last executing test programs:

2m46.619801794s ago: executing program 2 (id=649):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64)
r2 = socket$key(0xf, 0x3, 0x2) (rerun: 64)
sendmsg$key(r2, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x2, 0x3, 0x0, 0x2, 0xc, 0x0, 0x0, 0x0, [@sadb_key={0x2, 0x8, 0x8, 0x0, "fd"}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @dev}}, @sadb_sa={0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @empty}}]}, 0x60}, 0x1, 0x7}, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
r3 = socket(0x25, 0x801, 0x0) (async, rerun: 32)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$NFC_CMD_DEV_UP(r4, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040080}, 0x4000090) (async)
recvfrom$l2tp6(r3, 0x0, 0x0, 0x2000, 0x0, 0x0) (async)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
sendto$rxrpc(r5, &(0x7f0000000000), 0x0, 0x484, &(0x7f0000000040)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @rand_addr=0x64010102}}, 0x24) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0) (rerun: 32)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async, rerun: 64)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) (async, rerun: 64)
prlimit64(0x0, 0xe, 0x0, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) (async)
syz_io_uring_setup(0x6322, &(0x7f00000000c0)={0x0, 0xd992, 0x0, 0x2, 0x238}, 0x0, &(0x7f0000000340)) (async, rerun: 32)
r7 = syz_io_uring_setup(0x10e, 0x0, &(0x7f00000003c0), &(0x7f0000000300)) (async, rerun: 32)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6fa94fc488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1386abdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060fb30e900caab415db6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d060000008926407a4eddd5d0fc5a752f9000", 0xd54}}, 0x1006) (async)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15)
fsmount(0xffffffffffffffff, 0x0, 0xa) (async)
syz_io_uring_setup(0x24f8, 0x0, &(0x7f0000000040), &(0x7f0000000080)) (async, rerun: 64)
io_uring_enter(r7, 0x486a, 0x7019, 0x26, 0x0, 0x0) (async, rerun: 64)
syz_genetlink_get_family_id$nfc(&(0x7f0000000200), 0xffffffffffffffff)
read$nci(r1, 0x0, 0x0) (async)
msgget$private(0x0, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)

2m45.87682623s ago: executing program 2 (id=652):
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xf00}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r5 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/240, 0xf0}], 0x1, 0x0, 0x1})
io_uring_enter(r5, 0x47b7, 0x2000, 0x0, 0x0, 0xffffffffffffff0c) (fail_nth: 1)

2m44.757234015s ago: executing program 2 (id=654):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket(0xa, 0x3, 0x3a)
recvmmsg(r1, &(0x7f0000004700)=[{{0x0, 0x0, 0x0}, 0x9466}], 0x1, 0x2, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, 0x0, 0xfdef)

2m43.612611824s ago: executing program 2 (id=658):
ptrace$cont(0x20, 0xffffffffffffffff, 0xf, 0x80000001)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=""/108, 0x6c)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @empty}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000091}, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_MPLS={0x4}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0xc0b0)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000005c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000580)={&(0x7f0000000380)={0x40, 0x0, 0x2, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7fffffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xcb2d}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000010}, 0xc010)
syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @loopback, @loopback}, "00186371ae9b1c03"}}}}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_FLUSH(r3, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000400)={0x154, r4, 0x0, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x81}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x77}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffffd}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER={0xa8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'syz_tun\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbb09}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @multicast1}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x100, @loopback, 0x6}}}}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x81}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x24000011}, 0x800)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000340)={[{@userxattr}, {@redirect_dir_on}]})

2m43.137335506s ago: executing program 2 (id=662):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet(r0, 0x0, 0x0, 0x4000854)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
accept4$unix(0xffffffffffffffff, &(0x7f0000000340), &(0x7f0000000180)=0x6e, 0x800)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000892)
r2 = socket$inet(0x2, 0x2, 0xe43)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, 0x0, &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2})
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0x6d}, @initr0={0x18, 0x0, 0x0, 0x0, 0xffff}, @exit]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x5, 0x5, 0x7, 0x2866}]})
kexec_load(0x5, 0x0, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="842a0a65bd8c2b", 0x7)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="70000000100001002dbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000a0002001400030064756d6d7930000000000000000000000a000100"], 0x70}}, 0x40)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x8882)

2m42.360155461s ago: executing program 2 (id=663):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000200), 0x2, 0x2}}, 0x20)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000012e000000000000000008500000028000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b954e6ff5d94fdfe82d75fca08", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r10 = dup(r9)
write$UHID_INPUT(r10, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b303d0e8b089b0732306c090890e0879b0a0a5de70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r11 = dup(r7)
syz_kvm_setup_cpu$x86(r11, r11, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
r12 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r12, 0x5437, 0x2)
readv(r12, &(0x7f0000000000)=[{&(0x7f0000000240)=""/227, 0xe3}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x400)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008004"])
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vxcan1\x00'}, {0x14, 0x1, 'vxcan1\x00'}]}]}]}], {0x14, 0x10}}, 0xb4}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b00000019000100007f0000000094bc2d"], 0x1c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0)
mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file3\x00', &(0x7f0000000200)='btrfs\x00', 0x0, &(0x7f0000000380)='acl')

2m27.227224299s ago: executing program 32 (id=663):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pipe(&(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r3, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000200), 0x2, 0x2}}, 0x20)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000000012e000000000000000008500000028000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r8, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b954e6ff5d94fdfe82d75fca08", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r10 = dup(r9)
write$UHID_INPUT(r10, &(0x7f0000001040)={0xfc, {"a2e3ad09edfc09f91b44090987f70e06d038e7ff7fc6e5539b303d0e8b089b0732306c090890e0879b0a0a5de70a9b3361959b4b9a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r11 = dup(r7)
syz_kvm_setup_cpu$x86(r11, r11, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
r12 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCVHANGUP(r12, 0x5437, 0x2)
readv(r12, &(0x7f0000000000)=[{&(0x7f0000000240)=""/227, 0xe3}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x400)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008004"])
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x6c, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x40, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x2c, 0x3, 0x0, 0x1, [{0x14, 0x1, 'vxcan1\x00'}, {0x14, 0x1, 'vxcan1\x00'}]}]}]}], {0x14, 0x10}}, 0xb4}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b00000019000100007f0000000094bc2d"], 0x1c}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x105042, 0x0)
mount(&(0x7f0000000280)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000300)='./file3\x00', &(0x7f0000000200)='btrfs\x00', 0x0, &(0x7f0000000380)='acl')

1m37.199871968s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

1m35.781663736s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

1m35.132534732s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

1m19.410272717s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

1m17.291813986s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

1m13.46544632s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

1m1.470974193s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

1m0.424527795s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

57.78179692s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

44.405349437s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

41.554396292s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

39.73690816s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

37.884958122s ago: executing program 1 (id=890):
syz_open_dev$vbi(0x0, 0x1, 0x2)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00'}, 0x18)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000180)={0x1, 0x9, 0x4, 0x1, 0x5})
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r8, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r7, 0x0, 0x485, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000030400000000fedbdf25000003", @ANYRES32=0x0, @ANYBLOB="10d40000b1eb502a200012800b0001"], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x10)
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xd)
readv(r0, 0x0, 0x0)

36.914539371s ago: executing program 1 (id=893):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x2, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)='n', 0x1}], 0x1}, 0x0)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x304}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be4bae", "bb10000000000001"}, 0x28)
readv(r0, 0x0, 0x0)
socket$kcm(0x21, 0x2, 0x2)
close(0x3)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r4, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r4, &(0x7f0000000000)=[{&(0x7f00000000c0)="f8", 0x1}], 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x40, &(0x7f00000001c0)={0x7, 0x45d, 0x3, 0x2e3, 0x8000000000000000, 0x0, 0x0, 0x300000000000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x2, 0x0, 0xa, 0x0, 0x0, 0x7fffffff, 0x6}, 0x0, 0x0)

35.930391254s ago: executing program 1 (id=895):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
move_mount(r2, &(0x7f0000000180)='./mnt\x00', r2, 0x0, 0x150)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
accept4(r3, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x3, 0x10)
r5 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r6, &(0x7f0000000540)=[{&(0x7f0000000080)='\\', 0x1}], 0x1)
sendmsg$kcm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
recvmsg(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001580)=""/4090, 0xffa}], 0x1}, 0x0)

32.785531603s ago: executing program 1 (id=898):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8814}, 0x4000000)

32.732019897s ago: executing program 1 (id=899):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xf0, 0x10, 0x300, 0x70bd28, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@local, 0x4e23, 0x1, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2c}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd27, 0x0, 0x2, 0x0, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000040)=@RTM_NEWMDB={0x38, 0x54, 0x1, 0x1, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x2, {@ip4=@rand_addr=0x64010100, 0x86dd}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) (fail_nth: 3)

32.569248759s ago: executing program 1 (id=901):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xd)
writev(r1, &(0x7f00000002c0)=[{&(0x7f00000001c0)}], 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
r4 = socket(0x22, 0x2, 0x24)
fcntl$getownex(r2, 0x10, &(0x7f0000000200)={0x0, <r5=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x3, r5, 0x0, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000180)=0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
listen(0xffffffffffffffff, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
shutdown(r6, 0x0)
mount$binderfs(&(0x7f00000000c0), &(0x7f0000000100)='./binderfs\x00', &(0x7f00000001c0), 0x200000, 0x0)
ioctl$SIOCAX25OPTRT(r4, 0x89e7, &(0x7f0000000240)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x44})
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x80880, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
sync()
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0})
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}])
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000000), 0x0})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r10, 0xffffffffffffffff, 0x0)

29.225634337s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

26.26578873s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

25.348447318s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

16.965310479s ago: executing program 33 (id=901):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
fcntl$setstatus(r0, 0x4, 0x42000)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xd)
writev(r1, &(0x7f00000002c0)=[{&(0x7f00000001c0)}], 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x218, 0x0)
r4 = socket(0x22, 0x2, 0x24)
fcntl$getownex(r2, 0x10, &(0x7f0000000200)={0x0, <r5=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x3, r5, 0x0, 0x0)
ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000180)=0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
listen(0xffffffffffffffff, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[], 0x50)
shutdown(r6, 0x0)
mount$binderfs(&(0x7f00000000c0), &(0x7f0000000100)='./binderfs\x00', &(0x7f00000001c0), 0x200000, 0x0)
ioctl$SIOCAX25OPTRT(r4, 0x89e7, &(0x7f0000000240)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x2, 0x44})
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x80880, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
sync()
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0})
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r9=>0x0)
io_submit(r9, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}])
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r7, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000000), 0x0})
r10 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r10, 0xffffffffffffffff, 0x0)

16.083631606s ago: executing program 3 (id=696):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28)
r1 = semget$private(0x0, 0x4, 0x11)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00')
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@restrict={0xc, 0x0, 0x0, 0xb, 0x5}]}, {0x0, [0x5f, 0x5f, 0x30, 0x30, 0x5f]}}, &(0x7f00000000c0)=""/150, 0x2b, 0x96, 0x1, 0x2, 0x10000, @value}, 0x28) (async)
semget$private(0x0, 0x4, 0x11) (async)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f0000000380)=""/4096) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) (async)
fremovexattr(0xffffffffffffffff, &(0x7f00000001c0)=@known='trusted.syz\x00') (async)
connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) (async)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000200)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_NEW_STATION(r3, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x30, r4, 0xb97534d5fe9700cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x4}, @NL80211_ATTR_MAC={0xa}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400d0}, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r2}, 0x18) (async)
process_madvise(0xffffffffffffffff, 0x0, 0x5a, 0xe, 0x0) (async)

13.185985015s ago: executing program 4 (id=183):
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
r1 = socket$inet(0xa, 0x801, 0x84)
listen(r1, 0xfffffffd)
r2 = socket$inet(0xa, 0x801, 0x84)
listen(r2, 0x8)
r3 = socket$inet(0xa, 0x801, 0x84)
listen(r3, 0x8)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
listen(r4, 0x7)
r5 = socket$netlink(0x10, 0x3, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r5)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e0000000000", 0x46}], 0x1)

10.716225678s ago: executing program 0 (id=90):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xca6}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x1, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x0, 0x5}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x8}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

1.36089409s ago: executing program 5 (id=947):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x18)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r4, r3, 0x2, 0x6, 0x4000, @void, @value}, 0x10)

1.25665694s ago: executing program 5 (id=948):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
move_mount(r0, &(0x7f00000000c0)='./mnt\x00', r0, 0x0, 0x271) (async, rerun: 32)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (rerun: 32)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
pread64(r2, &(0x7f0000000080)=""/196, 0xc4, 0x3)

