last executing test programs:

1m43.820241463s ago: executing program 0 (id=1616):
preadv(0xffffffffffffffff, 0x0, 0x0, 0xfff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000001680)={&(0x7f0000000000)=@ax25={{0x3, @bcast, 0x7}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80, 0x0}, 0x4000040)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000006a002903ffffffff000000000a000000000ec000080005"], 0x20}}, 0x0)

1m43.690511019s ago: executing program 0 (id=1617):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback, 0x9}, 0x1c)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x4052, r1, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5dac14e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)

1m42.485042438s ago: executing program 0 (id=1628):
socket(0x11, 0x800000003, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff, 0xf}, 0x0, 0x0)

1m42.308149754s ago: executing program 0 (id=1629):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000000c0)='bridge_slave_1\x00', 0x10)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setsig(0x4203, r0, 0xa685, &(0x7f0000000180)={0x2, 0x0, 0xf3})
r1 = fsopen(&(0x7f0000000080)='binder\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000380), 0x12)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

1m42.197051552s ago: executing program 0 (id=1631):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0x5, 0x8, 0x3a0, 0x6, 0x0, 0xffffffffffffffff, 0xfffffffe, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20082, 0x0)
pipe(0x0)
syz_open_dev$vim2m(&(0x7f0000000000), 0x80000000, 0x2)
r2 = socket(0x1d, 0x3, 0x1)
getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x65, 0x8, 0x0, 0x20000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$SNDCTL_SEQ_SYNC(r1, 0x5101)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f0000000080), &(0x7f0000000240), 0x1800, r0}, 0x38)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r7, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={<r8=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r7, 0x84, 0x1, &(0x7f0000000100)={r8, 0x0, 0x3, 0x0, 0x10, 0x7}, 0x14)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x28, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'geneve1\x00'}}]}]}, 0x28}}, 0x0)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003840), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000003fc0)={0x0, 0x0, &(0x7f0000003f80)={&(0x7f0000000000)={0x104, r9, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x1c, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}]}, @ETHTOOL_A_STRSET_STRINGSETS={0xb8, 0x2, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x7}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x4}, {0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}]}]}, 0x104}}, 0x0)
close(r4)

1m41.943285179s ago: executing program 0 (id=1633):
syz_open_dev$media(&(0x7f0000000000), 0x7fffffffffffffff, 0x15de80)
r0 = fsmount(0xffffffffffffffff, 0x0, 0x3c)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000001c0), 0xfddfffffffffffff, 0x141101)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1d0e0014000000000000000000008000"}})
r3 = dup(r1)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
socket$alg(0x26, 0x5, 0x0)
socket$key(0xf, 0x3, 0x2)
r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x280000, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = dup(r5)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000b00)={0x14, 0x2, 0x6, 0x3, 0x0, 0xf0ffff}, 0x14}}, 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000040)={0x0, 0x59555956, 0x0, @stepwise})
r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r7, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaa9aaa0180c200000008004c0000400000000000119078e0000001ac1414aa441cde91e0000002000007ff7f00000100000000640101020000004e00004e20001090780200000000000000"], 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0xc0145b0e, &(0x7f0000000040))
r9 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000002dd07e7875fffd42be9f4cb60be2d759f28939cf50027ccdb27d3f656f0297bc90605bd114924309e15590c3abe240fe6fa5b09ded0a3930a3c5ccb43714df2ee5e764236fb7f69916e43f01ea0a06c8737715602241cf8e5ab81f8a435dca2e3a293fc609edb0847bfa396c913a92"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x54}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_STREAMON(r10, 0x40045612, &(0x7f0000000000)=0xc)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mremap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000, 0x8, &(0x7f0000ffe000/0x1000)=nil)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0)

1m41.293214836s ago: executing program 1 (id=1639):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000000)={0x9, {0x0, 0x0, 0x0, 0x300}})
ioctl$VIDIOC_S_OUTPUT(r3, 0xc004562f, &(0x7f00000000c0)=0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d", 0x12}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[], 0x24)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0)

1m40.497514573s ago: executing program 2 (id=1644):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000880)={0x84, &(0x7f0000000440)={0x40, 0xb, 0x7, "be4795b269992d"}, 0x0, &(0x7f0000000300)={0x0, 0x8, 0x1, 0x30}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x19, 0x2, "93d9"}, 0x0, 0x0, &(0x7f0000000800)={0x40, 0x1e, 0x1, 0x9}, 0x0})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB, @ANYRES32=r2, @ANYBLOB="4000330080948000ffffffffffff080211"], 0x64}}, 0x0)

1m39.888242601s ago: executing program 2 (id=1647):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha512\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000500)="9cae121cccbcdd220e56015e9f1a2de1a59ff86949f21da0ef335b92231b4608cac9ed2ccad0ab031c064c9226f22b1d5d742637d98f71dc6cf187b66ebca66417f71332", 0x44}, {&(0x7f00000005c0)="1814c840bb", 0x5}], 0x2, &(0x7f00000003c0)=[@ip_tos_u8={{0x11}}], 0x18}}], 0x1, 0x1)

1m39.838632677s ago: executing program 2 (id=1648):
syz_usb_connect(0x0, 0xe7, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0xf6, 0xfd, 0xd1, 0x40, 0x2040, 0xb990, 0xf675, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd5, 0x2, 0x1, 0x0, 0x50, 0x4, [{{0x9, 0x4, 0x0, 0xf7, 0x3, 0xc8, 0x73, 0xb8, 0x8, [], [{{0x9, 0x5, 0x4, 0x10, 0x258, 0x3, 0xd, 0x58}}, {{0x9, 0x5, 0x80, 0x3, 0x20, 0xf8, 0x9}}, {{0x9, 0x5, 0xf, 0x2, 0x10, 0x0, 0x3, 0x8, [@generic={0x12, 0x7, "6c1f581531b57cf1f7104d76b21d320d"}, @generic={0x8d, 0x0, "5ea3a2b3b672932cb22b8c88d3aeb3ff3eb7d9ee3cda7d44055b388f6d39c9f8a13189bfa959bbbf5ce408137cb2d23f3f8be8d4095ae58ab6e0b2cb9358aecfe9dfa0670575eef18cbacd499fc7f417141c056391701b4ae93156481967c02bd8912da46254a209d2a619840423a1722c7f2feb3af932151355ce74964bccdaaaf3a98e3cfc0da07eb1e2"}]}}]}}, {{0x9, 0x4, 0x2b, 0x93, 0x0, 0xff, 0x89, 0xec, 0xfa}}]}}]}}, &(0x7f0000000e80)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0x40, 0x3, 0x0, 0xff, 0x53}, 0x3a, &(0x7f0000000040)={0x5, 0xf, 0x3a, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x19, 0x0, 0x0, 0x7ff}, @generic={0x18, 0x10, 0x4, "3c73026b20e4e8896dcb5e5615d5f65c4bcb6ea0df"}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x0, 0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x1, 0x0, 0x9, 0xf, 0xfffa}, @ptm_cap={0x3}]}, 0x8, [{0x68, &(0x7f0000000980)=@string={0x68, 0x3, "f4304977557506b8b5ee676da3ec45387398a630e7e703f7f0976c353341d3e39e5ab9fd6d591b2aa51bbf5ae574347196e485ec22d690ba817a585f1b62f99440de06867029bf5f2052464865fe029b1a25b6b39321de480cbe577b558456556f99215bec5a"}}, {0x56, &(0x7f0000000a00)=@string={0x56, 0x3, "89f3b418cfd28bfd4b51e543acc191770007634486767f73f75b112352169344f331122323f1201ed92945aa73120155b47a77c8b82deee00e5d07243d635a3746ee7d455fbe22d624f31a2ef77bc57991648eac"}}, {0xd5, &(0x7f0000000a80)=@string={0xd5, 0x3, "90afb8fc61e7afa0564ff9616a0dd13bae90629f8b9fe2bcd4f35ddb6d32a5b2d09c5da359ed988cb4fbfed2f22b47a2538a148993964e970b8e3a20253955a4a32cd860dc48fa5765cb4640712ca9a888dc78edadb9bab622c6a2bb77007b3a6df319358764b5925567724be8e84aa8d91aa0e10d95078ff45d43e9c2c32cb9fc5f428128a647c85bb60e4367b07d1d8d96b67cab5f719c9882e9f43297bcf856cf7f6e73fc54877103be4231ded11d430ec3386df6f015c74cf92a5ab1c9e1e32e97f5c251d2d62cd4256f7e3f96465b6310"}}, {0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x300a}}, {0xd4, &(0x7f0000000bc0)=@string={0xd4, 0x3, "6319eb04f9940e4a904cb14c3f3b712d631b8bc195ae2a8f4c8ae98b4f1f6d514a910f995a6c3281a776acd49217aa0d00fc862a3796a8d3e56d6fea38d149896a9d6cc0c83b32898857b194968e21d18a129cb14f06b403429154188ffd6dcd964ed46a1380b48119dcd47f90a6400921df116e8a2e75b23e56a2303ae71fa05acb84297f72a481e533f13c26288b968f2675f6bc10dc028f0e5b3f53ef8acaa82229c03150e478a43bc9a80d94b5bef59f7357e08b8f65d3b056e3ea0274b128d393934f6c6b13cc1588ddbb5c8cd9c8a3"}}, {0xb0, &(0x7f0000000cc0)=@string={0xb0, 0x3, "e03188c844e75c9cebdb3f775e3868542d51d589fcbd900edf9decb874e819701ab0ee392568654d85c606701ac231d7984a0a52249f12104e48f63bca4c065265c6e6d007a1afd592894f757cb089b1c419403e015a22ab6a9d9b7753451bfda982afdaf05a09961d055b0ea97c4d29ecc6167f930d29f2676294e21734db3d873d02ce7a4dc37c01dfe71ac1efb360ec49300e99774e1f44f18a6902628e462e127d6a81968e873d82b28ec96a"}}, {0x94, &(0x7f0000000d80)=@string={0x94, 0x3, "a69c92a4f5f0dc085ce7c80a12873eba274f17935a314860c2d39a16fe748f43095912451ad16dfcad3e4ac5e73210b0c904c832ce0b6299cb4bb7bdd38abc387c9d245b2f1d59b0b00c80fc2625caeedb2a98325d08133697f98f4ed5bc7287ef3b90cf44e793b559173f46fd5bbc4632cde67f543b989a4bfbf610bfb8e30ca54769d016cba3539d27976e904834e28d3b"}}, {0x30, &(0x7f0000000e40)=@string={0x30, 0x3, "9ec5bb39c002a7ed37ea8f4ad38da7b0cc5d39b41d80a1d9e18c382cb5d3744c80c90e49086dd07fae84ff60d848"}}]})

1m39.22211456s ago: executing program 2 (id=1649):
syz_emit_ethernet(0x4e, &(0x7f0000000300)={@local, @random="3f0633746769", @void, {@ipv4={0x800, @tipc={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x500, 0x0, 0x6, 0x0, @remote, @dev, {[@timestamp={0x44, 0x4, 0xd7, 0x0, 0xf}]}}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0)

1m39.120230386s ago: executing program 2 (id=1650):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000100000000000200000000000080012000000000000000000000000000600000000000000fdffffff0000000000004000000000000000000000000000fc020000000000000000000000000000030005007a00000002000000ac1414aa0000000000000000030004"], 0x80}}, 0x0)

1m39.103964265s ago: executing program 2 (id=1651):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r0 = syz_open_procfs(0x0, &(0x7f0000001080)='smaps_rollup\x00')
semget(0x1, 0x3, 0x204)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r1)
pipe(&(0x7f0000000580)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000e00)=[{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000040)="07d502fd726bd2f71533155349b3e24475b917e8adc4db5ecd235d4e5a68c10c6c9ab5219462537c9f9d8648aee00246ce88e85177d8a8c234978f787fdf04", 0x3f}], 0x1}], 0x1, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)
splice(r2, 0x0, r4, 0x0, 0x1000000000000004, 0xa)
getpgid(0x0)
sched_setscheduler(0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0xd2, &(0x7f00000003c0), &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'wlan1\x00', 0x1000})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r5, 0x47ba, 0x95ff, 0x3900000000000000, 0x0, 0x0)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
socket$inet6_dccp(0xa, 0x6, 0x0)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/170, 0xaa}], 0x1, 0x1e61, 0x0)

1m38.204106141s ago: executing program 1 (id=1659):
syz_usb_connect(0x0, 0xe7, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0xf6, 0xfd, 0xd1, 0x40, 0x2040, 0xb990, 0xf675, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd5, 0x2, 0x1, 0x0, 0x50, 0x4, [{{0x9, 0x4, 0x0, 0xf7, 0x3, 0xc8, 0x73, 0xb8, 0x8, [], [{{0x9, 0x5, 0x4, 0x10, 0x258, 0x3, 0xd, 0x58}}, {{0x9, 0x5, 0x80, 0x3, 0x20, 0xf8, 0x9}}, {{0x9, 0x5, 0xf, 0x2, 0x10, 0x0, 0x3, 0x8, [@generic={0x12, 0x7, "6c1f581531b57cf1f7104d76b21d320d"}, @generic={0x8d, 0x0, "5ea3a2b3b672932cb22b8c88d3aeb3ff3eb7d9ee3cda7d44055b388f6d39c9f8a13189bfa959bbbf5ce408137cb2d23f3f8be8d4095ae58ab6e0b2cb9358aecfe9dfa0670575eef18cbacd499fc7f417141c056391701b4ae93156481967c02bd8912da46254a209d2a619840423a1722c7f2feb3af932151355ce74964bccdaaaf3a98e3cfc0da07eb1e2"}]}}]}}, {{0x9, 0x4, 0x2b, 0x93, 0x0, 0xff, 0x89, 0xec, 0xfa}}]}}]}}, &(0x7f0000000e80)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x310, 0x40, 0x3, 0x0, 0xff, 0x53}, 0x3a, &(0x7f0000000040)={0x5, 0xf, 0x3a, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x19, 0x0, 0x0, 0x7ff}, @generic={0x18, 0x10, 0x4, "3c73026b20e4e8896dcb5e5615d5f65c4bcb6ea0df"}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x0, 0x3}, @ssp_cap={0xc, 0x10, 0xa, 0x1, 0x0, 0x9, 0xf, 0xfffa}, @ptm_cap={0x3}]}, 0x8, [{0x68, &(0x7f0000000980)=@string={0x68, 0x3, "f4304977557506b8b5ee676da3ec45387398a630e7e703f7f0976c353341d3e39e5ab9fd6d591b2aa51bbf5ae574347196e485ec22d690ba817a585f1b62f99440de06867029bf5f2052464865fe029b1a25b6b39321de480cbe577b558456556f99215bec5a"}}, {0x56, &(0x7f0000000a00)=@string={0x56, 0x3, "89f3b418cfd28bfd4b51e543acc191770007634486767f73f75b112352169344f331122323f1201ed92945aa73120155b47a77c8b82deee00e5d07243d635a3746ee7d455fbe22d624f31a2ef77bc57991648eac"}}, {0xd5, &(0x7f0000000a80)=@string={0xd5, 0x3, "90afb8fc61e7afa0564ff9616a0dd13bae90629f8b9fe2bcd4f35ddb6d32a5b2d09c5da359ed988cb4fbfed2f22b47a2538a148993964e970b8e3a20253955a4a32cd860dc48fa5765cb4640712ca9a888dc78edadb9bab622c6a2bb77007b3a6df319358764b5925567724be8e84aa8d91aa0e10d95078ff45d43e9c2c32cb9fc5f428128a647c85bb60e4367b07d1d8d96b67cab5f719c9882e9f43297bcf856cf7f6e73fc54877103be4231ded11d430ec3386df6f015c74cf92a5ab1c9e1e32e97f5c251d2d62cd4256f7e3f96465b6310"}}, {0x4, &(0x7f0000000b80)=@lang_id={0x4, 0x3, 0x300a}}, {0xd4, &(0x7f0000000bc0)=@string={0xd4, 0x3, "6319eb04f9940e4a904cb14c3f3b712d631b8bc195ae2a8f4c8ae98b4f1f6d514a910f995a6c3281a776acd49217aa0d00fc862a3796a8d3e56d6fea38d149896a9d6cc0c83b32898857b194968e21d18a129cb14f06b403429154188ffd6dcd964ed46a1380b48119dcd47f90a6400921df116e8a2e75b23e56a2303ae71fa05acb84297f72a481e533f13c26288b968f2675f6bc10dc028f0e5b3f53ef8acaa82229c03150e478a43bc9a80d94b5bef59f7357e08b8f65d3b056e3ea0274b128d393934f6c6b13cc1588ddbb5c8cd9c8a3"}}, {0xb0, &(0x7f0000000cc0)=@string={0xb0, 0x3, "e03188c844e75c9cebdb3f775e3868542d51d589fcbd900edf9decb874e819701ab0ee392568654d85c606701ac231d7984a0a52249f12104e48f63bca4c065265c6e6d007a1afd592894f757cb089b1c419403e015a22ab6a9d9b7753451bfda982afdaf05a09961d055b0ea97c4d29ecc6167f930d29f2676294e21734db3d873d02ce7a4dc37c01dfe71ac1efb360ec49300e99774e1f44f18a6902628e462e127d6a81968e873d82b28ec96a"}}, {0x94, &(0x7f0000000d80)=@string={0x94, 0x3, "a69c92a4f5f0dc085ce7c80a12873eba274f17935a314860c2d39a16fe748f43095912451ad16dfcad3e4ac5e73210b0c904c832ce0b6299cb4bb7bdd38abc387c9d245b2f1d59b0b00c80fc2625caeedb2a98325d08133697f98f4ed5bc7287ef3b90cf44e793b559173f46fd5bbc4632cde67f543b989a4bfbf610bfb8e30ca54769d016cba3539d27976e904834e28d3b"}}, {0x30, &(0x7f0000000e40)=@string={0x30, 0x3, "9ec5bb39c002a7ed37ea8f4ad38da7b0cc5d39b41d80a1d9e18c382cb5d3744c80c90e49086dd07fae84ff60d848"}}]})

1m35.117724564s ago: executing program 1 (id=1670):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000000)={0x9, {0x0, 0x0, 0x0, 0x300}})
ioctl$VIDIOC_S_OUTPUT(r3, 0xc004562f, &(0x7f00000000c0)=0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d", 0x12}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB], 0x24)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0)

