last executing test programs:

16.336514889s ago: executing program 0 (id=82):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
r3 = dup2(r2, r1)
getsockopt$SO_BINDTODEVICE(r3, 0x6, 0x18, &(0x7f0000000000), 0x20a15508)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'veth0_to_bridge\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newlink={0x20, 0x10, 0x1, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r4}}, 0x20}}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x11, 0x8100, r4, 0x1, 0x0, 0x6, @broadcast}, 0x14)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r8, 0x0)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffd, 0x0, 0x0, 0x1, 0x80000001, 0x6, 0x0, 0x800, 0x20000000000000, 0x1, 0x8, 0x8, 0x3, 0x8006, 0x2, 0x2000000], 0xeeef0000, 0x400})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
r9 = socket$inet6(0xa, 0x800000000000002, 0x0)
r10 = socket$inet6(0xa, 0x3, 0x7)
sendmmsg$alg(r10, &(0x7f0000000d40)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000040)=[@assoc={0x18, 0x29, 0x39, 0xfffffffc}], 0x18, 0x44810}], 0x1, 0x0)
connect$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x3, @empty, 0xd}, 0x1c)
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(r8, 0x4068aea3, &(0x7f0000000100))
setsockopt$sock_linger(r9, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='oom_score_adj\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000200))
ioctl$F2FS_IOC_GET_PIN_FILE(0xffffffffffffffff, 0x8004f50e, 0x0)
pread64(r11, 0x0, 0x0, 0x0)
connect$inet6(r9, &(0x7f0000000000)={0xa, 0x4e21, 0x2000, @ipv4={'\x00', '\xff\xff', @empty}, 0xffffffff}, 0x1c)
sendmmsg$inet6(r9, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0x20000000}, 0xa}], 0x400000000000172, 0x4000300)

14.701772879s ago: executing program 0 (id=84):
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c020000", @ANYRES16=r0, @ANYBLOB="01000000000000000000010000211400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a034e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4000980"], 0x21c}}, 0x0)
setitimer(0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000994bd740f60d5600b5a0000000010902120001000000000904"], 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2, 0x11, 0xffffffffffffffff, 0x3000)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYRES64], 0x118)
utimensat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x100)

13.471919408s ago: executing program 3 (id=90):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r0=>0x0)
timer_create(0x6, &(0x7f0000000180)={0x0, 0x1d, 0x0, @tid=r0}, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = syz_io_uring_setup(0x24fa, &(0x7f0000000380)={0x0, 0x0, 0x108, 0x1}, 0x0, 0x0)
r2 = getpgid(0xffffffffffffffff)
r3 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
kcmp(r0, r2, 0x6, r3, r1)
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

13.024126594s ago: executing program 0 (id=91):
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0x0)
ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000300)={0x0, r2})
close_range(r0, 0xffffffffffffffff, 0x0)
r3 = memfd_create(&(0x7f0000000140)='}\xa4-}{\x00\xaa\x81\xde\xac\xc0\xe8\xf1v\xbd\xd2\xd4\x03[t\xe8\x92\x9d\xc2\xdep\x11y\xf7\xb0\x90\v\xb9\x9f\x12\xfc\x8c\x19\xf7v\xdb\r\xf4\xce\xdb\xf8Cw\xe6c\xd1\xe9\xe1\x8e\x1bKn\x9c{[\xbe|\x13\x97{\x12z\xea(\xb8\xc7\xca\x9a\x17)\xfcl\xe9\x87\xe7\xf5U\xc9@\xeb<s>\x02\x90\'\x8d\xccd\x05\xf7zJ\x8f+\\\x16\x9e\x10t^\xb7\x90\xa7\x8f \xc0#\xeb&s\xc6\x11\xfb\xc3\x1fp\xeb^\x82\x8a\x1d\xe3\x93\xfdt\x86-\b*c2\xe6\xd4\xc6\xf9\x172\xf7', 0x2)
r4 = dup(r3)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e24, 0x5e, @local, 0x1c5acf88}, 0x1c)
fallocate(r4, 0x0, 0x0, 0x8000006)
ftruncate(r4, 0x6)
ioctl$USBDEVFS_CONNECTINFO(r4, 0x40085511, &(0x7f0000000000))

12.666265668s ago: executing program 0 (id=93):
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r0 = open_tree(0xffffffffffffffff, 0x0, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="2c00000020000100000000000000000002000000000000020000000008000400fbffffff0500130001"], 0x2c}}, 0x0)
setxattr(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)=@known='security.selinux\x00', 0x0, 0x8c, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000140)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0], &(0x7f0000000140), &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x2, 0x0, 0x8})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000200)={0x0, <r3=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000240)={0x0, <r4=>0x0})
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000180)={0x40, 0x4, 0x2d7})
r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0xfffffffffffffd6b, 0x0, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r7, 0x0, 0x0, 0xf, 0x0, [<r8=>0x0], [0x0, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x1], [0x0, 0x0, 0x2800000000]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000200)={r8})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000300)={r2, 0x2, 0x15c, 0x5, 0x0, [r3, r4, r8, r8], [0x10, 0x0, 0xa, 0x1], [0x6, 0x5b, 0x7], [0x80000000, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffd]})