1.057430962s ago: executing program 5 (id=949):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206d049cc20000000000010902a400010000000009040000010300000009210000000122050009058103"], 0x0) (async)
syz_usb_connect(0x1, 0x1af, &(0x7f0000000600)={{0x12, 0x1, 0x300, 0x70, 0x64, 0x97, 0x40, 0x1266, 0x1007, 0x4ede, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x19d, 0x1, 0x2, 0x5, 0x80, 0x9, [{{0x9, 0x4, 0x74, 0xf8, 0x2, 0xff, 0x42, 0x5e, 0xf9, [@generic={0x67, 0xc, "807587da05043bfad090eb821ea99a8ed68b40a5fc5f350ffc8e6bb6abaf9c2e81198ee044e1c07d1f13e151a33cc9946e48daff3bb75132951364d12ecf17f313c8cd83c9b2c23e88a7347bdc67d05ac73ccb841917353352f3ecd96b0fda829aa832474d"}], [{{0x9, 0x5, 0x9, 0x0, 0x410, 0x8, 0xe, 0x5, [@generic={0xa4, 0x1, "970ce9c398093e69bc03bce72a092cea29f0def764135eb7f55758e1b09a3efe796c6168840f245b359e9a11f1fb067f20fdc820e87b75f0079c3c862580c45f5014b0ba8b6bec21abb4fda3729abe463f2f7d128003d65f0ebcb6a04af30a1ca56f3e72fe3e1f33ba4f8d5a19338df3643932430f4d95df1e6ee3cb8737dac84f127f7a3092dd15ade723921cbd04075481ead0e00d9da0cdb0a18995bf7d833c32"}]}}, {{0x9, 0x5, 0x476de86233322f66, 0x10, 0x40, 0x6f, 0x8, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xc, 0x5}, @generic={0x67, 0xc, "3660bc14ed47f92693f1b1c59c8a92507115589f6dae3ef3cc7e4dd783f29bcbd0ce1b4e2697e1ae00b3729ed823d3e5afccd10dcc855fbcbf8419627033fe43db83b00c13d6e3491e2f43856cd2117f30c42540b5ab1a9dbaccd9546565918fb9fdb74258"}]}}]}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x300, 0x4, 0x6, 0x9, 0x8, 0xa9}, 0xc, &(0x7f00000001c0)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0xf, 0xf, 0xffff}]}, 0x3, [{0x20, &(0x7f0000000240)=@string={0x20, 0x3, "35661db5b3b944faf08a3aa09b56e381dd17c0ed5585b88b095145fb62e9"}}, {0x12, &(0x7f00000002c0)=@string={0x12, 0x3, "2d504232521f386db1677f1fe9df0642"}}, {0x99, &(0x7f0000000300)=@string={0x99, 0x3, "a25efcd9746f46647e5fb0540ab7b3ec5f6934c3dc23ea1428c6f39e099d44205a9a0461ed6b72120434257f0a64e1d6a3ce8cdbe61111c4a6ee2ece190684a17a6ceaf545fe13603b55206be2c4e1e41ca96193703e3c1ad353003bb609930dd9509e76f2f3d60d4e4a9f0e1e5e1d583e5a247941f6b6a3ef0ed42b356e9fcada9fea2323bd173b475f691adbe1484fd392dbdc49d151"}}]}) (async)
syz_usb_connect$printer(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x12296d05e9eaeadd, 0x4, [{{0x9, 0x4, 0x0, 0x7f, 0x1, 0x7, 0x1, 0x2, 0x9, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x5, 0xf, 0x7}}, [{{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x1, 0x9}}]}}}]}}]}}, &(0x7f0000000100)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x200, 0x24, 0xa, 0xcb, 0x20, 0xd}, 0x122, &(0x7f00000004c0)={0x5, 0xf, 0x122, 0x6, [@generic={0xcb, 0x10, 0x3, "e5cf255ba1a841b82e8b9d2d52cf9bd659643fce11b7817c9c179102ccf9d36447354b832cd8e9d0a55bda0db04f5318dc6813ad63ed6e07d16869be10c9f67b0a3d800d09702e8bb41832dc48ec4d17ee7051a42ada1f5816beba5421e4eca6077b76aad15eaa9fe6836bb02ff55cf665ba41d82eb2d3229c01cc1f584368df8f8c664adccdf3d6e0a1bc51d507eac45c0dc1759c9dd63b34b28c8311ec6bbfc9189f69a2eb8ec499082ac0667fd49d5c861837e0927a625fe47b65f11d5f67c1febb2cc0f33206"}, @ssp_cap={0x1c, 0x10, 0xa, 0xfb, 0x4, 0x9, 0xf00, 0x5, [0xff1f80, 0x0, 0x0, 0xffc18f]}, @generic={0x15, 0x10, 0x1, "e7ccfd155bd2b2c152c749d28968a24a8844"}, @wireless={0xb, 0x10, 0x1, 0x8, 0x10, 0x2, 0xfb, 0x4, 0x4}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x7, 0x6e, 0x8, 0x8}, @wireless={0xb, 0x10, 0x1, 0x8, 0x43, 0x6, 0x2, 0xfffb, 0xd1}]}, 0x1, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x3001}}]}) (async)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000280)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x4, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x0, "cb9cf735"}]}}, 0x0}, 0x0) (async)
syz_usb_control_io$hid(r0, 0x0, 0x0)

996.457476ms ago: executing program 6 (id=916):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
personality(0x500006)
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x3000009, 0x13, r3, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8001, 0x1d1)
r4 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, 0x0, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
landlock_restrict_self(r4, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1, 0x0)
truncate(&(0x7f0000000240)='./file0\x00', 0x1)
ftruncate(r5, 0x1)
ftruncate(0xffffffffffffffff, 0x1)

753.756241ms ago: executing program 5 (id=950):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x8814}, 0x4000000)

175.779243ms ago: executing program 5 (id=951):
mount(&(0x7f00000004c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='.\x00', &(0x7f0000000140)='smb3\x00', 0x0, 0x0)
openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.allow\x00', 0x2, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xc1)
r1 = socket(0x1e, 0x1, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, &(0x7f0000000040))
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0x2b1eaa28, 0x699, 0x0, 0x0, 0x100000})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f00000027c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000f000000850000005000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='sys_exit\x00', r2}, 0x10)
epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x40000400)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r0, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})

4.046653ms ago: executing program 5 (id=952):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(0x0, 0x0)
socket$inet(0x2, 0x2, 0xe43)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x3, @empty, 0x1}, 0x1c)
listen(r3, 0xfffffffc)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000140)=0x7, 0x4)
connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r5 = accept(r2, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYRES16], 0xfffffdef}}, 0x1)
recvfrom(r4, 0x0, 0x0, 0x4100, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=ANY=[@ANYBLOB="70000000100001002dbd7000f4dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000a0002001400030064756d6d7930000000000000000000000a000100"], 0x70}}, 0x40)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x8882)

0s ago: executing program 6 (id=953):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x4c, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a88000000060a0b040000000000000100020000005c000480580001800b0001006f626a726566000048000280080003400000000f0900040073797a300000000008000540000000020900040073797a32000000000900040073797a3200000000080003400000000108000540000000030900010073797a300000000009000200"], 0xb0}}, 0x0)

kernel console output (not intermixed with test programs):