1m34.026067486s ago: executing program 4 (id=1676):
connect$inet(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x27f3, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
unshare(0x68060200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_audit(0x10, 0x3, 0x9)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x11, @loopback, 0x4e1f, 0x0, 'ovf\x00'}, 0x2c)
sendmsg$inet(r0, &(0x7f0000000400)={&(0x7f0000000080)={0x2, 0x4e1f, @private}, 0x10, 0x0, 0x20, &(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a'], 0x28}, 0x0)

1m33.042931222s ago: executing program 4 (id=1678):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000280)=0x1, 0x4)
r1 = socket$kcm(0x10, 0x2, 0x10)
recvmsg(r1, &(0x7f00000013c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b03d25a80258c6394f92024fc60030f030047000000053582c137153e370248018000f01700d1", 0x2d}], 0x1}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000006c0)="ed", 0x1}, {&(0x7f0000000200)="b5", 0x1}, {&(0x7f0000000340)='.', 0x1}, {&(0x7f0000000140)='U', 0x1}, {&(0x7f0000000180)="f3", 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000580)="f1", 0x1}, {&(0x7f0000000c80)='a', 0x1}, {&(0x7f0000000b40)='M', 0x1}, {&(0x7f0000000d80)='o', 0x1}, {&(0x7f0000000e80)='\b', 0x1}], 0xa6}, 0x70040000}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000380)="bb", 0x1}, {&(0x7f00000007c0)="a1", 0x1}, {&(0x7f0000000800)='s', 0x1}, {&(0x7f00000009c0)='\\', 0x1}], 0x4}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000440)="88", 0x1}, {&(0x7f0000000840)="e5", 0x1}, {&(0x7f0000001040)="96", 0x1}], 0x3}}], 0x4, 0x4048841)

1m32.068870746s ago: executing program 4 (id=1681):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000080)={0x0, 0x5, 0x6})
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000400005d18110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000d4b7030000000000aa8500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f00000000c0)='GPL\x00', 0x6, 0x100b, &(0x7f0000001e40)=""/4107, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, &(0x7f00000000c0)={0x0, 0x5, 0x1002, 0x1})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x28c080, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', <r5=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r4}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000001c0)={0x5, 0xb, 0x2, 0x0, 0x6})

1m31.963367696s ago: executing program 1 (id=1682):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x16b301, 0x0)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r7, 0x40086602, &(0x7f0000000080)={0x17e})
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1ff)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r8, 0x40086602, &(0x7f0000000140)={0x17e})
io_uring_enter(r4, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r9 = socket$l2tp(0x2, 0x2, 0x73)
sendto$l2tp(r9, &(0x7f0000000400)="cdc142c1d7298c1dc0eb3d94e5969e3267da7e028f02abac3b4d1afa8cf7d1fc35891055a9002b0110c468c08f22deb6919b03839c1a1de1f7ea4f42b6171e905d3198bde14f05327670bd32842906760163f1b291a3ce06e65af1d4cc235af7d1fdbb2cfdda6812b12189ff3ab62e9dfc313ff52f15364ad2f376cc8d19dbbf8e7204c8e4f39642b84fb9f1dfdb73363340e93eb0cade19679fd27784a497b2ef39fdcecfd2818cb32e9e6775b257849d43d5ea8db71f1619997cb527f6fe085eed6c2f2779b8902df22db530effcbac1eb3a4eb4e39ef7c8afe4b00db0de66946cee9f90ff106d2a0dd0d869ebb02cd7813329a0a7d283dda96851f24686c216b3973a07eac10d241b1e2395fe8ea779c7a3a04af83d433d025bead39467f4", 0x120, 0x20000080, &(0x7f0000000ac0)={0x2, 0x0, @remote, 0xffffffff}, 0x10)
connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000540)=""/228, 0xe4}], 0x1}}], 0x1, 0x0, 0x0)
r10 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r10, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x2000, 0x2, 0x10, {0x2, 0x4e22, @dev}}, 0x8c, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffdef}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000001000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0xff00)
syz_usb_connect(0x0, 0x3e, 0x0, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r11, 0x26, &(0x7f00000000c0)={0x2, 0x0, 0x4, 0xfffffffffffffffd})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000180)=0x221a, 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
ioctl$sock_inet_SIOCGIFPFLAGS(r12, 0x8935, &(0x7f0000000040)={'gre0\x00'})

1m26.584296728s ago: executing program 1 (id=1687):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
mount$fuse(0x20000000, &(0x7f0000000580)='./file0\x00', 0x0, 0x223216, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0xa05077, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, 0x0)

1m24.986037545s ago: executing program 1 (id=1688):
r0 = socket$inet6(0xa, 0x3, 0x20)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x2, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2000}, 0x1c)
r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x4, 0x42)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x3)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000007f80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), 0x2c8, 0x4040045}], 0x1, 0x20000081)
sendmsg$TIPC_NL_BEARER_ENABLE(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000", @ANYRES16, @ANYBLOB="0009000500003d3f12c7cc7aad93c0118e78698ea44572db12f73b38ed67bbec59038862afe038f81a805a68d8baee8e6c2329dee74df8c349f333051c2cb925cdfaf51241900fca0fbb67c9946059022f383307e4d8e3c56848809871d5f98832f00316199f1a586e5d2f0c5d7c39391a2f442fd88a825e649f0afd94bd343ecb32d4620fd8ee82006e5aff5fcf743e44b59ef008747339e4a81fcb808e11925aa828050ca37f4a4061e9c2952ad774fe80eb153d687da2ec648de4c66e84cf0099231c481bf9c69651868e634ecd8f2fc2d29a624bbecb76a41b5ef289ec2652f51e32901b6035"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x3825, &(0x7f0000000300)={0x0, 0x10003d49, 0x2000, 0x0, 0xffffffff, 0x0, r1}, 0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(0x0, r7, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x4000, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x88)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000090a00000000000000000000000000000073797a3200000000140000001000010000000400000000000000000a02971baa3918e5359290818047a5ab3f44d10a5a453b0ce2f57a60400aa55a576bde9995e77e1e080d5da98225a5f2d67d697416bbfec7fd0b3dad21e9cc867485d6719696537a0fef650447a8c5d2f5a11164ecdb1425bdc016032abf8bb71c2b52fa96c09471c3068caf94feaae1cdd497a7f521dcbea2483e3c763627083b035b5aae5ce0826889ddddb9533066f90517f8678dffe806f503aa6cfc91b36ab72e1a9caa6bc509762b9f78064c79dd3cfd34cdd71794a00eada38726199961d526dec40f8c9c84b03d0d897ee52cb15ddbc0afacac0920b8136cb5a4f0b46d6044c032767f5ac37ba645ec"], 0x50}}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000100))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x58, r9, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_FRAME={0x3b, 0x33, @probe_response={{{0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}, {}, @device_b, @device_a, @initial, {0xb}}, 0x0, @random=0x3d, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x1, [{}]}, @void, @void, @void, @void, @val={0x72, 0x6}, @void}}]}, 0x58}}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
timer_create(0x9, 0x0, &(0x7f0000000500))
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002"], 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, 0x0)

1m24.845052985s ago: executing program 4 (id=1689):
sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0xff, 0x1f}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m19.648047312s ago: executing program 4 (id=1695):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f00000000c0)={0x20, 0x10, 0x2, {0x2, 0x7e8e703122aff25f}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@random="0f539af21094", @remote, @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x7, 0x1, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x48, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x4, 0x2, 0x0, 0x0, '\x00', {0x0, 0x6, '\x00', 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00', [@hopopts={0x2f, 0x1, '\x00', [@calipso={0x7, 0x8, {0x22ebffff, 0x0, 0xfc}}]}]}}}}}}}, 0x0)

1m16.447738633s ago: executing program 4 (id=1700):
r0 = socket(0x15, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
socket$alg(0x26, 0x5, 0x0)
sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)={0x24, r2, 0xf81, 0x0, 0x0, {{}, {@val={0x8}, @val={0xfffffffffffffedc}, @void}}}, 0x24}}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0xfffc, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
getsockopt(r0, 0x200000000114, 0x2715, 0x0, &(0x7f0000000040))
r4 = socket(0x11, 0x800000002, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x0, @loopback}})
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000540)={'ipvlan0\x00', {0x2, 0x0, @private}})
r5 = socket$kcm(0x10, 0x2, 0x10)
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, 0x0)
sendmsg$kcm(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
recvmsg$kcm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4086, 0xff6}], 0x1}, 0x0)
r7 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90324fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x16c0, 0x5e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x7, 0x80, 0x2, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x5, 0x1, 0x1, {0x22, 0x5bb}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x1, 0x1}}}}}]}}]}}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0})

3.35503733s ago: executing program 3 (id=1715):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000180)={0x1, <r0=>0x0}, 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x8, 0xe, &(0x7f0000000bc0)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, r0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
sendmsg$NFNL_MSG_ACCT_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000002c0), 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x20, 0x1, 0x7, 0x101, 0x0, 0x0, {}, [@NFACCT_BYTES={0xc}]}, 0x20}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
r2 = io_uring_setup(0x17f7, &(0x7f0000000100))
syz_emit_vhci(&(0x7f0000000240)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0x20}}}, 0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
pipe(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010005f3f7700", @ANYRES32=0x0, @ANYBLOB], 0x3}}, 0x0)
write$binfmt_misc(r5, &(0x7f0000000000), 0xfffffecc)
splice(r4, 0x0, r6, 0x0, 0x4ffe2, 0x0)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897be6acbe1bae8e46b112f1385e7cea9e4daccc6f1b98ce3b4322af8299a45ddcb5be8d3e469fdde9896ca324a2f3c88c616a7dccde331698ce2d39f96220251011b4dfbec953b5c30e94adb5586cec0af234859805bb7df1101ae80318ff127e913178d79cfa918d54585b6184255e872e2dc33a5c7c30a756bbd63c32a3e6a22863781747d185acb64583976c4289394d642b07d18e2932d0a78bd2ccf92b3e94e82f1e9239fa272402f4c9efcf068709a44d6f652a4f23df89f9a15e6bf0c7e65d8f3e32c35e83d30298074d16cb5ff4ded1df81009bbae888fceb9a8109ba319605e1776e52d2069b5cd7de07cf8dc488ba6a9c7559ff49674a490991f323736f302004007d0ccf2e5eaceac6b56f48f2b00592d7a378f118d8b3e5ecd2035c8252374c91bc79cf26ac11ddffe2c09e1aa032da0713732387f950e3f4e301eb1d26e5a2b19318e50d555c832e279894d8c9b03e8940738c0fe391b29907d0d5f9214d6e697a19247f4e8221aca2ac47debd7c45b8344941cbecbaf44af343b24a4f88caf207d72002fb8b7d156997cb7275f535e6a", 0x373, 0xbcff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
r8 = fcntl$dupfd(r7, 0x406, r1)
ioctl$SNAPSHOT_UNFREEZE(r8, 0x3302)
syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x1d, 0x12, 0x26, 0x10, 0x18d1, 0x1eaf, 0x779, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe1, 0x15, 0x3d}}]}}]}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)

2.080247196s ago: executing program 3 (id=1716):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, 0x52, 0x1, 0x0, 0x25dfdbfd, {0x1c}, [@typed={0x8, 0x1, 0x0, 0x0, @pid}]}, 0x1c}, 0x1, 0x60}, 0x0)

1.744074402s ago: executing program 3 (id=1717):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000000)={0x9, {0x0, 0x0, 0x0, 0x300}})
ioctl$VIDIOC_S_OUTPUT(r3, 0xc004562f, &(0x7f00000000c0)=0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d", 0x12}], 0x1}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e"], 0x24)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='reno\x00', 0x5)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x6c, 0xeb, 0x85, 0x40, 0x249c, 0x9002, 0xdead, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x24, 0xdf, 0x6d}}]}}]}}, 0x0)

1.165856353s ago: executing program 3 (id=1718):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r1, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r1, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000240)="af", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000b80)="bda033176eb146b36ef41f221a4e7ce4a02598d750606488520915c6806affc0a913781c7211ce1fcd59a12b5d5afdaf9d723f092ce9d1eed16e208f2e79831ca049e8979ad94621175c2c48c10e33b29f2def51498743b057efc21efe4be4d9f02e9d236f27190c29c5da0f3799452f5e3640340502fde4ae8c56b303e1b79b3d1842bf6277771bef544c745e7a80c9e7efdd1c619f69b9d01839aa326776d335689e4db7cb7e32fad8f4c40e943b43eb4ea173d720bf5998149625a731643636c8ddbe61e1d7d4736f8414a84acc40557012c82697d8a59c873424aefb3c7ff0dba302efaaf887a477b1ab7ea6c1def9db3514e444c1ef36c6cf42cde90d4bbb2e923a5d16a1bb191ad91cab867cd55037d507a12803f3df1b81f1857fad085dbc5c46aac14230d7a4f8b36d6bc63b4a16cd309b7697b421a662b83001b5ce5ab3ff80800243107df7aa6cae9a5db6a8f2a53ef7d6c6aeac76b83a15466c74a9cdbcde8505e3d14c0c3a47a36bf464168202dc88e25f4c1da57faf0eaa7ff16bdd751c2ae5778e169c8ffba57c9a20e24ad51e6e8e02b721e8ca94f131cc98e03b34b615a1db4080362de4ef215d5a0541aeb0c742a2636ac5af8538ceb3585ef9dca8037df55baa072096073b005b53eff0b899de59bc2b5d687d109520571eeacb30124c4012fe6cb9e3bf451be3d219206ddc35099101533cff5aee6c4783e00e6dd391f664052a6c66c62f62a49fde8fbe336543bf99b55e53b801e54c1d0a292da83db26a8a870ac1d8751c4bc0d495277295cd3a17f9e9a25d70214a17b981b62d5c75356ed025df3557a8b59648edd9d1dbdf169d91f9d85cfac11a57db0a14f03e8934a2cc98d389912a0d9942a40c3ee98d35da61d3bab1a32c9d788e9f74ee57012ca5bfd0dc090b591c64aae6a205fbd349fc372bbd7429983a69cae26ff8b5b019144d318ba225e46bc6cf8d7d3e5952333042542b2fd4fb4d88a3651dd8e14ecc2845d4e71f7dfd128e9e2ee2ab0062a3e701bb2477bfd73d7396ae522f11fa481078d1c7f7905e0846fb072dcf7c06102b3816ec4a3518514c7166d7385b680469f5184a93953258952554e68d93ea8f07000000000000006d7d9cf19f0b39b72e1dc9079d84413bbc30d24fc481e24ef1beacb8bc15f50c2663d684d16a1c71b2c8a568481f4f1b254ccd66fbef4cacfc3e13f2c943a264e429824bef7297f93076aea55ed9cf12512ce3ac3df331695024bd1e53369a87caf6894fce811a64dad315402678de76", 0x390}], 0x1}}], 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

956.392499ms ago: executing program 3 (id=1719):
syz_usb_connect(0x0, 0x34, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a6ff0540cdabeecdb905000000010902220001000000000904000001010351000905031300000000000725"], 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)

0s ago: executing program 3 (id=1720):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x2, 0x14, 0x67, 0x0, 0x0, 0x0, 0x0, @dev, @private=0xa010100}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x19, 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000100), 0x2, 0x200)
write$binfmt_script(r2, &(0x7f0000000400)={'#! ', './file0', [{0x20, '&!'}], 0xa, "b553cc1f5156984febbdd1b344d018a356fd73964465388c5ee4321b33bb91af0d35a52ad964fb3373d55c1782b141012f0dad9ba61a6475"}, 0x46)
setsockopt(0xffffffffffffffff, 0x84, 0x7f, &(0x7f0000000040), 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd600a0100002c2b0000000000000000000000000000000000fe8000000000000000000000000000aa3a020201"], 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ip_mr_vif\x00')
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009fcee14086803006b483010203010902"], 0x0)
socket$inet6(0xa, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000300)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r7], 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