12.498486073s ago: executing program 3 (id=95):
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
r1 = socket$alg(0x26, 0x5, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newqdisc={0x148, 0x24, 0x4, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {0xfff2}, {0xffff}, {0x3, 0xe}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x6, 0xa18}}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_STAB={0x100, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x6, 0x4, 0x7, 0x100, 0x2, 0xf, 0x3, 0x3}}, {0xa, 0x2, [0x65bc, 0x9, 0x9]}}, {{0x1c, 0x1, {0x6, 0x7, 0x4c, 0x8, 0x2, 0xcd4, 0x6, 0x5}}, {0xe, 0x2, [0x5, 0x3, 0xf, 0x367d, 0x5]}}, {{0x1c, 0x1, {0x6, 0x8, 0x3, 0x80e, 0x0, 0xff, 0x9, 0x2}}, {0x8, 0x2, [0x9, 0x0]}}, {{0x1c, 0x1, {0xfc, 0x4, 0x80, 0x2287, 0x2, 0x8, 0x0, 0x9}}, {0x16, 0x2, [0x2, 0x3, 0xfff, 0x9, 0x7ba7, 0x6, 0x2, 0x10, 0xfff9]}}, {{0x1c, 0x1, {0x6, 0x1c, 0x792, 0x3ff, 0x1, 0xa51e, 0x7, 0x2}}, {0x8, 0x2, [0x6, 0x9c96]}}, {{0x1c, 0x1, {0x1, 0x9, 0x1, 0x2, 0x0, 0xfffffffd, 0x1, 0x6}}, {0x10, 0x2, [0xfff9, 0x401, 0x3, 0x0, 0x81, 0xa3d]}}]}, @TCA_RATE={0x6, 0x5, {0xa, 0xbb}}]}, 0x148}}, 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000000340), 0x8)
syz_emit_ethernet(0x16, &(0x7f0000000040)=ANY=[], 0x0)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="02c8c02277f9ecefcbfcc02394001e0001001004ffff0000000000000400010080000780040001379b286b38c16cc0e7675a55ee3dd693e0093c578a0eb6b020899f65ea85abea035cc37fd47eb1001e16bb51ecc6fd6743479ba679fb07480b89dfac02499706600daded485fceb17a0cb305945189aaf1cd82ec18cdcbba30200e18d78cffeea98b8a800249c7f3f65632ea29e1427e23da018647fc95efe465e219b2011da9d1"], 0x27)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r4, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(0xffffffffffffffff, 0x0, 0x0)
syz_usb_disconnect(r3)
r5 = socket$inet6(0xa, 0x3, 0x6c)
syz_emit_vhci(&(0x7f0000000500)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x1, 0x97}, @l2cap_cid_signaling={{0x93}, [@l2cap_info_rsp={{0xb, 0xe, 0x63}, {0x7, 0x90be, "d5f18dd931c8a25d467137211fa9fde4d5bc962276795e38c225a8f855676be83499fb07bc0c956d2c60fe7b7fd811eccabe3fe88f2e787e6ca3cfab64280fa1a7b43653c42f0e3966f59b938a9f285cdd6a74f53ee75f5957ee4cc13abb6e"}}, @l2cap_move_chan_cfm_rsp={{0x11, 0x0, 0x2}, {0x2}}, @l2cap_move_chan_rsp={{0xf, 0xe, 0x4}, {0x1, 0x1}}, @l2cap_info_req={{0xa, 0x4, 0x2}, {0xfff}}, @l2cap_create_chan_req={{0xc, 0x5, 0x5}, {0xcc, 0x7, 0x7}}, @l2cap_move_chan_req={{0xe, 0x1, 0x3}, {0x4, 0x7f}}, @l2cap_disconn_req={{0x6, 0x4, 0x4}, {0x10, 0x3}}]}}, 0x9c)
setsockopt$inet6_int(r5, 0x29, 0x3c, &(0x7f00000005c0)=0x7fff, 0x4)
sendmmsg$alg(r5, 0x0, 0x0, 0xc800)
ioctl$VIDIOC_ENUMOUTPUT(0xffffffffffffffff, 0xc0485630, &(0x7f0000000140)={0x1, "2269bc0f3f4afd1efc59facf253848713e425768a46e2202f043cb1317dbd809"})
ioprio_set$uid(0x3, 0x0, 0x0)
r6 = getpid()
sched_setattr(r6, 0x0, 0x0)
ioprio_get$uid(0x2, 0x0)
bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)

12.224173085s ago: executing program 1 (id=96):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000f08400000083000000870900000000000055090100000040009500000000000000bf910000000000007b020000000000008500000085000000b70000002000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

12.001949312s ago: executing program 1 (id=97):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x10, 0xb, 0x0, 0x0, {0x3}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x8000009}]}]}, 0x20}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = eventfd(0x0)
ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000300)={0x0, r5})
close_range(r3, 0xffffffffffffffff, 0x0)
r6 = openat(0xffffffffffffffff, 0x0, 0x610000, 0x1d0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000180)={0x0, r1, 0x1})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@dellink={0x74, 0x11, 0x1, 0x70bd26, 0x25dfdc03, {0x0, 0x0, 0x0, 0x0, 0x18005, 0x2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}, @IFLA_PHYS_PORT_ID={0xf, 0x22, "cd6faa50bbabbc22cd177f"}, @IFLA_LINKMODE={0x5, 0x11, 0x4}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_team\x00'}, @IFLA_PHYS_SWITCH_ID={0x1b, 0x24, "af68250bb049f870662241f644372f59acd666ce3a42ca"}]}, 0x74}}, 0x1)
remap_file_pages(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x100000)

11.849679299s ago: executing program 1 (id=98):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc980000000000002408009a8efaf2008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a000100050000000000007200000000000a000000", 0x39}], 0x1)

11.493774308s ago: executing program 1 (id=99):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="9c0500000000000061104b0000000000070000ff0000e6009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x23)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

11.304535787s ago: executing program 2 (id=100):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x102})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0xc, &(0x7f00000007c0)={@ptr={0x70742a85, 0x1, &(0x7f0000000900)=""/231, 0xe7, 0x1, 0x25}, @fda={0x66646185, 0x4, 0x1, 0x11}, @flat=@weak_binder={0x77622a85, 0x101, 0x2}}, &(0x7f0000000240)={0x0, 0x28, 0x48}}, 0x1000}], 0x0, 0x0, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r8, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000140)={0x44, r8, 0x0, 0x70bd28, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x7}, @MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x81}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x2807}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x4}]}, 0x44}}, 0x4000000)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, 0x0)

10.843848994s ago: executing program 2 (id=101):
socket(0x10, 0x803, 0x0)
syz_io_uring_setup(0x3b, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90d5943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1011)
pipe(&(0x7f0000000100))
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7dbf230d000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001"], 0x64}}, 0x0)