ting the MTU to 1560 would solve the problem.
[  351.205150][T11184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  351.217811][T11184] batman_adv: batadv0: Adding interface: batadv_slave_1
[  351.224856][T11184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.251875][T11184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  351.265980][T11212] hsr_slave_0: entered promiscuous mode
[  351.272035][T11212] hsr_slave_1: entered promiscuous mode
[  351.277849][T11212] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.286217][T11212] Cannot create hsr debugfs directory
[  351.310099][ T8990] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.375720][T11184] hsr_slave_0: entered promiscuous mode
[  351.383254][T11184] hsr_slave_1: entered promiscuous mode
[  351.389101][T11184] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.396735][T11184] Cannot create hsr debugfs directory
[  351.411887][ T8990] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.511291][ T8990] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  351.697845][ T8990] bridge_slave_1: left allmulticast mode
[  351.703993][ T8990] bridge_slave_1: left promiscuous mode
[  351.709759][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.723346][ T8990] bridge_slave_0: left allmulticast mode
[  351.729002][ T8990] bridge_slave_0: left promiscuous mode
[  351.739353][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  351.755060][ T8990] bridge_slave_1: left allmulticast mode
[  351.763331][ T8990] bridge_slave_1: left promiscuous mode
[  351.769021][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  351.784752][ T8990] bridge_slave_0: left allmulticast mode
[  351.793477][ T8990] bridge_slave_0: left promiscuous mode
[  351.799159][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.289824][ T5831] Bluetooth: hci3: command tx timeout
[  352.428737][T11287] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11287 comm=syz.5.837
[  352.668598][ T5821] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  352.680311][ T5821] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  352.689398][ T5821] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  352.704122][ T5821] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  352.739027][ T5821] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  352.784622][ T5831] Bluetooth: hci0: command tx timeout
[  352.868530][   T30] audit: type=1400 audit(1750516287.531:349): avc:  denied  { getopt } for  pid=11292 comm="syz.1.839" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  352.868750][T11293] netlink: 'syz.1.839': attribute type 1 has an invalid length.
[  352.888105][    C1] vkms_vblank_simulate: vblank timer overrun
[  352.945713][ T8990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.955650][ T8990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.966452][ T8990] bond0 (unregistering): Released all slaves
[  353.154771][ T8990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  353.166586][ T8990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  353.176705][ T8990] bond0 (unregistering): Released all slaves
[  353.192202][   T48] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  353.204307][T11278] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  353.272883][T11283] bridge0: port 3(team0) entered disabled state
[  353.279323][T11283] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.286859][T11283] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.337446][T11283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  353.348092][T11283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  353.370429][   T48] usb 2-1: Using ep0 maxpacket: 16
[  353.378758][   T48] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  353.388238][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.397106][   T48] usb 2-1: Product: syz
[  353.401361][   T48] usb 2-1: Manufacturer: syz
[  353.405975][   T48] usb 2-1: SerialNumber: syz
[  353.414924][   T48] usb 2-1: config 0 descriptor??
[  353.423873][T11283] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.434220][T11283] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.435110][   T48] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  353.444005][T11283] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.455862][   T48] usb 2-1: Detected FT232H
[  353.460062][T11283] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  353.555913][T11293] 8021q: adding VLAN 0 to HW filter on device bond2
[  353.628357][   T48] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  353.852309][   T48] ftdi_sio 2-1:0.0: GPIO initialisation failed: -32
[  353.917662][   T48] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  354.487239][ T5821] Bluetooth: hci3: command tx timeout
[  354.619531][T11293] 8021q: adding VLAN 0 to HW filter on device bond2
[  354.637118][T11293] bond2: (slave vti0): The slave device specified does not support setting the MAC address
[  354.662862][T11293] bond2: (slave vti0): Error -95 calling set_mac_address
[  354.774381][ T5925] usb 2-1: USB disconnect, device number 24
[  354.788108][ T5925] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  354.830265][ T5925] ftdi_sio 2-1:0.0: device disconnected
[  354.849898][ T5831] Bluetooth: hci0: command tx timeout
[  354.855574][ T5831] Bluetooth: hci5: command tx timeout
[  354.891697][T11288] chnl_net:caif_netlink_parms(): no params data found
[  354.951177][T11212] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  355.035175][T11212] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  355.068969][T11212] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  355.077613][T11212] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  355.163242][ T8990] hsr_slave_0: left promiscuous mode
[  355.169287][ T8990] hsr_slave_1: left promiscuous mode
[  355.176212][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  355.183718][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_0
[  355.191386][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  355.198789][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_1
[  355.209029][ T8990] hsr_slave_0: left promiscuous mode
[  355.214889][ T8990] hsr_slave_1: left promiscuous mode
[  355.223008][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  355.230589][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_0
[  355.238464][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  355.246576][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_1
[  355.267889][ T8990] veth1_macvtap: left promiscuous mode
[  355.274400][ T8990] veth0_macvtap: left promiscuous mode
[  355.280485][ T8990] veth1_vlan: left promiscuous mode
[  355.285784][ T8990] veth0_vlan: left promiscuous mode
[  355.292359][ T8990] veth1_macvtap: left promiscuous mode
[  355.297836][ T8990] veth0_macvtap: left promiscuous mode
[  355.303725][ T8990] veth1_vlan: left promiscuous mode
[  355.309134][ T8990] veth0_vlan: left promiscuous mode
[  355.609889][ T5884] usb 2-1: new low-speed USB device number 25 using dummy_hcd
[  355.659214][ T8990] team0 (unregistering): Port device team_slave_1 removed
[  355.687520][ T8990] team0 (unregistering): Port device team_slave_0 removed
[  355.801560][ T5884] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  355.817966][ T5884] usb 2-1: config 0 has no interface number 0
[  355.824475][ T5884] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  355.835870][ T5884] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  355.847666][ T5884] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  355.860544][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.875450][ T5884] usb 2-1: config 0 descriptor??
[  355.881124][T11333] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  355.899677][ T5884] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  356.029883][   T48] usb 6-1: new low-speed USB device number 14 using dummy_hcd
[  356.207337][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.1.842'.
[  356.224223][T11333] netlink: 12 bytes leftover after parsing attributes in process `syz.1.842'.
[  356.233992][   T48] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  356.248083][   T48] usb 6-1: config 0 has no interface number 0
[  356.254347][   T48] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  356.265809][   T48] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  356.283210][ T5884] usb 2-1: USB disconnect, device number 25
[  356.290201][   T48] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  356.302303][   T48] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.322561][   T48] usb 6-1: config 0 descriptor??
[  356.328098][T11335] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  356.337034][ T8990] team0 (unregistering): Port device team_slave_1 removed
[  356.351911][   T48] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  356.388443][ T8990] team0 (unregistering): Port device team_slave_0 removed
[  356.529945][ T5831] Bluetooth: hci3: command tx timeout
[  356.712240][T11288] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.719340][T11288] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.727094][T11288] bridge_slave_0: entered allmulticast mode
[  356.736708][T11288] bridge_slave_0: entered promiscuous mode
[  356.809155][T11288] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.824164][T11288] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.835025][T11288] bridge_slave_1: entered allmulticast mode
[  356.873017][T11288] bridge_slave_1: entered promiscuous mode
[  356.930177][ T5831] Bluetooth: hci5: command tx timeout
[  357.156538][T11288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  357.224306][T11288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  357.331770][T11288] team0: Port device team_slave_0 added
[  357.380577][T11343] loop6: detected capacity change from 0 to 7
[  357.392005][T11343] Dev loop6: unable to read RDB block 7
[  357.397623][T11343]  loop6: AHDI p1 p2 p3
[  357.405245][T11343] loop6: partition table partially beyond EOD, truncated
[  357.413745][T11288] team0: Port device team_slave_1 added
[  357.528229][T11343] loop6: p1 start 1601398130 is beyond EOD, truncated
[  357.559494][T11343] loop6: p2 start 1702059890 is beyond EOD, truncated
[  357.601338][T11288] batman_adv: batadv0: Adding interface: batadv_slave_0
[  357.608286][T11288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.726515][T11288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  357.752280][T11288] batman_adv: batadv0: Adding interface: batadv_slave_1
[  357.759272][T11288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  357.909874][T11288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  358.225631][T11288] hsr_slave_0: entered promiscuous mode
[  358.261196][T11288] hsr_slave_1: entered promiscuous mode
[  358.280526][T11288] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  358.298372][T11288] Cannot create hsr debugfs directory
[  358.314670][T11184] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  358.357146][T11212] 8021q: adding VLAN 0 to HW filter on device bond0
[  358.446843][T11184] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  358.571993][T11184] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  358.708244][T11184] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  358.717900][  T973] usb 6-1: USB disconnect, device number 14
[  358.822471][T11212] 8021q: adding VLAN 0 to HW filter on device team0
[  358.864342][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.871505][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.952239][ T8990] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.959376][ T8990] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.009820][ T5831] Bluetooth: hci5: command tx timeout
[  359.269522][T11212] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  359.281749][T11212] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  359.304797][T11184] 8021q: adding VLAN 0 to HW filter on device bond0
[  359.479495][T11393] FAULT_INJECTION: forcing a failure.
[  359.479495][T11393] name failslab, interval 1, probability 0, space 0, times 0
[  359.506265][T11393] CPU: 0 UID: 0 PID: 11393 Comm: syz.1.850 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  359.506290][T11393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.506300][T11393] Call Trace:
[  359.506306][T11393]  <TASK>
[  359.506313][T11393]  dump_stack_lvl+0x16c/0x1f0
[  359.506343][T11393]  should_fail_ex+0x512/0x640
[  359.506371][T11393]  should_failslab+0xc2/0x120
[  359.506396][T11393]  __kmalloc_cache_noprof+0x6a/0x3e0
[  359.506422][T11393]  ? __pfx_sctp_get_port_local+0x10/0x10
[  359.506438][T11393]  ? sctp_bind_addr_match+0x193/0x300
[  359.506460][T11393]  ? sctp_add_bind_addr+0xae/0x3f0
[  359.506487][T11393]  sctp_add_bind_addr+0xae/0x3f0
[  359.506515][T11393]  sctp_do_bind+0x2d6/0x700
[  359.506539][T11393]  ? __pfx_sctp_bind+0x10/0x10
[  359.506558][T11393]  sctp_bind+0xa4/0x110
[  359.506577][T11393]  inet6_bind_sk+0xdd/0x230
[  359.506596][T11393]  ? __pfx_inet6_bind_sk+0x10/0x10
[  359.506621][T11393]  __sys_bind+0x1a7/0x260
[  359.506643][T11393]  ? __pfx___sys_bind+0x10/0x10
[  359.506661][T11393]  ? __fget_files+0x20e/0x3c0
[  359.506694][T11393]  ? __pfx_ksys_write+0x10/0x10
[  359.506722][T11393]  __x64_sys_bind+0x72/0xb0
[  359.506740][T11393]  ? lockdep_hardirqs_on+0x7c/0x110
[  359.506765][T11393]  do_syscall_64+0xcd/0x4c0
[  359.506791][T11393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.506809][T11393] RIP: 0033:0x7f358db8e929
[  359.506824][T11393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.506841][T11393] RSP: 002b:00007f358ea02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  359.506858][T11393] RAX: ffffffffffffffda RBX: 00007f358ddb5fa0 RCX: 00007f358db8e929
[  359.506870][T11393] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  359.506880][T11393] RBP: 00007f358ea02090 R08: 0000000000000000 R09: 0000000000000000
[  359.506890][T11393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.506900][T11393] R13: 0000000000000000 R14: 00007f358ddb5fa0 R15: 00007ffecd43e788
[  359.506924][T11393]  </TASK>
[  359.748934][T11184] 8021q: adding VLAN 0 to HW filter on device team0
[  359.773984][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  359.781085][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  359.826288][ T3530] bridge0: port 2(bridge_slave_1) entered blocking state
[  359.833422][ T3530] bridge0: port 2(bridge_slave_1) entered forwarding state
[  359.966717][T11212] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.095922][T11288] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  360.121896][T11212] veth0_vlan: entered promiscuous mode
[  360.133451][T11288] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  360.181281][T11212] veth1_vlan: entered promiscuous mode
[  360.215503][T11288] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  360.242898][T11288] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  360.359527][T11212] veth0_macvtap: entered promiscuous mode
[  360.460988][T11212] veth1_macvtap: entered promiscuous mode
[  360.539151][T11212] batman_adv: batadv0: Interface activated: batadv_slave_0
[  360.563303][T11184] 8021q: adding VLAN 0 to HW filter on device batadv0
[  360.600942][T11212] batman_adv: batadv0: Interface activated: batadv_slave_1
[  360.672546][T11212] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  360.687514][T11212] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  360.707707][T11212] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  360.732147][T11212] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  360.885475][T11288] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.972820][T11288] 8021q: adding VLAN 0 to HW filter on device team0
[  361.065727][ T7873] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.072811][ T7873] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.090306][ T5831] Bluetooth: hci5: command tx timeout
[  361.177268][ T7873] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.184413][ T7873] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.241341][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.249194][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.335356][T11184] veth0_vlan: entered promiscuous mode
[  361.446491][T11184] veth1_vlan: entered promiscuous mode
[  361.491329][ T7873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.525505][ T7873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.529485][T11184] veth0_macvtap: entered promiscuous mode
[  361.580937][T11184] veth1_macvtap: entered promiscuous mode
[  361.646694][T11184] batman_adv: batadv0: Interface activated: batadv_slave_0
[  361.706557][T11184] batman_adv: batadv0: Interface activated: batadv_slave_1
[  361.781617][T11184] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.800115][T11184] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.809441][T11184] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.852734][T11184] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.880779][ T5870] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  362.032927][ T5994] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.061222][ T5870] usb 6-1: Using ep0 maxpacket: 32
[  362.068591][ T5870] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  362.098731][ T5870] usb 6-1: config 0 has no interface number 0
[  362.128546][ T5870] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  362.155298][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.173723][ T5870] usb 6-1: Product: syz
[  362.177904][ T5870] usb 6-1: Manufacturer: syz
[  362.210271][ T5870] usb 6-1: SerialNumber: syz
[  362.216665][ T5994] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.252855][ T5870] usb 6-1: config 0 descriptor??
[  362.266076][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.266796][ T5870] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  362.287710][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.305429][T11288] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.317349][ T5870] usb 6-1: selecting invalid altsetting 1
[  362.340421][ T5870] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  362.363073][ T5870] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  362.374772][ T5870] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  362.374791][ T5994] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.384379][ T5870] usb 6-1: media controller created
[  362.448213][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  362.491190][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.499026][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.575017][ T5994] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  362.591209][ T5870] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  362.598331][ T5870] zl10353_read_register: readreg error (reg=127, ret==-71)
[  362.634783][ T5870] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  362.667081][T11288] veth0_vlan: entered promiscuous mode
[  362.706504][T11288] veth1_vlan: entered promiscuous mode
[  362.733687][ T5870] usb 6-1: USB disconnect, device number 15
[  362.891470][T11288] veth0_macvtap: entered promiscuous mode
[  362.968448][T11288] veth1_macvtap: entered promiscuous mode
[  363.005934][ T5994] bridge_slave_1: left allmulticast mode
[  363.014676][ T5994] bridge_slave_1: left promiscuous mode
[  363.034039][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.065490][ T5994] bridge_slave_0: left allmulticast mode
[  363.080428][ T5994] bridge_slave_0: left promiscuous mode
[  363.091782][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.519316][ T5821] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  363.528903][ T5821] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  363.546686][ T5821] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  363.555212][ T5821] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  363.575698][ T5821] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  363.714315][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  363.727795][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  363.738667][ T5994] bond0 (unregistering): Released all slaves