iptor read/8, error -71
[  558.383248][T12770] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1498'.
[  558.400976][  T938] usb usb1-port1: unable to enumerate USB device
[  558.445497][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  558.445517][   T29] audit: type=1326 audit(1728626621.997:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12771 comm="syz.3.1499" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x0
[  558.872831][T12730] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1486'.
[  558.892752][T12712] em28xx 5-1:0.0: Unknown AC97 audio processor detected!
[  558.908244][T12712] em28xx 5-1:0.0: couldn't setup AC97 register 2
[  558.915718][T12712] em28xx 5-1:0.0: couldn't setup AC97 register 4
[  558.929547][T12712] em28xx 5-1:0.0: couldn't setup AC97 register 6
[  558.937872][T12712] em28xx 5-1:0.0: couldn't setup AC97 register 54
[  558.949606][T12712] em28xx 5-1:0.0: couldn't setup AC97 register 56
[  558.958599][T12712] usb 5-1: USB disconnect, device number 67
[  559.419671][T12777] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1500'.
[  559.888303][T12790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1504'.
[  559.932951][T12790] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1504'.
[  560.322005][    T9] usb 1-1: new high-speed USB device number 119 using dummy_hcd
[  560.483484][    T9] usb 1-1: Using ep0 maxpacket: 8
[  560.492619][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[  560.511008][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  560.544217][    T9] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  560.565949][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.579608][    T9] usb 1-1: Product: syz
[  560.584339][    T9] usb 1-1: Manufacturer: syz
[  560.600885][    T9] usb 1-1: SerialNumber: syz
[  560.613633][    T9] usb 1-1: config 0 descriptor??
[  560.631881][    T9] streamzap 1-1:0.0: streamzap_probe: endpoint attributes don't match xfer 0200
[  560.747793][T12805] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1509'.
[  560.840011][    T9] usb 1-1: USB disconnect, device number 119
[  560.889948][T12811] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1511'.
[  561.700518][T12712] usb 1-1: new high-speed USB device number 120 using dummy_hcd
[  561.860468][T12712] usb 1-1: Using ep0 maxpacket: 16
[  561.874894][T12712] usb 1-1: config 0 has an invalid interface number: 22 but max is 0
[  561.894951][T12712] usb 1-1: config 0 has no interface number 0
[  561.907727][T12712] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=b5.29
[  561.924262][T12712] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.937127][T12712] usb 1-1: Product: syz
[  561.947694][T12712] usb 1-1: Manufacturer: syz
[  561.955214][T12712] usb 1-1: SerialNumber: syz
[  561.981604][T12712] usb 1-1: config 0 descriptor??
[  561.999913][T12712] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state.
[  562.010808][T12712] dvb-usb: bulk message failed: -22 (2/0)
[  562.018559][T12712] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  562.028987][T12712] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver)
[  562.039691][T12712] usb 1-1: media controller created
[  562.062398][T12712] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  562.089962][T12712] dvb-usb: bulk message failed: -22 (1/0)
[  562.113086][T12712] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver'
[  562.135950][T12712] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input44
[  562.169958][T12712] dvb-usb: schedule remote query interval to 50 msecs.
[  562.178295][T12712] dvb-usb: bulk message failed: -22 (2/0)
[  562.204692][T12712] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected.
[  562.225015][T12712] usb 1-1: USB disconnect, device number 120
[  562.268007][T12712] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected.
[  563.057743][T12834] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1521'.
[  563.191822][T12836] netlink: 'syz.0.1522': attribute type 1 has an invalid length.
[  563.230382][ T5230] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  563.243305][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  563.249674][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  563.256755][ T5230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  563.265629][ T5230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  563.279384][ T5230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  563.291028][ T5230] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  563.298426][ T5230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  563.500760][T12841] FAULT_INJECTION: forcing a failure.
[  563.500760][T12841] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  563.542256][T12841] CPU: 1 UID: 0 PID: 12841 Comm: syz.4.1524 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  563.553100][T12841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  563.563177][T12841] Call Trace:
[  563.566473][T12841]  <TASK>
[  563.569414][T12841]  dump_stack_lvl+0x241/0x360
[  563.574172][T12841]  ? __pfx_dump_stack_lvl+0x10/0x10
[  563.579407][T12841]  ? __pfx__printk+0x10/0x10
[  563.584029][T12841]  ? snprintf+0xda/0x120
[  563.588292][T12841]  should_fail_ex+0x3b0/0x4e0
[  563.592991][T12841]  _copy_to_user+0x2f/0xb0
[  563.597422][T12841]  simple_read_from_buffer+0xca/0x150
[  563.602827][T12841]  proc_fail_nth_read+0x1e9/0x250
[  563.607874][T12841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.613443][T12841]  ? rw_verify_area+0x55e/0x6f0
[  563.618317][T12841]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  563.623918][T12841]  vfs_read+0x201/0xbc0
[  563.628185][T12841]  ? __pfx_lock_release+0x10/0x10
[  563.633231][T12841]  ? __pfx_vfs_read+0x10/0x10
[  563.637927][T12841]  ? __fget_files+0x3f3/0x470
[  563.642622][T12841]  ? fdget_pos+0x24e/0x320
[  563.647053][T12841]  ksys_read+0x183/0x2b0
[  563.651345][T12841]  ? __pfx_ksys_read+0x10/0x10
[  563.656135][T12841]  ? do_syscall_64+0x100/0x230
[  563.660924][T12841]  ? do_syscall_64+0xb6/0x230
[  563.665631][T12841]  do_syscall_64+0xf3/0x230
[  563.670176][T12841]  ? clear_bhb_loop+0x35/0x90
[  563.674892][T12841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  563.680825][T12841] RIP: 0033:0x7fea44d7ca3c
[  563.685275][T12841] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  563.704912][T12841] RSP: 002b:00007fea45c2e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  563.713342][T12841] RAX: ffffffffffffffda RBX: 00007fea44f35f80 RCX: 00007fea44d7ca3c
[  563.721352][T12841] RDX: 000000000000000f RSI: 00007fea45c2e0a0 RDI: 0000000000000006
[  563.729452][T12841] RBP: 00007fea45c2e090 R08: 0000000000000000 R09: 0000000000000000
[  563.737444][T12841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  563.745435][T12841] R13: 0000000000000000 R14: 00007fea44f35f80 R15: 00007fea4505fa28
[  563.753432][T12841]  </TASK>
[  563.848366][T12858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.849569][T12842] chnl_net:caif_netlink_parms(): no params data found
[  563.877815][T12858] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.949367][T12463] syz_tun (unregistering): left promiscuous mode
[  563.995616][T12842] bridge0: port 1(bridge_slave_0) entered blocking state
[  564.009231][T12842] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.016608][T12842] bridge_slave_0: entered allmulticast mode
[  564.032231][T12842] bridge_slave_0: entered promiscuous mode
[  564.052388][T12842] bridge0: port 2(bridge_slave_1) entered blocking state
[  564.059701][T12842] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.070658][T12842] bridge_slave_1: entered allmulticast mode
[  564.077533][T12842] bridge_slave_1: entered promiscuous mode
[  564.105785][T12842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  564.140007][T12842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  564.160667][    T9] usb 1-1: new high-speed USB device number 121 using dummy_hcd
[  564.269817][ T5536] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.366530][T12842] team0: Port device team_slave_0 added
[  564.377386][    T9] usb 1-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  564.402664][T12842] team0: Port device team_slave_1 added
[  564.410521][    T9] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  564.438320][    T9] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  564.471829][    T9] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  564.485822][ T5536] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.496309][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.515758][T12860] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22
[  564.557796][T12842] batman_adv: batadv0: Adding interface: batadv_slave_0
[  564.565321][T12842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.600365][T12842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.641063][ T5536] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.658232][T12842] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.666036][T12842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.692915][T12842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.749257][T10502] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  564.775582][ T5536] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  564.788828][T10502] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  564.797744][T10502] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  564.810771][T10502] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  564.818535][T10502] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  564.825514][T12842] hsr_slave_0: entered promiscuous mode
[  564.832205][T10502] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  564.850851][T12842] hsr_slave_1: entered promiscuous mode
[  564.874216][T12842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  564.895943][T12842] Cannot create hsr debugfs directory
[  565.118688][ T5536] bridge_slave_1: left allmulticast mode
[  565.124829][ T5536] bridge_slave_1: left promiscuous mode
[  565.130696][ T5536] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.140032][ T5536] bridge_slave_0: left allmulticast mode
[  565.146526][ T5536] bridge_slave_0: left promiscuous mode
[  565.155477][ T5536] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.412258][ T5230] Bluetooth: hci6: command tx timeout
[  565.530847][T10502] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  565.548358][T10502] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  565.557329][T10502] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  565.585754][T10502] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  565.609337][T10502] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  565.627064][T10502] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  565.837304][ T5536] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  565.849524][ T5536] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  565.861979][ T5536] bond0 (unregistering): Released all slaves
[  565.917312][    T9] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  565.943263][T12842] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  565.956021][    T9] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input45
[  566.217865][T12842] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.343019][T12842] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  566.436760][ T5536] batadv_slave_0: left promiscuous mode
[  566.462151][ T5536] hsr_slave_0: left promiscuous mode
[  566.468419][ T5536] hsr_slave_1: left promiscuous mode
[  566.476006][ T5536] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  566.485079][ T5536] batman_adv: batadv0: Removing interface: batadv_slave_0
[  566.493562][ T5536] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  566.501470][ T5536] batman_adv: batadv0: Removing interface: batadv_slave_1
[  566.533063][ T5536] veth1_macvtap: left promiscuous mode
[  566.538738][ T5536] veth0_macvtap: left promiscuous mode
[  566.545050][ T5536] veth1_vlan: left promiscuous mode
[  566.557863][ T5536] veth0_vlan: left promiscuous mode
[  566.927198][ T5230] Bluetooth: hci3: command tx timeout
[  567.336913][ T5536] team0 (unregistering): Port device team_slave_1 removed
[  567.438428][ T5536] team0 (unregistering): Port device team_slave_0 removed
[  567.486770][ T5230] Bluetooth: hci6: command tx timeout
[  567.653623][ T5230] Bluetooth: hci7: command tx timeout
[  568.164081][T12842] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  568.178014][T12876] netlink: 'syz.3.1533': attribute type 21 has an invalid length.
[  568.205323][T12876] netlink: 176 bytes leftover after parsing attributes in process `syz.3.1533'.
[  568.253059][T12867] chnl_net:caif_netlink_parms(): no params data found
[  568.666164][T12894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  568.731641][T12894] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  568.751005][T12842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  568.843040][T12842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  568.874736][T12842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  568.916626][T12842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  568.951645][   T29] audit: type=1326 audit(1728626632.497:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12893 comm="syz.3.1535" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x0
[  568.973595][    C1] vkms_vblank_simulate: vblank timer overrun
[  568.979655][    T9] usb 1-1: USB disconnect, device number 121
[  568.979867][    C0] aiptek 1-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  569.010432][ T5230] Bluetooth: hci3: command tx timeout
[  569.108080][T12867] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.136851][T12867] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.166670][T12867] bridge_slave_0: entered allmulticast mode
[  569.191836][T12867] bridge_slave_0: entered promiscuous mode
[  569.216243][T12872] chnl_net:caif_netlink_parms(): no params data found
[  569.237439][T12867] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.267318][T12867] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.278972][T12867] bridge_slave_1: entered allmulticast mode
[  569.291715][T12867] bridge_slave_1: entered promiscuous mode
[  569.389707][T12867] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  569.459496][T12867] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  569.563358][ T5230] Bluetooth: hci6: command tx timeout
[  569.583438][T12867] team0: Port device team_slave_0 added
[  569.612999][T12867] team0: Port device team_slave_1 added
[  569.697422][T12872] bridge0: port 1(bridge_slave_0) entered blocking state
[  569.704784][T12872] bridge0: port 1(bridge_slave_0) entered disabled state
[  569.713183][T12872] bridge_slave_0: entered allmulticast mode
[  569.720200][T12872] bridge_slave_0: entered promiscuous mode
[  569.723751][ T5230] Bluetooth: hci7: command tx timeout
[  569.730929][T12872] bridge0: port 2(bridge_slave_1) entered blocking state
[  569.741474][T12872] bridge0: port 2(bridge_slave_1) entered disabled state
[  569.748734][T12872] bridge_slave_1: entered allmulticast mode
[  569.762383][T12872] bridge_slave_1: entered promiscuous mode
[  569.785623][T12867] batman_adv: batadv0: Adding interface: batadv_slave_0
[  569.800355][T12867] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.826782][T12867] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  569.840096][T12867] batman_adv: batadv0: Adding interface: batadv_slave_1
[  569.851346][T12867] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  569.886351][T12867] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  569.977836][T12872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  570.063720][T12872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  570.090491][    T9] usb 1-1: new low-speed USB device number 122 using dummy_hcd
[  570.126284][T12867] hsr_slave_0: entered promiscuous mode
[  570.142196][T12867] hsr_slave_1: entered promiscuous mode
[  570.160336][T12867] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.169003][T12867] Cannot create hsr debugfs directory
[  570.258565][    T9] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  570.292810][    T9] usb 1-1: config 179 has no interface number 0
[  570.299254][    T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  570.335760][T12872] team0: Port device team_slave_0 added
[  570.350434][    T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8
[  570.365253][T12872] team0: Port device team_slave_1 added
[  570.391876][    T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  570.407633][    T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8
[  570.419592][    T9] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  570.454299][    T9] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  570.464508][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.477520][T12926] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22
[  570.490539][T12926] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22
[  570.654566][T12842] 8021q: adding VLAN 0 to HW filter on device bond0
[  570.703567][T12872] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.732983][T12872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.758980][    C1] vkms_vblank_simulate: vblank timer overrun
[  570.778484][T12872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.849590][T12872] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.867141][T12872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.893152][    C1] vkms_vblank_simulate: vblank timer overrun
[  570.914075][T12872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.989246][T12842] 8021q: adding VLAN 0 to HW filter on device team0
[  571.048493][ T2469] bridge0: port 1(bridge_slave_0) entered blocking state
[  571.055759][ T2469] bridge0: port 1(bridge_slave_0) entered forwarding state
[  571.090930][ T5230] Bluetooth: hci3: command tx timeout
[  571.319501][T12872] hsr_slave_0: entered promiscuous mode
[  571.349623][T12872] hsr_slave_1: entered promiscuous mode
[  571.368888][T12872] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  571.378913][T12872] Cannot create hsr debugfs directory
[  571.408723][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  571.415978][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  571.640737][ T5230] Bluetooth: hci6: command tx timeout
[  571.803737][ T5230] Bluetooth: hci7: command tx timeout
[  571.889361][T12944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.964390][T12944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.241240][T12842] 8021q: adding VLAN 0 to HW filter on device batadv0
[  572.426446][T12872] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.453742][T12867] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  572.479079][T12867] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  572.503814][T12867] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  572.656554][T12872] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.705237][T12867] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  572.760029][T12842] veth0_vlan: entered promiscuous mode
[  572.801649][    T8] usb 1-1: USB disconnect, device number 122
[  572.807850][    C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  572.807914][    C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  572.904372][T12872] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.923505][T12951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  572.947546][T12951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  572.967650][T12842] veth1_vlan: entered promiscuous mode
[  573.048585][T12872] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  573.144120][T12842] veth0_macvtap: entered promiscuous mode
[  573.161039][ T5230] Bluetooth: hci3: command tx timeout
[  573.206550][T12842] veth1_macvtap: entered promiscuous mode
[  573.263903][T12867] 8021q: adding VLAN 0 to HW filter on device bond0
[  573.380351][T12872] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  573.407887][T12867] 8021q: adding VLAN 0 to HW filter on device team0
[  573.432393][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.450943][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.471564][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.490313][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.508790][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.520731][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.536524][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.550208][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.564906][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  573.582185][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  573.609491][T12842] batman_adv: batadv0: Interface activated: batadv_slave_0
[  573.628004][T12872] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  573.668882][T12872] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  573.721665][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[  573.728896][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[  573.782234][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[  573.789444][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[  573.854997][T12872] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  573.892211][T10502] Bluetooth: hci7: command tx timeout
[  573.974593][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  574.009575][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  574.049477][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  574.100756][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  574.151540][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  574.211758][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  574.259075][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  574.316296][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  574.371631][T12842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  574.436330][T12842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  574.513417][T12842] batman_adv: batadv0: Interface activated: batadv_slave_1
[  574.563296][T12974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1546'.
[  574.590921][T12974] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1546'.
[  574.744389][T12979] syz_tun: entered promiscuous mode
[  574.879916][T12979] batadv_slave_0: entered promiscuous mode
[  574.951540][T12979] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  574.992289][T12979] Cannot create hsr debugfs directory
[  575.021019][T12979] hsr1: entered allmulticast mode
[  575.042355][T12979] syz_tun: entered allmulticast mode
[  575.075441][T12979] batadv_slave_0: entered allmulticast mode
[  575.158482][T12842] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  575.180462][T12842] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  575.213307][T12842] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  575.222234][T12842] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  575.391104][ T5333] usb 1-1: new high-speed USB device number 123 using dummy_hcd