10.66983051s ago: executing program 1 (id=102):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x3, &(0x7f0000000140)=<r2=>0x0)
io_destroy(r2) (fail_nth: 1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80}]}, 0x24}}, 0x0)
r9 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r9, 0xfffc)
fcntl$addseals(r9, 0x409, 0x7)
r10 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r9, 0x0, 0x4000, 0x1000})
ioctl$DMA_BUF_SET_NAME_A(r10, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c')
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff])
sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x600040c4}, 0x40000c0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)

10.425189172s ago: executing program 4 (id=103):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
r1 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1d}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
keyctl$join(0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000000340)={0x1})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000fc000009000800000600150005000000280016802400010002"], 0x4c}}, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7ef59d2d9a7fe77696db761c0000b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28)
setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000080)=0x2, 0x4)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2, 0x77, 0x63c2, 0x4}, 0x3}, 0x20, 0x0, 0x0)
ioctl$I2C_PEC(r7, 0x708, 0x2)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x5, &(0x7f0000000140)={0x0, "96e67ad2d32945a0324a1c270700000000b76b8afe83c910c40000000000001d00"}})
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
preadv(r0, &(0x7f0000000200), 0x0, 0x9, 0x1)

10.272933192s ago: executing program 3 (id=104):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x3, &(0x7f0000000140)=<r2=>0x0)
io_destroy(r2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x80}]}, 0x24}}, 0x0)
r9 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r9, 0xfffc)
fcntl$addseals(r9, 0x409, 0x7)
r10 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r9, 0x0, 0x4000, 0x1000})
ioctl$DMA_BUF_SET_NAME_A(r10, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c')
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff])
sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x100, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x600040c4}, 0x40000c0)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)

10.151812257s ago: executing program 4 (id=105):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x2a, &(0x7f00000005c0)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc84500000000f4b7d8c8cf2153622652328c19ef54234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253b68a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72f7d8ce98e798d41991ac25bb6fce2220c25ea380c63112ab358c3a6bd8a59c100000041b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf", 0x107)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x6d)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
io_setup(0x3, &(0x7f0000000140)=<r2=>0x0)
io_destroy(r2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYRES16=r1, @ANYRES64=r0], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r5)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="05000000000000ec00002100000008000300", @ANYRES32=r7, @ANYBLOB="08009e0080000000"], 0x24}}, 0x0)
r8 = memfd_create(&(0x7f0000000780)='y\x105\xfb\xf7u\x83%:rQ\x94x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04B\xbb\xb2)\xce\xdfT8\xb2\xad6\x16Bkx\xd3\xcbZJo\xeea\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52@\x00\x00\x00\xbd{\x9f\xa9\x97\x9bB\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7\x85\xa6y\xc4J\xf1\xf7\x0fE\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF\x01vRk\xaamB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xbb\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\t;l\x1f\xaf\xb38U\xcb\xfa\xaeQ\x10b\x19\xb3\xb8\x1ag\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0\xd9\xaf\x12$\x89\x16%\x8b\x00\x00\x00\x00\xd0]&\xab%Y\x7f\t\x00\x1an\xd7\xc2OT\x92K\xfcY\xcb\xc3\x1bI\x15\xdd\xf9\x06\xf0\xf7\xa5bU\xebZ\xfeq\x8c\xd2$\x01\xe1\xfb\xe96\xf8R\xa6\xdc@\x88ln\x02B&y\x19]D/\x86t\xff=\xe0l\x02\xb4\x95\xed5\xacY\xb0X\x0ee3@\x84\xcb#\x19\xb9$\xab# vOm\xa9\xe5\x9b\x00'/362, 0xe)
ftruncate(r8, 0xfffc)
fcntl$addseals(r8, 0x409, 0x7)
r9 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000100)={r8, 0x0, 0x4000, 0x1000})
ioctl$DMA_BUF_SET_NAME_A(r9, 0x40046201, &(0x7f0000000280)='/t\xd6\x02\x00\xbf ]\xc7\xf9uf\x00[\xfa,\xda\x9a\x82\xb9sRG\x05Tn\x1b\x84\x00n\xddbW\x88\f<\x13W.\xb2\xfb\x1e\xd9\xcd\xaa\x02\xca$\x01\xde\x0e|g\xec.\xacowy\xedj\xc0\xc0\xecBe\xd9\xea\a\x91\xe4;\xc1k,\x9a=AI\xb0oP\x151k`M\xff\b\xaf\x01\xd0\xec\x8aB\xf5\xab_\xc8\n1\xa3\xf3\x91\x8c\xd1\x87:8\x9f\xb9\x95\xfc\xe8g\xe1Q?\xef\xb8\x81\x8b\'\xbc\xa0A\xbd\xccU\x9bc\xa8O\x8c\x04\xea\x1f\x8b\xb7\"\'\x9284\td d{\xc7w\xd1yX\xd4G\x8f\x1d\x011e\xf17\xd81c')
ioctl$EVIOCSKEYCODE(r4, 0x40084504, &(0x7f0000000040)=[0x0, 0x1ff])
sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f00000004c0)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000000}, 0x58, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012bbd7000fbdbdf2501000000000000000c410000000c001473797a30000000005c8ae2b11b7619b146de2dc7a68ec2fd15e3850ebb6f8274632735a5de8bfa041b5a8e1c719ba3a1c376ec6adeb114684e80109f4cc8d8c30e9fb3b68e69ba888058f3b1a75582b6e3e907519e230a27382f748feb39d43225a03b8d9c2e424af0a9d387da280d8f52eadcf8d23d96c186ed5eb590afb3ec57ea80ba3e540e7e"], 0x28}, 0x1, 0x0, 0x0, 0x6008c0c4}, 0xc0)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r10, &(0x7f0000000480)=ANY=[@ANYBLOB="08000800000012000000000000004500002800000000002f9078ac1e0001ffffffff001222eb", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="4000004f00cbe57012a08cf97a4b00"], 0xfdef)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, 0x0, 0x0)