[  363.823418][T11288] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.847413][T11288] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.902714][T11288] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.917944][T11288] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.927394][T11288] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.936295][T11288] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.106804][ T5994] hsr_slave_0: left promiscuous mode
[  364.113460][ T5994] hsr_slave_1: left promiscuous mode
[  364.119331][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  364.131708][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  364.139526][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  364.149194][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  364.171771][ T5994] veth1_macvtap: left promiscuous mode
[  364.177325][ T5994] veth0_macvtap: left promiscuous mode
[  364.187166][ T5994] veth1_vlan: left promiscuous mode
[  364.194642][ T5994] veth0_vlan: left promiscuous mode
[  364.569478][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  364.596973][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  364.838562][ T8990] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.886271][ T8990] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.038517][ T7873] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.071733][ T7873] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.097932][T11477] chnl_net:caif_netlink_parms(): no params data found
[  365.535569][T11477] bridge0: port 1(bridge_slave_0) entered blocking state
[  365.563866][T11477] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.585962][T11477] bridge_slave_0: entered allmulticast mode
[  365.594386][T11477] bridge_slave_0: entered promiscuous mode
[  365.605570][ T5821] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  365.615898][T11477] bridge0: port 2(bridge_slave_1) entered blocking state
[  365.628615][ T5821] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  365.638150][ T5821] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  365.646944][ T5821] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  365.655670][ T5821] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  365.660165][ T5825] Bluetooth: hci0: command tx timeout
[  365.669791][T11477] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.686427][T11477] bridge_slave_1: entered allmulticast mode
[  365.701037][T11477] bridge_slave_1: entered promiscuous mode
[  365.814751][T11477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  365.845950][T11477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  365.890047][ T5925] usb 6-1: new low-speed USB device number 16 using dummy_hcd
[  365.924952][T11477] team0: Port device team_slave_0 added
[  365.941523][T11477] team0: Port device team_slave_1 added
[  366.069809][ T5994] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.111248][ T5925] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  366.119277][ T5925] usb 6-1: config 0 has no interface number 0
[  366.143968][ T5925] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  366.155105][ T5925] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  366.167147][ T5994] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.178672][ T5925] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  366.190908][ T5925] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.203729][T11477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  366.214792][T11477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  366.242518][ T5925] usb 6-1: config 0 descriptor??
[  366.243745][T11477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  366.248587][T11539] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  366.259619][T11477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  366.279907][T11477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  366.310075][T11477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  366.310926][ T5925] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  366.423876][ T5994] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.447761][T11477] hsr_slave_0: entered promiscuous mode
[  366.454247][T11477] hsr_slave_1: entered promiscuous mode
[  366.460342][T11477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  366.467891][T11477] Cannot create hsr debugfs directory
[  366.563401][ T5994] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.813718][T11537] chnl_net:caif_netlink_parms(): no params data found
[  366.940782][ T5897] usb 6-1: USB disconnect, device number 16
[  367.155922][ T5994] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.171076][T11537] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.178761][T11537] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.186350][T11537] bridge_slave_0: entered allmulticast mode
[  367.194906][T11537] bridge_slave_0: entered promiscuous mode
[  367.205996][T11537] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.213212][T11537] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.221317][T11537] bridge_slave_1: entered allmulticast mode
[  367.228550][T11537] bridge_slave_1: entered promiscuous mode
[  367.264522][ T5994] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.326035][ T5994] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.340807][T11537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.352866][T11537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  367.386624][T11537] team0: Port device team_slave_0 added
[  367.409280][ T5994] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.428781][T11537] team0: Port device team_slave_1 added
[  367.478905][T11537] batman_adv: batadv0: Adding interface: batadv_slave_0
[  367.485969][T11537] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  367.516444][T11537] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  367.539258][T11537] batman_adv: batadv0: Adding interface: batadv_slave_1
[  367.546512][T11537] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  367.578761][T11537] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  367.759814][ T5825] Bluetooth: hci3: command tx timeout
[  367.766475][ T5825] Bluetooth: hci0: command tx timeout
[  367.834714][T11477] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  367.845577][T11477] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  367.879863][ T5870] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  368.099820][ T5870] usb 6-1: Using ep0 maxpacket: 8
[  368.116106][T11537] hsr_slave_0: entered promiscuous mode
[  368.137388][ T5870] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.165092][T11537] hsr_slave_1: entered promiscuous mode
[  368.198069][ T5870] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  368.223086][T11537] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  368.246433][T11537] Cannot create hsr debugfs directory
[  368.282795][ T5870] usb 6-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f
[  368.300720][ T5870] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.316581][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  368.324224][ T5870] usb 6-1: Product: syz
[  368.325639][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  368.328416][ T5870] usb 6-1: Manufacturer: syz
[  368.337340][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  368.343737][T11477] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  368.348371][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  368.354098][ T5870] usb 6-1: SerialNumber: syz
[  368.362186][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  368.372753][ T5870] usb 6-1: config 0 descriptor??
[  368.386508][T11477] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  368.557038][T11477] 8021q: adding VLAN 0 to HW filter on device bond0
[  368.573565][T11477] 8021q: adding VLAN 0 to HW filter on device team0
[  368.611675][ T7873] bridge0: port 1(bridge_slave_0) entered blocking state
[  368.618794][ T7873] bridge0: port 1(bridge_slave_0) entered forwarding state
[  368.630316][ T5994] bridge_slave_1: left allmulticast mode
[  368.635961][ T5994] bridge_slave_1: left promiscuous mode
[  368.673487][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.035677][ T5994] bridge_slave_0: left allmulticast mode
[  369.049715][ T5994] bridge_slave_0: left promiscuous mode
[  369.061512][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.100464][ T5994] bridge_slave_1: left allmulticast mode
[  369.115370][ T5994] bridge_slave_1: left promiscuous mode
[  369.135953][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.146632][ T5994] bridge_slave_0: left allmulticast mode
[  369.180242][ T5994] bridge_slave_0: left promiscuous mode
[  369.186877][ T5870] usb 6-1: USB disconnect, device number 17
[  369.207009][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.536949][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  369.546740][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  369.556980][ T5994] bond0 (unregistering): Released all slaves
[  369.731534][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  369.743870][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  369.764420][ T5994] bond0 (unregistering): Released all slaves
[  369.809838][ T5831] Bluetooth: hci3: command tx timeout
[  369.809858][ T5825] Bluetooth: hci0: command tx timeout
[  369.849333][ T7873] bridge0: port 2(bridge_slave_1) entered blocking state
[  369.856436][ T7873] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.450816][ T5825] Bluetooth: hci5: command tx timeout
[  370.690352][ T5925] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  370.710375][T11632] netlink: 28 bytes leftover after parsing attributes in process `syz.5.865'.
[  370.719847][T11632] netlink: 16 bytes leftover after parsing attributes in process `syz.5.865'.
[  370.885535][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  370.915053][ T5925] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  370.949748][ T5925] usb 2-1: config 0 has no interfaces?
[  370.967780][ T5925] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  371.010365][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.038017][ T5925] usb 2-1: Product: syz
[  371.054016][ T5925] usb 2-1: Manufacturer: syz
[  371.058654][ T5925] usb 2-1: SerialNumber: syz
[  371.079534][ T5925] usb 2-1: config 0 descriptor??
[  371.159585][ T5994] hsr_slave_0: left promiscuous mode
[  371.178439][ T5994] hsr_slave_1: left promiscuous mode
[  371.194793][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.207885][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.245043][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.270107][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.293704][ T5994] hsr_slave_0: left promiscuous mode
[  371.302700][ T5994] hsr_slave_1: left promiscuous mode
[  371.328151][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.343038][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.355972][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.363498][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.402864][ T5994] veth1_macvtap: left promiscuous mode
[  371.408453][ T5994] veth0_macvtap: left promiscuous mode
[  371.414642][ T5994] veth1_vlan: left promiscuous mode
[  371.421559][ T5994] veth0_vlan: left promiscuous mode
[  371.428693][ T5994] veth1_macvtap: left promiscuous mode
[  371.434459][ T5994] veth0_macvtap: left promiscuous mode
[  371.440135][ T5994] veth1_vlan: left promiscuous mode
[  371.446065][ T5994] veth0_vlan: left promiscuous mode
[  371.853970][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  371.882708][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  371.889812][ T5825] Bluetooth: hci0: command tx timeout
[  371.889867][ T5825] Bluetooth: hci3: command tx timeout
[  372.529808][ T5831] Bluetooth: hci5: command tx timeout
[  373.238093][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  373.249478][  T973] usb 2-1: USB disconnect, device number 26
[  373.338806][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  373.970633][ T5831] Bluetooth: hci3: command tx timeout
[  374.609767][ T5831] Bluetooth: hci5: command tx timeout
[  375.210005][   T30] audit: type=1400 audit(1750516309.821:350): avc:  denied  { connect } for  pid=11674 comm="syz.5.874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  375.509958][  T123] block nbd2: Possible stuck request ffff888026cc0000: control (read@0,1024B). Runtime 180 seconds
[  375.520987][  T123] block nbd2: Possible stuck request ffff888026cc01c0: control (read@1024,1024B). Runtime 180 seconds
[  375.532256][  T123] block nbd2: Possible stuck request ffff888026cc0380: control (read@2048,1024B). Runtime 180 seconds
[  375.543868][  T123] block nbd2: Possible stuck request ffff888026cc0540: control (read@3072,1024B). Runtime 180 seconds
[  375.591260][T11594] chnl_net:caif_netlink_parms(): no params data found
[  375.686564][T11677] infiniband syz1: set down
[  375.702523][T11677] infiniband syz1: added ipvlan1
[  375.713733][T11677] syz1: rxe_create_cq: returned err = -12
[  375.720010][T11677] infiniband syz1: Couldn't create ib_mad CQ
[  375.738623][T11677] infiniband syz1: Couldn't open port 1
[  375.767970][T11677] RDS/IB: syz1: added
[  375.772071][T11677] smc: adding ib device syz1 with port count 1
[  375.778204][T11677] smc:    ib device syz1 port 1 has pnetid 
[  375.931491][T11594] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.945530][T11594] bridge0: port 1(bridge_slave_0) entered disabled state
[  375.970568][T11594] bridge_slave_0: entered allmulticast mode
[  375.999079][T11594] bridge_slave_0: entered promiscuous mode
[  376.057313][T11594] bridge0: port 2(bridge_slave_1) entered blocking state
[  376.097018][T11594] bridge0: port 2(bridge_slave_1) entered disabled state
[  376.128032][T11594] bridge_slave_1: entered allmulticast mode
[  376.142735][T11594] bridge_slave_1: entered promiscuous mode
[  376.179096][T11537] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  376.196322][T11477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.251506][T11537] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  376.274526][T11594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  376.284953][T11537] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  376.304448][T11537] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  376.357052][T11594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  376.601889][T11594] team0: Port device team_slave_0 added
[  376.646759][T11594] team0: Port device team_slave_1 added
[  376.700328][ T5831] Bluetooth: hci5: command tx timeout
[  376.784983][T11594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  376.820766][T11594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.859741][T11594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  376.880357][T11594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  376.888612][T11594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  376.888680][T11732] netlink: 'syz.1.877': attribute type 3 has an invalid length.
[  376.927795][T11732] netlink: 240 bytes leftover after parsing attributes in process `syz.1.877'.
[  376.927804][T11594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  376.994979][T11594] hsr_slave_0: entered promiscuous mode
[  377.010434][T11594] hsr_slave_1: entered promiscuous mode
[  377.016547][T11594] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  377.041407][T11594] Cannot create hsr debugfs directory
[  377.054743][T11477] veth0_vlan: entered promiscuous mode
[  377.204287][T11477] veth1_vlan: entered promiscuous mode
[  377.472833][   T30] audit: type=1400 audit(1750516312.141:351): avc:  denied  { mount } for  pid=11736 comm="syz.5.879" name="/" dev="ramfs" ino=54074 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  377.547360][T11537] 8021q: adding VLAN 0 to HW filter on device bond0
[  377.563572][T11477] veth0_macvtap: entered promiscuous mode
[  377.650653][T11477] veth1_macvtap: entered promiscuous mode
[  377.673977][T11537] 8021q: adding VLAN 0 to HW filter on device team0
[  377.686292][T11477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.704681][T11477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.731650][ T3530] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.738749][ T3530] bridge0: port 1(bridge_slave_0) entered forwarding state
[  377.755462][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  377.762557][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  377.775203][T11477] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.786480][T11477] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.795486][T11477] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.805428][T11477] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.934263][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.963327][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  378.159602][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.166343][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.352124][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  378.370854][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  378.542355][T11747] netlink: 80 bytes leftover after parsing attributes in process `syz.5.881'.
[  378.700989][T11594] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  378.739276][T11594] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  378.765903][T11594] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  378.833675][T11594] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  378.900544][   T48] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  379.020582][T11537] 8021q: adding VLAN 0 to HW filter on device batadv0
[  379.069790][   T48] usb 2-1: Using ep0 maxpacket: 8
[  379.086536][   T48] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  379.117529][   T48] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  379.165389][   T48] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  379.192052][   T48] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.209565][   T48] usb 2-1: Product: syz
[  379.236377][   T48] usb 2-1: Manufacturer: syz
[  379.245865][   T48] usb 2-1: SerialNumber: syz
[  379.277003][   T48] usb 2-1: config 0 descriptor??
[  379.284906][ T8990] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.367529][T11594] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.477848][ T8990] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.538408][T11594] 8021q: adding VLAN 0 to HW filter on device team0
[  379.558730][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.565872][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  379.598825][ T8990] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.619042][ T5994] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.626160][ T5994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.690193][ T8990] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  379.723696][T11594] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  379.797253][T11537] veth0_vlan: entered promiscuous mode
[  379.831703][T11537] veth1_vlan: entered promiscuous mode
[  379.943969][T11537] veth0_macvtap: entered promiscuous mode
[  379.954741][ T8990] bridge_slave_1: left allmulticast mode
[  379.965262][ T8990] bridge_slave_1: left promiscuous mode
[  379.974718][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.984307][ T8990] bridge_slave_0: left allmulticast mode
[  379.998895][ T8990] bridge_slave_0: left promiscuous mode
[  380.014896][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  380.428972][ T8990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  380.444601][ T8990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  380.455437][ T8990] bond0 (unregistering): Released all slaves
[  380.506167][T11594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  380.519472][T11537] veth1_macvtap: entered promiscuous mode
[  380.564196][T11537] batman_adv: batadv0: Interface activated: batadv_slave_0
[  380.645279][T11537] batman_adv: batadv0: Interface activated: batadv_slave_1
[  380.668559][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  380.681324][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  380.689401][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  380.701421][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  380.710526][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  380.725550][T11537] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  380.746327][T11537] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  380.764724][T11537] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  380.783963][T11537] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  380.803790][T11594] veth0_vlan: entered promiscuous mode