[  575.518775][T11221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  575.524942][T12872] 8021q: adding VLAN 0 to HW filter on device bond0
[  575.547605][T11221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  575.560781][T10502] Bluetooth: hci2: command 0x0406 tx timeout
[  575.562283][ T5333] usb 1-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  575.593083][T12867] 8021q: adding VLAN 0 to HW filter on device batadv0
[  575.629058][ T5333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.682530][ T5333] usb 1-1: config 0 descriptor??
[  575.699892][ T5536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  575.714256][ T5536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  575.764105][T12872] 8021q: adding VLAN 0 to HW filter on device team0
[  575.864258][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.871513][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  575.894989][  T147] bridge0: port 2(bridge_slave_1) entered blocking state
[  575.902197][  T147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.093241][T12867] veth0_vlan: entered promiscuous mode
[  576.105412][T13013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.147020][T12867] veth1_vlan: entered promiscuous mode
[  576.160916][T13013] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  576.230030][T12872] 8021q: adding VLAN 0 to HW filter on device batadv0
[  576.288814][T12867] veth0_macvtap: entered promiscuous mode
[  576.322944][T12867] veth1_macvtap: entered promiscuous mode
[  576.350091][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.371073][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.381255][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.396771][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.407073][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.418962][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.429100][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.440059][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.451412][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.462086][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.472029][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.482684][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.494327][T12867] batman_adv: batadv0: Interface activated: batadv_slave_0
[  576.506090][T12872] veth0_vlan: entered promiscuous mode
[  576.528141][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.539224][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.550627][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.563198][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.573336][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.584164][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.594641][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.606831][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.617024][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.629323][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.639623][T12867] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  576.651430][T12867] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.663356][T12867] batman_adv: batadv0: Interface activated: batadv_slave_1
[  576.679781][T12867] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  576.701955][T12867] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  576.711412][T12867] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  576.723970][T12867] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  576.756582][T12872] veth1_vlan: entered promiscuous mode
[  576.897030][T12872] veth0_macvtap: entered promiscuous mode
[  576.908619][T12872] veth1_macvtap: entered promiscuous mode
[  576.927545][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.938173][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.940516][ T5333] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  576.948094][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.968590][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.978603][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.989179][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.002290][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.012965][ T5333] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  577.013120][ T5333] asix 1-1:0.0: probe with driver asix failed with error -71
[  577.031949][ T5333] usb 1-1: USB disconnect, device number 123
[  577.039137][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.051072][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.061638][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.071626][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.082411][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.092255][T13022] program syz.3.1553 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  577.102014][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.112673][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.124313][T12872] batman_adv: batadv0: Interface activated: batadv_slave_0
[  577.149570][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.161328][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.171518][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.182084][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.191983][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.202525][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.212450][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.223026][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.233623][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.245696][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.255771][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.266314][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.270461][   T29] audit: type=1326 audit(1728626640.817:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.276208][T12872] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  577.298608][    C0] vkms_vblank_simulate: vblank timer overrun
[  577.315643][T12872] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.328004][T12872] batman_adv: batadv0: Interface activated: batadv_slave_1
[  577.344214][T12872] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  577.363244][T12872] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  577.380936][   T29] audit: type=1326 audit(1728626640.857:1552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.389609][T12872] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  577.404031][   T29] audit: type=1326 audit(1728626640.857:1553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.424034][T12872] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  577.459528][   T29] audit: type=1326 audit(1728626640.857:1554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.482039][    C0] vkms_vblank_simulate: vblank timer overrun
[  577.489534][T11221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.503291][   T29] audit: type=1326 audit(1728626640.857:1555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.520473][T11221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.525851][   T29] audit: type=1326 audit(1728626640.867:1556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.556493][   T29] audit: type=1326 audit(1728626640.867:1557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.578963][    C0] vkms_vblank_simulate: vblank timer overrun
[  577.586173][   T29] audit: type=1326 audit(1728626640.867:1558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.608671][   T29] audit: type=1326 audit(1728626640.867:1559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.631125][    C0] vkms_vblank_simulate: vblank timer overrun
[  577.638785][   T29] audit: type=1326 audit(1728626640.897:1560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13021 comm="syz.3.1553" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c6497dff9 code=0x7ffc0000
[  577.742808][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.797684][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.831668][T12544] syz_tun (unregistering): left promiscuous mode
[  577.902804][T11221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.913726][T11221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  577.968059][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  577.985404][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  578.021072][T13028] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1531'.
[  578.081183][  T938] usb 1-1: new high-speed USB device number 124 using dummy_hcd
[  578.118595][   T53] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.256748][  T938] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  578.293246][  T938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  578.315440][  T938] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  578.330603][  T938] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  578.342556][   T53] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.357542][  T938] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.369285][T13033] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1532'.
[  578.393621][  T938] usb 1-1: config 0 descriptor??
[  578.412303][  T938] gspca_main: spca561-2.14.0 probing abcd:cdee
[  578.514271][   T53] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.561442][   T47] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  578.598360][T13037] fuse: Unknown parameter 'grou00000000000000000000'
[  578.628023][  T938] spca561 1-1:0.0: probe with driver spca561 failed with error -22
[  578.637118][  T938] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  578.670578][  T938] usb 1-1: MIDIStreaming interface descriptor not found
[  578.734464][   T53] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.758133][T10502] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  578.775118][  T938] usb 1-1: USB disconnect, device number 124
[  578.793163][T10502] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  578.802546][T10502] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  578.815097][T10502] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  578.818530][T13041] FAULT_INJECTION: forcing a failure.
[  578.818530][T13041] name failslab, interval 1, probability 0, space 0, times 0
[  578.835966][   T47] usb 5-1: Using ep0 maxpacket: 16
[  578.845153][T10502] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  578.855489][T10502] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  578.885810][   T47] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  578.910329][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.918412][   T47] usb 5-1: Product: syz
[  578.941440][T13041] CPU: 0 UID: 0 PID: 13041 Comm: syz.2.1561 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  578.952293][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  578.956635][   T47] usb 5-1: Manufacturer: syz
[  578.962368][T13041] Call Trace:
[  578.962385][T13041]  <TASK>
[  578.962397][T13041]  dump_stack_lvl+0x241/0x360
[  578.962432][T13041]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.962457][T13041]  ? __pfx__printk+0x10/0x10
[  578.962493][T13041]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  578.962528][T13041]  ? __pfx___might_resched+0x10/0x10
[  578.978506][ T9147] udevd[9147]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  578.983275][T13041]  should_fail_ex+0x3b0/0x4e0
[  578.983322][T13041]  should_failslab+0xac/0x100
[  578.983351][T13041]  ? __alloc_skb+0x1c3/0x440
[  578.983374][T13041]  kmem_cache_alloc_node_noprof+0x71/0x320
[  579.034803][T13041]  __alloc_skb+0x1c3/0x440
[  579.039257][T13041]  ? __pfx___alloc_skb+0x10/0x10
[  579.044216][T13041]  pfkey_sendmsg+0x1da/0x1050
[  579.048906][T13041]  ? __pfx___might_resched+0x10/0x10
[  579.054210][T13041]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  579.059341][T13041]  ? aa_sk_perm+0x96d/0xab0
[  579.063864][T13041]  ? __pfx_aa_sk_perm+0x10/0x10
[  579.068721][T13041]  ? __pfx_lock_release+0x10/0x10
[  579.073765][T13041]  ? aa_sock_msg_perm+0x91/0x160
[  579.079598][T13041]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  579.084735][T13041]  __sock_sendmsg+0x221/0x270
[  579.089442][T13041]  ____sys_sendmsg+0x52a/0x7e0
[  579.094226][T13041]  ? __pfx_____sys_sendmsg+0x10/0x10
[  579.099539][T13041]  __sys_sendmsg+0x292/0x380
[  579.104146][T13041]  ? __pfx___sys_sendmsg+0x10/0x10
[  579.109276][T13041]  ? __pfx_vfs_write+0x10/0x10
[  579.114065][T13041]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  579.120846][T13041]  ? do_syscall_64+0x100/0x230
[  579.129049][T13041]  ? do_syscall_64+0xb6/0x230
[  579.133763][T13041]  do_syscall_64+0xf3/0x230
[  579.138288][T13041]  ? clear_bhb_loop+0x35/0x90
[  579.142985][T13041]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.148987][T13041] RIP: 0033:0x7f6f93f7dff9
[  579.153416][T13041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  579.173149][T13041] RSP: 002b:00007f6f94e32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  579.181590][T13041] RAX: ffffffffffffffda RBX: 00007f6f94135f80 RCX: 00007f6f93f7dff9
[  579.189577][T13041] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  579.197566][T13041] RBP: 00007f6f94e32090 R08: 0000000000000000 R09: 0000000000000000
[  579.205550][T13041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  579.213651][T13041] R13: 0000000000000000 R14: 00007f6f94135f80 R15: 00007f6f9425fa28
[  579.221653][T13041]  </TASK>
[  579.224700][    C0] vkms_vblank_simulate: vblank timer overrun
[  579.237808][   T47] usb 5-1: SerialNumber: syz
[  579.290635][   T47] r8152-cfgselector 5-1: Unknown version 0x0000
[  579.296989][   T47] r8152-cfgselector 5-1: config 0 descriptor??
[  579.412996][T13044] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1562'.
[  579.484144][T13046] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1563'.
[  579.609960][T13031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.698688][T13053] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  579.715035][T13055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1566'.
[  579.746824][T13053] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.768524][T13031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  579.830874][  T938] hid (null): bogus close delimiter
[  579.852921][   T53] bridge_slave_1: left allmulticast mode
[  579.858646][   T53] bridge_slave_1: left promiscuous mode
[  579.875314][  T938] hid-generic 0000:0000:0000.003F: bogus close delimiter
[  579.910663][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.922029][  T938] hid-generic 0000:0000:0000.003F: item 0 2 2 10 parsing failed
[  579.941637][   T53] bridge_slave_0: left allmulticast mode
[  579.948183][  T938] hid-generic 0000:0000:0000.003F: probe with driver hid-generic failed with error -22
[  579.958258][   T53] bridge_slave_0: left promiscuous mode
[  579.967620][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  580.689863][ T5230] Bluetooth: hci4: command 0x0406 tx timeout
[  580.755316][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  580.786558][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  580.811168][   T53] bond0 (unregistering): Released all slaves
[  580.846168][T13031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1558'.
[  580.921347][ T5241] Bluetooth: hci5: command tx timeout
[  580.960390][   T47] r8152-cfgselector 5-1: USB disconnect, device number 68
[  580.998635][T13042] chnl_net:caif_netlink_parms(): no params data found
[  581.309074][T13042] bridge0: port 1(bridge_slave_0) entered blocking state
[  581.357709][T13042] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.374509][T13042] bridge_slave_0: entered allmulticast mode
[  581.388870][T13042] bridge_slave_0: entered promiscuous mode
[  581.417855][   T53] batadv_slave_0: left promiscuous mode
[  581.483886][   T53] hsr_slave_0: left promiscuous mode
[  581.527415][   T53] hsr_slave_1: left promiscuous mode
[  581.614722][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  581.664768][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  581.706223][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  581.737770][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  581.865670][   T53] veth1_macvtap: left promiscuous mode
[  581.896666][   T53] veth0_macvtap: left promiscuous mode
[  581.916816][   T53] veth1_vlan: left promiscuous mode
[  581.930913][   T53] veth0_vlan: left promiscuous mode
[  582.648725][T13090] fuse: Unknown parameter 'grou00000000000000000000'
[  583.011065][ T5241] Bluetooth: hci5: command tx timeout
[  583.280579][  T938] usb 1-1: new high-speed USB device number 125 using dummy_hcd
[  583.308024][   T53] team0 (unregistering): Port device team_slave_1 removed
[  583.430346][  T938] usb 1-1: Using ep0 maxpacket: 32
[  583.436876][   T53] team0 (unregistering): Port device team_slave_0 removed
[  583.437541][  T938] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  583.459493][  T938] usb 1-1: config 0 has no interface number 0
[  583.475174][  T938] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  583.490063][  T938] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.507503][  T938] usb 1-1: Product: syz
[  583.516877][  T938] usb 1-1: Manufacturer: syz
[  583.529175][  T938] usb 1-1: SerialNumber: syz
[  583.549046][  T938] usb 1-1: config 0 descriptor??
[  583.565402][  T938] smsc95xx v2.0.0
[  584.318824][T13042] bridge0: port 2(bridge_slave_1) entered blocking state
[  584.326334][T13042] bridge0: port 2(bridge_slave_1) entered disabled state
[  584.334002][T13042] bridge_slave_1: entered allmulticast mode
[  584.341448][T13042] bridge_slave_1: entered promiscuous mode
[  584.377683][  T938] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  584.447382][T13042] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  584.476273][T13042] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  584.626659][T13042] team0: Port device team_slave_0 added
[  584.677289][T13042] team0: Port device team_slave_1 added
[  584.770913][  T941] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[  584.778467][T13117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.801064][T13042] batman_adv: batadv0: Adding interface: batadv_slave_0
[  584.808157][T13042] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  584.850386][T13100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.853684][T13042] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  584.874560][T13100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.874560][T13117] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.912177][T13042] batman_adv: batadv0: Adding interface: batadv_slave_1
[  584.931140][  T941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  584.943713][T13042] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  584.950279][  T941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 2048, setting to 64
[  584.990953][  T941] usb 5-1: New USB device found, idVendor=01ac, idProduct=0000, bcdDevice= 1.00
[  585.020553][  T941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.032196][  T941] usb 5-1: config 0 descriptor??
[  585.069092][T13042] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  585.090530][ T5230] Bluetooth: hci5: command tx timeout
[  585.132410][T13042] hsr_slave_0: entered promiscuous mode
[  585.139452][T13042] hsr_slave_1: entered promiscuous mode
[  585.146948][T13042] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  585.155088][T13042] Cannot create hsr debugfs directory
[  585.311475][T13111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.331278][T13111] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.358743][  T941] usbhid 5-1:0.0: can't add hid device: -71
[  585.381344][  T941] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  585.406505][  T941] usb 5-1: USB disconnect, device number 69
[  585.549916][T13130] fuse: Unknown parameter 'grou00000000000000000000'
[  585.812303][ T5230] Bluetooth: hci0: command 0x0406 tx timeout
[  585.885372][   T29] audit: type=1326 audit(1728626649.437:1561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  585.924488][  T941] usb 5-1: new low-speed USB device number 70 using dummy_hcd
[  585.928092][   T29] audit: type=1326 audit(1728626649.467:1562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  585.954339][T13042] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  585.969678][T13042] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  585.988385][   T29] audit: type=1326 audit(1728626649.477:1563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.014080][   T29] audit: type=1326 audit(1728626649.477:1564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.037748][   T29] audit: type=1326 audit(1728626649.477:1565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.065876][T13042] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  586.071156][   T29] audit: type=1326 audit(1728626649.477:1566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.098400][   T29] audit: type=1326 audit(1728626649.477:1567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.098478][   T29] audit: type=1326 audit(1728626649.477:1568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.098520][   T29] audit: type=1326 audit(1728626649.517:1569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.098614][   T29] audit: type=1326 audit(1728626649.517:1570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13136 comm="syz.2.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f93f7dff9 code=0x7ffc0000
[  586.144193][  T941] usb 5-1: Invalid ep0 maxpacket: 16
[  586.206327][T13042] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  586.216352][  T938] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  586.239545][  T938] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  586.260534][  T938] usb 1-1: USB disconnect, device number 125
[  586.270756][  T941] usb 5-1: new low-speed USB device number 71 using dummy_hcd
[  586.431015][  T941] usb 5-1: Invalid ep0 maxpacket: 16
[  586.436768][  T941] usb usb5-port1: attempt power cycle
[  586.484326][T13042] 8021q: adding VLAN 0 to HW filter on device bond0
[  586.589305][T13042] 8021q: adding VLAN 0 to HW filter on device team0
[  586.626992][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.634225][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[  586.775694][T13042] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  586.799306][T13042] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  586.830935][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.838098][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  586.850471][  T941] usb 5-1: new low-speed USB device number 72 using dummy_hcd
[  586.877212][T13160] random: crng reseeded on system resumption
[  586.901877][  T941] usb 5-1: Invalid ep0 maxpacket: 16
[  587.039240][T13042] 8021q: adding VLAN 0 to HW filter on device batadv0
[  587.046266][  T941] usb 5-1: new low-speed USB device number 73 using dummy_hcd