9.713753617s ago: executing program 2 (id=106):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0xc2, 0x1, 0x0, 0x0, {[@generic={0x3, 0x2}, @exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0x6, 0xf989, "1bd7"}, @timestamp={0x8, 0xa, 0x8, 0x5}]}}}}}}}, 0x0)

9.320767666s ago: executing program 0 (id=107):
syz_usb_connect(0x5, 0x0, 0x0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x89, &(0x7f0000000fc0)=@string={0x89, 0x3, "b44a774707234ae6b32d33e9c39baa6d508fb4df9c59d56464eaced71ae90b759e1aa1e7f1ffc66cf326802eb09a7968f90b38417dd21692e49842ec3f5780b65c4480fb7aacc3b30eb4e68a228b1ebf1df08dac2e62a615c94eee6de0ba611a5aed8789b5cc1795e1b1dc2beb58df2dbd248cc4c2da2c4464c9ba8617b351669f8528aef42375"}}]})
r0 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_aout(r1, &(0x7f00000010c0)=ANY=[], 0x1a3)
write$binfmt_misc(r1, &(0x7f0000001000)=ANY=[@ANYBLOB="588c90aadaedde6a2e64f465b0fcbcb8b6449c2f317140214a9be29c9e467325a38e1b43cddd210783f3dc083935e3b9dbfc09a3e0b8febcada80457ed"], 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a010000000000000000030000000000ffcd00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})

9.114984948s ago: executing program 2 (id=108):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000480)={0x0, 0x1}, 0x8)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8}, @TCA_FQ_PIE_ECN={0x8}]}}]}, 0x44}}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x74, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @multicast2}}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'pptp\x00'}}]}, 0x74}}, 0x0)
r5 = socket(0xa, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [0xc5, 0x4, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff01000000030000000000000081006e7230000000000000002000000000007465616d300000000000000000000020766c616e30000000000000004000000076657468305f746f5f746561ed000000aaaaaaf991bb000000000000aaaaaaaaaabb0000000000000000d0000000d000000000010000766c616e0069df4e5100000000000000000000079ba3160000000000000000000800000000eb560000000000892f0700636f6e6e6c6162656c000000000000000000e5ffffff00000000000020000000080000000000000000000000000000004e46515445554500000000000000000000000000000000008000000000000000080000000000000000080000000000040000000000000000000000008000000000000000ddff000001fcffffffffffff0000000001000000ffffffff000000000000000000000000000400000000efff000000000000000000000000000000000000000001000000feffffff010000000b00006b90088754ea234d6f6e6430000000000000000000000074489c4c2c0000000000000000000000626f6e64300000ff000000000000000076657468315f744d8abdc76964676500aaaaaaaaaabb0000000000e7feffffffffff00000008000000007000000070000000a0000000434f4e4e5345434d3c964de64039918d16289341524b0000000020827903000000000000000000000000000804000000"]}, 0x2a8)
socket$inet6(0xa, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)
r6 = memfd_create(&(0x7f0000000940)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfdP\x96\\@\xdd\xa0\xa7lv\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90k\x96\x05\r\x84\x87\x1c\b\x8c`\xea)A\x90W\x81\xb7\xf9\xbd\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\x00\x00\x00\x00\x00\x00\x00\x06\x00\r\x1b\xd3\xff<qK\xd1I\x7f\xb5)l\xbb\x02\xfa\xb7\xfd\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f1i\x9b\x94\xa6\\xgL5\x14Y+\xb3\x1a\xf8i)8\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D4E^7%8\x94y\x90\xf0l\xa0\'Q\x00\x00\x00\x00\x00\x00\xda\xea&C \x0e\xadx\xda\xc4g\xed\xa8H\x00$\xa2\xe3M~x\x96\xe3]\xd30\xa2\x17\x00\x00\x00\x00\x01\x00\x00\x00\xfa\xc30\xfb&\xb7\x0f\xf9\xc9[R\xa8\xa3\xf4@dd9\xdd\vt\xa9\xa32\xc1\x1cA\xd2q\x9b\x9bV\x8c(\xb2\'\xf5~\xf6\xcf\xb0\x86\xdd\xab>]mC\v\f\n\x1f\xe2\t\x14\x84\xe0\xa4\xda\xe7\xe8\xd5\x10\x00\xf4\xf8\xde\xf3\x00q?[\xba=\x1a7\b\xa1\xd3?\xbby\xa7\xea\xf7\x03\xee\xf31\a\xb2\xdf]\xc0\xeb\x16\xe4\x7f\x17o\x1b\xa4M\xafa\xc7tR?3hH\x18\xc9\xcd\xe3\xb5\xd6\xed1\x10\x8d\x87N\x9c8\xfd\xd0t\x0f\xeb\x17{\x1f\x990\xb8\x05\xbcO@AP1\x9d\x1b\xba%\xca!\x0eRsGT\xdf\xd8;\x9ea\xd0\x01\x0eq~\x00\x00\x00\x00\x00\x00\x00\xcc\xdf\x9f\xb6\x03J\x00\x00\x00\x00\x00\xc7\x12RV\x94\x03)\xd5h\x9ef\xc0\xf7L\xac<\x1e+\xa6\xb9\ng\xd5\xa3$\x87\xa7AK$\xe8\xd2\xc5&d\xa8\x93\x0e\xc2\xa7\x94/nH\x05I \xc7{\x99\xe6\x04\xd2d\xcb\xde{\xb7}\xba#\x04\xa7\x9eK5\xd9\xd2M\x855\x13\xb0\xe6dc[Fx\xf5\xd7f\xe1\x97\x7f{\x9a\xedoR\xf4\x9b.\x88<%\x9c\x81\x1f\xc6\x15R\\S\b\x87\xf8U\xffH\xf8\x0f\xbcB\x1d6\xf6N##\xd7+y\xf7\xef\xf4M\xb4y\xdcW\x13\x88=\xc5\xa6\xad\x0f\xd8y\xd6c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x81\x13\xefX\x12\xb5r\xc5j-\x83\xbf<+\xe6o\xf8KX\a\xdf\xc1\xbd\xa7\x88\xd8\xdf\xdaXYJq\xb2e\xb9\xec', 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0x6, 0x12, r6, 0x0)
r7 = userfaultfd(0x80001)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r8, &(0x7f0000002740)={0x0, 0x0, &(0x7f0000002700)={&(0x7f00000026c0)=ANY=[@ANYBLOB="10000000090001"], 0x10}}, 0x0)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000001c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa04, &(0x7f0000000040)={{&(0x7f000030e000/0x2000)=nil, 0x2000}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
rseq(0x0, 0x0, 0x0, 0x0)

