep+0xd0/0xd0
[ 1500.731662][   T28]  ? mutex_unlock+0x10/0x10
[ 1500.736361][   T28]  ? __local_bh_enable_ip+0x136/0x1c0
[ 1500.761623][   T28]  ? _local_bh_enable+0xa0/0xa0
[ 1500.766687][   T28]  packet_release+0x96b/0xc00
[ 1500.781579][   T28]  sock_close+0xd5/0x240
[ 1500.787226][   T28]  ? sock_mmap+0x90/0x90
[ 1500.801549][   T28]  __fput+0x22c/0x920
[ 1500.805803][   T28]  task_work_run+0x1d0/0x260
[ 1500.811057][   T28]  ? task_work_cancel+0x220/0x220
[ 1500.831545][   T28]  ? kick_process+0xd4/0x140
[ 1500.836610][   T28]  get_signal+0x11a6/0x1350
[ 1500.841184][   T28]  ? __ia32_sys_pidfd_getfd+0x80/0x80
[ 1500.861560][   T28]  ? fput+0x157/0x1a0
[ 1500.866133][   T28]  arch_do_signal_or_restart+0xc4/0x1350
[ 1500.891580][   T28]  ? __sys_recvmmsg+0x290/0x290
[ 1500.897333][   T28]  ? preempt_schedule_common+0xa5/0xd0
[ 1500.911493][   T28]  ? preempt_schedule+0xbc/0xd0
[ 1500.916807][   T28]  ? get_sigframe_size+0x10/0x10
[ 1500.931508][   T28]  ? preempt_schedule_thunk+0x16/0x18
[ 1500.937252][   T28]  ? __x64_sys_recvmmsg+0x195/0x250
[ 1500.951476][   T28]  ? exit_to_user_mode_loop+0x3b/0x110
[ 1500.957398][   T28]  exit_to_user_mode_loop+0x70/0x110
[ 1500.981560][   T28]  exit_to_user_mode_prepare+0xee/0x180
[ 1500.987658][   T28]  syscall_exit_to_user_mode+0x16/0x40
[ 1501.001491][   T28]  do_syscall_64+0x58/0xa0
[ 1501.006741][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1501.021437][   T28]  ? clear_bhb_loop+0x60/0xb0
[ 1501.026486][   T28]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1501.052278][   T28] RIP: 0033:0x7f7e78f9c799
[ 1501.057113][   T28] RSP: 002b:00007f7e79df7028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1501.081405][   T28] RAX: fffffffffffffe00 RBX: 00007f7e79216270 RCX: 00007f7e78f9c799
[ 1501.111385][   T28] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000008
[ 1501.119607][   T28] RBP: 00007f7e79032c99 R08: 0000000000000000 R09: 0000000000000000
[ 1501.154465][   T28] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1501.171351][   T28] R13: 00007f7e79216308 R14: 00007f7e79216270 R15: 00007ffc0f05b928
[ 1501.180629][   T28]  </TASK>
[ 1501.201565][   T28] 
[ 1501.201565][   T28] Showing all locks held in the system:
[ 1501.209715][   T28] 1 lock held by rcu_tasks_kthre/12:
[ 1501.231412][   T28]  #0: ffffffff8cb2dfb0 (rcu_tasks.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00
[ 1501.251317][   T28] 1 lock held by rcu_tasks_trace/13:
[ 1501.257182][   T28]  #0: ffffffff8cb2e7d0 (rcu_tasks_trace.tasks_gp_mutex){+.+.}-{3:3}, at: rcu_tasks_one_gp+0x33/0xf00
[ 1501.281434][   T28] 1 lock held by khungtaskd/28:
[ 1501.286381][   T28]  #0: ffffffff8cb2d620 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x51/0x290
[ 1501.321320][   T28] 1 lock held by klogd/3627:
[ 1501.326387][   T28] 2 locks held by getty/4029:
[ 1501.341286][   T28]  #0: ffff88803045a098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70
[ 1501.361267][   T28]  #1: ffffc9000327b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x429/0x1390
[ 1501.391260][   T28] 2 locks held by kworker/u4:13/4399:
[ 1501.397974][   T28]  #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.421241][   T28]  #1: ffffc900046ffd00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.441226][   T28] 8 locks held by kworker/0:1/8954:
[ 1501.446758][   T28] 2 locks held by kworker/u4:4/15952:
[ 1501.471202][   T28]  #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.491195][   T28]  #1: ffffc900039c7d00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.511183][   T28] 3 locks held by kworker/1:2/16031:
[ 1501.516724][   T28]  #0: ffff88814ce23138 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.571183][   T28]  #1: ffffc90003bdfd00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.631168][   T28]  #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x15/0x30
[ 1501.661209][   T28] 3 locks held by kworker/u4:5/17507:
[ 1501.667114][   T28]  #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.721426][   T28]  #1: ffffc900055b7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160
[ 1501.761192][   T28]  #2: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50
[ 1501.791072][   T28] 1 lock held by kvm-nx-lpage-re/18332:
[ 1501.796977][   T28]  #0: ffffffff8cb56068 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x22/0xe0
[ 1501.851103][   T28] 2 locks held by syz.0.3467/18338:
[ 1501.856906][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_release+0x86/0x1f0
[ 1501.904939][   T28]  #1: ffffffff8cb332f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2ec/0x890
[ 1501.941220][   T28] 4 locks held by kvm-nx-lpage-re/18356:
[ 1501.947460][   T28]  #0: ffffffff8cb56068 (cgroup_mutex){+.+.}-{3:3}, at: cgroup_attach_task_all+0x22/0xe0
[ 1501.975256][   T28]  #1: ffffffff8c9c9ef0 (cpu_hotplug_lock){++++}-{0:0}, at: cgroup_attach_lock+0xd/0x30
[ 1501.993021][   T28]  #2: ffffffff8cb56250 (cgroup_threadgroup_rwsem){++++}-{0:0}, at: cgroup_attach_task_all+0x2c/0xe0
[ 1502.026999][   T28]  #3: ffffffff8cb332f8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3c0/0x890
[ 1502.058152][   T28] 1 lock held by syz.2.3470/18364:
[ 1502.073395][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.109816][   T28] 1 lock held by syz.2.3470/18365:
[ 1502.116916][   T28]  #0: ffff8880718f7410 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x90/0x240
[ 1502.133096][   T28] 1 lock held by syz.4.3472/18369:
[ 1502.138541][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: __tun_chr_ioctl+0x3fc/0x1e60
[ 1502.154032][   T28] 1 lock held by syz.4.3472/18370:
[ 1502.159470][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.196678][   T28] 1 lock held by syz.4.3472/18371:
[ 1502.213897][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.236652][   T28] 1 lock held by syz.1.3473/18380:
[ 1502.248180][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.269047][   T28] 1 lock held by syz-executor/18384:
[ 1502.280666][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.309980][   T28] 1 lock held by syz-executor/18390:
[ 1502.322697][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.355159][   T28] 1 lock held by syz-executor/18392:
[ 1502.373234][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.403777][   T28] 1 lock held by syz-executor/18396:
[ 1502.410036][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.440111][   T28] 1 lock held by syz-executor/18398:
[ 1502.452245][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.480294][   T28] 1 lock held by dhcpcd/18401:
[ 1502.520856][   T28]  #0: ffff88807849c130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0
[ 1502.560873][   T28] 1 lock held by dhcpcd/18402:
[ 1502.566905][   T28]  #0: ffff888140a1a130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0
[ 1502.617462][   T28] 1 lock held by dhcpcd/18403:
[ 1502.631343][   T28]  #0: ffff88801eaea130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0
[ 1502.680858][   T28] 1 lock held by dhcpcd/18404:
[ 1502.688881][   T28]  #0: ffff8881a7cee130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xce0
[ 1502.743734][   T28] 1 lock held by syz-executor/18407:
[ 1502.769241][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.803786][   T28] 1 lock held by syz-executor/18409:
[ 1502.826948][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.852866][   T28] 1 lock held by syz-executor/18416:
[ 1502.859436][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.891594][   T28] 1 lock held by syz-executor/18418:
[ 1502.898979][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.930544][   T28] 1 lock held by syz-executor/18420:
[ 1502.936964][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1502.973201][   T28] 1 lock held by syz-executor/18424:
[ 1502.979375][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1503.016825][   T28] 1 lock held by syz-executor/18427:
[ 1503.035338][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1503.055851][   T28] 1 lock held by syz-executor/18432:
[ 1503.070241][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1503.088668][   T28] 1 lock held by syz-executor/18434:
[ 1503.107770][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1503.136087][   T28] 1 lock held by syz-executor/18436:
[ 1503.150087][   T28]  #0: ffffffff8dd469e8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x824/0xfc0
[ 1503.174386][   T28] 
[ 1503.176827][   T28] =============================================
[ 1503.176827][   T28] 
[ 1503.197089][   T28] NMI backtrace for cpu 1
[ 1503.201767][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0
[ 1503.209247][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1503.220031][   T28] Call Trace:
[ 1503.223473][   T28]  <TASK>
[ 1503.226586][   T28]  dump_stack_lvl+0x188/0x24e
[ 1503.231569][   T28]  ? preempt_schedule_thunk+0x16/0x18
[ 1503.236982][   T28]  ? show_regs_print_info+0x12/0x12
[ 1503.242555][   T28]  ? load_image+0x400/0x400
[ 1503.247101][   T28]  ? vprintk_emit+0x59f/0x6a0
[ 1503.252695][   T28]  ? printk_sprint+0x460/0x460
[ 1503.257599][   T28]  nmi_cpu_backtrace+0x3e6/0x460
[ 1503.262786][   T28]  ? nmi_trigger_cpumask_backtrace+0x450/0x450
[ 1503.269634][   T28]  ? _printk+0xda/0x130
[ 1503.273999][   T28]  ? load_image+0x400/0x400
[ 1503.278710][   T28]  ? load_image+0x400/0x400
[ 1503.283321][   T28]  ? nmi_trigger_cpumask_backtrace+0xf3/0x450
[ 1503.289723][   T28]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[ 1503.296974][   T28]  nmi_trigger_cpumask_backtrace+0x1d4/0x450
[ 1503.303183][   T28]  watchdog+0xeee/0xf30
[ 1503.307665][   T28]  ? watchdog+0x1ed/0xf30
[ 1503.312386][   T28]  kthread+0x29d/0x330
[ 1503.317189][   T28]  ? hungtask_pm_notify+0x40/0x40
[ 1503.322512][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1503.327160][   T28]  ret_from_fork+0x1f/0x30
[ 1503.331636][   T28]  </TASK>
[ 1503.335751][   T28] Sending NMI from CPU 1 to CPUs 0:
[ 1503.341602][    C0] NMI backtrace for cpu 0
[ 1503.341623][    C0] CPU: 0 PID: 4385 Comm: kworker/u4:11 Not tainted syzkaller #0
[ 1503.341638][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1503.341648][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[ 1503.341743][    C0] RIP: 0010:__sanitizer_cov_trace_switch+0x5c/0xe0
[ 1503.341766][    C0] Code: 41 54 53 48 8b 0c cd b8 26 90 8a 48 8b 54 24 20 65 4c 8b 05 e6 f7 7f 7e 45 31 c9 eb 08 49 ff c1 4c 39 c8 74 77 4e 8b 54 ce 10 <65> 44 8b 1d d4 f7 7f 7e 41 81 e3 00 01 ff 00 74 13 41 81 fb 00 01
[ 1503.341779][    C0] RSP: 0018:ffffc900046cf2c0 EFLAGS: 00000202
[ 1503.341790][    C0] RAX: 000000000000000c RBX: ffffc900046cf39c RCX: 0000000000000005
[ 1503.341801][    C0] RDX: ffffffff81d381a8 RSI: ffffffff8cc1d060 RDI: 0000000000000004
[ 1503.341812][    C0] RBP: 000000006f42c3fc R08: ffff88802edd0000 R09: 000000000000000a
[ 1503.341822][    C0] R10: 000000000000000b R11: 0000000000000000 R12: 0000000000000030
[ 1503.341831][    C0] R13: 000000007cdc1bf4 R14: 0000000000000004 R15: 000000004605b2c1
[ 1503.341841][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[ 1503.341854][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1503.341864][    C0] CR2: 00007f2ceed45000 CR3: 000000000c88e000 CR4: 00000000003526f0
[ 1503.341877][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000004a6
[ 1503.341886][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1503.341895][    C0] Call Trace:
[ 1503.341902][    C0]  <TASK>
[ 1503.341910][    C0]  get_alloc_stack_hash+0x278/0x700
[ 1503.341930][    C0]  __kfence_alloc+0x2e2/0x3d0
[ 1503.341945][    C0]  ? kfence_guarded_free+0x780/0x780
[ 1503.341959][    C0]  ? mark_lock+0x94/0x320
[ 1503.341977][    C0]  ? __kfence_alloc+0x2d3/0x3d0
[ 1503.341990][    C0]  ? __kmem_cache_alloc_node+0x1fa/0x260
[ 1503.342004][    C0]  ? __kmalloc+0xa0/0x240
[ 1503.342137][    C0]  ? ieee802_11_parse_elems_full+0xb5/0x1220