[  587.085183][  T941] usb 5-1: Invalid ep0 maxpacket: 16
[  587.100689][  T941] usb usb5-port1: unable to enumerate USB device
[  587.171499][ T5241] Bluetooth: hci5: command tx timeout
[  587.669778][T13168] syz_tun: entered promiscuous mode
[  587.778029][T13168] batadv_slave_0: entered promiscuous mode
[  587.813662][T13168] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  587.840817][T13168] Cannot create hsr debugfs directory
[  587.867095][T13168] hsr1: entered allmulticast mode
[  587.885637][T13168] syz_tun: entered allmulticast mode
[  587.912906][T13168] batadv_slave_0: entered allmulticast mode
[  588.248700][T13042] veth0_vlan: entered promiscuous mode
[  588.389780][T13178] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1590'.
[  588.408164][T13185] fuse: Unknown parameter 'group_i00000000000000000000'
[  588.585199][T13042] veth1_vlan: entered promiscuous mode
[  588.624398][T13042] veth0_macvtap: entered promiscuous mode
[  588.734843][T13042] veth1_macvtap: entered promiscuous mode
[  588.768505][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.807725][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.868043][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.891597][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.905471][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.960483][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.986002][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.008127][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.042738][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.068216][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.102352][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.207371][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.285770][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.423817][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.470127][T13042] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.584870][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.701306][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.872103][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.884848][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.895151][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.905814][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.923301][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.935016][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.945510][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.956296][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.983219][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.060788][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.110406][ T5333] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  590.143745][T13042] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.159623][T13223] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.251362][T13042] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.261983][T13223] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  590.263435][T13042] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.290165][T13042] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  590.299291][T13042] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  590.319180][ T5333] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  590.330639][ T5333] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.341788][ T5333] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  590.351493][ T5333] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.351881][T13042] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  590.366675][ T5333] usb 5-1: config 0 descriptor??
[  590.388316][T13042] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  590.440857][  T941] usb 1-1: new high-speed USB device number 126 using dummy_hcd
[  590.547371][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.575721][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.600491][  T941] usb 1-1: device descriptor read/64, error -71
[  590.634458][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.650677][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.801527][ T5333] pyra 0003:1E7D:2CF6.0040: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  590.896258][  T941] usb 1-1: new high-speed USB device number 127 using dummy_hcd
[  590.972073][T13244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.998988][T13215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  591.009020][ T5333] pyra 0003:1E7D:2CF6.0040: couldn't init struct pyra_device
[  591.018081][T13244] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  591.037060][ T5333] pyra 0003:1E7D:2CF6.0040: couldn't install mouse
[  591.050396][  T941] usb 1-1: device descriptor read/64, error -71
[  591.051950][ T5333] pyra 0003:1E7D:2CF6.0040: probe with driver pyra failed with error -32
[  591.068361][T13215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  591.118613][T13246] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  591.191550][  T941] usb usb1-port1: attempt power cycle
[  591.287552][T13251] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1604'.
[  591.570996][  T941] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  591.621088][  T941] usb 1-1: device descriptor read/8, error -71
[  591.699290][T13261] netlink: 'syz.2.1605': attribute type 10 has an invalid length.
[  591.708554][T13261] syz_tun: entered promiscuous mode
[  591.742015][T13261] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  591.877737][  T941] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  591.915587][  T941] usb 1-1: device descriptor read/8, error -71
[  592.026945][T13266] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  592.034867][  T941] usb usb1-port1: unable to enumerate USB device
[  592.067257][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  592.067278][   T29] audit: type=1326 audit(1728626655.617:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13264 comm="syz.3.1607" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f143937dff9 code=0x0
[  592.323754][T13269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.352842][T13269] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.377600][ T5536] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  592.414691][T13281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.458992][T13281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.559264][T13281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.575992][T13281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.736574][    T8] usb 5-1: USB disconnect, device number 74
[  593.243525][T13293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  593.277855][T13293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  593.612511][T13299] macvlan2: entered promiscuous mode
[  593.619372][T13299] macvlan2: entered allmulticast mode
[  593.631791][T13299] bond_slave_0: entered promiscuous mode
[  593.637758][T13299] bond_slave_1: entered promiscuous mode
[  593.669143][T13299] bond0: entered allmulticast mode
[  593.674753][T13299] bond_slave_0: entered allmulticast mode
[  593.688505][T13299] bond_slave_1: entered allmulticast mode
[  593.694573][T13299] syz_tun: entered allmulticast mode
[  593.715688][T13299] bond0: entered promiscuous mode
[  593.743772][T13299] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  593.763919][T13299] team0: Port device macvlan2 added
[  594.029589][T13312] input: syz1 as /devices/virtual/input/input48
[  594.122027][T13312] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1623'.
[  594.146919][T13312] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1623'.
[  594.155157][T13318] FAULT_INJECTION: forcing a failure.
[  594.155157][T13318] name failslab, interval 1, probability 0, space 0, times 0
[  594.177333][T13318] CPU: 0 UID: 0 PID: 13318 Comm: syz.2.1625 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  594.188264][T13318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  594.198358][T13318] Call Trace:
[  594.201678][T13318]  <TASK>
[  594.204650][T13318]  dump_stack_lvl+0x241/0x360
[  594.209363][T13318]  ? __pfx_dump_stack_lvl+0x10/0x10
[  594.214592][T13318]  ? __pfx__printk+0x10/0x10
[  594.219234][T13318]  ? __kmalloc_noprof+0xb0/0x400
[  594.224240][T13318]  ? __pfx___might_resched+0x10/0x10
[  594.229538][T13318]  should_fail_ex+0x3b0/0x4e0
[  594.234256][T13318]  ? nla_strdup+0x9c/0x140
[  594.238752][T13318]  should_failslab+0xac/0x100
[  594.243491][T13318]  ? nla_strdup+0x9c/0x140
[  594.247940][T13318]  __kmalloc_noprof+0xd8/0x400
[  594.252726][T13318]  ? __kasan_kmalloc+0x98/0xb0
[  594.257513][T13318]  nla_strdup+0x9c/0x140
[  594.261796][T13318]  nf_tables_newtable+0x59b/0x1e10
[  594.266933][T13318]  ? nfnl_pernet+0x23/0x240
[  594.271452][T13318]  ? __pfx_nf_tables_newtable+0x10/0x10
[  594.277059][T13318]  ? __nla_parse+0x40/0x60
[  594.281497][T13318]  nfnetlink_rcv+0x14dc/0x2ab0
[  594.286304][T13318]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  594.291470][T13318]  ? netlink_deliver_tap+0x2e/0x1b0
[  594.296676][T13318]  ? skb_clone+0x240/0x390
[  594.301109][T13318]  ? __pfx_lock_release+0x10/0x10
[  594.306166][T13318]  ? netlink_deliver_tap+0x2e/0x1b0
[  594.311388][T13318]  netlink_unicast+0x7f6/0x990
[  594.316182][T13318]  ? __pfx_netlink_unicast+0x10/0x10
[  594.321488][T13318]  ? __virt_addr_valid+0x183/0x530
[  594.326638][T13318]  ? __check_object_size+0x48e/0x900
[  594.331969][T13318]  netlink_sendmsg+0x8e4/0xcb0
[  594.336780][T13318]  ? __pfx_netlink_sendmsg+0x10/0x10
[  594.342097][T13318]  ? aa_sock_msg_perm+0x91/0x160
[  594.347092][T13318]  ? __pfx_netlink_sendmsg+0x10/0x10
[  594.352386][T13318]  __sock_sendmsg+0x221/0x270
[  594.357084][T13318]  ____sys_sendmsg+0x52a/0x7e0
[  594.361867][T13318]  ? __pfx_____sys_sendmsg+0x10/0x10
[  594.367179][T13318]  __sys_sendmsg+0x292/0x380
[  594.371785][T13318]  ? __pfx___sys_sendmsg+0x10/0x10
[  594.376925][T13318]  ? __pfx_vfs_write+0x10/0x10
[  594.381721][T13318]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  594.388068][T13318]  ? do_syscall_64+0x100/0x230
[  594.392931][T13318]  ? do_syscall_64+0xb6/0x230
[  594.397619][T13318]  do_syscall_64+0xf3/0x230
[  594.402133][T13318]  ? clear_bhb_loop+0x35/0x90
[  594.406821][T13318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  594.412732][T13318] RIP: 0033:0x7f6f93f7dff9
[  594.417157][T13318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  594.436783][T13318] RSP: 002b:00007f6f94e32038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  594.445224][T13318] RAX: ffffffffffffffda RBX: 00007f6f94135f80 RCX: 00007f6f93f7dff9
[  594.453213][T13318] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  594.461197][T13318] RBP: 00007f6f94e32090 R08: 0000000000000000 R09: 0000000000000000
[  594.469174][T13318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  594.477155][T13318] R13: 0000000000000000 R14: 00007f6f94135f80 R15: 00007f6f9425fa28
[  594.485228][T13318]  </TASK>
[  594.488411][    C0] vkms_vblank_simulate: vblank timer overrun
[  594.764739][T13328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.788779][T13328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.832416][T13328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.885031][T13328] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.947182][T13338] input: syz1 as /devices/virtual/input/input49
[  595.004400][T13337] tipc: Started in network mode
[  595.009360][T13337] tipc: Node identity aaaaaaaaaa41, cluster identity 4711
[  595.017526][T13337] tipc: Enabled bearer <eth:geneve1>, priority 10
[  595.025726][T13338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1632'.
[  595.036824][T13338] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1632'.
[  595.340095][T13351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.351538][T13351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.403204][   T29] audit: type=1326 audit(1728626658.957:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13350 comm="syz.3.1637" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f143937dff9 code=0x0
[  595.425154][    C0] vkms_vblank_simulate: vblank timer overrun
[  595.430724][ T5333] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  595.516415][T13355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.528919][T13355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.559032][T13355] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.578510][T13355] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.590447][    T8] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  595.601543][ T5333] usb 1-1: Using ep0 maxpacket: 8
[  595.615069][ T5333] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  595.627478][ T5333] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  595.640731][ T5333] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  595.667594][ T5333] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  595.690353][ T5333] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  595.699706][ T5333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.763449][    T8] usb 5-1: config 0 has no interfaces?
[  595.777857][    T8] usb 5-1: New USB device found, idVendor=8086, idProduct=0630, bcdDevice=83.b4
[  595.787995][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.802994][    T8] usb 5-1: Product: syz
[  595.807330][    T8] usb 5-1: Manufacturer: syz
[  595.813622][    T8] usb 5-1: SerialNumber: syz
[  595.825916][    T8] usb 5-1: config 0 descriptor??
[  595.937820][ T5333] usb 1-1: GET_CAPABILITIES returned 0
[  595.946032][ T5333] usbtmc 1-1:16.0: can't read capabilities
[  596.050903][T13018] usb 5-1: USB disconnect, device number 75
[  596.133173][   T47] tipc: Node number set to 15444650
[  596.344700][T13366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.355234][T13366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.368682][T13367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  596.377800][T13367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  596.503443][T13372] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1643'.
[  597.000593][  T938] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  597.154859][  T938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  597.166979][  T938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  597.177712][  T938] usb 5-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  597.187782][  T938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.208446][  T938] usb 5-1: config 0 descriptor??
[  597.263242][T13382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.273089][T13382] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.425679][T13378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.439052][T13378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.458694][T13378] bond_slave_0: entered promiscuous mode
[  597.464661][T13378] bond_slave_1: entered promiscuous mode
[  597.480873][T13378] vlan2: entered promiscuous mode
[  597.486027][T13378] bond0: entered promiscuous mode
[  597.497765][T13378] vlan2: entered allmulticast mode
[  597.505542][T13378] bond0: entered allmulticast mode
[  597.519491][T13378] bond_slave_0: entered allmulticast mode
[  597.526238][T13378] bond_slave_1: entered allmulticast mode
[  597.542366][T13378] bond0: left allmulticast mode
[  597.547290][T13378] bond_slave_0: left allmulticast mode
[  597.554468][T13378] bond_slave_1: left allmulticast mode
[  597.567654][T13378] bond0: left promiscuous mode
[  597.574358][T13378] bond_slave_0: left promiscuous mode
[  597.581610][T13378] bond_slave_1: left promiscuous mode
[  597.681275][  T938] usbhid 5-1:0.0: can't add hid device: -71
[  597.687910][  T938] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  597.699392][  T938] usb 5-1: USB disconnect, device number 76
[  598.059336][T13388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.068365][T13388] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.287100][ T5230] Bluetooth: hci3: hardware error 0x20
[  598.349333][T13396] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1653'.
[  598.474279][T13398] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1654'.
[  598.885976][T13416] program syz.3.1660 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  598.905111][T13416] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (18446744073709551614)
[  598.930378][T13416] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535
[  598.951527][T13416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.960819][T13416] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.973215][T13416] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1660'.
[  599.549125][ T5241] Bluetooth: hci3: unexpected subevent 0x1a length: 10 > 6
[  599.559566][T13424] Cannot find map_set index 0 as target
[  599.604218][T13431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  599.618593][T13431] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.642200][   T29] audit: type=1326 audit(1728626663.197:1580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13429 comm="syz.3.1663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f143937dff9 code=0x0
[  600.361926][ T5230] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  600.883984][T13447] fuse: Bad value for 'group_id'
[  600.891769][T13447] fuse: Bad value for 'group_id'
[  601.152619][T13018] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  601.322730][T13018] usb 5-1: config 2 has an invalid interface number: 77 but max is 1
[  601.331172][T13018] usb 5-1: config 2 has an invalid interface number: 202 but max is 1
[  601.339393][T13018] usb 5-1: config 2 has an invalid interface number: 145 but max is 1
[  601.347707][T13018] usb 5-1: config 2 has an invalid interface number: 155 but max is 1
[  601.355973][T13018] usb 5-1: config 2 has an invalid interface number: 130 but max is 1
[  601.364399][T13018] usb 5-1: config 2 contains an unexpected descriptor of type 0x1, skipping
[  601.373303][T13018] usb 5-1: config 2 has an invalid descriptor of length 1, skipping remainder of the config
[  601.385073][T13018] usb 5-1: config 2 has 5 interfaces, different from the descriptor's value: 2
[  601.394138][T13018] usb 5-1: config 2 has no interface number 0
[  601.402043][T13018] usb 5-1: config 2 has no interface number 1
[  601.408326][T13018] usb 5-1: config 2 has no interface number 2
[  601.414529][T13018] usb 5-1: config 2 has no interface number 3
[  601.420821][T13018] usb 5-1: config 2 has no interface number 4
[  601.426973][T13018] usb 5-1: config 2 interface 77 altsetting 129 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  601.446080][T13018] usb 5-1: config 2 interface 202 altsetting 162 has a duplicate endpoint with address 0x5, skipping
[  601.458068][T13018] usb 5-1: config 2 interface 202 altsetting 162 has a duplicate endpoint with address 0x5, skipping
[  601.474964][T13018] usb 5-1: config 2 interface 202 altsetting 162 has a duplicate endpoint with address 0x2, skipping
[  601.488649][T13018] usb 5-1: config 2 interface 202 altsetting 162 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  601.511650][T13018] usb 5-1: too many endpoints for config 2 interface 145 altsetting 204: 233, using maximum allowed: 30
[  601.528925][T13018] usb 5-1: config 2 interface 145 altsetting 204 has 0 endpoint descriptors, different from the interface descriptor's value: 233
[  601.542630][T13018] usb 5-1: config 2 interface 155 altsetting 2 endpoint 0xD has invalid maxpacket 1072, setting to 64
[  601.553700][T13018] usb 5-1: config 2 interface 155 altsetting 2 endpoint 0xF has invalid maxpacket 176, setting to 64
[  601.564691][T13018] usb 5-1: config 2 interface 155 altsetting 2 has a duplicate endpoint with address 0xD, skipping
[  601.575491][T13018] usb 5-1: config 2 interface 155 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  601.586669][T13018] usb 5-1: config 2 interface 155 altsetting 2 endpoint 0xC has invalid maxpacket 512, setting to 64
[  601.597619][T13018] usb 5-1: config 2 interface 155 altsetting 2 endpoint 0xE has an invalid bInterval 0, changing to 7
[  601.614965][T13018] usb 5-1: config 2 interface 155 altsetting 2 has 6 endpoint descriptors, different from the interface descriptor's value: 11
[  601.629769][T13018] usb 5-1: too many endpoints for config 2 interface 130 altsetting 183: 232, using maximum allowed: 30
[  601.642895][T13018] usb 5-1: config 2 interface 130 altsetting 183 has an endpoint descriptor with address 0x68, changing to 0x8
[  601.654833][T13018] usb 5-1: config 2 interface 130 altsetting 183 endpoint 0x8 has an invalid bInterval 226, changing to 11
[  601.666336][T13018] usb 5-1: config 2 interface 130 altsetting 183 endpoint 0x8 has invalid maxpacket 18119, setting to 1024
[  601.677835][T13018] usb 5-1: config 2 interface 130 altsetting 183 has a duplicate endpoint with address 0xF, skipping
[  601.688872][T13018] usb 5-1: config 2 interface 130 altsetting 183 has 4 endpoint descriptors, different from the interface descriptor's value: 232
[  601.702655][T13018] usb 5-1: config 2 interface 77 has no altsetting 0
[  601.712960][T13018] usb 5-1: config 2 interface 202 has no altsetting 0
[  601.719801][T13018] usb 5-1: config 2 interface 145 has no altsetting 0
[  601.727106][T13018] usb 5-1: config 2 interface 155 has no altsetting 0
[  601.736471][T13018] usb 5-1: config 2 interface 130 has no altsetting 0
[  601.746612][T13018] usb 5-1: New USB device found, idVendor=0fb8, idProduct=0002, bcdDevice=e9.64
[  601.756120][T13018] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.764465][T13018] usb 5-1: Product: ᫑곙崍쉬퀆ﻶ횈숴撚엝섘戡辺헥熎櫋焗玲ꗕ뱵酟ퟵゴ닃Ī鷩ꟲ⿔꺎鷩䎅껔✇걇潕漞Ꚁ綖鍗暅♾
[  601.781524][T13018] usb 5-1: Manufacturer: ఇ
[  601.786251][T13018] usb 5-1: SerialNumber: П
[  602.030180][T13018] usb 5-1: USB disconnect, device number 77
[  602.646722][T13455] input: syz1 as /devices/virtual/input/input50
[  602.690387][T13455] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1673'.
[  602.699656][T13455] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1673'.
[  603.743004][    T8] IPVS: starting estimator thread 0...
[  603.870467][T13470] IPVS: using max 16 ests per chain, 38400 per kthread
[  604.556389][T13477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  604.586103][T13477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.305444][ T5230] Bluetooth: hci1: command 0x0406 tx timeout
[  608.117336][T13486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  608.589832][T13486] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  609.907012][ T5230] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  609.921048][ T5230] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  609.938504][ T5230] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  609.952915][ T5230] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  609.962832][ T5230] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  609.971836][ T5230] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  610.231180][ T5241] Bluetooth: hci5: unexpected subevent 0x1a length: 10 > 6