7.997206929s ago: executing program 2 (id=109):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x20, 0x10, 0xb, 0x0, 0x0, {0x3}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32=0x8000009}]}]}, 0x20}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'bridge0\x00'})
r3 = socket$qrtr(0x2a, 0x2, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = eventfd(0x0)
ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000300)={0x0, r5})
close_range(r3, 0xffffffffffffffff, 0x0)
r6 = openat(0xffffffffffffffff, 0x0, 0x610000, 0x1d0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r6, 0xc0184800, &(0x7f0000000180)={0x0, r1, 0x1})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@dellink={0x74, 0x11, 0x1, 0x70bd26, 0x25dfdc03, {0x0, 0x0, 0x0, 0x0, 0x18005, 0x2}, [@IFLA_ADDRESS={0xa, 0x1, @link_local}, @IFLA_PHYS_PORT_ID={0xf, 0x22, "cd6faa50bbabbc22cd177f"}, @IFLA_LINKMODE={0x5, 0x11, 0x4}, @IFLA_IFALIAS={0x14, 0x14, 'veth1_to_team\x00'}, @IFLA_PHYS_SWITCH_ID={0x1b, 0x24, "af68250bb049f870662241f644372f59acd666ce3a42ca"}]}, 0x74}}, 0x1)
remap_file_pages(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x0, 0x100000)

7.996619067s ago: executing program 0 (id=110):
socket$nl_route(0x10, 0x3, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
pipe(&(0x7f0000000100))
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r0 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0x9, &(0x7f0000000380), 0x98)
socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000100))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x64, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_FLAGS={0xc, 0x2, {0xe, 0xa}}, @IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r5}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x64}}, 0x0)

7.747292138s ago: executing program 2 (id=111):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000bc980000000000002408009a8efaf2008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090468fe0700000000000000ff3f02000000480100100000000019002b000a00010005000000000000720000000000001f0000", 0x39}], 0x1)

7.447343291s ago: executing program 1 (id=112):
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000400), 0x8080, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000440), &(0x7f0000000480)=0x4)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_int(r2, 0x0, 0xf, &(0x7f0000000040)=0x7, 0x4)
bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e25, @broadcast}, 0x10)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x4004551e, &(0x7f0000000380)={0x0, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"})
ioctl$USBDEVFS_CLEAR_HALT(r4, 0x5514, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'bond0\x00', <r5=>0x0})
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000200)={<r6=>0x0, 0xe2, "131decf226283a747d2853727467b6607dd1e7516170c4977fd3c48bf29b55fd9a85c74189fa5926b42180f1f2d60a8556777e3cac554bae9cb7b4e8990ea3e2f18bbbad54385b7c9dd332b2bcf1c1783b65111f22a2aba53dee819f29830f2738589260263a866144aa99ab77be76091e57d6141bed4d91318e75212acf20f833d5b3aadf5a8b9552dc98219de3ef44c9847389808634cdb070eef37ae86f431b6d6cf724886eaf2085e5170162396db5e382cf8b1a4ec69396ee9639a34bf9b9860fbbcdc90fee8a2dd3695d4d7846cc5d3de3398c2cc6bbbee840b98c174e2b2d"}, &(0x7f0000000080)=0xea)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000002a00), 0x800, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x1})
ioctl$TUNSETVNETHDRSZ(r7, 0x400454d8, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f00000000c0)=r6, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32=r5, @ANYBLOB="40000000001400001c00128009000100626f6e64000000000c0002800800070001000000"], 0x3c}}, 0x0)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e000000a0fe000093040000060000000000020094ec34edb03393894d6a51acf5fa8cdd51e9950b8c043acb0aad83b8fcca91d8f40161ea3c8c127c8528bc5c57ab8e3a584f1adc7a8c6e71373d6f52826c6b5142ec78aa9a083dde210df4f9dd83d233c3ce7c4ffaf0f59a7099a1f4bb08176f364f44096bdeb3a51f9b1df597353c8dcb4e8dd1ac1714cbef3b163ec31dbfb9cbe6a23f1753ee96144c381d705b70de2e1ef0137900f57b43f42e8a63f463ff9ae9a3cb05e4880e4201c38ca34669802e58b0349bbb0bcb2d87e72b8dce8e0e10629a67972462b246963d612c1e013391c5d753fecc1f0e9a52bbc532ab", @ANYRES32=r0, @ANYBLOB='\b\x00'/20, @ANYRES32=r5, @ANYRES32=r0, @ANYBLOB="0500000001000000000000000500"/28], 0x50)
socket$inet(0x2, 0x6, 0x2)
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0)
syz_usb_control_io$hid(r8, 0x0, &(0x7f0000000180)={0x2c, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x5)
lsetxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f0000000500), &(0x7f0000000540)=@v2={0x2000000, [{0x6, 0x2}, {0x3, 0x2d}]}, 0x14, 0x1)

6.871483109s ago: executing program 4 (id=113):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000f08400000083000000870900000000000055090100000005009500000000000000bf91000000000000b70200000000000085000000850000007b0000002000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