[  380.887835][T11594] veth1_vlan: entered promiscuous mode
[  381.017394][   T48] usb 2-1: USB disconnect, device number 27
[  381.111287][T11594] veth0_macvtap: entered promiscuous mode
[  381.112200][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.126832][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.134069][T11594] veth1_macvtap: entered promiscuous mode
[  381.231833][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.250796][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.338870][T11594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  381.355096][T11594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  381.398864][T11594] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  381.439392][T11594] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  381.473501][T11594] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  381.483978][T11594] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  381.491597][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.1.887'.
[  381.681005][ T8990] hsr_slave_0: left promiscuous mode
[  381.686876][ T8990] hsr_slave_1: left promiscuous mode
[  381.693555][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  381.702634][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_0
[  381.712398][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  381.719946][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_1
[  381.734542][ T8990] veth1_macvtap: left promiscuous mode
[  381.740286][ T8990] veth0_macvtap: left promiscuous mode
[  381.745811][ T8990] veth1_vlan: left promiscuous mode
[  381.751534][ T8990] veth0_vlan: left promiscuous mode
[  382.058801][ T8990] team0 (unregistering): Port device team_slave_1 removed
[  382.086418][ T8990] team0 (unregistering): Port device team_slave_0 removed
[  382.470062][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.490529][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.533671][T11805] chnl_net:caif_netlink_parms(): no params data found
[  382.581006][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  382.588840][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  382.765296][ T8990] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.770199][ T5831] Bluetooth: hci0: command tx timeout
[  382.834204][T11805] bridge0: port 1(bridge_slave_0) entered blocking state
[  382.842412][T11805] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.849544][T11805] bridge_slave_0: entered allmulticast mode
[  382.862861][T11805] bridge_slave_0: entered promiscuous mode
[  382.874265][T11805] bridge0: port 2(bridge_slave_1) entered blocking state
[  382.883305][T11805] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.892898][T11805] bridge_slave_1: entered allmulticast mode
[  382.902238][T11805] bridge_slave_1: entered promiscuous mode
[  382.957592][T11805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  382.977908][ T8990] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.996308][T11805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.025837][T11805] team0: Port device team_slave_0 added
[  383.035421][T11805] team0: Port device team_slave_1 added
[  383.055766][ T8990] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.080443][T11805] batman_adv: batadv0: Adding interface: batadv_slave_0
[  383.087373][T11805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.115208][T11805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  383.128729][T11805] batman_adv: batadv0: Adding interface: batadv_slave_1
[  383.135814][T11805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  383.161786][T11805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  383.221577][ T8990] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  383.347547][T11805] hsr_slave_0: entered promiscuous mode
[  383.354174][T11805] hsr_slave_1: entered promiscuous mode
[  383.364435][T11805] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  383.372913][T11805] Cannot create hsr debugfs directory
[  383.700787][ T8990] bridge_slave_1: left allmulticast mode
[  383.706446][ T8990] bridge_slave_1: left promiscuous mode
[  383.730350][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.766229][ T8990] bridge_slave_0: left allmulticast mode
[  383.791437][ T8990] bridge_slave_0: left promiscuous mode
[  383.797174][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.969041][ T5825] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  383.980176][ T5825] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  383.987738][ T5825] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  383.997169][ T5825] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  384.007625][ T5825] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  384.126476][ T8990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  384.136577][ T8990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  384.146099][ T8990] bond0 (unregistering): Released all slaves
[  384.850682][ T5831] Bluetooth: hci0: command tx timeout
[  384.863067][ T8990] hsr_slave_0: left promiscuous mode
[  384.875617][ T8990] hsr_slave_1: left promiscuous mode
[  384.882523][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  384.890708][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_0
[  384.898470][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  384.906274][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_1
[  384.925375][ T8990] veth1_macvtap: left promiscuous mode
[  384.931624][ T8990] veth0_macvtap: left promiscuous mode
[  384.937240][ T8990] veth1_vlan: left promiscuous mode
[  384.943014][ T8990] veth0_vlan: left promiscuous mode
[  385.281421][ T8990] team0 (unregistering): Port device team_slave_1 removed
[  385.308251][ T8990] team0 (unregistering): Port device team_slave_0 removed
[  385.854105][T11912] netlink: 32 bytes leftover after parsing attributes in process `syz.1.890'.
[  386.051310][ T5831] Bluetooth: hci3: command tx timeout
[  386.258765][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  386.271408][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  386.280953][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  386.291906][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  386.305706][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  386.344904][T11805] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  386.376017][T11805] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  386.515340][T11805] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  386.553867][T11805] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  386.639133][T11873] chnl_net:caif_netlink_parms(): no params data found
[  386.930297][ T5825] Bluetooth: hci0: command tx timeout
[  386.962555][   T30] audit: type=1400 audit(1750516321.451:352): avc:  denied  { setattr } for  pid=11918 comm="syz.5.892" name="RXRPC" dev="sockfs" ino=56317 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  387.176963][ T8990] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.260734][ T8990] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.277351][T11873] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.286926][T11873] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.294448][T11873] bridge_slave_0: entered allmulticast mode
[  387.302028][T11873] bridge_slave_0: entered promiscuous mode
[  387.345840][ T8990] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.362231][T11873] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.369457][T11873] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.376968][T11873] bridge_slave_1: entered allmulticast mode
[  387.383847][T11873] bridge_slave_1: entered promiscuous mode
[  387.477116][ T8990] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.502043][T11873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  387.515425][T11873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  387.565215][T11873] team0: Port device team_slave_0 added
[  387.632553][T11873] team0: Port device team_slave_1 added
[  387.692200][T11805] 8021q: adding VLAN 0 to HW filter on device bond0
[  387.727551][T11873] batman_adv: batadv0: Adding interface: batadv_slave_0
[  387.743663][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  387.794903][T11873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  388.024610][T11873] batman_adv: batadv0: Adding interface: batadv_slave_1
[  388.029797][ T5897] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  388.055658][T11873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  388.128018][T11873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  388.141871][ T5825] Bluetooth: hci3: command tx timeout
[  388.190203][ T5897] usb 2-1: Using ep0 maxpacket: 8
[  388.217952][ T5897] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  388.232404][ T5897] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  388.244493][ T5897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  388.275759][ T5897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  388.287589][ T5897] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  388.325895][ T5897] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  388.349774][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.363848][T11805] 8021q: adding VLAN 0 to HW filter on device team0
[  388.371122][ T5825] Bluetooth: hci5: command tx timeout
[  388.598427][ T8990] bridge_slave_1: left allmulticast mode
[  388.618682][ T8990] bridge_slave_1: left promiscuous mode
[  388.635992][ T8990] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.650510][ T5897] usb 2-1: GET_CAPABILITIES returned 0
[  388.656474][ T5897] usbtmc 2-1:16.0: can't read capabilities
[  388.696818][ T8990] bridge_slave_0: left allmulticast mode
[  388.714153][ T8990] bridge_slave_0: left promiscuous mode
[  388.727693][ T8990] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.012823][ T5825] Bluetooth: hci0: command tx timeout
[  389.437860][ T8990] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  389.449037][ T8990] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  389.458585][ T8990] bond0 (unregistering): Released all slaves
[  389.470468][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.477533][ T5973] bridge0: port 1(bridge_slave_0) entered forwarding state
[  389.491161][T11873] hsr_slave_0: entered promiscuous mode
[  389.497283][T11873] hsr_slave_1: entered promiscuous mode
[  389.503558][T11873] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  389.511531][T11873] Cannot create hsr debugfs directory
[  389.521213][T11914] chnl_net:caif_netlink_parms(): no params data found
[  389.567621][T11089] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.574726][T11089] bridge0: port 2(bridge_slave_1) entered forwarding state
[  389.583357][ T5897] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  389.735032][T11914] bridge0: port 1(bridge_slave_0) entered blocking state
[  389.742249][ T5897] usb 6-1: Using ep0 maxpacket: 8
[  389.747352][T11914] bridge0: port 1(bridge_slave_0) entered disabled state
[  389.754791][T11914] bridge_slave_0: entered allmulticast mode
[  389.765217][ T5897] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  389.776249][T11914] bridge_slave_0: entered promiscuous mode
[  389.786825][ T5897] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  389.807454][ T5897] usb 6-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  389.817891][ T5897] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.826372][ T5897] usb 6-1: Product: syz
[  389.831471][ T5897] usb 6-1: Manufacturer: syz
[  389.836084][ T5897] usb 6-1: SerialNumber: syz
[  389.836813][T11914] bridge0: port 2(bridge_slave_1) entered blocking state
[  389.842792][ T5897] usb 6-1: config 0 descriptor??
[  389.855213][T11914] bridge0: port 2(bridge_slave_1) entered disabled state
[  389.866803][T11914] bridge_slave_1: entered allmulticast mode
[  389.875931][T11914] bridge_slave_1: entered promiscuous mode
[  389.971615][T11914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.031990][T11914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.112650][ T8990] hsr_slave_0: left promiscuous mode
[  390.118380][ T8990] hsr_slave_1: left promiscuous mode
[  390.124880][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  390.133467][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_0
[  390.142375][ T8990] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  390.150291][ T8990] batman_adv: batadv0: Removing interface: batadv_slave_1
[  390.172378][ T5884] usb 6-1: USB disconnect, device number 18
[  390.173110][ T8990] veth1_macvtap: left promiscuous mode
[  390.188278][ T8990] veth0_macvtap: left promiscuous mode
[  390.208818][ T8990] veth1_vlan: left promiscuous mode
[  390.214221][ T5825] Bluetooth: hci3: command tx timeout
[  390.215460][ T8990] veth0_vlan: left promiscuous mode
[  390.450709][ T5825] Bluetooth: hci5: command tx timeout
[  390.476671][ T8990] team0 (unregistering): Port device team_slave_1 removed
[  390.508130][ T8990] team0 (unregistering): Port device team_slave_0 removed
[  390.609295][ T5897] usb 2-1: USB disconnect, device number 28
[  390.719503][T11986] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.899'.
[  390.885273][   T30] audit: type=1400 audit(1750516325.551:353): avc:  denied  { mounton } for  pid=11989 comm="syz.1.901" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  390.919053][   T30] audit: type=1400 audit(1750516325.551:354): avc:  denied  { ioctl } for  pid=11989 comm="syz.1.901" path="socket:[56584]" dev="sockfs" ino=56584 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  390.955777][T11914] team0: Port device team_slave_0 added
[  390.982765][T11996] delete_channel: no stack
[  390.996971][T11914] team0: Port device team_slave_1 added
[  391.008662][T11991] syzkaller1: entered promiscuous mode
[  391.019796][T11991] syzkaller1: entered allmulticast mode
[  391.134991][T11914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  391.149995][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.176002][T11914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  391.241965][T11914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  391.252517][T11914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  391.279320][T11914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  391.702423][T11805] 8021q: adding VLAN 0 to HW filter on device batadv0
[  391.740473][T11914] hsr_slave_0: entered promiscuous mode
[  391.746472][T11914] hsr_slave_1: entered promiscuous mode
[  391.757770][T11914] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  391.766766][T11914] Cannot create hsr debugfs directory
[  392.037946][T11873] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  392.051899][T11873] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  392.077072][T12007] loop6: detected capacity change from 0 to 7
[  392.085777][T12007] Dev loop6: unable to read RDB block 7
[  392.092451][T12007]  loop6: AHDI p1 p2 p3
[  392.096623][T12007] loop6: partition table partially beyond EOD, truncated
[  392.104504][T12007] loop6: p1 start 1601398130 is beyond EOD, truncated
[  392.114426][T12007] loop6: p2 start 1702059890 is beyond EOD, truncated
[  392.132639][T11805] veth0_vlan: entered promiscuous mode
[  392.146625][T11873] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  392.173676][T11873] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  392.214328][T11805] veth1_vlan: entered promiscuous mode
[  392.290620][ T5825] Bluetooth: hci3: command tx timeout
[  392.317863][T11805] veth0_macvtap: entered promiscuous mode
[  392.406402][T11805] veth1_macvtap: entered promiscuous mode
[  392.455283][T11805] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.511332][T11805] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.524803][T11873] 8021q: adding VLAN 0 to HW filter on device bond0
[  392.531464][ T5825] Bluetooth: hci5: command tx timeout
[  392.586428][T11805] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.595577][T11805] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.702961][T11805] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.711810][T11805] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.791487][T11873] 8021q: adding VLAN 0 to HW filter on device team0
[  392.882952][T11914] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  392.908794][ T3530] bridge0: port 1(bridge_slave_0) entered blocking state
[  392.915974][ T3530] bridge0: port 1(bridge_slave_0) entered forwarding state
[  392.932565][ T3530] bridge0: port 2(bridge_slave_1) entered blocking state
[  392.939742][ T3530] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.965694][T11914] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  392.999662][T11914] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  393.012694][T11914] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  393.565925][ T5994] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.596227][ T5994] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.647660][ T8990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.665062][ T8990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.734864][T11914] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.758044][T11914] 8021q: adding VLAN 0 to HW filter on device team0
[  393.773796][ T8990] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.780927][ T8990] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.844075][ T8990] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.851195][ T8990] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.860925][   T30] audit: type=1400 audit(1750516328.521:355): avc:  denied  { write } for  pid=12030 comm="syz.5.905" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  393.948229][T11873] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.223117][ T3530] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.274507][T11914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  394.330605][ T3530] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.359992][ T5884] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  394.423949][ T3530] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.501855][ T5884] usb 6-1: device descriptor read/64, error -71
[  394.509176][ T3530] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  394.526448][T11873] veth0_vlan: entered promiscuous mode
[  394.534129][T11914] veth0_vlan: entered promiscuous mode
[  394.547132][T11873] veth1_vlan: entered promiscuous mode
[  394.558992][T11914] veth1_vlan: entered promiscuous mode
[  394.610872][ T5825] Bluetooth: hci5: command tx timeout
[  394.642375][T11873] veth0_macvtap: entered promiscuous mode
[  394.687001][T11873] veth1_macvtap: entered promiscuous mode
[  394.740745][ T5884] usb 6-1: new full-speed USB device number 20 using dummy_hcd
[  394.754185][T11914] veth0_macvtap: entered promiscuous mode
[  394.765467][ T3530] bridge_slave_1: left allmulticast mode
[  394.775480][ T3530] bridge_slave_1: left promiscuous mode
[  394.781227][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.790677][ T3530] bridge_slave_0: left allmulticast mode
[  394.796320][ T3530] bridge_slave_0: left promiscuous mode
[  394.804306][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.890066][ T5884] usb 6-1: device descriptor read/64, error -71
[  395.025242][ T5884] usb usb6-port1: attempt power cycle
[  395.105100][ T3530] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  395.118341][ T3530] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  395.133387][ T3530] bond0 (unregistering): Released all slaves
[  395.157495][T11873] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.177355][T11873] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.201738][T11914] veth1_macvtap: entered promiscuous mode
[  395.232736][T11873] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.244361][T11873] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.257912][T11873] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.268002][T11873] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.327775][T11914] batman_adv: batadv0: Interface activated: batadv_slave_0
[  395.344906][T11914] batman_adv: batadv0: Interface activated: batadv_slave_1
[  395.369822][ T5884] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  395.400754][ T5884] usb 6-1: device descriptor read/8, error -71