[  610.281250][T13497] Cannot find map_set index 0 as target
[  610.331186][ T5230] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  610.343676][ T5230] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  610.352546][ T5230] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  610.364798][ T5230] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  610.409388][ T5230] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  610.424027][ T5230] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  610.649740][T13507] =======================================================
[  610.649740][T13507] WARNING: The mand mount option has been deprecated and
[  610.649740][T13507]          and is ignored by this kernel. Remove the mand
[  610.649740][T13507]          option from the mount to silence this warning.
[  610.649740][T13507] =======================================================
[  611.897860][T13479] macvlan2: entered promiscuous mode
[  611.919242][T13479] team_slave_0: entered promiscuous mode
[  611.926842][T13479] team_slave_1: entered promiscuous mode
[  611.943443][T13479] team0: entered promiscuous mode
[  611.966615][T13479] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  611.986448][T13479] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[  612.041072][ T5241] Bluetooth: hci8: command tx timeout
[  612.281981][ T5241] Bluetooth: hci5: command tx timeout
[  612.523937][ T5241] Bluetooth: hci9: command tx timeout
[  614.477797][ T5241] Bluetooth: hci8: command tx timeout
[  614.605808][ T5241] Bluetooth: hci9: command tx timeout
[  616.516438][T13533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  616.525167][ T5241] Bluetooth: hci8: command tx timeout
[  616.552959][T13533] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  616.683765][ T5241] Bluetooth: hci9: command tx timeout
[  617.353440][T13539] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1694'.
[  617.390590][T13539] netlink: 31 bytes leftover after parsing attributes in process `syz.3.1694'.
[  617.419697][T13539] netlink: 'syz.3.1694': attribute type 3 has an invalid length.
[  617.436368][T13539] netlink: 'syz.3.1694': attribute type 2 has an invalid length.
[  617.473267][T13539] netlink: 31 bytes leftover after parsing attributes in process `syz.3.1694'.
[  617.670542][    T8] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[  617.808947][T13544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.853687][T13544] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.871158][    T8] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  617.894595][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.958957][    T8] usb 5-1: config 0 descriptor??
[  618.576359][T13550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.600617][ T5241] Bluetooth: hci8: command tx timeout
[  618.614665][T13550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  618.763755][ T5241] Bluetooth: hci9: command tx timeout
[  619.267019][T13553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.298511][T13553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.546963][    T8] usb 5-1: USB disconnect, device number 78
[  620.761942][T13562] RDS: rds_bind could not find a transport for ::ffff:172.30.0.5, load rds_tcp or rds_rdma?
[  620.953864][T13564] netlink: 'syz.4.1700': attribute type 3 has an invalid length.
[  620.990492][T13564] netlink: 'syz.4.1700': attribute type 1 has an invalid length.
[  620.998300][T13564] netlink: 198140 bytes leftover after parsing attributes in process `syz.4.1700'.
[  621.202718][T13567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  621.229313][T13567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  621.310519][    T8] usb 5-1: new full-speed USB device number 79 using dummy_hcd
[  621.490543][    T8] usb 5-1: unable to get BOS descriptor or descriptor too short
[  621.512684][    T8] usb 5-1: not running at top speed; connect to a high speed hub
[  621.532161][    T8] usb 5-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  621.550349][    T8] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  621.599472][    T8] usb 5-1: config 1 interface 0 has no altsetting 0
[  621.613740][    T8] usb 5-1: New USB device found, idVendor=16c0, idProduct=05e1, bcdDevice= 0.40
[  621.633509][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  621.664278][    T8] usb 5-1: Product: syz
[  621.668515][    T8] usb 5-1: Manufacturer: syz
[  621.687276][    T8] usb 5-1: SerialNumber: syz
[  621.711914][T13565] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22
[  623.526568][T13577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  623.584658][T13577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.777931][ T5230] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  623.793327][ T5230] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  623.804503][ T5230] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  623.814685][ T5230] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  623.823214][ T5230] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  623.836255][ T5230] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  624.616751][T13582] xt_l2tp: invalid flags combination: c
[  624.701573][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  624.707987][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  625.339769][T13584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  625.373068][T13584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  625.894527][ T5230] Bluetooth: hci10: command tx timeout
[  626.823086][    T8] usbhid 5-1:1.0: can't add hid device: -32
[  626.832450][    T8] usbhid 5-1:1.0: probe with driver usbhid failed with error -32
[  627.960438][ T5230] Bluetooth: hci10: command tx timeout
[  630.041100][ T5230] Bluetooth: hci10: command tx timeout
[  631.857311][ T5241] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  631.879592][ T5241] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  631.896687][ T5241] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  631.905218][ T5241] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  631.913937][ T5241] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  631.926648][ T5241] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  632.121976][ T5241] Bluetooth: hci10: command tx timeout
[  633.963877][ T5241] Bluetooth: hci11: command tx timeout
[  636.044041][ T5241] Bluetooth: hci11: command tx timeout
[  636.341719][T13561] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1700'.
[  636.990542][T11221] IPVS: stop unused estimator thread 0...
[  637.693488][ T5230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  637.705092][ T5230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  637.720275][ T5230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  637.728625][ T5230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  637.738524][ T5230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  637.746500][ T5230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  637.790539][T13515] syz_tun (unregistering): left promiscuous mode
[  638.124949][ T5230] Bluetooth: hci11: command tx timeout
[  639.801480][ T5230] Bluetooth: hci3: command tx timeout
[  640.204074][ T5230] Bluetooth: hci11: command tx timeout
[  641.880643][ T5230] Bluetooth: hci3: command tx timeout
[  643.960472][ T5230] Bluetooth: hci3: command tx timeout
[  646.040683][ T5230] Bluetooth: hci3: command tx timeout
[  649.542319][    T8] usb 5-1: USB disconnect, device number 79
[  650.172903][T13495] chnl_net:caif_netlink_parms(): no params data found
[  650.220036][T13503] chnl_net:caif_netlink_parms(): no params data found
[  650.377150][   T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  650.822735][   T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.663890][   T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.267194][T13503] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.280562][T13503] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.287926][T13503] bridge_slave_0: entered allmulticast mode
[  657.308139][T13503] bridge_slave_0: entered promiscuous mode
[  657.326480][T13503] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.348158][T13503] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.359948][T13503] bridge_slave_1: entered allmulticast mode
[  657.377193][T13503] bridge_slave_1: entered promiscuous mode
[  657.523431][   T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.559177][T13495] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.580333][T13495] bridge0: port 1(bridge_slave_0) entered disabled state
[  657.587788][T13495] bridge_slave_0: entered allmulticast mode
[  657.638916][T13495] bridge_slave_0: entered promiscuous mode
[  657.663460][T13495] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.688158][T13495] bridge0: port 2(bridge_slave_1) entered disabled state
[  657.700508][T13495] bridge_slave_1: entered allmulticast mode
[  657.708850][T13495] bridge_slave_1: entered promiscuous mode
[  657.740527][T13579] chnl_net:caif_netlink_parms(): no params data found
[  657.899837][T13602] chnl_net:caif_netlink_parms(): no params data found
[  658.064178][T13593] chnl_net:caif_netlink_parms(): no params data found
[  658.087458][T13503] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  658.114827][T13503] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  658.444920][T13495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  658.562242][T13503] team0: Port device team_slave_0 added
[  658.629561][T13495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  658.723898][T13503] team0: Port device team_slave_1 added
[  659.148868][T13503] batman_adv: batadv0: Adding interface: batadv_slave_0
[  659.168918][T13503] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.229818][T13503] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  659.352754][T13495] team0: Port device team_slave_0 added
[  659.373988][T13579] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.390420][T13579] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.397788][T13579] bridge_slave_0: entered allmulticast mode
[  659.422456][T13579] bridge_slave_0: entered promiscuous mode
[  659.442314][T13579] bridge0: port 2(bridge_slave_1) entered blocking state
[  659.449475][T13579] bridge0: port 2(bridge_slave_1) entered disabled state
[  659.476907][T13579] bridge_slave_1: entered allmulticast mode
[  659.501278][T13579] bridge_slave_1: entered promiscuous mode
[  659.569278][T13593] bridge0: port 1(bridge_slave_0) entered blocking state
[  659.584130][T13593] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.620560][T13593] bridge_slave_0: entered allmulticast mode
[  659.640427][T13593] bridge_slave_0: entered promiscuous mode
[  659.726859][T13503] batman_adv: batadv0: Adding interface: batadv_slave_1
[  659.742411][T13503] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  659.799902][T13503] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  659.904071][T13495] team0: Port device team_slave_1 added
[  660.011378][T13593] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.018618][T13593] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.048735][T13593] bridge_slave_1: entered allmulticast mode
[  660.056218][T13593] bridge_slave_1: entered promiscuous mode
[  660.147969][T13602] bridge0: port 1(bridge_slave_0) entered blocking state
[  660.160305][T13602] bridge0: port 1(bridge_slave_0) entered disabled state
[  660.167657][T13602] bridge_slave_0: entered allmulticast mode
[  660.196141][T13602] bridge_slave_0: entered promiscuous mode
[  660.213546][T13602] bridge0: port 2(bridge_slave_1) entered blocking state
[  660.230725][T13602] bridge0: port 2(bridge_slave_1) entered disabled state
[  660.238167][T13602] bridge_slave_1: entered allmulticast mode
[  660.264335][T13602] bridge_slave_1: entered promiscuous mode
[  660.404171][T13579] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  660.584416][T13503] hsr_slave_0: entered promiscuous mode
[  660.654660][T13503] hsr_slave_1: entered promiscuous mode
[  660.671794][T13503] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  660.679517][T13503] Cannot create hsr debugfs directory
[  660.777127][T13495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  660.793738][T13495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.857261][T13495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  660.888799][T13495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  660.906149][T13495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  660.952727][T13495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  660.984763][T13579] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.063515][T13593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.195549][T13602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  661.237473][T13602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.349784][T13593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  661.366514][   T53] bridge_slave_1: left allmulticast mode
[  661.384917][   T53] bridge_slave_1: left promiscuous mode
[  661.404255][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  661.456630][   T53] bridge_slave_0: left allmulticast mode
[  661.470256][   T53] bridge_slave_0: left promiscuous mode
[  661.477951][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  664.323141][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  664.436578][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  664.464419][   T53] bond0 (unregistering): Released all slaves
[  664.723553][T13602] team0: Port device team_slave_0 added
[  664.743233][T13602] team0: Port device team_slave_1 added
[  665.051183][T13579] team0: Port device team_slave_0 added
[  665.900162][T13602] batman_adv: batadv0: Adding interface: batadv_slave_0
[  665.907904][T13602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  665.956648][T13602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  666.002451][T13602] batman_adv: batadv0: Adding interface: batadv_slave_1
[  666.015697][T13602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  666.086801][T13602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  666.242508][T13495] hsr_slave_0: entered promiscuous mode
[  666.285540][T13495] hsr_slave_1: entered promiscuous mode
[  666.329672][T13495] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  666.349927][T13495] Cannot create hsr debugfs directory
[  666.371188][T13579] team0: Port device team_slave_1 added
[  666.391805][T13593] team0: Port device team_slave_0 added
[  666.765694][T13593] team0: Port device team_slave_1 added
[  667.067558][T13579] batman_adv: batadv0: Adding interface: batadv_slave_0
[  667.081254][T13579] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  667.126926][T13579] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  667.140205][    C0] sched: DL replenish lagged too much
[  667.154440][T13579] batman_adv: batadv0: Adding interface: batadv_slave_1
[  667.180412][T13579] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  667.227066][T13579] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  667.369944][T13593] batman_adv: batadv0: Adding interface: batadv_slave_0
[  667.408524][T13593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  667.506161][T13593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  667.734038][T13602] hsr_slave_0: entered promiscuous mode
[  667.789959][T13602] hsr_slave_1: entered promiscuous mode
[  667.850692][T13602] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  667.885594][T13602] Cannot create hsr debugfs directory
[  668.081048][T13593] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.120478][T13593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.260406][T13593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  668.378584][ T5241] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  668.402936][ T5241] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  668.412933][ T5241] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  668.424164][ T5241] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  668.432092][ T5241] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  668.440100][ T5241] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  668.614251][T13579] hsr_slave_0: entered promiscuous mode
[  668.690944][T13579] hsr_slave_1: entered promiscuous mode
[  668.739973][T13579] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  668.781645][T13579] Cannot create hsr debugfs directory
[  669.662184][ T5230] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  669.676073][ T5230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  669.686352][ T5230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  669.695081][ T5230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  669.704882][ T5230] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  669.713588][ T5230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  670.481567][T13593] hsr_slave_0: entered promiscuous mode
[  670.512032][T13593] hsr_slave_1: entered promiscuous mode
[  670.528941][ T5230] Bluetooth: hci5: command tx timeout
[  670.547084][T13593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  670.570445][T13593] Cannot create hsr debugfs directory
[  671.657034][T13602] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  671.800632][ T5230] Bluetooth: hci6: command tx timeout
[  672.284776][T13671] chnl_net:caif_netlink_parms(): no params data found
[  672.352738][T13666] chnl_net:caif_netlink_parms(): no params data found
[  672.574140][   T53] batadv_slave_0: left promiscuous mode
[  672.609084][ T5230] Bluetooth: hci5: command tx timeout
[  672.679301][   T53] hsr_slave_0: left promiscuous mode
[  672.761865][   T53] hsr_slave_1: left promiscuous mode
[  672.820724][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  672.828261][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  672.889554][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  672.910405][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.016662][   T53] veth1_macvtap: left promiscuous mode
[  673.050390][   T53] veth0_macvtap: left promiscuous mode
[  673.056093][   T53] veth1_vlan: left promiscuous mode
[  673.078775][   T53] veth0_vlan: left promiscuous mode
[  673.886671][ T5230] Bluetooth: hci6: command tx timeout
[  674.689087][ T5230] Bluetooth: hci5: command tx timeout
[  675.464116][   T53] team0 (unregistering): Port device team_slave_1 removed
[  675.671255][   T53] team0 (unregistering): Port device team_slave_0 removed
[  675.960574][ T5230] Bluetooth: hci6: command tx timeout
[  676.775787][ T5230] Bluetooth: hci5: command tx timeout
[  678.043400][ T5230] Bluetooth: hci6: command tx timeout
[  678.211149][T13602] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  678.417498][T13671] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.429854][T13671] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.450717][T13671] bridge_slave_0: entered allmulticast mode
[  678.470549][T13671] bridge_slave_0: entered promiscuous mode
[  678.618402][T13671] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.630914][T13671] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.650745][T13671] bridge_slave_1: entered allmulticast mode
[  678.661517][T13671] bridge_slave_1: entered promiscuous mode
[  678.743954][T13666] bridge0: port 1(bridge_slave_0) entered blocking state
[  678.764190][T13666] bridge0: port 1(bridge_slave_0) entered disabled state
[  678.774062][T13666] bridge_slave_0: entered allmulticast mode
[  678.792380][T13666] bridge_slave_0: entered promiscuous mode
[  678.901747][T13666] bridge0: port 2(bridge_slave_1) entered blocking state
[  678.917893][T13666] bridge0: port 2(bridge_slave_1) entered disabled state
[  678.930631][T13666] bridge_slave_1: entered allmulticast mode
[  678.953465][T13666] bridge_slave_1: entered promiscuous mode
[  679.009208][T13671] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.043319][T13671] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  679.312706][T13666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  679.606443][T13666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  679.654036][T13671] team0: Port device team_slave_0 added
[  679.691058][T13671] team0: Port device team_slave_1 added
[  679.957931][T13666] team0: Port device team_slave_0 added
[  680.178041][T13671] batman_adv: batadv0: Adding interface: batadv_slave_0
[  680.210843][T13671] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.300546][T13671] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  680.323201][T13666] team0: Port device team_slave_1 added
[  680.648544][T13602] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  680.692338][T13671] batman_adv: batadv0: Adding interface: batadv_slave_1
[  680.699356][T13671] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  680.774118][T13671] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.009446][T13666] batman_adv: batadv0: Adding interface: batadv_slave_0
[  681.024821][T13666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  681.075614][T13666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  681.198088][T13671] hsr_slave_0: entered promiscuous mode
[  681.232462][T13671] hsr_slave_1: entered promiscuous mode
[  681.276440][T13671] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  681.295668][T13671] Cannot create hsr debugfs directory
[  681.309950][T13666] batman_adv: batadv0: Adding interface: batadv_slave_1
[  681.332379][T13666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  681.389308][T13666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  681.792576][T13666] hsr_slave_0: entered promiscuous mode
[  681.932862][T13666] hsr_slave_1: entered promiscuous mode
[  681.974642][T13666] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  681.990665][T13666] Cannot create hsr debugfs directory
[  682.769924][T13602] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  683.500926][ T5241] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  683.514921][ T5241] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  683.523873][ T5241] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  683.535875][ T5241] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  683.544214][ T5241] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  683.554906][ T5241] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  684.169141][T13753] chnl_net:caif_netlink_parms(): no params data found
[  684.689803][T13753] bridge0: port 1(bridge_slave_0) entered blocking state
[  684.717086][T13753] bridge0: port 1(bridge_slave_0) entered disabled state
[  684.740990][T13753] bridge_slave_0: entered allmulticast mode
[  684.763281][T13753] bridge_slave_0: entered promiscuous mode
[  684.800009][T13753] bridge0: port 2(bridge_slave_1) entered blocking state
[  684.819190][T13753] bridge0: port 2(bridge_slave_1) entered disabled state
[  684.842318][T13753] bridge_slave_1: entered allmulticast mode
[  684.850974][T13753] bridge_slave_1: entered promiscuous mode