6.817894371s ago: executing program 3 (id=114):
sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000000)=0xf)
r0 = request_key(&(0x7f0000000040)='cifs.idmap\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f00000000c0)='#.]@/]]#\x00', 0xfffffffffffffffd)
r1 = geteuid()
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
keyctl$chown(0x4, r0, r1, r3)
ioctl$DRM_IOCTL_AUTH_MAGIC(0xffffffffffffffff, 0x40046411, &(0x7f00000001c0))
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, 0x0, 0x0)
quotactl$Q_GETINFO(0xffffffff80000501, 0x0, r2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), 0xffffffffffffffff)
sendto$inet6(r4, &(0x7f0000000440)="492829ec747c0ea9c3a71dc0c9155be9340ca45dafd2c60e885e2214ff03df429da576b7cbe07da7f274ec14eaa777692766f0be5d1b190e175cc51a637f8b7998dc87f42d187836600b65c0bdfa7cd799f5e9a817b1a417eb96a8feff5751637e09e9ee44de92be50e810493107be39ea9097cb5aeb4b373ebc3c938b027ae0f10517c54a8b897578c3b5411d7da17436800fb8ca872bcc0116deceffc234a4a093ee3d48cf023041afdda777015853d58f2632a6f37bfdee19e849ea367fb7118770bb4d9d104de88c9c51ed906bd20ec53218e49131f7f88e9dee7ffef26fcd8d84a06524efcbd7c7e06380", 0xed, 0x20000800, &(0x7f0000000540)={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3ff}, 0x1c)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r4, 0x84, 0x1b, &(0x7f0000000580), &(0x7f00000005c0)=0x8)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r5, 0x0, 0xc, &(0x7f0000000600)=0x4, 0x4)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f0000000640), &(0x7f0000000680)=0x4)
sync()
r6 = add_key$fscrypt_v1(&(0x7f00000006c0), &(0x7f0000000700)={'fscrypt:', @desc1}, &(0x7f0000000740)={0x0, "331022950b88b0740903164edf050bda7086cfc0b9cf1764dbb66550a5c6943b83ebf5b5f839c3ad6a9c7222dd1d43a8f9fd7e966a2f73df62804a73591bfe76", 0x3e}, 0x48, r0)
keyctl$revoke(0x3, r6)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r5, 0x6, 0x16, &(0x7f00000007c0)=[@sack_perm], 0x1)
ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000800)={{0x2, 0x4e20, @private=0xa010102}, {0x6, @multicast}, 0x3a, {0x2, 0x4e21, @empty}, 'rose0\x00'})
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000880)={'#! ', './file0', [{0x20, '\xbb\xbb\xbb\xbb\xbb\xbb'}, {0x20, 'rose0\x00'}, {}, {}, {0x20, 'IPVS\x00'}, {0x20, '@\'#].:^'}, {0x20, 'logon\x00'}, {0x20, '#.]@/]]#\x00'}, {0x20, '#.]@/]]#\x00'}], 0xa, "a4bc449476f6ccb88155576b6ed9d04c80213b6121adae719d09a1ff09f91faaf32d9caf77e846b4f456bdd6baed2ec235a6e4010c531f8db79585f1569dfa0d12be53262cf5160bfe641171c07234dea2d0ef31d9de58e46942c41627e029742dd3885a762eb85f738f5fa53da1ecea76109ccaa490c3b17e262ea69473f5bf8b6ee6177f9ceeab7590940c1428d01ec87c6b0f7377e50240bc4e701e0dd2ceffc3412bb60aac89551c3e4df71a39e25bc61a3daff1800cd2226d4a575c9d183cfe55482b4271d8a0933fdb7d8ae5af140f1623010398ef33d04c4fe8a533b977fd7df55b198adaa80cb04b918fdbe85e629cdfe22c18624c3197be708188d04f61ada34ae697ee053655c1458ed0ac4e4d329850bf4797c0f3d2b5e65c370afcb7400bad5f9b1bdd244a9cb37586c22876fd73d30b01178413abf9665e824287db05c82b7ca2a8c2e0d5c0da99a2a97b2699ba059b4d4176f556dc97494a385a3add41f61770bd28b879f8274a7534fcde47915e8d7d97647e69cf2c0c62a5ba8e74788109e168781262b1928928eef84e1b51b4f1becbc8b9398e0a92bf3a4e3c5bce90bdea3e1e3f328982a6a4fc585ae21d7f977452f9b67a4d7b90a83935f463edc776df0f6f1dcb9408d72bcf6bc87b7756e5b2eaa7611cde36238facd90604eb95cdc34485da672f55b58e172ca3f152fc44dbb8daad33c853323ac45a240f340c196e159def95785e9ba49edcad56705d11ffba729417cf590c16427284beca5e312de5cc2b4a46f1a846979872146726b97b222bc491eaacc30c08fb88a7f562f479ede13d8c9eff60a3942058cd0762d6214a11908b26d3ae5e4666c0bb0fb0d153cf97ce60c5b66795ca5a959cfeeea5880dc6c9b783f146f56862998ebf79a44171ed215524bd5acf974c9e8f81cba09798fefd04b94e8c963bac4c744846cafdbc30da2af9003f71620b3d6d35ade8a15381e3565a69ab1bd2d0e0b5584c38f7e8e1585bb8ef677b1f49d1bf077e8a285e369dc45f07fe97b63e52e0fb134490287b3b6d310706425728451577627bd00300d44b853d28838edb6dcfa85ca8ce31d419fa2ae28c15968b7561be268d2541380b39ecd5fbb4e09d32f682b2cfe99f4eb16f95593ebb2b5188a8c0cdf62161b5197b33ec2462be9415677080b194232edb0f237987ac6a6a97678a227b57c61e78fbfd1f8830f3f5cefb17eef9c526816652d1b4a45bac9399590bcef76913c269844722ed7292829aa0495e89c0663210656af978091dde5f0d62ca7bbbc684991bbc83409c56725167bbfd6d495a79d4bdde52f1361261