[  395.473929][T11914] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  395.495307][T11914] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  395.512699][T11914] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  395.525427][T11914] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  395.650061][ T5884] usb 6-1: new full-speed USB device number 22 using dummy_hcd
[  395.669122][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.670192][ T5884] usb 6-1: device descriptor read/8, error -71
[  395.708152][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.810223][ T5884] usb usb6-port1: unable to enumerate USB device
[  395.861611][ T8990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  395.881254][ T8990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  395.896396][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  395.908818][ T5831] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  395.917874][ T5831] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  395.928693][ T5831] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  395.937039][ T5831] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  395.967401][ T3530] hsr_slave_0: left promiscuous mode
[  395.991897][ T3530] hsr_slave_1: left promiscuous mode
[  396.000594][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.009387][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  396.034904][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.043182][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  396.067632][ T3530] veth1_macvtap: left promiscuous mode
[  396.074686][ T3530] veth0_macvtap: left promiscuous mode
[  396.082116][ T3530] veth1_vlan: left promiscuous mode
[  396.087434][ T3530] veth0_vlan: left promiscuous mode
[  396.475098][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  396.513188][ T3530] team0 (unregistering): Port device team_slave_0 removed
[  397.035853][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.058322][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.183941][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  397.314569][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.773233][ T3530] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.892645][ T3530] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  397.954185][T12085] chnl_net:caif_netlink_parms(): no params data found
[  397.980160][ T5825] Bluetooth: hci0: command tx timeout
[  398.046591][ T3530] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.170874][ T3530] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  398.202620][T12085] bridge0: port 1(bridge_slave_0) entered blocking state
[  398.213392][T12085] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.232887][T12085] bridge_slave_0: entered allmulticast mode
[  398.254215][T12085] bridge_slave_0: entered promiscuous mode
[  398.273866][T12085] bridge0: port 2(bridge_slave_1) entered blocking state
[  398.290805][T12085] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.297944][T12085] bridge_slave_1: entered allmulticast mode
[  398.309442][T12085] bridge_slave_1: entered promiscuous mode
[  398.367297][T12085] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  398.379393][T12085] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  398.380735][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  398.397931][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  398.406938][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  398.416290][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  398.424398][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  398.454080][T12085] team0: Port device team_slave_0 added
[  398.472428][T12085] team0: Port device team_slave_1 added
[  398.572868][T12085] batman_adv: batadv0: Adding interface: batadv_slave_0
[  398.589763][T12085] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.615907][T12085] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  398.637656][T12085] batman_adv: batadv0: Adding interface: batadv_slave_1
[  398.649814][T12085] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.709841][T12085] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  398.777897][ T3530] bridge_slave_1: left allmulticast mode
[  398.785668][ T3530] bridge_slave_1: left promiscuous mode
[  398.793584][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.812765][ T3530] bridge_slave_0: left allmulticast mode
[  398.820830][ T3530] bridge_slave_0: left promiscuous mode
[  398.826553][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.117318][ T3530] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  399.127130][ T3530] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  399.136729][ T3530] bond0 (unregistering): Released all slaves
[  399.157637][T12085] hsr_slave_0: entered promiscuous mode
[  399.163810][T12085] hsr_slave_1: entered promiscuous mode
[  399.169625][T12085] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  399.177871][T12085] Cannot create hsr debugfs directory
[  399.576080][ T3530] hsr_slave_0: left promiscuous mode
[  399.590966][ T3530] hsr_slave_1: left promiscuous mode
[  399.596766][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  399.604712][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  399.623246][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  399.631913][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  399.663459][ T3530] veth1_macvtap: left promiscuous mode
[  399.668977][ T3530] veth0_macvtap: left promiscuous mode
[  399.677537][ T3530] veth1_vlan: left promiscuous mode
[  399.683433][ T3530] veth0_vlan: left promiscuous mode
[  400.053732][ T5831] Bluetooth: hci0: command tx timeout
[  400.096445][T12188] FAULT_INJECTION: forcing a failure.
[  400.096445][T12188] name failslab, interval 1, probability 0, space 0, times 0
[  400.109748][T12188] CPU: 0 UID: 0 PID: 12188 Comm: syz.5.908 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  400.109771][T12188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  400.109781][T12188] Call Trace:
[  400.109787][T12188]  <TASK>
[  400.109794][T12188]  dump_stack_lvl+0x16c/0x1f0
[  400.109825][T12188]  should_fail_ex+0x512/0x640
[  400.109848][T12188]  ? fs_reclaim_acquire+0xae/0x150
[  400.109868][T12188]  ? tomoyo_encode2+0x100/0x3e0
[  400.109892][T12188]  should_failslab+0xc2/0x120
[  400.109917][T12188]  __kmalloc_noprof+0xd2/0x510
[  400.109947][T12188]  tomoyo_encode2+0x100/0x3e0
[  400.109974][T12188]  tomoyo_encode+0x29/0x50
[  400.109997][T12188]  tomoyo_realpath_from_path+0x18f/0x6e0
[  400.110025][T12188]  ? tomoyo_profile+0x47/0x60
[  400.110054][T12188]  tomoyo_path_number_perm+0x245/0x580
[  400.110073][T12188]  ? tomoyo_path_number_perm+0x237/0x580
[  400.110097][T12188]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  400.110120][T12188]  ? find_held_lock+0x2b/0x80
[  400.110165][T12188]  ? find_held_lock+0x2b/0x80
[  400.110185][T12188]  ? hook_file_ioctl_common+0x145/0x410
[  400.110208][T12188]  ? __fget_files+0x20e/0x3c0
[  400.110236][T12188]  security_file_ioctl+0x9b/0x240
[  400.110262][T12188]  __x64_sys_ioctl+0xb7/0x210
[  400.110289][T12188]  do_syscall_64+0xcd/0x4c0
[  400.110318][T12188]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.110336][T12188] RIP: 0033:0x7f427e98e929
[  400.110350][T12188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.110367][T12188] RSP: 002b:00007f427f887038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  400.110384][T12188] RAX: ffffffffffffffda RBX: 00007f427ebb6080 RCX: 00007f427e98e929
[  400.110396][T12188] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 000000000000000a
[  400.110407][T12188] RBP: 00007f427f887090 R08: 0000000000000000 R09: 0000000000000000
[  400.110418][T12188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.110428][T12188] R13: 0000000000000000 R14: 00007f427ebb6080 R15: 00007ffe07190298
[  400.110454][T12188]  </TASK>
[  400.110470][T12188] ERROR: Out of memory at tomoyo_realpath_from_path.
[  400.281464][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  400.352475][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  400.373802][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  400.381637][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  400.389490][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  400.452631][ T5831] Bluetooth: hci3: command tx timeout
[  400.463417][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  400.493059][ T3530] team0 (unregistering): Port device team_slave_0 removed
[  400.725404][T12188] veth0_vlan: entered allmulticast mode
[  400.780960][T12153] chnl_net:caif_netlink_parms(): no params data found
[  401.045999][T12153] bridge0: port 1(bridge_slave_0) entered blocking state
[  401.069549][T12153] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.085886][T12153] bridge_slave_0: entered allmulticast mode
[  401.093786][T12153] bridge_slave_0: entered promiscuous mode
[  401.101591][T12153] bridge0: port 2(bridge_slave_1) entered blocking state
[  401.108727][T12153] bridge0: port 2(bridge_slave_1) entered disabled state
[  401.117769][T12153] bridge_slave_1: entered allmulticast mode
[  401.125067][T12153] bridge_slave_1: entered promiscuous mode
[  401.149984][ T5897] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  401.188639][T12153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  401.210364][T12153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  401.286247][T12153] team0: Port device team_slave_0 added
[  401.298265][T12153] team0: Port device team_slave_1 added
[  401.313375][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  401.335421][ T5897] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  401.346086][ T5897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.363683][ T5897] usb 6-1: config 0 descriptor??
[  401.377630][T12153] batman_adv: batadv0: Adding interface: batadv_slave_0
[  401.387728][T12153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.419313][T12153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.435932][T12153] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.443081][T12153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  401.474812][T12153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  401.488778][T12085] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  401.528620][ T3530] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.560863][T12085] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  401.604339][T12085] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  401.622748][T12085] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  401.675430][ T3530] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.694981][T12153] hsr_slave_0: entered promiscuous mode
[  401.702573][T12153] hsr_slave_1: entered promiscuous mode
[  401.708738][T12153] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  401.719746][T12153] Cannot create hsr debugfs directory
[  401.760067][ T3530] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.788118][ T5897] keytouch 0003:0926:3333.0013: fixing up Keytouch IEC report descriptor
[  401.820749][ T5897] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0013/input/input22
[  401.889096][ T3530] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  401.925329][ T5897] keytouch 0003:0926:3333.0013: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  402.012208][T12191] chnl_net:caif_netlink_parms(): no params data found
[  402.130221][ T5831] Bluetooth: hci0: command tx timeout
[  402.254027][ T3530] bridge_slave_1: left allmulticast mode
[  402.260718][ T3530] bridge_slave_1: left promiscuous mode
[  402.266452][ T3530] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.276729][ T3530] bridge_slave_0: left allmulticast mode
[  402.283712][ T3530] bridge_slave_0: left promiscuous mode
[  402.289355][ T3530] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.432139][ T5898] usb 6-1: USB disconnect, device number 23
[  402.452370][ T5831] Bluetooth: hci5: command tx timeout
[  402.532444][ T5831] Bluetooth: hci3: command tx timeout
[  402.542694][ T3530] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  402.553541][ T3530] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.563027][ T3530] bond0 (unregistering): Released all slaves
[  402.595084][T12085] 8021q: adding VLAN 0 to HW filter on device bond0
[  402.604548][T12191] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.612712][T12191] bridge0: port 1(bridge_slave_0) entered disabled state
[  402.629458][T12191] bridge_slave_0: entered allmulticast mode
[  402.639414][T12191] bridge_slave_0: entered promiscuous mode
[  402.648426][T12191] bridge0: port 2(bridge_slave_1) entered blocking state
[  402.655649][T12191] bridge0: port 2(bridge_slave_1) entered disabled state
[  402.668514][T12191] bridge_slave_1: entered allmulticast mode
[  402.684448][T12191] bridge_slave_1: entered promiscuous mode
[  402.778299][T12085] 8021q: adding VLAN 0 to HW filter on device team0
[  402.821125][T12191] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.875124][T12191] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.937876][ T8990] bridge0: port 1(bridge_slave_0) entered blocking state
[  402.945003][ T8990] bridge0: port 1(bridge_slave_0) entered forwarding state
[  403.054371][T12191] team0: Port device team_slave_0 added
[  403.054468][T12252] netlink: 8 bytes leftover after parsing attributes in process `syz.5.911'.
[  403.096698][T12191] team0: Port device team_slave_1 added
[  403.125531][ T8990] bridge0: port 2(bridge_slave_1) entered blocking state
[  403.132690][ T8990] bridge0: port 2(bridge_slave_1) entered forwarding state
[  403.264545][   T30] audit: type=1400 audit(1750516337.931:356): avc:  denied  { ioctl } for  pid=12251 comm="syz.5.911" path="ipc:[4026533626]" dev="nsfs" ino=4026533626 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  403.290099][T12252] overlay: filesystem on ./file1 not supported as upperdir
[  403.302504][ T3530] hsr_slave_0: left promiscuous mode
[  403.330959][ T3530] hsr_slave_1: left promiscuous mode
[  403.336826][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  403.344572][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_0
[  403.370613][ T3530] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  403.380033][ T3530] batman_adv: batadv0: Removing interface: batadv_slave_1
[  403.407248][ T3530] veth1_macvtap: left promiscuous mode
[  403.415736][ T3530] veth0_macvtap: left promiscuous mode
[  403.424344][ T3530] veth1_vlan: left promiscuous mode
[  403.429662][ T3530] veth0_vlan: left promiscuous mode
[  403.696586][   T30] audit: type=1400 audit(1750516338.361:357): avc:  denied  { write } for  pid=12261 comm="syz.5.913" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  403.697083][T12263] netlink: 4 bytes leftover after parsing attributes in process `syz.5.913'.
[  403.842980][ T3530] team0 (unregistering): Port device team_slave_1 removed
[  403.875745][ T3530] team0 (unregistering): Port device team_slave_0 removed
[  404.213426][ T5831] Bluetooth: hci0: command tx timeout
[  404.243833][T12191] batman_adv: batadv0: Adding interface: batadv_slave_0
[  404.255677][T12191] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.285954][T12191] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  404.329167][T12153] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  404.365993][T12262] unknown channel width for channel at 909000KHz?
[  404.374138][T12191] batman_adv: batadv0: Adding interface: batadv_slave_1
[  404.381917][T12191] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  404.434323][T12191] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  404.453742][T12153] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  404.477452][T12085] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  404.489334][T12085] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  404.579811][ T5831] Bluetooth: hci5: command tx timeout
[  404.599369][T12153] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  404.618768][ T5831] Bluetooth: hci3: command tx timeout
[  404.694524][T12191] hsr_slave_0: entered promiscuous mode
[  404.702838][T12191] hsr_slave_1: entered promiscuous mode
[  404.708982][T12191] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  404.718060][T12191] Cannot create hsr debugfs directory
[  404.724722][T12153] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  405.302944][T12085] 8021q: adding VLAN 0 to HW filter on device batadv0
[  405.570239][  T123] block nbd2: Possible stuck request ffff888026cc0000: control (read@0,1024B). Runtime 210 seconds
[  405.581065][  T123] block nbd2: Possible stuck request ffff888026cc01c0: control (read@1024,1024B). Runtime 210 seconds
[  405.592228][  T123] block nbd2: Possible stuck request ffff888026cc0380: control (read@2048,1024B). Runtime 210 seconds
[  405.603252][  T123] block nbd2: Possible stuck request ffff888026cc0540: control (read@3072,1024B). Runtime 210 seconds
[  406.082719][T12085] veth0_vlan: entered promiscuous mode
[  406.105907][T12153] 8021q: adding VLAN 0 to HW filter on device bond0
[  406.121150][T12085] veth1_vlan: entered promiscuous mode
[  406.159150][T12153] 8021q: adding VLAN 0 to HW filter on device team0
[  406.183750][ T5994] bridge0: port 1(bridge_slave_0) entered blocking state
[  406.190839][ T5994] bridge0: port 1(bridge_slave_0) entered forwarding state
[  406.213967][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[  406.221125][ T5973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  406.241413][T12085] veth0_macvtap: entered promiscuous mode
[  406.282588][T12085] veth1_macvtap: entered promiscuous mode
[  406.311813][T12191] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  406.328487][T12191] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  406.365494][T12153] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  406.379421][T12153] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  406.410999][T12085] batman_adv: batadv0: Interface activated: batadv_slave_0
[  406.445322][T12191] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  406.485230][T12191] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  406.585430][T12085] batman_adv: batadv0: Interface activated: batadv_slave_1
[  406.616748][T12085] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  406.624156][ T5831] Bluetooth: hci5: command tx timeout
[  406.632754][T12085] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  406.645170][T12085] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  406.654092][T12085] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  406.689864][ T5831] Bluetooth: hci3: command tx timeout
[  406.773993][T12153] 8021q: adding VLAN 0 to HW filter on device batadv0
[  406.875628][ T5825] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  406.885308][ T5825] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  406.895045][ T5825] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  406.903224][ T5825] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  406.912203][ T5825] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  406.924729][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  406.954791][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  406.999742][ T5833] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  407.044037][ T5973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.066847][ T5973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  407.138092][T12191] 8021q: adding VLAN 0 to HW filter on device bond0
[  407.178194][ T5833] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  407.195624][ T5833] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  407.205258][ T5833] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.217021][T12153] veth0_vlan: entered promiscuous mode
[  407.225941][ T5833] usb 6-1: config 0 descriptor??
[  407.259203][T12191] 8021q: adding VLAN 0 to HW filter on device team0
[  407.282883][T12153] veth1_vlan: entered promiscuous mode
[  407.309986][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.317148][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  407.352527][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.359625][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  407.427070][ T5994] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.610070][T12153] veth0_macvtap: entered promiscuous mode
[  407.640241][T12153] veth1_macvtap: entered promiscuous mode
[  407.651590][ T5833] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor
[  407.683691][ T5833] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0014/input/input23
[  407.800871][ T5833] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  407.823086][ T5994] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  407.958168][T12153] batman_adv: batadv0: Interface activated: batadv_slave_0
[  407.986029][ T5994] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.035630][T12153] batman_adv: batadv0: Interface activated: batadv_slave_1
[  408.091701][ T5994] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  408.130739][T12313] chnl_net:caif_netlink_parms(): no params data found
[  408.148295][T12153] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  408.157220][T12153] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  408.172310][T12153] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  408.180856][ T5833] usb 6-1: USB disconnect, device number 24
[  408.182578][T12153] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  408.388009][T12313] bridge0: port 1(bridge_slave_0) entered blocking state
[  408.396927][T12313] bridge0: port 1(bridge_slave_0) entered disabled state
[  408.405086][T12313] bridge_slave_0: entered allmulticast mode
[  408.413022][T12313] bridge_slave_0: entered promiscuous mode
[  408.422501][T12313] bridge0: port 2(bridge_slave_1) entered blocking state
[  408.429574][T12313] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.437398][T12313] bridge_slave_1: entered allmulticast mode
[  408.444892][T12313] bridge_slave_1: entered promiscuous mode
[  408.573329][T12313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  408.593707][T12191] 8021q: adding VLAN 0 to HW filter on device batadv0
[  408.636401][T12313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  408.659427][ T5994] bridge_slave_1: left allmulticast mode
[  408.665539][ T5994] bridge_slave_1: left promiscuous mode
[  408.671639][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  408.682174][ T5994] bridge_slave_0: left allmulticast mode
[  408.687789][ T5994] bridge_slave_0: left promiscuous mode
[  408.693586][ T5831] Bluetooth: hci5: command tx timeout
[  408.699130][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  409.010198][ T5831] Bluetooth: hci2: command tx timeout
[  409.055318][ T5825] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  409.066911][ T5825] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  409.075531][ T5825] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  409.083309][ T5825] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  409.091123][ T5825] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  409.122208][T12364] loop6: detected capacity change from 0 to 7
[  409.131171][T12364] Dev loop6: unable to read RDB block 7
[  409.137169][T12364]  loop6: AHDI p1 p2 p3
[  409.142032][T12364] loop6: partition table partially beyond EOD, truncated
[  409.150157][T12364] loop6: p1 start 1601398130 is beyond EOD, truncated
[  409.157292][T12364] loop6: p2 start 1702059890 is beyond EOD, truncated
[  409.314835][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  409.333626][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.345332][ T5994] bond0 (unregistering): Released all slaves
[  409.380058][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  409.393753][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.471081][T12313] team0: Port device team_slave_0 added
[  409.486785][T12313] team0: Port device team_slave_1 added
[  409.737202][T12313] batman_adv: batadv0: Adding interface: batadv_slave_0
[  409.744255][T12313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.784385][T12313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  409.826620][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  409.842105][T12313] batman_adv: batadv0: Adding interface: batadv_slave_1
[  409.849480][T12313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  409.869702][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  409.883259][T12313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  410.025617][T12374] netlink: 12 bytes leftover after parsing attributes in process `syz.5.922'.
[  410.129297][T12313] hsr_slave_0: entered promiscuous mode
[  410.142737][T12313] hsr_slave_1: entered promiscuous mode
[  410.149260][T12313] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  410.169987][T12313] Cannot create hsr debugfs directory
[  410.188651][T12191] veth0_vlan: entered promiscuous mode
[  410.408139][   T30] audit: type=1400 audit(1750516345.071:358): avc:  denied  { bind } for  pid=12380 comm="syz.5.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  410.563389][T12191] veth1_vlan: entered promiscuous mode
[  410.599302][ T5994] hsr_slave_0: left promiscuous mode
[  410.606152][ T5994] hsr_slave_1: left promiscuous mode
[  410.612326][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  410.621846][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  410.629593][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  410.639885][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  410.661197][ T5994] veth1_macvtap: left promiscuous mode
[  410.666726][ T5994] veth0_macvtap: left promiscuous mode
[  410.676436][ T5994] veth1_vlan: left promiscuous mode
[  410.682367][ T5994] veth0_vlan: left promiscuous mode
[  410.994663][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  411.021993][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  411.091117][ T5825] Bluetooth: hci2: command tx timeout
[  411.181635][ T5825] Bluetooth: hci0: command tx timeout
[  411.359197][T12191] veth0_macvtap: entered promiscuous mode
[  411.383031][T12191] veth1_macvtap: entered promiscuous mode
[  411.533321][T12191] batman_adv: batadv0: Interface activated: batadv_slave_0
[  411.578533][T12191] batman_adv: batadv0: Interface activated: batadv_slave_1
[  411.624121][T12191] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  411.635207][T12191] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  411.645418][T12191] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  411.658489][T12191] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.674011][T12362] chnl_net:caif_netlink_parms(): no params data found
[  411.763705][T12313] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  411.794644][ T5994] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.826202][T12313] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  411.843976][T12313] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  411.882167][T12313] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  411.909081][ T5994] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  411.969035][T12362] bridge0: port 1(bridge_slave_0) entered blocking state
[  411.976481][T12362] bridge0: port 1(bridge_slave_0) entered disabled state
[  411.983691][T12362] bridge_slave_0: entered allmulticast mode
[  411.993962][T12362] bridge_slave_0: entered promiscuous mode
[  412.014513][ T5994] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.026423][T11089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  412.027103][T12362] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.039763][T11089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  412.051376][T12362] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.058490][T12362] bridge_slave_1: entered allmulticast mode
[  412.065525][T12362] bridge_slave_1: entered promiscuous mode
[  412.108569][ T5994] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.134460][T12362] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  412.146159][T12362] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.166554][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  412.180766][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  412.204497][T12362] team0: Port device team_slave_0 added
[  412.238746][T12362] team0: Port device team_slave_1 added
[  412.330782][T12362] batman_adv: batadv0: Adding interface: batadv_slave_0
[  412.350840][T12362] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.387055][T12362] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  412.425999][T12362] batman_adv: batadv0: Adding interface: batadv_slave_1
[  412.443228][T12362] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  412.503983][T12362] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  412.753535][T12362] hsr_slave_0: entered promiscuous mode
[  412.766981][T12362] hsr_slave_1: entered promiscuous mode
[  412.780846][T12362] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  412.788442][T12362] Cannot create hsr debugfs directory
[  412.803777][ T5994] bridge_slave_1: left allmulticast mode
[  412.809430][ T5994] bridge_slave_1: left promiscuous mode
[  412.830027][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  412.838488][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  412.846498][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  412.855057][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.863100][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  412.871556][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  412.926309][ T5994] bridge_slave_0: left allmulticast mode
[  412.933199][ T5994] bridge_slave_0: left promiscuous mode
[  412.950043][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.169971][ T5831] Bluetooth: hci2: command tx timeout
[  413.245051][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  413.253656][ T5831] Bluetooth: hci0: command tx timeout
[  413.280193][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  413.293024][ T5994] bond0 (unregistering): Released all slaves
[  413.379311][T12313] 8021q: adding VLAN 0 to HW filter on device bond0
[  413.473453][T12313] 8021q: adding VLAN 0 to HW filter on device team0
[  413.571115][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  413.578246][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  413.636705][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  413.643868][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  413.915414][ T5994] hsr_slave_0: left promiscuous mode
[  413.927899][ T5994] hsr_slave_1: left promiscuous mode
[  413.934563][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.942578][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.953578][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.961389][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  413.980836][ T5994] veth1_macvtap: left promiscuous mode
[  413.986392][ T5994] veth0_macvtap: left promiscuous mode
[  413.993537][ T5994] veth1_vlan: left promiscuous mode
[  413.998831][ T5994] veth0_vlan: left promiscuous mode
[  414.307282][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  414.336283][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  414.579004][T12313] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  414.589559][T12313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  414.931630][ T5831] Bluetooth: hci3: command tx timeout
[  414.949884][T12362] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  414.965482][T12313] 8021q: adding VLAN 0 to HW filter on device batadv0
[  414.989521][T12362] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  415.017898][T12436] chnl_net:caif_netlink_parms(): no params data found
[  415.079078][T12362] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  415.304348][T12476] netlink: 60 bytes leftover after parsing attributes in process `syz.5.926'.
[  415.320985][ T5831] Bluetooth: hci2: command tx timeout
[  415.329851][ T5831] Bluetooth: hci0: command tx timeout
[  415.441140][T12362] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  415.745729][T12436] bridge0: port 1(bridge_slave_0) entered blocking state
[  415.758276][T12436] bridge0: port 1(bridge_slave_0) entered disabled state
[  415.769858][T12436] bridge_slave_0: entered allmulticast mode
[  415.777126][T12436] bridge_slave_0: entered promiscuous mode
[  415.794733][ T5825] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  415.805155][ T5825] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  415.813478][ T5825] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  415.855175][ T5825] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  415.862764][ T5825] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  415.981695][ T5994] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.008479][T12436] bridge0: port 2(bridge_slave_1) entered blocking state
[  416.016393][T12436] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.027954][T12436] bridge_slave_1: entered allmulticast mode
[  416.100536][T12436] bridge_slave_1: entered promiscuous mode
[  416.524591][ T5994] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.573246][T12362] 8021q: adding VLAN 0 to HW filter on device bond0
[  416.585564][T12436] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  416.604587][T12436] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  416.709391][ T5994] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.991790][T12436] team0: Port device team_slave_0 added
[  417.025261][ T5825] Bluetooth: hci3: command tx timeout
[  417.025875][T12436] team0: Port device team_slave_1 added
[  417.088636][T12505] netlink: 12 bytes leftover after parsing attributes in process `syz.5.929'.
[  417.132040][T12362] 8021q: adding VLAN 0 to HW filter on device team0
[  417.165554][ T5994] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.192874][T12505] xfrm1: entered promiscuous mode
[  417.197912][T12505] xfrm1: entered allmulticast mode
[  417.208369][T12436] batman_adv: batadv0: Adding interface: batadv_slave_0
[  417.219903][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.291204][T12436] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  417.313924][T12436] batman_adv: batadv0: Adding interface: batadv_slave_1
[  417.325451][T12436] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  417.363943][T12436] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  417.412765][ T5825] Bluetooth: hci0: command tx timeout
[  417.477445][T12313] veth0_vlan: entered promiscuous mode
[  417.505352][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  417.512435][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  417.572027][T12436] hsr_slave_0: entered promiscuous mode
[  417.590144][T12436] hsr_slave_1: entered promiscuous mode
[  417.596761][T12436] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  417.604448][T12436] Cannot create hsr debugfs directory
[  417.680966][T12313] veth1_vlan: entered promiscuous mode
[  417.697347][ T5973] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.704456][ T5973] bridge0: port 2(bridge_slave_1) entered forwarding state
[  417.710257][T12530] netlink: 12 bytes leftover after parsing attributes in process `syz.5.933'.
[  417.866030][T12533] FAULT_INJECTION: forcing a failure.
[  417.866030][T12533] name failslab, interval 1, probability 0, space 0, times 0
[  417.892328][ T5825] Bluetooth: hci5: command tx timeout
[  417.898244][T12533] CPU: 0 UID: 0 PID: 12533 Comm: syz.5.934 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  417.898269][T12533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  417.898280][T12533] Call Trace:
[  417.898286][T12533]  <TASK>
[  417.898293][T12533]  dump_stack_lvl+0x16c/0x1f0
[  417.898323][T12533]  should_fail_ex+0x512/0x640
[  417.898346][T12533]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[  417.898373][T12533]  should_failslab+0xc2/0x120
[  417.898399][T12533]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[  417.898423][T12533]  ? alloc_inode+0xc3/0x240
[  417.898445][T12533]  alloc_inode+0xc3/0x240
[  417.898463][T12533]  path_from_stashed+0x2be/0xb00
[  417.898488][T12533]  ? down_read+0x13d/0x480
[  417.898508][T12533]  ? __pfx_path_from_stashed+0x10/0x10
[  417.898541][T12533]  ns_get_path_cb+0x40/0x60
[  417.898565][T12533]  bpf_prog_offload_info_fill+0xcf/0x4f0
[  417.898590][T12533]  ? __pfx_bpf_prog_offload_info_fill+0x10/0x10
[  417.898618][T12533]  ? bpf_lsm_capable+0x9/0x10
[  417.898636][T12533]  ? security_capable+0x7e/0x260
[  417.898659][T12533]  bpf_prog_get_info_by_fd+0x199b/0x2dd0
[  417.898684][T12533]  ? find_held_lock+0x2b/0x80
[  417.898716][T12533]  ? __pfx_bpf_prog_get_info_by_fd+0x10/0x10
[  417.898762][T12533]  ? __fget_files+0x20e/0x3c0
[  417.898793][T12533]  bpf_obj_get_info_by_fd+0x53d/0xcc0
[  417.898818][T12533]  ? __pfx_bpf_obj_get_info_by_fd+0x10/0x10
[  417.898852][T12533]  ? find_held_lock+0x2b/0x80
[  417.898871][T12533]  ? __might_fault+0xe3/0x190
[  417.898893][T12533]  ? __might_fault+0xe3/0x190
[  417.898913][T12533]  ? __might_fault+0x13b/0x190
[  417.898936][T12533]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  417.898959][T12533]  ? selinux_bpf+0xee/0x130
[  417.898981][T12533]  __sys_bpf+0x18ae/0x4d80
[  417.899016][T12533]  ? __pfx___sys_bpf+0x10/0x10
[  417.899040][T12533]  ? ksys_write+0x190/0x250
[  417.899065][T12533]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  417.899106][T12533]  ? fput+0x70/0xf0
[  417.899136][T12533]  ? ksys_write+0x1ac/0x250
[  417.899156][T12533]  ? __pfx_ksys_write+0x10/0x10
[  417.899183][T12533]  __x64_sys_bpf+0x78/0xc0
[  417.899207][T12533]  ? lockdep_hardirqs_on+0x7c/0x110
[  417.899232][T12533]  do_syscall_64+0xcd/0x4c0
[  417.899263][T12533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.899282][T12533] RIP: 0033:0x7f427e98e929
[  417.899296][T12533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.899313][T12533] RSP: 002b:00007f427f8a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  417.899330][T12533] RAX: ffffffffffffffda RBX: 00007f427ebb5fa0 RCX: 00007f427e98e929
[  417.899342][T12533] RDX: 0000000000000010 RSI: 0000200000000740 RDI: 000000000000000f
[  417.899352][T12533] RBP: 00007f427f8a8090 R08: 0000000000000000 R09: 0000000000000000
[  417.899363][T12533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.899373][T12533] R13: 0000000000000000 R14: 00007f427ebb5fa0 R15: 00007ffe07190298
[  417.899398][T12533]  </TASK>
[  418.282687][T12543] FAULT_INJECTION: forcing a failure.
[  418.282687][T12543] name failslab, interval 1, probability 0, space 0, times 0
[  418.296089][T12543] CPU: 0 UID: 0 PID: 12543 Comm: syz.5.935 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  418.296115][T12543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.296126][T12543] Call Trace:
[  418.296132][T12543]  <TASK>
[  418.296139][T12543]  dump_stack_lvl+0x16c/0x1f0
[  418.296169][T12543]  should_fail_ex+0x512/0x640
[  418.296193][T12543]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  418.296216][T12543]  should_failslab+0xc2/0x120
[  418.296241][T12543]  __kmalloc_cache_noprof+0x6a/0x3e0
[  418.296270][T12543]  ? copy_mount_options+0x55/0x190
[  418.296288][T12543]  ? _copy_from_user+0x59/0xd0
[  418.296316][T12543]  copy_mount_options+0x55/0x190
[  418.296336][T12543]  __x64_sys_mount+0x1ac/0x310
[  418.296365][T12543]  ? __pfx___x64_sys_mount+0x10/0x10
[  418.296400][T12543]  do_syscall_64+0xcd/0x4c0
[  418.296428][T12543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.296446][T12543] RIP: 0033:0x7f427e98e929
[  418.296461][T12543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  418.296478][T12543] RSP: 002b:00007f427f8a8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  418.296496][T12543] RAX: ffffffffffffffda RBX: 00007f427ebb5fa0 RCX: 00007f427e98e929
[  418.296508][T12543] RDX: 0000200000000b80 RSI: 00002000000003c0 RDI: 0000000000000000
[  418.296519][T12543] RBP: 00007f427f8a8090 R08: 0000200000000580 R09: 0000000000000000
[  418.296531][T12543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.296542][T12543] R13: 0000000000000000 R14: 00007f427ebb5fa0 R15: 00007ffe07190298
[  418.296567][T12543]  </TASK>
[  418.633462][T12549] netlink: 24 bytes leftover after parsing attributes in process `syz.5.936'.
[  418.648482][T12549] netlink: 12 bytes leftover after parsing attributes in process `syz.5.936'.
[  418.664474][T12549] tipc: Enabling of bearer <et„:vÿan0> rejected, media not registered
[  418.673750][ T5994] bridge_slave_1: left allmulticast mode
[  418.679436][ T5994] bridge_slave_1: left promiscuous mode
[  418.696471][ T5994] bridge0: port 2(bridge_slave_1) entered disabled state
[  418.749010][ T5994] bridge_slave_0: left allmulticast mode
[  418.754799][ T5994] bridge_slave_0: left promiscuous mode
[  418.765582][ T5994] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.110532][ T5825] Bluetooth: hci3: command tx timeout