[  685.072819][T13753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  685.103670][T13753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  685.329246][T13753] team0: Port device team_slave_0 added
[  685.362112][T13753] team0: Port device team_slave_1 added
[  685.564836][T13753] batman_adv: batadv0: Adding interface: batadv_slave_0
[  685.600551][T13753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  685.654498][ T5241] Bluetooth: hci8: command tx timeout
[  685.713678][T13753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  685.751488][T13753] batman_adv: batadv0: Adding interface: batadv_slave_1
[  685.758506][T13753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  685.802332][T13753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  686.130096][ T1269] ieee802154 phy0 wpan0: encryption failed: -22
[  686.140287][ T1269] ieee802154 phy1 wpan1: encryption failed: -22
[  686.231688][T13753] hsr_slave_0: entered promiscuous mode
[  686.272475][T13753] hsr_slave_1: entered promiscuous mode
[  686.310595][T13753] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  686.318235][T13753] Cannot create hsr debugfs directory
[  686.557934][T13602] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  686.635216][T13602] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  687.185953][T13602] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  687.253504][T13602] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  687.732842][ T5230] Bluetooth: hci8: command tx timeout
[  687.772518][T13602] 8021q: adding VLAN 0 to HW filter on device bond0
[  687.812835][T13602] 8021q: adding VLAN 0 to HW filter on device team0
[  687.854238][ T5536] bridge0: port 1(bridge_slave_0) entered blocking state
[  687.861475][ T5536] bridge0: port 1(bridge_slave_0) entered forwarding state
[  687.883545][ T5536] bridge0: port 2(bridge_slave_1) entered blocking state
[  687.890782][ T5536] bridge0: port 2(bridge_slave_1) entered forwarding state
[  688.164525][T13602] 8021q: adding VLAN 0 to HW filter on device batadv0
[  688.200763][ T5230] Bluetooth: hci7: command 0x0406 tx timeout
[  688.368161][T13602] veth0_vlan: entered promiscuous mode
[  688.432798][T13602] veth1_vlan: entered promiscuous mode
[  688.527795][T13602] veth0_macvtap: entered promiscuous mode
[  688.571286][T13602] veth1_macvtap: entered promiscuous mode
[  688.643773][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.670361][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  688.701995][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.721887][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  688.740624][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.769128][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  688.800275][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.831784][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  688.876077][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.910661][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  688.941438][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  688.978647][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.020255][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  689.051608][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.090026][T13602] batman_adv: batadv0: Interface activated: batadv_slave_0
[  689.114217][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.140503][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.180395][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.210502][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.241413][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.290443][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.320513][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.350362][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.385090][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.419844][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.470464][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.516835][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.550378][T13602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  689.594081][T13602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  689.639143][T13602] batman_adv: batadv0: Interface activated: batadv_slave_1
[  689.812338][ T5241] Bluetooth: hci8: command tx timeout
[  690.168469][T13602] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  690.190558][T13602] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  690.199337][T13602] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  690.250511][T13602] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  690.986109][   T53] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.223980][   T53] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.433136][   T53] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.515608][T11221] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.528819][T11221] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.666135][   T53] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  691.793601][ T5536] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.813632][ T5536] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.892855][ T5241] Bluetooth: hci8: command tx timeout
[  692.026159][   T53] bridge_slave_1: left allmulticast mode
[  692.047230][   T53] bridge_slave_1: left promiscuous mode
[  692.070920][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.079896][   T53] bridge_slave_0: left allmulticast mode
[  692.093218][T13856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  692.100356][   T53] bridge_slave_0: left promiscuous mode
[  692.107407][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.180621][T13856] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  692.194537][   T53] bridge_slave_1: left allmulticast mode
[  692.214132][   T53] bridge_slave_1: left promiscuous mode
[  692.219900][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.261660][   T53] bridge_slave_0: left allmulticast mode
[  692.267385][   T53] bridge_slave_0: left promiscuous mode
[  692.273307][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.323124][   T53] bridge_slave_1: left allmulticast mode
[  692.328864][   T53] bridge_slave_1: left promiscuous mode
[  692.346536][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.364674][   T53] bridge_slave_0: left allmulticast mode
[  692.380424][   T53] bridge_slave_0: left promiscuous mode
[  692.391211][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.394241][ T5230] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  692.411214][   T53] bridge_slave_1: left allmulticast mode
[  692.417030][   T53] bridge_slave_1: left promiscuous mode
[  692.430428][ T5230] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  692.430651][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.441289][ T5230] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  692.455593][ T5230] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  692.463600][ T5230] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  692.472200][   T53] bridge_slave_0: left allmulticast mode
[  692.473336][ T5230] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  692.477896][   T53] bridge_slave_0: left promiscuous mode
[  692.491279][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.971871][T13866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  692.982298][T13866] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.540570][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  693.558834][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  693.593905][   T53] bond0 (unregistering): Released all slaves
[  693.620985][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  693.650913][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  693.682398][   T53] bond0 (unregistering): Released all slaves
[  693.725663][ T5230] Bluetooth: hci3: hardware error 0x20
[  693.843544][T13875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.856954][T13875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.919764][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  693.940839][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  693.962972][   T53] bond0 (unregistering): Released all slaves
[  694.200068][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  694.219895][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  694.232183][   T53] bond0 (unregistering): (slave macvlan2): Releasing backup interface
[  694.245514][   T53] team0: left promiscuous mode
[  694.252707][   T53] team_slave_0: left promiscuous mode
[  694.258494][   T53] team_slave_1: left promiscuous mode
[  694.266688][   T53] bond0 (unregistering): Released all slaves
[  694.316159][T13874] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1715'.
[  694.522374][ T5241] Bluetooth: hci9: command tx timeout
[  694.998769][T13671] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.264493][T13671] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.294438][T13895] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.307080][T13895] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.484232][T13671] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.532256][T13861] chnl_net:caif_netlink_parms(): no params data found
[  695.664683][T13671] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.810627][ T5230] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  695.818471][   T53] hsr_slave_0: left promiscuous mode
[  695.880430][   T53] hsr_slave_1: left promiscuous mode
[  695.931457][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  695.972077][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.022779][   T53] hsr_slave_0: left promiscuous mode
[  696.092303][   T53] hsr_slave_1: left promiscuous mode
[  696.136605][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.151717][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.186886][   T53] hsr_slave_0: left promiscuous mode
[  696.198922][   T53] hsr_slave_1: left promiscuous mode
[  696.209200][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.237910][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.256535][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.265169][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.293730][   T53] hsr_slave_0: left promiscuous mode
[  696.299889][   T53] hsr_slave_1: left promiscuous mode
[  696.311449][T13919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  696.331083][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.338603][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.358603][T13919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  696.381166][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.388802][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.514540][   T53] veth1_macvtap: left promiscuous mode
[  696.520111][   T53] veth0_macvtap: left promiscuous mode
[  696.527543][   T53] veth1_vlan: left promiscuous mode
[  696.533789][   T53] veth0_vlan: left promiscuous mode
[  696.569736][   T53] veth1_macvtap: left promiscuous mode
[  696.575561][   T53] veth0_macvtap: left promiscuous mode
[  696.582260][   T53] veth1_vlan: left promiscuous mode
[  696.587701][   T53] veth0_vlan: left promiscuous mode
[  696.600952][ T5230] Bluetooth: hci9: command tx timeout
[  697.140404][T13936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.165437][T13936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.271861][   T53] team0 (unregistering): Port device team_slave_1 removed
[  697.364480][   T53] team0 (unregistering): Port device team_slave_0 removed
[  697.956398][   T53] team0 (unregistering): Port device team_slave_1 removed
[  698.001216][   T53] team0 (unregistering): Port device team_slave_0 removed
[  698.688749][ T5230] Bluetooth: hci9: command tx timeout
[  698.844247][   T53] team0 (unregistering): Port device team_slave_1 removed
[  698.943814][   T53] team0 (unregistering): Port device team_slave_0 removed
[  700.299229][   T53] team0 (unregistering): Port device team_slave_1 removed
[  700.368862][   T53] team0 (unregistering): Port device team_slave_0 removed
[  700.770756][ T5230] Bluetooth: hci9: command tx timeout
[  700.853077][   T30] INFO: task kworker/0:3:5229 blocked for more than 143 seconds.
[  700.870538][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  700.878237][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  700.890364][   T30] task:kworker/0:3     state:D stack:20240 pid:5229  tgid:5229  ppid:2      flags:0x00004000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  700.901407][   T30] Workqueue: usb_hub_wq hub_event
[  700.906645][   T30] Call Trace:
[  700.909966][   T30]  <TASK>
[  700.913567][   T30]  __schedule+0x1895/0x4b30
[  700.918159][   T30]  ? __pfx___schedule+0x10/0x10
[  700.960472][   T30]  ? __pfx_lock_release+0x10/0x10
[  700.965606][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  700.984345][   T30]  ? schedule+0x90/0x320
[  700.988687][   T30]  schedule+0x14b/0x320
[  701.003655][   T30]  schedule_preempt_disabled+0x13/0x30
[  701.009216][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  701.021761][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  701.027763][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  701.037662][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  701.045386][   T30]  ? kobject_put+0x272/0x480
[  701.050029][   T30]  down_write+0x1d7/0x220
[  701.054991][   T30]  ? __pfx_down_write+0x10/0x10
[  701.059903][   T30]  ? usb_hcd_flush_endpoint+0x3d1/0x3f0
[  701.065700][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  701.072052][   T30]  usb_deregister_dev+0x88/0x210
[  701.077038][   T30]  iowarrior_disconnect+0x77/0x2e0
[  701.083244][   T30]  usb_unbind_interface+0x25e/0x940
[  701.088528][   T30]  ? kernfs_remove_by_name_ns+0x11b/0x160
[  701.094673][   T30]  ? __pfx_usb_unbind_interface+0x10/0x10
[  701.100537][   T30]  device_release_driver_internal+0x503/0x7c0
[  701.106782][   T30]  bus_remove_device+0x34f/0x420
[  701.111970][   T30]  device_del+0x57a/0x9b0
[  701.116343][   T30]  ? kobject_put+0x272/0x480
[  701.121283][   T30]  ? __pfx_device_del+0x10/0x10
[  701.126180][   T30]  ? kobject_put+0x44d/0x480
[  701.130955][   T30]  usb_disable_device+0x3bf/0x850
[  701.136252][   T30]  usb_disconnect+0x340/0x950
[  701.142287][   T30]  hub_event+0x1ebc/0x5150
[  701.146797][   T30]  ? debug_object_deactivate+0x2d5/0x390
[  701.152888][   T30]  ? __pfx_hub_event+0x10/0x10
[  701.157705][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  701.162999][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  701.169279][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  701.175989][   T30]  ? process_scheduled_works+0x976/0x1850
[  701.181844][   T30]  process_scheduled_works+0xa63/0x1850
[  701.187632][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  701.193979][   T30]  ? assign_work+0x364/0x3d0
[  701.198633][   T30]  worker_thread+0x870/0xd30
[  701.203420][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  701.209367][   T30]  ? __kthread_parkme+0x169/0x1d0
[  701.214600][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.219766][   T30]  kthread+0x2f0/0x390
[  701.223991][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.229155][   T30]  ? __pfx_kthread+0x10/0x10
[  701.233921][   T30]  ret_from_fork+0x4b/0x80
[  701.238387][   T30]  ? __pfx_kthread+0x10/0x10
[  701.244596][   T30]  ret_from_fork_asm+0x1a/0x30
[  701.249444][   T30]  </TASK>
[  701.252656][   T30] INFO: task kworker/1:3:5280 blocked for more than 143 seconds.
[  701.264110][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  701.274812][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  701.283746][   T30] task:kworker/1:3     state:D stack:14416 pid:5280  tgid:5280  ppid:2      flags:0x00004000
[  701.294054][   T30] Workqueue: usb_hub_wq hub_event
[  701.299108][   T30] Call Trace:
[  701.302499][   T30]  <TASK>
[  701.305555][   T30]  __schedule+0x1895/0x4b30
[  701.310144][   T30]  ? __pfx___schedule+0x10/0x10
[  701.315563][   T30]  ? __pfx_lock_release+0x10/0x10
[  701.320917][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  701.327198][   T30]  ? kthread_data+0x52/0xd0
[  701.331844][   T30]  ? schedule+0x90/0x320
[  701.336145][   T30]  ? wq_worker_sleeping+0x66/0x240
[  701.341429][   T30]  ? schedule+0x90/0x320
[  701.346768][   T30]  schedule+0x14b/0x320
[  701.351104][   T30]  schedule_preempt_disabled+0x13/0x30
[  701.357052][   T30]  rwsem_down_write_slowpath+0xeee/0x13b0
[  701.362941][   T30]  ? rwsem_down_write_slowpath+0xa09/0x13b0
[  701.368905][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[  701.375204][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  701.380403][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  701.386803][   T30]  down_write+0x1d7/0x220
[  701.391394][   T30]  ? __pfx_down_write+0x10/0x10
[  701.396286][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  701.401676][   T30]  usb_register_dev+0x13a/0x5a0
[  701.406578][   T30]  ? __pfx_usb_register_dev+0x10/0x10
[  701.412094][   T30]  ? iowarrior_probe+0x989/0x1180
[  701.417161][   T30]  ? rcu_is_watching+0x15/0xb0
[  701.422504][   T30]  ? iowarrior_probe+0x989/0x1180
[  701.427578][   T30]  ? trace_kmalloc+0x1f/0xd0
[  701.432347][   T30]  ? __kmalloc_noprof+0x21a/0x400
[  701.437507][   T30]  iowarrior_probe+0xc33/0x1180
[  701.442499][   T30]  usb_probe_interface+0x645/0xbb0
[  701.449119][   T30]  ? __pfx_usb_probe_interface+0x10/0x10
[  701.454933][   T30]  really_probe+0x2b8/0xad0
[  701.459493][   T30]  __driver_probe_device+0x1a2/0x390
[  701.464985][   T30]  driver_probe_device+0x50/0x430
[  701.470051][   T30]  __device_attach_driver+0x2d6/0x530
[  701.475566][   T30]  bus_for_each_drv+0x24e/0x2e0
[  701.482518][   T30]  ? __pfx___device_attach_driver+0x10/0x10
[  701.488490][   T30]  ? __pfx_bus_for_each_drv+0x10/0x10
[  701.494492][   T30]  __device_attach+0x333/0x520
[  701.499424][   T30]  ? __pfx_lock_release+0x10/0x10
[  701.504679][   T30]  ? __pfx___device_attach+0x10/0x10
[  701.510023][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  701.515375][   T30]  bus_probe_device+0x189/0x260
[  701.520368][   T30]  device_add+0x856/0xbf0
[  701.524746][   T30]  usb_set_configuration+0x1976/0x1fb0
[  701.530411][   T30]  usb_generic_driver_probe+0x88/0x140
[  701.536080][   T30]  usb_probe_device+0x1b8/0x380
[  701.541762][   T30]  ? __pfx_usb_probe_device+0x10/0x10
[  701.548885][   T30]  really_probe+0x2b8/0xad0
[  701.554066][   T30]  __driver_probe_device+0x1a2/0x390
[  701.559408][   T30]  driver_probe_device+0x50/0x430
[  701.567938][   T30]  __device_attach_driver+0x2d6/0x530
[  701.573657][   T30]  bus_for_each_drv+0x24e/0x2e0
[  701.578558][   T30]  ? __pfx___device_attach_driver+0x10/0x10
[  701.584537][   T30]  ? __pfx_bus_for_each_drv+0x10/0x10
[  701.589958][   T30]  __device_attach+0x333/0x520
[  701.594931][   T30]  ? __pfx___device_attach+0x10/0x10
[  701.601860][   T30]  bus_probe_device+0x189/0x260
[  701.606776][   T30]  device_add+0x856/0xbf0
[  701.611335][   T30]  usb_new_device+0x104a/0x19a0
[  701.616277][   T30]  ? __pfx_usb_new_device+0x10/0x10
[  701.621601][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  701.626848][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  701.632293][   T30]  hub_event+0x2d6d/0x5150
[  701.636811][   T30]  ? __pfx_hub_event+0x10/0x10
[  701.648226][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  701.660441][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  701.666517][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  701.673145][   T30]  ? process_scheduled_works+0x976/0x1850
[  701.679131][   T30]  process_scheduled_works+0xa63/0x1850
[  701.685020][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  701.691202][   T30]  ? assign_work+0x364/0x3d0
[  701.695851][   T30]  worker_thread+0x870/0xd30
[  701.700600][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  701.706628][   T30]  ? __kthread_parkme+0x169/0x1d0
[  701.712148][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.717334][   T30]  kthread+0x2f0/0x390
[  701.721806][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.727216][   T30]  ? __pfx_kthread+0x10/0x10
[  701.731964][   T30]  ret_from_fork+0x4b/0x80
[  701.736608][   T30]  ? __pfx_kthread+0x10/0x10
[  701.741371][   T30]  ret_from_fork_asm+0x1a/0x30
[  701.746209][   T30]  </TASK>
[  701.749417][   T30] INFO: task kworker/1:6:5328 blocked for more than 144 seconds.
[  701.763000][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  701.771470][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  701.781182][   T30] task:kworker/1:6     state:D stack:19984 pid:5328  tgid:5328  ppid:2      flags:0x00004000
[  701.791546][   T30] Workqueue: usb_hub_wq hub_event
[  701.796643][   T30] Call Trace:
[  701.799946][   T30]  <TASK>
[  701.803111][   T30]  __schedule+0x1895/0x4b30
[  701.807675][   T30]  ? schedule+0x90/0x320
[  701.812071][   T30]  ? __pfx___schedule+0x10/0x10
[  701.816976][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  701.823111][   T30]  ? __pfx_lock_release+0x10/0x10
[  701.828193][   T30]  ? kick_pool+0x1bd/0x620
[  701.832843][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  701.838097][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  701.843487][   T30]  ? schedule+0x90/0x320
[  701.847783][   T30]  schedule+0x14b/0x320
[  701.852113][   T30]  schedule_preempt_disabled+0x13/0x30
[  701.859038][   T30]  __mutex_lock+0x6a7/0xd70
[  701.863687][   T30]  ? __mutex_lock+0x52a/0xd70
[  701.868396][   T30]  ? hub_event+0x7d5/0x5150
[  701.873015][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  701.878086][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  701.883717][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  701.888970][   T30]  ? pm_runtime_barrier+0x152/0x1d0
[  701.894409][   T30]  hub_event+0x7d5/0x5150
[  701.898812][   T30]  ? __pfx_register_lock_class+0x10/0x10
[  701.904617][   T30]  ? debug_object_deactivate+0x2d5/0x390
[  701.910388][   T30]  ? __pfx_hub_event+0x10/0x10
[  701.915208][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  701.920399][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  701.926432][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  701.932891][   T30]  ? process_scheduled_works+0x976/0x1850
[  701.938666][   T30]  process_scheduled_works+0xa63/0x1850
[  701.944524][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[  701.950651][   T30]  ? assign_work+0x364/0x3d0
[  701.955298][   T30]  worker_thread+0x870/0xd30
[  701.962008][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  701.968090][   T30]  ? __kthread_parkme+0x169/0x1d0
[  701.973374][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.978574][   T30]  kthread+0x2f0/0x390
[  701.982859][   T30]  ? __pfx_worker_thread+0x10/0x10
[  701.988030][   T30]  ? __pfx_kthread+0x10/0x10
[  701.992791][   T30]  ret_from_fork+0x4b/0x80
[  701.997262][   T30]  ? __pfx_kthread+0x10/0x10
[  702.002053][   T30]  ret_from_fork_asm+0x1a/0x30