450679e3940b73b287b7c2434a78cb9ce87e644c1da5c90cfbdb7da5dedf18b0177113e5c9cf5c674b2887c5510d35adbe4940115ff3a070984f56e830ed8f045aa394edd21059e2b4ca78c3c64190948414a5354db9ee43335dce2ce125dce8bd8b4f40d1fbc7e74f6675bb8bc64a8aee622935059d945f039f42c300cb1fa918a94c6765ba90006a8fa6b8e9eb953256743e8e903aa73b1c48d1e87b3c8e61856864b55c696ed162a36356b44c078f79cc74a49190f4b5b3f15998c3260da04b3e5928edb338bb9835abdecbe7cd315263b73dfcdc353f0cb075f068840a049602c603d9aceb2ac3fa122e068104a586556f5644689c0311381b1c26d4bdae3f59c9921eb85aea05fa918db0379dd31c55b64b3763a242134c6d2ad815d26038e76d09d52b6b93c47ecdc39a4741b13fd6ebb8273bbd7ebc70e5e294e859d33d3f14e0a9f8f29e75519ee37f6b99dc79a2e95eea8f40330daecab735284cce02b9c18ed7a13bd2998dc77948b4f5bc9e15d78737badc20430755dd36aa0f1b49f6e0b35d63d3322362a7405ab709728914bd91f88e35cc6e9b97acfb4014db48ced7b95e943b7b87a185f96c0917fc302ec40d838d3e88cb8d86f06b4ad87cf138f202c9d2c8ffefa0c7554ca4c33f96cef129128d01e92a2d8fea99f63955da1231ad5f5d924ebb3f9d9a522619206c06827897fddbc73ae7739ada71eb9b0d1177eaad0a8715ff0e57a34d19ca8caa5747c2574539c13dd6af35e85dcb362c2823aeb54a250cc65a6e5b9c6a976d018145f6ca3b5d7bf92f7746ccb825a1bfa1a16674eec0579978f3267fea5bab3af93c812a0371c75b54a48f1a91cddfe3f3867d6a5e41c7ebcff1152f00c5344c6606df33a1ae36ad1732a65960650c2eb1fba15794212848cbcca7ea6b58ce65890740a7fed46c817a4ad82eeabb64151e018fa25170ea96e65f5dee8cd598efee0424724dd86fd955ce671e48f2d487806f96084a748def414811b6b6d4c7df1a6df79f5e31cb9f3163c8216c4edce9e33657e3a38e6c79d1e678d52f298fca18a0c2e80699ae978d2818d6e0889f89d0bbdfe106cf3d6a9d3e27e6e200656882b5087ba2c03b0659a61bca5bba16cb048035768f00d2f7e8b47a1cb68f1d9ae366208bea8a32bd3c4ad7e0a76f2e6fc8841fa2b66621760b5e7dc7d15eacf62ef7e6cf11f2d18fb5951afa3c999b04048b5b3985ee76c2ede154c6b764ea349a3ebde10da0541458faca2a0261fd1bb970db0b9f3472b47bdbcded9b12a4e3196a23dc1512dd982ead608f443f960e796ab0389a9d4abd205eca43c7c73406ff7deb1fe2857e99619e94863a5ad752b17cdbc6ad1f72fda0cf161c140490ea5f07a650e56bb795441f7fbcc6d21ebdc0cecb5b7391552e4772be7f2bded8f0a6742ee51970fc08107de2b9e90a715ea1d1ff57248221501c869421eeddb9cd4edd3e6c1f8e9acaf08eaa72be5ef19e5a847edb43a2afdbceaff3c08e9a51e4bc2e92c278792b0086d34e70550b6a30cb91c57e1d3946725ad69dfdf9c8dc35f2401c1d7e7da109e9a539eeb36c6bbd6e19a5f05726f1dfe758e333c4c944f24cc6e3a073462b4d7122cab292ed90135848f408071a67af83b49635c26f627f61b03b17691b2ea22cc1a785133dd1458580de119c6cab568c552c4bebef7a8f4afb94b4a961f99e61af785b11a7aa278d7de84a60aa704d8b76cd954b6fa73e5891b07c74e4cd892f46287682203242e6005e3a710db48361ec09eb149437a7c40076ca2fdf13d0791fa0a93a8ff4f6f136167f560407e3686e6b6e8e81fa5f63c5444d2f935b761e84a5dc13c364393ce4e689e1ad7ddc1302446046853d0c0b5124dd0c0f41e03f96d05f0e6b84341a14123650e4f2fce6ffa87e9ae5d583d18e79cb18ccd0d39a72ac7d859851acf1d12222ecbbe83e47118b1bef18d4ed72769447b1932d4b8602233eeeda944973813c73a0453d1402eb3f8042af87747979d3de9339d7a3f95a943ea5f0df2a048053f17e8b913900aa8878e3bf34003d6b50ef046dfc60eca64f69e486f47e1aa53519a22023e680b6762fc0fbdc44664a5ef6eab5bfc94755a1cff6498b61ae349c4fb1e7984864fd34c48926044cac09dd734d4fa6e330c27b4e2aaba2b01175391067799d332e436368706f96f374dd55f904d49d6882fcf4a6c866d4abdc3e8cf26ca190fb4535a0b9e1a4adc440e335cbf59942c2fb92be0b326443fedad7ad976e623d8953fe15fc3ee65c2ba949f92ba74ded037ac8b892890b447755d0e59e4d391dec5a2e949b5b3e669f8a303d41b18786d8cdf1834a7ae1b62f72f151d8e9606ffbfa79c3b2d940bf51770543b4eccc45c4e7515c948cace053053ef7f117d9ab327997588e068126d16a209ed16e1f957ade39993be54f7da219e25ca715f64de3b9d0da143229794045fe46a960ce6d94084b69081d510e358d5a5365105264427dde8b633f58c8ec11ea4b066adf89c5090c8347015b6c89cc8a1b79e0f9a632385d0d673da53aedaca62ae3716018ffe2a69e740f1b9723715c27b6a4752229df4f91401670a42c3c8cbb01d63a2ac0416eab23da14e694c59e1ea7d8a91ca4ae057dd39f690c08fe50a2dc778132b7a8f3a8508b33dd4e61c0c85030ae305671e6374714836aa73c991d1431a8af3c71ff0ba85ec077a38470b91fef2e6499db1252cad0b7edc28196ce5ee82b41af91cbd9d11d5d74d965893c9499dfc82cc390cff679622fb1e17f090fbde7ac46a42615dd26582e17a38d438a8d565edc8c6a558854ba3def19ae2a0d3b4341d3e6dd0fc8efc772ecc28171e7ee9ee26f7f47cbabb8a5c588ae6039e69fe8f55e9d121d30541f83cc6d65dbc991fc198a6f91856607355baaf41c7a1fe7dc5993d888c7f2ed32235593e2c0cc03944799b658d65f70ec5ffd6ecf52126b633e6a7e801f8889a1d15360d9dc6de86f