[ 1503.342198][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x3ed/0x2cd0
[ 1503.342257][    C0]  ? ieee80211_iface_work+0x726/0xc80
[ 1503.342274][    C0]  ? cfg80211_wiphy_work+0x221/0x260
[ 1503.342289][    C0]  ? process_one_work+0x8a2/0x1160
[ 1503.342306][    C0]  ? worker_thread+0xaa2/0x1270
[ 1503.342319][    C0]  ? kthread+0x29d/0x330
[ 1503.342331][    C0]  ? ret_from_fork+0x1f/0x30
[ 1503.342370][    C0]  ? __kmem_cache_alloc_node+0x1df/0x260
[ 1503.342385][    C0]  ? ieee802_11_parse_elems_full+0xb5/0x1220
[ 1503.342403][    C0]  __kmem_cache_alloc_node+0x1fa/0x260
[ 1503.342419][    C0]  ? ieee802_11_parse_elems_full+0xb5/0x1220
[ 1503.342436][    C0]  __kmalloc+0xa0/0x240
[ 1503.342454][    C0]  ieee802_11_parse_elems_full+0xb5/0x1220
[ 1503.342471][    C0]  ? trace_raw_output_contention_end+0xd0/0xd0
[ 1503.342487][    C0]  ? mark_lock+0x94/0x320
[ 1503.342503][    C0]  ? rcu_is_watching+0x11/0xa0
[ 1503.342523][    C0]  ? trace_contention_end+0x5f/0x170
[ 1503.342546][    C0]  ? __mutex_lock+0x1ab/0xaf0
[ 1503.342569][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x11d/0x2cd0
[ 1503.342587][    C0]  ? mutex_lock_nested+0x10/0x10
[ 1503.342605][    C0]  ? ieee80211_queue_delayed_work+0x150/0x150
[ 1503.342626][    C0]  ieee80211_ibss_rx_queued_mgmt+0x3ed/0x2cd0
[ 1503.342647][    C0]  ? verify_lock_unused+0x140/0x140
[ 1503.342669][    C0]  ? ieee80211_ibss_rx_no_sta+0x7a0/0x7a0
[ 1503.342690][    C0]  ? mark_lock+0x94/0x320
[ 1503.342707][    C0]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[ 1503.342726][    C0]  ? lock_chain_count+0x20/0x20
[ 1503.342741][    C0]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[ 1503.342758][    C0]  ? lockdep_hardirqs_on+0x94/0x140
[ 1503.342774][    C0]  ? skb_dequeue+0x120/0x150
[ 1503.342790][    C0]  ieee80211_iface_work+0x726/0xc80
[ 1503.342808][    C0]  ? _raw_spin_unlock_irq+0x1f/0x40
[ 1503.342828][    C0]  cfg80211_wiphy_work+0x221/0x260
[ 1503.342847][    C0]  ? process_one_work+0x7b0/0x1160
[ 1503.342861][    C0]  process_one_work+0x8a2/0x1160
[ 1503.342881][    C0]  ? worker_detach_from_pool+0x240/0x240
[ 1503.342898][    C0]  ? _raw_spin_lock_irq+0xb7/0xf0
[ 1503.342911][    C0]  ? _raw_spin_lock_irqsave+0x100/0x100
[ 1503.342925][    C0]  ? kthread_data+0x4b/0xc0
[ 1503.342943][    C0]  worker_thread+0xaa2/0x1270
[ 1503.342963][    C0]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[ 1503.342979][    C0]  ? __kthread_parkme+0x162/0x1c0
[ 1503.342998][    C0]  kthread+0x29d/0x330
[ 1503.343009][    C0]  ? worker_clr_flags+0x1a0/0x1a0
[ 1503.343023][    C0]  ? kthread_blkcg+0xd0/0xd0
[ 1503.343036][    C0]  ret_from_fork+0x1f/0x30
[ 1503.343057][    C0]  </TASK>
[ 1503.814026][   T28] Kernel panic - not syncing: hung_task: blocked tasks
[ 1503.821292][   T28] CPU: 1 PID: 28 Comm: khungtaskd Not tainted syzkaller #0
[ 1503.829241][   T28] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1503.840030][   T28] Call Trace:
[ 1503.843443][   T28]  <TASK>
[ 1503.846400][   T28]  dump_stack_lvl+0x188/0x24e
[ 1503.851563][   T28]  ? memcpy+0x3c/0x60
[ 1503.855783][   T28]  ? show_regs_print_info+0x12/0x12
[ 1503.861297][   T28]  ? load_image+0x400/0x400
[ 1503.866233][   T28]  panic+0x2e5/0x730
[ 1503.871104][   T28]  ? schedule_preempt_disabled+0x20/0x20
[ 1503.877774][   T28]  ? bpf_jit_dump+0xd0/0xd0
[ 1503.882846][   T28]  ? __irq_work_queue_local+0x12c/0x190
[ 1503.888805][   T28]  ? nmi_trigger_cpumask_backtrace+0x35b/0x450
[ 1503.895765][   T28]  ? nmi_trigger_cpumask_backtrace+0x360/0x450
[ 1503.902085][   T28]  watchdog+0xf2d/0xf30
[ 1503.906561][   T28]  ? watchdog+0x1ed/0xf30
[ 1503.911286][   T28]  kthread+0x29d/0x330
[ 1503.915391][   T28]  ? hungtask_pm_notify+0x40/0x40
[ 1503.920718][   T28]  ? kthread_blkcg+0xd0/0xd0
[ 1503.925527][   T28]  ret_from_fork+0x1f/0x30
[ 1503.930097][   T28]  </TASK>
[ 1503.933793][   T28] Kernel Offset: disabled
[ 1503.938185][   T28] Rebooting in 86400 seconds..