[  702.006965][   T30]  </TASK>
[  702.020385][   T30] INFO: task syz.3.1432:12409 blocked for more than 144 seconds.
[  702.028787][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  702.036732][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  702.045579][   T30] task:syz.3.1432      state:D stack:25920 pid:12409 tgid:12409 ppid:11275  flags:0x00004004
[  702.055995][   T30] Call Trace:
[  702.061852][   T30]  <TASK>
[  702.064842][   T30]  __schedule+0x1895/0x4b30
[  702.069414][   T30]  ? __pfx___schedule+0x10/0x10
[  702.074704][   T30]  ? __pfx_lock_release+0x10/0x10
[  702.079790][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  702.085945][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  702.092417][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  702.098375][   T30]  ? schedule+0x90/0x320
[  702.102766][   T30]  schedule+0x14b/0x320
[  702.106977][   T30]  rpm_resume+0x504/0x1670
[  702.111631][   T30]  ? __pfx_lock_acquire+0x10/0x10
[  702.116788][   T30]  ? __pfx_rpm_resume+0x10/0x10
[  702.122117][   T30]  ? __pfx_autoremove_wake_function+0x10/0x10
[  702.128265][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  702.133806][   T30]  ? do_raw_spin_unlock+0x13c/0x8b0
[  702.139082][   T30]  rpm_resume+0x8fe/0x1670
[  702.143707][   T30]  ? __pfx_rpm_resume+0x10/0x10
[  702.148622][   T30]  ? _raw_spin_lock_irqsave+0xe1/0x120
[  702.154227][   T30]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  702.160314][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  702.168093][   T30]  __pm_runtime_resume+0x120/0x180
[  702.173387][   T30]  ? __pfx_wdm_manage_power+0x10/0x10
[  702.178813][   T30]  usb_autopm_get_interface+0x22/0xf0
[  702.187239][   T30]  ? __pfx_wdm_manage_power+0x10/0x10
[  702.192746][   T30]  wdm_manage_power+0x1c/0xa0
[  702.197474][   T30]  ? __pfx_wdm_manage_power+0x10/0x10
[  702.203257][   T30]  wdm_release+0x20f/0x460
[  702.207727][   T30]  ? __pfx_wdm_release+0x10/0x10
[  702.212843][   T30]  __fput+0x23f/0x880
[  702.216875][   T30]  task_work_run+0x24f/0x310
[  702.221608][   T30]  ? __pfx_task_work_run+0x10/0x10
[  702.226764][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  702.232624][   T30]  syscall_exit_to_user_mode+0x168/0x370
[  702.238326][   T30]  do_syscall_64+0x100/0x230
[  702.243066][   T30]  ? clear_bhb_loop+0x35/0x90
[  702.247775][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.253812][   T30] RIP: 0033:0x7f8a46f7dff9
[  702.258263][   T30] RSP: 002b:00007f8a4725fb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  702.268251][   T30] RAX: 0000000000000000 RBX: 00007f8a47137a80 RCX: 00007f8a46f7dff9
[  702.276715][   T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  702.285412][   T30] RBP: 00007f8a47137a80 R08: 0000000000000006 R09: 00007f8a4725fe7f
[  702.293551][   T30] R10: 00000000003ffcb4 R11: 0000000000000246 R12: 0000000000083e18
[  702.301710][   T30] R13: 00007f8a4725fc90 R14: 0000000000000032 R15: ffffffffffffffff
[  702.309741][   T30]  </TASK>
[  702.323621][   T30] INFO: task syz.1.1476:12657 blocked for more than 144 seconds.
[  702.331665][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  702.339385][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  702.348184][   T30] task:syz.1.1476      state:D stack:23424 pid:12657 tgid:12656 ppid:11071  flags:0x00000004
[  702.358491][   T30] Call Trace:
[  702.362364][   T30]  <TASK>
[  702.365356][   T30]  __schedule+0x1895/0x4b30
[  702.371094][   T30]  ? __pfx___schedule+0x10/0x10
[  702.376027][   T30]  ? __pfx_lock_release+0x10/0x10
[  702.381276][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  702.386814][   T30]  ? schedule+0x90/0x320
[  702.391182][   T30]  schedule+0x14b/0x320
[  702.395408][   T30]  schedule_preempt_disabled+0x13/0x30
[  702.401052][   T30]  __mutex_lock+0x6a7/0xd70
[  702.405621][   T30]  ? __mutex_lock+0x52a/0xd70
[  702.410426][   T30]  ? wdm_open+0x56/0x550
[  702.414715][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  702.419766][   T30]  ? __pfx_down_read+0x10/0x10
[  702.424679][   T30]  ? chrdev_open+0xfb/0x600
[  702.429230][   T30]  ? __pfx_lock_release+0x10/0x10
[  702.434419][   T30]  wdm_open+0x56/0x550
[  702.438540][   T30]  ? __pfx_wdm_open+0x10/0x10
[  702.443398][   T30]  usb_open+0x14b/0x1d0
[  702.447614][   T30]  chrdev_open+0x521/0x600
[  702.452184][   T30]  ? __pfx_apparmor_file_open+0x10/0x10
[  702.457795][   T30]  ? __pfx_chrdev_open+0x10/0x10
[  702.462895][   T30]  ? security_file_open+0x513/0x990
[  702.469220][   T30]  ? __pfx_chrdev_open+0x10/0x10
[  702.475010][   T30]  do_dentry_open+0x978/0x1460
[  702.479858][   T30]  vfs_open+0x3e/0x330
[  702.484118][   T30]  path_openat+0x2c84/0x3590
[  702.488773][   T30]  ? __lock_acquire+0x1384/0x2050
[  702.494028][   T30]  ? __pfx_path_openat+0x10/0x10
[  702.499027][   T30]  do_filp_open+0x235/0x490
[  702.503685][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  702.508814][   T30]  ? _raw_spin_unlock+0x28/0x50
[  702.513844][   T30]  ? alloc_fd+0x5a1/0x640
[  702.518225][   T30]  do_sys_openat2+0x13e/0x1d0
[  702.523049][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  702.528306][   T30]  __x64_sys_openat+0x247/0x2a0
[  702.533290][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  702.538734][   T30]  ? do_syscall_64+0x100/0x230
[  702.543664][   T30]  ? do_syscall_64+0xb6/0x230
[  702.548400][   T30]  do_syscall_64+0xf3/0x230
[  702.553049][   T30]  ? clear_bhb_loop+0x35/0x90
[  702.557763][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.563795][   T30] RIP: 0033:0x7f5c8c77c990
[  702.568256][   T30] RSP: 002b:00007f5c8d648b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  702.578476][   T30] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5c8c77c990
[  702.587087][   T30] RDX: 0000000000000002 RSI: 00007f5c8d648c10 RDI: 00000000ffffff9c
[  702.595239][   T30] RBP: 00007f5c8d648c10 R08: 0000000000000000 R09: 00007f5c8d648987
[  702.606804][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  702.615536][   T30] R13: 0000000000000000 R14: 00007f5c8c935f80 R15: 00007f5c8ca5fa28
[  702.624484][   T30]  </TASK>
[  702.627636][   T30] INFO: task syz.2.1483:12701 blocked for more than 145 seconds.
[  702.639612][   T30]       Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  702.647645][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  702.656453][   T30] task:syz.2.1483      state:D stack:26816 pid:12701 tgid:12700 ppid:11591  flags:0x00000004
[  702.666930][   T30] Call Trace:
[  702.670295][   T30]  <TASK>
[  702.674741][   T30]  __schedule+0x1895/0x4b30
[  702.679332][   T30]  ? __pfx___schedule+0x10/0x10
[  702.691381][   T30]  ? __pfx_lock_release+0x10/0x10
[  702.696508][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  702.703428][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  702.709822][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  702.715443][   T30]  ? schedule+0x90/0x320
[  702.719742][   T30]  schedule+0x14b/0x320
[  702.724067][   T30]  ? down_read+0x6a5/0xa40
[  702.728702][   T30]  schedule_preempt_disabled+0x13/0x30
[  702.734293][   T30]  down_read+0x705/0xa40
[  702.738710][   T30]  ? __pfx_down_read+0x10/0x10
[  702.743618][   T30]  ? __pfx_lock_release+0x10/0x10
[  702.748880][   T30]  usb_open+0x30/0x1d0
[  702.753115][   T30]  chrdev_open+0x521/0x600
[  702.757568][   T30]  ? __pfx_apparmor_file_open+0x10/0x10
[  702.763686][   T30]  ? __pfx_chrdev_open+0x10/0x10
[  702.768673][   T30]  ? security_file_open+0x513/0x990
[  702.774373][   T30]  ? __pfx_chrdev_open+0x10/0x10
[  702.781212][   T30]  do_dentry_open+0x978/0x1460
[  702.786066][   T30]  vfs_open+0x3e/0x330
[  702.790281][   T30]  path_openat+0x2c84/0x3590
[  702.795184][   T30]  ? __pfx_path_openat+0x10/0x10
[  702.800359][   T30]  do_filp_open+0x235/0x490
[  702.805096][   T30]  ? __pfx_do_filp_open+0x10/0x10
[  702.810309][   T30]  ? _raw_spin_unlock+0x28/0x50
[  702.815213][   T30]  ? alloc_fd+0x5a1/0x640
[  702.819591][   T30]  do_sys_openat2+0x13e/0x1d0
[  702.824738][   T30]  ? __pfx_do_sys_openat2+0x10/0x10
[  702.830013][   T30]  __x64_sys_openat+0x247/0x2a0
[  702.834999][   T30]  ? __pfx___x64_sys_openat+0x10/0x10
[  702.840841][   T30]  ? do_syscall_64+0x100/0x230
[  702.845664][   T30]  ? do_syscall_64+0xb6/0x230
[  702.850479][   T30]  do_syscall_64+0xf3/0x230
[  702.855241][   T30]  ? clear_bhb_loop+0x35/0x90
[  702.859970][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.865986][   T30] RIP: 0033:0x7ffbb877c990
[  702.870504][   T30] RSP: 002b:00007ffbb94d6b70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  702.880755][   T30] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ffbb877c990
[  702.888787][   T30] RDX: 0000000000000002 RSI: 00007ffbb94d6c10 RDI: 00000000ffffff9c
[  702.896859][   T30] RBP: 00007ffbb94d6c10 R08: 0000000000000000 R09: 00007ffbb94d6987
[  702.904986][   T30] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  702.913083][   T30] R13: 0000000000000000 R14: 00007ffbb8935f80 R15: 00007ffbb8a5fa28
[  702.921369][   T30]  </TASK>
[  702.925732][   T30] 
[  702.925732][   T30] Showing all locks held in the system:
[  702.948089][   T30] 3 locks held by kworker/u8:0/11:
[  702.959558][   T30]  #0: ffff88814b70b948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  702.972511][   T30]  #1: ffffc90000107d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  702.988010][   T30]  #2: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30
[  702.998139][   T30] 1 lock held by khungtaskd/30:
[  703.006925][   T30]  #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  703.017345][   T30] 5 locks held by kworker/u8:3/53:
[  703.022934][   T30]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.034466][   T30]  #1: ffffc90000bd7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.045481][   T30]  #2: ffffffff8fcc55d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  703.055452][   T30]  #3: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xaa0
[  703.069362][   T30]  #4: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  703.081646][   T30] 2 locks held by kworker/u8:4/62:
[  703.087912][   T30] 3 locks held by kworker/u8:5/147:
[  703.094801][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.107050][   T30]  #1: ffffc90002dcfd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.118514][   T30]  #2: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  703.128223][   T30] 1 lock held by dhcpcd/4898:
[  703.133323][   T30]  #0: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  703.143259][   T30] 2 locks held by getty/4985:
[  703.147966][   T30]  #0: ffff88814b8fd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  703.158371][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  703.169307][   T30] 6 locks held by kworker/0:3/5229:
[  703.175760][   T30]  #0: ffff88801dedf948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.189068][   T30]  #1: ffffc90003a9fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.202438][   T30]  #2: ffff888028624190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  703.211889][   T30]  #3: ffff8880785a9190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950
[  703.221667][   T30]  #4: ffff888074a08160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  703.232687][   T30]  #5: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_deregister_dev+0x88/0x210
[  703.243215][   T30] 6 locks held by kworker/1:3/5280:
[  703.248454][   T30]  #0: ffff88801dedf948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.259931][   T30]  #1: ffffc90004267d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.272271][   T30]  #2: ffff88802863c190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  703.282274][   T30]  #3: ffff88804f3d8190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  703.293149][   T30]  #4: ffff88801b3c1160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  703.302582][   T30]  #5: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x13a/0x5a0
[  703.313432][   T30] 3 locks held by kworker/0:6/5284:
[  703.318669][   T30]  #0: ffff888141287948 ((wq_completion)pm){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.329878][   T30]  #1: ffffc900042a7d00 ((work_completion)(&dev->power.work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.342376][   T30]  #2: ffff8880287ef510 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_port_suspend+0x1c6/0x14d0
[  703.353467][   T30] 4 locks held by kworker/1:6/5328:
[  703.358695][   T30]  #0: ffff88801dedf948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.370410][   T30]  #1: ffffc900044dfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.382656][   T30]  #2: ffff8880287ec190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  703.393653][   T30]  #3: ffff8880287ef510 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x7d5/0x5150
[  703.405979][   T30] 6 locks held by kworker/1:7/5333:
[  703.411406][   T30]  #0: ffff88801dedf948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  703.423946][   T30]  #1: ffffc9000443fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  703.436179][   T30]  #2: ffff888144794190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[  703.445283][   T30]  #3: ffff88806c287190 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  703.455263][   T30]  #4: ffff888011a17160 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8e/0x520
[  703.464731][   T30]  #5: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_register_dev+0x13a/0x5a0
[  703.474726][   T30] 2 locks held by kworker/u8:8/5573:
[  703.480046][   T30] 1 lock held by syz.3.1432/12409:
[  703.485761][   T30]  #0: ffffffff8f633a88 (wdm_mutex){+.+.}-{3:3}, at: wdm_release+0x4f/0x460
[  703.496040][   T30] 2 locks held by syz.1.1476/12657:
[  703.502314][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.511380][   T30]  #1: ffffffff8f633a88 (wdm_mutex){+.+.}-{3:3}, at: wdm_open+0x56/0x550
[  703.520083][   T30] 1 lock held by syz.2.1483/12701:
[  703.525330][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.535461][   T30] 1 lock held by syz.0.1633/13342:
[  703.540666][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.549712][   T30] 1 lock held by syz.2.1651/13388:
[  703.555127][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.564669][   T30] 1 lock held by syz.2.1651/13389:
[  703.569818][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.579096][   T30] 1 lock held by syz.2.1651/13390:
[  703.584337][   T30]  #0: ffffffff8f5abd10 (minor_rwsem#2){++++}-{3:3}, at: usb_open+0x30/0x1d0
[  703.593624][   T30] 4 locks held by syz-executor/13666:
[  703.607026][   T30]  #0: ffff888023d36420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  703.618011][   T30]  #1: ffff888031bcb888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  703.628251][   T30]  #2: ffff888143fb7968 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  703.638676][   T30]  #3: ffffffff8f5701c8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  703.653499][   T30] 7 locks held by syz-executor/13671:
[  703.658932][   T30]  #0: ffff888023d36420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  703.667975][   T30]  #1: ffff88804f505488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  703.678023][   T30]  #2: ffff888143fb7968 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  703.688328][   T30]  #3: ffffffff8f5701c8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  703.699935][   T30]  #4: ffff888058da00e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  703.710778][   T30]  #5: ffff888058da3250 (&devlink->lock_key#50){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  703.728633][   T30]  #6: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: unregister_nexthop_notifier+0x17/0x40
[  703.739029][   T30] 4 locks held by syz-executor/13753:
[  703.744537][   T30]  #0: ffff888023d36420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  703.753924][   T30]  #1: ffff888028de4888 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  703.764570][   T30]  #2: ffff888143fb7968 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  703.774878][   T30]  #3: ffffffff8f5701c8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  703.785343][   T30] 1 lock held by syz-executor/13861:
[  703.790858][   T30]  #0: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  703.802434][   T30] 2 locks held by syz.3.1720/13936:
[  703.807685][   T30]  #0: ffffffff8fd37e30 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  703.816162][   T30]  #1: ffffffff8fcd20c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  703.825626][   T30] 
[  703.827992][   T30] =============================================
[  703.827992][   T30] 
[  703.838379][   T30] NMI backtrace for cpu 0
[  703.842755][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  703.853289][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  703.863376][   T30] Call Trace:
[  703.866678][   T30]  <TASK>
[  703.869631][   T30]  dump_stack_lvl+0x241/0x360
[  703.874347][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  703.879568][   T30]  ? __pfx__printk+0x10/0x10
[  703.884195][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  703.889173][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  703.894670][   T30]  ? _printk+0xd5/0x120
[  703.898869][   T30]  ? __pfx__printk+0x10/0x10
[  703.903507][   T30]  ? __wake_up_klogd+0xcc/0x110
[  703.908405][   T30]  ? __pfx__printk+0x10/0x10
[  703.913041][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  703.918105][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  703.924123][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  703.930133][   T30]  watchdog+0xff4/0x1040
[  703.934407][   T30]  ? watchdog+0x1ea/0x1040
[  703.938864][   T30]  ? __pfx_watchdog+0x10/0x10
[  703.943579][   T30]  kthread+0x2f0/0x390
[  703.947680][   T30]  ? __pfx_watchdog+0x10/0x10
[  703.952395][   T30]  ? __pfx_kthread+0x10/0x10
[  703.957014][   T30]  ret_from_fork+0x4b/0x80
[  703.961473][   T30]  ? __pfx_kthread+0x10/0x10
[  703.966093][   T30]  ret_from_fork_asm+0x1a/0x30
[  703.970906][   T30]  </TASK>
[  703.975143][   T30] Sending NMI from CPU 0 to CPUs 1:
[  703.981043][    C1] NMI backtrace for cpu 1
[  703.981058][    C1] CPU: 1 UID: 0 PID: 11221 Comm: kworker/u8:9 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  703.981080][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  703.981092][    C1] Workqueue: bat_events batadv_nc_worker
[  703.981141][    C1] RIP: 0010:batadv_nc_worker+0x117/0x610
[  703.981168][    C1] Code: 83 c4 08 e8 cb 38 36 00 41 89 c6 31 ff 89 c6 e8 0f 86 05 f6 45 85 f6 74 13 e8 85 70 eb f5 84 c0 49 89 de 74 11 e8 b9 81 05 f6 <eb> 59 e8 b2 81 05 f6 49 89 de eb 4f e8 98 38 36 00 89 c3 31 ff 89
[  703.981185][    C1] RSP: 0018:ffffc90002f9fb58 EFLAGS: 00000293
[  703.981201][    C1] RAX: ffffffff8b8f6597 RBX: ffff88804077a880 RCX: ffff88802daa5a00
[  703.981216][    C1] RDX: 0000000000000000 RSI: ffffffff8c60fb00 RDI: ffffffff8c60fac0
[  703.981230][    C1] RBP: ffff88803a295130 R08: ffffffff8b8f6581 R09: 1ffffffff2858f00
[  703.981245][    C1] R10: dffffc0000000000 R11: fffffbfff2858f01 R12: ffff888028048cc0
[  703.981260][    C1] R13: 0000000000000226 R14: ffff88804077a880 R15: dffffc0000000000
[  703.981274][    C1] FS:  0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  703.981296][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  703.981309][    C1] CR2: 00005555598965c8 CR3: 000000000e734000 CR4: 00000000003526f0
[  703.981330][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  703.981342][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  703.981354][    C1] Call Trace:
[  703.981362][    C1]  <NMI>
[  703.981370][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  703.981394][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  703.981424][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  703.981447][    C1]  ? nmi_handle+0x2a/0x5a0
[  703.981474][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  703.981500][    C1]  ? nmi_handle+0x14f/0x5a0
[  703.981520][    C1]  ? nmi_handle+0x2a/0x5a0
[  703.981541][    C1]  ? batadv_nc_worker+0x117/0x610
[  703.981565][    C1]  ? default_do_nmi+0x63/0x160
[  703.981589][    C1]  ? exc_nmi+0x123/0x1f0
[  703.981611][    C1]  ? end_repeat_nmi+0xf/0x53
[  703.981632][    C1]  ? batadv_nc_worker+0x101/0x610
[  703.981656][    C1]  ? batadv_nc_worker+0x117/0x610
[  703.981681][    C1]  ? batadv_nc_worker+0x117/0x610
[  703.981705][    C1]  ? batadv_nc_worker+0x117/0x610
[  703.981731][    C1]  ? batadv_nc_worker+0x117/0x610
[  703.981755][    C1]  </NMI>
[  703.981762][    C1]  <TASK>
[  703.981770][    C1]  ? batadv_nc_worker+0xcb/0x610
[  703.981794][    C1]  ? process_scheduled_works+0x976/0x1850
[  703.981822][    C1]  process_scheduled_works+0xa63/0x1850
[  703.981861][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  703.981891][    C1]  ? assign_work+0x364/0x3d0
[  703.981918][    C1]  worker_thread+0x870/0xd30
[  703.981948][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  703.981978][    C1]  ? __kthread_parkme+0x169/0x1d0
[  703.982007][    C1]  ? __pfx_worker_thread+0x10/0x10
[  703.982033][    C1]  kthread+0x2f0/0x390
[  703.982051][    C1]  ? __pfx_worker_thread+0x10/0x10
[  703.982077][    C1]  ? __pfx_kthread+0x10/0x10
[  703.982095][    C1]  ret_from_fork+0x4b/0x80
[  703.982122][    C1]  ? __pfx_kthread+0x10/0x10
[  703.982140][    C1]  ret_from_fork_asm+0x1a/0x30
[  703.982173][    C1]  </TASK>
[  703.984816][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  704.300770][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
[  704.311286][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  704.321377][   T30] Call Trace:
[  704.324663][   T30]  <TASK>
[  704.327598][   T30]  dump_stack_lvl+0x241/0x360
[  704.332290][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  704.337504][   T30]  ? __pfx__printk+0x10/0x10
[  704.342112][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  704.348113][   T30]  ? vscnprintf+0x5d/0x90
[  704.352456][   T30]  panic+0x349/0x880
[  704.356368][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  704.362536][   T30]  ? __pfx_panic+0x10/0x10
[  704.366984][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  704.372362][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  704.378527][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  704.384694][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  704.390859][   T30]  watchdog+0x1033/0x1040
[  704.395201][   T30]  ? watchdog+0x1ea/0x1040
[  704.399632][   T30]  ? __pfx_watchdog+0x10/0x10
[  704.404321][   T30]  kthread+0x2f0/0x390
[  704.408396][   T30]  ? __pfx_watchdog+0x10/0x10
[  704.413085][   T30]  ? __pfx_kthread+0x10/0x10
[  704.417686][   T30]  ret_from_fork+0x4b/0x80
[  704.422121][   T30]  ? __pfx_kthread+0x10/0x10
[  704.426719][   T30]  ret_from_fork_asm+0x1a/0x30
[  704.431515][   T30]  </TASK>
[  704.434894][   T30] Kernel Offset: disabled
[  704.439257][   T30] Rebooting in 86400 seconds..