[  419.414247][ T5994] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  419.424358][ T5994] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  419.433918][ T5994] bond0 (unregistering): Released all slaves
[  419.457775][T12495] chnl_net:caif_netlink_parms(): no params data found
[  419.536354][T12313] veth0_macvtap: entered promiscuous mode
[  419.608837][T12313] veth1_macvtap: entered promiscuous mode
[  419.801077][T12495] bridge0: port 1(bridge_slave_0) entered blocking state
[  419.808213][T12495] bridge0: port 1(bridge_slave_0) entered disabled state
[  419.823500][T12495] bridge_slave_0: entered allmulticast mode
[  419.837298][T12495] bridge_slave_0: entered promiscuous mode
[  419.873640][T12569] FAULT_INJECTION: forcing a failure.
[  419.873640][T12569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  419.896216][T12569] CPU: 1 UID: 0 PID: 12569 Comm: syz.5.939 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  419.896242][T12569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  419.896252][T12569] Call Trace:
[  419.896258][T12569]  <TASK>
[  419.896264][T12569]  dump_stack_lvl+0x16c/0x1f0
[  419.896295][T12569]  should_fail_ex+0x512/0x640
[  419.896323][T12569]  _copy_from_user+0x2e/0xd0
[  419.896349][T12569]  user_termios_to_kernel_termios_1+0x21/0x30
[  419.896372][T12569]  set_termios+0x3be/0x880
[  419.896393][T12569]  ? find_held_lock+0x2b/0x80
[  419.896416][T12569]  ? __pfx_set_termios+0x10/0x10
[  419.896437][T12569]  ? __lock_acquire+0xb8a/0x1c90
[  419.896478][T12569]  tty_mode_ioctl+0x57e/0xd30
[  419.896500][T12569]  ? __pfx_tty_mode_ioctl+0x10/0x10
[  419.896530][T12569]  ? __pfx___ldsem_down_read_nested+0x10/0x10
[  419.896555][T12569]  ? __pfx_n_tty_ioctl+0x10/0x10
[  419.896570][T12569]  n_tty_ioctl_helper+0x4b/0x2b0
[  419.896593][T12569]  n_tty_ioctl+0x7f/0x370
[  419.896614][T12569]  ? __pfx_n_tty_ioctl+0x10/0x10
[  419.896629][T12569]  tty_ioctl+0x6fd/0x1640
[  419.896654][T12569]  ? __pfx_tty_ioctl+0x10/0x10
[  419.896679][T12569]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  419.896712][T12569]  ? hook_file_ioctl_common+0x145/0x410
[  419.896737][T12569]  ? selinux_file_ioctl+0x180/0x270
[  419.896759][T12569]  ? selinux_file_ioctl+0xb4/0x270
[  419.896783][T12569]  ? __pfx_tty_ioctl+0x10/0x10
[  419.896808][T12569]  __x64_sys_ioctl+0x18b/0x210
[  419.896831][T12569]  do_syscall_64+0xcd/0x4c0
[  419.896859][T12569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.896879][T12569] RIP: 0033:0x7f427e98e929
[  419.896894][T12569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  419.896911][T12569] RSP: 002b:00007f427f8a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  419.896928][T12569] RAX: ffffffffffffffda RBX: 00007f427ebb5fa0 RCX: 00007f427e98e929
[  419.896941][T12569] RDX: 00002000000000c0 RSI: 0000000000005402 RDI: 0000000000000004
[  419.896952][T12569] RBP: 00007f427f8a8090 R08: 0000000000000000 R09: 0000000000000000
[  419.896963][T12569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  419.896974][T12569] R13: 0000000000000000 R14: 00007f427ebb5fa0 R15: 00007ffe07190298
[  419.897007][T12569]  </TASK>
[  420.128353][ T5825] Bluetooth: hci5: command tx timeout
[  420.177753][T12313] batman_adv: batadv0: Interface activated: batadv_slave_0
[  420.258391][T12495] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.275889][T12495] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.296806][T12495] bridge_slave_1: entered allmulticast mode
[  420.315003][T12495] bridge_slave_1: entered promiscuous mode
[  420.407747][T12495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  420.422739][T12495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  420.436104][T12313] batman_adv: batadv0: Interface activated: batadv_slave_1
[  420.545700][T12591] capability: warning: `syz.5.942' uses deprecated v2 capabilities in a way that may be insecure
[  420.621463][T12495] team0: Port device team_slave_0 added
[  420.627944][T12313] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  420.644975][T12313] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  420.654037][T12313] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  420.663056][T12313] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  420.707325][T12362] 8021q: adding VLAN 0 to HW filter on device batadv0
[  420.726107][ T5994] hsr_slave_0: left promiscuous mode
[  420.740748][ T5994] hsr_slave_1: left promiscuous mode
[  420.746979][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  420.757927][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_0
[  420.765954][ T5994] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  420.774435][ T5994] batman_adv: batadv0: Removing interface: batadv_slave_1
[  420.796428][ T5994] veth1_macvtap: left promiscuous mode
[  420.802029][ T5994] veth0_macvtap: left promiscuous mode
[  420.807713][ T5994] veth1_vlan: left promiscuous mode
[  420.814018][ T5994] veth0_vlan: left promiscuous mode
[  421.170458][ T5825] Bluetooth: hci3: command tx timeout
[  421.279358][ T5994] team0 (unregistering): Port device team_slave_1 removed
[  421.318652][ T5994] team0 (unregistering): Port device team_slave_0 removed
[  421.664986][T12495] team0: Port device team_slave_1 added
[  421.757578][T12495] batman_adv: batadv0: Adding interface: batadv_slave_0
[  421.772788][T12495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  421.805441][T12495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  421.847268][T12495] batman_adv: batadv0: Adding interface: batadv_slave_1
[  421.856431][T12495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  421.883588][T12495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  421.969539][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.998597][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  422.128108][T12495] hsr_slave_0: entered promiscuous mode
[  422.136045][T12495] hsr_slave_1: entered promiscuous mode
[  422.144239][T12495] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  422.154834][T12495] Cannot create hsr debugfs directory
[  422.161718][T12436] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  422.209420][ T3530] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  422.210100][ T5825] Bluetooth: hci5: command tx timeout
[  422.217688][T12436] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  422.234131][T12436] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  422.249861][ T3530] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  422.281705][T12362] veth0_vlan: entered promiscuous mode
[  422.300060][T12436] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  422.374355][T12651] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.386739][T12647] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.402237][T12362] veth1_vlan: entered promiscuous mode
[  422.453359][T12651] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.460523][T12647] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.669986][ T5813] usb 6-1: new low-speed USB device number 25 using dummy_hcd
[  423.248566][T12436] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.269626][T12669] Malformed UNC in devname
[  423.269626][T12669] 
[  423.277603][T12669] CIFS: VFS: Malformed UNC in devname
[  423.327714][   T30] audit: type=1400 audit(1750516357.991:359): avc:  denied  { getopt } for  pid=12668 comm="syz.5.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  423.437042][T12362] veth0_macvtap: entered promiscuous mode
[  423.512704][   T31] INFO: task syz.2.663:9665 blocked for more than 143 seconds.
[  423.526282][   T31]       Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  423.564326][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  423.672344][   T31] task:syz.2.663       state:D stack:26520 pid:9665  tgid:9664  ppid:5824   task_flags:0x400140 flags:0x00004004
[  423.740089][T12362] veth1_macvtap: entered promiscuous mode
[  423.781612][   T31] Call Trace:
[  423.784926][   T31]  <TASK>
[  423.787262][T12436] 8021q: adding VLAN 0 to HW filter on device team0
[  423.787850][   T31]  __schedule+0x116a/0x5de0
[  423.829106][T12679] netlink: 40 bytes leftover after parsing attributes in process `syz.5.952'.
[  423.884263][   T31]  ? __lock_acquire+0x622/0x1c90
[  423.930426][   T31]  ? __pfx___schedule+0x10/0x10
[  423.935325][   T31]  ? find_held_lock+0x2b/0x80
[  423.959705][   T31]  ? schedule+0x2d7/0x3a0
[  423.966143][   T31]  schedule+0xe7/0x3a0
[  423.982724][   T31]  schedule_preempt_disabled+0x13/0x30
[  423.998694][   T31]  __mutex_lock+0x6c7/0xb90
[  424.019761][   T31]  ? bdev_open+0x41a/0xe40
[  424.024234][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  424.043136][   T31]  ? bdev_open+0x41a/0xe40
[  424.047575][   T31]  bdev_open+0x41a/0xe40
[  424.051906][   T31]  bdev_file_open_by_dev+0x182/0x210
[  424.057204][   T31]  bdev_file_open_by_path+0xed/0x330
[  424.062668][   T31]  ? __pfx_bdev_file_open_by_path+0x10/0x10
[  424.068573][   T31]  ? btrfs_get_tree+0x3b3/0x1b70
[  424.073990][   T31]  btrfs_scan_one_device+0xcf/0x680
[  424.079202][   T31]  ? __pfx_btrfs_scan_one_device+0x10/0x10
[  424.086001][   T31]  btrfs_get_tree+0x3e8/0x1b70
[  424.091019][   T31]  ? __pfx_btrfs_get_tree+0x10/0x10
[  424.096238][   T31]  ? rcu_is_watching+0x12/0xc0
[  424.101366][   T31]  ? trace_kmalloc+0x2b/0xd0
[  424.105975][   T31]  ? lockdep_init_map_type+0x5c/0x280
[  424.111633][   T31]  vfs_get_tree+0x8b/0x340
[  424.116061][   T31]  fc_mount+0x18/0x110
[  424.120466][   T31]  btrfs_get_tree+0xa37/0x1b70
[  424.125247][   T31]  ? __pfx_btrfs_get_tree+0x10/0x10
[  424.130805][   T31]  ? cap_capable+0xb3/0x250
[  424.135324][   T31]  ? bpf_lsm_capable+0x9/0x10
[  424.140311][   T31]  ? security_capable+0x7e/0x260
[  424.145260][   T31]  vfs_get_tree+0x8b/0x340
[  424.150244][   T31]  path_mount+0x1414/0x2020
[  424.154780][   T31]  ? kmem_cache_free+0x2d1/0x4d0
[  424.162656][   T31]  ? __pfx_path_mount+0x10/0x10
[  424.167610][   T31]  ? putname+0x154/0x1a0
[  424.173176][   T31]  __x64_sys_mount+0x28d/0x310
[  424.178005][   T31]  ? __pfx___x64_sys_mount+0x10/0x10
[  424.193846][   T31]  do_syscall_64+0xcd/0x4c0
[  424.198381][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  424.213432][   T31] RIP: 0033:0x7f36fef8e929
[  424.217859][   T31] RSP: 002b:00007f36ffd1a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  424.226611][   T31] RAX: ffffffffffffffda RBX: 00007f36ff1b5fa0 RCX: 00007f36fef8e929
[  424.240636][   T31] RDX: 0000200000000200 RSI: 0000200000000300 RDI: 0000200000000280
[  424.248617][   T31] RBP: 00007f36ff010b39 R08: 0000200000000380 R09: 0000000000000000
[  424.256873][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  424.265291][   T31] R13: 0000000000000000 R14: 00007f36ff1b5fa0 R15: 00007ffeb0392ae8
[  424.273488][   T31]  </TASK>
[  424.276588][   T31] 
[  424.276588][   T31] Showing all locks held in the system:
[  424.307555][ T5825] Bluetooth: hci5: command tx timeout
[  424.331100][   T31] 2 locks held by kworker/1:0/24:
[  424.336131][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  424.379714][   T31]  #1: ffffc900001e7d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  424.389412][   T31] 1 lock held by khungtaskd/31:
[  424.443630][   T31]  #0: ffffffff8e5c4880 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  424.469742][   T31] 2 locks held by getty/5573:
[  424.485385][   T31]  #0: ffff8880326df0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  424.519708][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  424.549600][   T31] 3 locks held by kworker/u8:9/5994:
[  424.569741][   T31]  #0: ffff888032107148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  424.583090][   T31]  #1: ffffc9000213fd10 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  424.595507][   T31]  #2: ffffffff9034d1a8 (rtnl_mutex){+.+.}-{4:4}, at: addrconf_dad_work+0x120/0x14e0
[  424.607391][   T31] 1 lock held by udevd/6241:
[  424.621015][   T31]  #0: ffff888026b83358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  424.630598][   T31] 2 locks held by syz.2.663/9665:
[  424.639850][   T31]  #0: ffffffff8edd1e88 (uuid_mutex){+.+.}-{4:4}, at: btrfs_get_tree+0x3b3/0x1b70
[  424.649104][   T31]  #1: ffff888026b83358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  424.669744][   T31] 1 lock held by syz.1.901/11994:
[  424.674780][   T31]  #0: ffff888026b83358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  424.699866][   T31] 1 lock held by syz-executor/12436:
[  424.705162][   T31] 8 locks held by syz-executor/12495:
[  424.726990][   T31]  #0: ffff88802500c428 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  424.749790][   T31]  #1: ffff88802a0aac88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510
[  424.759564][   T31]  #2: ffff8881443055a8 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510
[  424.777377][   T31]  #3: ffffffff8f8e9ee8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x4a0
[  424.787875][   T31]  #4: ffff88806a97b0e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xa4/0x620
[  424.802462][   T31]  #5: ffff88806a97e250 (&devlink->lock_key#50){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1d0
[  424.813306][   T31]  #6: ffffffff9034d1a8 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0xfc/0x5d0
[  424.823861][   T31]  #7: ffffffff8e5cfe78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  424.834847][   T31] 1 lock held by syz.5.952/12678:
[  424.840056][   T31]  #0: ffffffff9034d1a8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  424.849044][   T31] 1 lock held by cmp/12699:
[  424.861822][   T31] 
[  424.864159][   T31] =============================================
[  424.864159][   T31] 
[  424.890116][   T31] NMI backtrace for cpu 1
[  424.890131][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  424.890154][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  424.890164][   T31] Call Trace:
[  424.890170][   T31]  <TASK>
[  424.890178][   T31]  dump_stack_lvl+0x116/0x1f0
[  424.890207][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  424.890234][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  424.890260][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  424.890285][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  424.890308][   T31]  watchdog+0xf70/0x12c0
[  424.890334][   T31]  ? __pfx_watchdog+0x10/0x10
[  424.890352][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  424.890379][   T31]  ? __kthread_parkme+0x19e/0x250
[  424.890405][   T31]  ? __pfx_watchdog+0x10/0x10
[  424.890425][   T31]  kthread+0x3c2/0x780
[  424.890441][   T31]  ? __pfx_kthread+0x10/0x10
[  424.890459][   T31]  ? rcu_is_watching+0x12/0xc0
[  424.890481][   T31]  ? __pfx_kthread+0x10/0x10
[  424.890498][   T31]  ret_from_fork+0x5d4/0x6f0
[  424.890522][   T31]  ? __pfx_kthread+0x10/0x10
[  424.890538][   T31]  ret_from_fork_asm+0x1a/0x30
[  424.890569][   T31]  </TASK>
[  424.890576][   T31] Sending NMI from CPU 1 to CPUs 0:
[  425.018506][    C0] NMI backtrace for cpu 0
[  425.018521][    C0] CPU: 0 UID: 0 PID: 12677 Comm: syz.6.953 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  425.018539][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  425.018547][    C0] RIP: 0010:stack_trace_consume_entry+0xd7/0x170
[  425.018570][    C0] Code: 02 00 0f 85 9a 00 00 00 8d 45 01 89 43 10 48 8b 03 48 8d 2c e8 48 b8 00 00 00 00 00 fc ff df 48 89 ea 48 c1 ea 03 80 3c 02 00 <75> 64 48 89 75 00 8b 43 08 39 43 10 0f 92 c0 48 83 c4 08 5b 5d c3
[  425.018584][    C0] RSP: 0018:ffffc90003f4f6f8 EFLAGS: 00000246
[  425.018596][    C0] RAX: dffffc0000000000 RBX: ffffc90003f4f7d8 RCX: ffffc90003f4f66c
[  425.018606][    C0] RDX: 1ffff920007e9f10 RSI: ffffffff82351bef RDI: ffffc90003f4f7e4
[  425.018615][    C0] RBP: ffffc90003f4f880 R08: ffffffff9143ce4e R09: 0000000000000000
[  425.018624][    C0] R10: 0000000000000000 R11: 000000000000bc1c R12: ffffffff81a77fd0
[  425.018633][    C0] R13: ffffc90003f4f7d8 R14: 0000000000000000 R15: ffff88802ebd2440
[  425.018643][    C0] FS:  0000000000000000(0000) GS:ffff888124753000(0000) knlGS:0000000000000000
[  425.018657][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  425.018666][    C0] CR2: 0000563ece92a300 CR3: 00000000317e4000 CR4: 00000000003526f0
[  425.018676][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  425.018684][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  425.018693][    C0] Call Trace:
[  425.018698][    C0]  <TASK>
[  425.018703][    C0]  ? unwind_get_return_address+0x59/0xa0
[  425.018725][    C0]  arch_stack_walk+0x88/0x100
[  425.018741][    C0]  ? __fput+0x3ff/0xb70
[  425.018762][    C0]  stack_trace_save+0x8e/0xc0
[  425.018779][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  425.018796][    C0]  ? __lock_acquire+0x622/0x1c90
[  425.018817][    C0]  save_stack+0x160/0x1f0
[  425.018833][    C0]  ? __pfx_save_stack+0x10/0x10
[  425.018848][    C0]  ? __free_frozen_pages+0x7fe/0x1180
[  425.018863][    C0]  ? vfree+0x1fd/0xb50
[  425.018875][    C0]  ? kcov_close+0x34/0x60
[  425.018892][    C0]  ? page_ext_put+0x3e/0xd0
[  425.018911][    C0]  __reset_page_owner+0x84/0x1a0
[  425.018928][    C0]  __free_frozen_pages+0x7fe/0x1180
[  425.018946][    C0]  vfree+0x1fd/0xb50
[  425.018958][    C0]  ? find_held_lock+0x2b/0x80
[  425.018980][    C0]  ? rcu_is_watching+0x12/0xc0
[  425.018996][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  425.019016][    C0]  ? __pfx_kcov_close+0x10/0x10
[  425.019030][    C0]  kcov_close+0x34/0x60
[  425.019043][    C0]  __fput+0x3ff/0xb70
[  425.019062][    C0]  ? cleanup_mnt+0x262/0x450
[  425.019079][    C0]  task_work_run+0x150/0x240
[  425.019093][    C0]  ? __pfx_task_work_run+0x10/0x10
[  425.019109][    C0]  do_exit+0x864/0x2bd0
[  425.019129][    C0]  ? __pfx_do_exit+0x10/0x10
[  425.019146][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  425.019160][    C0]  ? find_held_lock+0x2b/0x80
[  425.019177][    C0]  do_group_exit+0xd3/0x2a0
[  425.019195][    C0]  get_signal+0x2673/0x26d0
[  425.019215][    C0]  ? __pfx_get_signal+0x10/0x10
[  425.019234][    C0]  arch_do_signal_or_restart+0x8f/0x7d0
[  425.019250][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  425.019271][    C0]  exit_to_user_mode_loop+0x84/0x110
[  425.019286][    C0]  do_syscall_64+0x3f6/0x4c0
[  425.019306][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.019320][    C0] RIP: 0033:0x7faa5698e929
[  425.019331][    C0] Code: Unable to access opcode bytes at 0x7faa5698e8ff.
[  425.019337][    C0] RSP: 002b:00007faa547f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  425.019349][    C0] RAX: 00000000000000b0 RBX: 00007faa56bb5fa0 RCX: 00007faa5698e929
[  425.019358][    C0] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  425.019367][    C0] RBP: 00007faa56a10b39 R08: 0000000000000000 R09: 0000000000000000
[  425.019375][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  425.019384][    C0] R13: 0000000000000000 R14: 00007faa56bb5fa0 R15: 00007ffcc06893b8
[  425.019398][    C0]  </TASK>
[  425.479046][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  425.485931][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[  425.497736][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  425.507786][   T31] Call Trace:
[  425.511059][   T31]  <TASK>
[  425.513989][   T31]  dump_stack_lvl+0x3d/0x1f0
[  425.518594][   T31]  panic+0x71c/0x800
[  425.522501][   T31]  ? __pfx_panic+0x10/0x10
[  425.526933][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  425.532309][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  425.538280][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  425.543639][   T31]  ? watchdog+0xdda/0x12c0
[  425.548042][   T31]  ? watchdog+0xdcd/0x12c0
[  425.552444][   T31]  watchdog+0xdeb/0x12c0
[  425.556673][   T31]  ? __pfx_watchdog+0x10/0x10
[  425.561332][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  425.566521][   T31]  ? __kthread_parkme+0x19e/0x250
[  425.571536][   T31]  ? __pfx_watchdog+0x10/0x10
[  425.576196][   T31]  kthread+0x3c2/0x780
[  425.580250][   T31]  ? __pfx_kthread+0x10/0x10
[  425.584824][   T31]  ? rcu_is_watching+0x12/0xc0
[  425.589575][   T31]  ? __pfx_kthread+0x10/0x10
[  425.594145][   T31]  ret_from_fork+0x5d4/0x6f0
[  425.598723][   T31]  ? __pfx_kthread+0x10/0x10
[  425.603295][   T31]  ret_from_fork_asm+0x1a/0x30
[  425.608053][   T31]  </TASK>
[  425.611241][   T31] Kernel Offset: disabled
[  425.615542][   T31] Rebooting in 86400 seconds..