828fbd75323549de60929ea2126bf77e8c4c662a54a87f421a1e7d38610a5614b460fa0b5c19bf2226512bb7bacd25ce17b252668c00ade82e47e6c98c8ab6c2a4f57112b9ec4c0c84b886b93baeb831f15f2c9a1d842e13b6c89a2e2e3cc126b494ada6c718b879881e225eb5e3e187e342f57c225801bed98482c71d5748dbd4067539c1701c8df8b947e1cff411132f2bce0fb5cf690aeaafe06b86136eaa3e3b4da98fe808af18eaf205365eb33462cac0dcdc585898f9cbc6a55250bf4b1a6ef5f5a024b17af0eeed0c364ae82677f8c409cd6bb684d7748d51c48f1634bf1363b29df91c66726853d98b209b71294fe41f60f4b07f21ec58c2356364d0a6bb4909e35fe0518ee33dacdf474d72358c9b40bd3390b6682d1db91bf2649db1c4aa7491924db92fc7c4a71bd26b6f14960798806c34564698ae536e5e4247f7f602e4a6a37052156bd3a1ca63c5e182e6631d35930032a04957a5601458d4d5a065a96ebcee3b1bb5183d0aa5bef4dd5d8856f6524b95c8eadfebafe69212dd54292cc436db6c65161ea0dc4f00f817450680e11f3094307c290100be2276ad0b3d20d9868757cd6b45afca6e3faf59cf06277bac467d887d732e9ad03e7b61265b90d256ba8749db4ad0b510386c92bf950ad2c77cdf92947b3096c4a14603036319912126f374f123b75fffd35708a5f0727b8cc08e5334eac5c17abf7de0a997b0cb189a7507cf4d91a8d54b5a2e43ce663a387e641efc481976704367fca41e20a7c568eb615d4a97d902cebe318a4c71677fc4710fc3a985741f67b208caefdef7f1589454b5670065dac281b27676226c2f4441a57544b00fb3d24770405c95527f7261c53eeb69105793e4213ccaba51edfe095999ed794761ba7254d768e46fb67572e7f4a299b9d4b4a9c430bbb62c721e0ab34bdfaa2b9211a4ed8858c06d2d2bb44cb63665b0b9ef14d5d9a55aa508993d1f689973eb8b94f4440776cd3f3326cf9cabdc29127b5821be57a37de8d414940ccba26827fdeb0d7307f8567aef547498d9754a24a8d7d172d21218e8fb2c10a2555ca9cbcdaa1192564f7f5b843bd978453a212374af2148a185730923b19340cd75a0e2682166c824386e8aebb36f520b087f645e97ba5fc0adeb8c5d494060eeae0e27ef378ed2953de96b83e637da629c34a60f909002edea50d2a8707981ac779d64caaa683dfb805a824d81d225e32224f75d2507d40c8119c8e336da8ee3f8075c75f544a9ccb05c4c9fa62ed01e41094cb3d1ce095c70e950a40cbc0a954710f8fb1cab9fc71561599dc4337587edaa0df074948a50a68d536e60cbfea35b967a088dc5b43b8213179343b5f237a5a419a97f7251cc5d6c208bc9eeba7b978b0fa48d3676e78468b4c44079aa2a6c7eb828f602537a87d976aa8385f1c2db7508471e84dcaff3ec9e6f52f9"}, 0x1044)
r7 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x40040, 0x3)
sendmsg$kcm(r7, &(0x7f0000001ac0)={&(0x7f0000001940)=@pppoe={0x18, 0x0, {0x0, @multicast, 'vlan0\x00'}}, 0x80, &(0x7f0000001a80)=[{&(0x7f00000019c0)="c2d93f0cb251be3183a50d0efa474034c207b8762c11396cc5285eae658d713a999eb5696c1d7848cf3e1f72af24d9ab0b61ba9200b19fcf6dfc98953bc421acf22d28de31cf9738d87bd10a2b3326cff53d17dc1010b5f179a3b528b365da99f83a68daa83961717296adebbb7dce2116ea82919dde6aa9ba37fd5de037e5d4e6e6f80cc6cf260ae90d6cee0dedaf017ff5d400169c9d4fdfb1ed06d31cd449bab0cd2396fdb1e25d155060c34d5266319db1dad2cef4c58ad59711c9cd", 0xbe}], 0x1}, 0x40004)
keyctl$instantiate(0xc, r6, &(0x7f0000001b00)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '/', 0x20, 0x4}, 0x2b, r6)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000001b40)={[0x5, 0xfffffffffffffff4, 0x3, 0x8, 0x7, 0xaf, 0x0, 0x401, 0x0, 0xf, 0x6, 0x7, 0x9, 0xa507, 0x1000, 0xa3], 0x0, 0x240})
write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000001c40)={0x0, {'syz1\x00', 'syz1\x00', 'syz1\x00', &(0x7f0000001c00)=""/34, 0x22, 0xa397, 0x40, 0x8, 0x800, 0x2}}, 0x120)

6.633450712s ago: executing program 4 (id=115):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]})
r1 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1d}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
keyctl$join(0x1, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_ASYNC_CANCEL={0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r4}})
io_uring_enter(r1, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
r5 = syz_open_dev$midi(&(0x7f00000001c0), 0x2, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000000340)={0x1})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000018000100000000000000000002000000fc000009000800000600150005000000280016802400010002"], 0x4c}}, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000000000)=@ccm_128={{}, "c04d831721b66c43", "7ef59d2d9a7fe77696db761c0000b3d9", "a7844c4e", "6c25c0284645e18b"}, 0x28)
setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000080)=0x2, 0x4)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2, 0x77, 0x63c2, 0x4}, 0x3}, 0x20, 0x0, 0x0)
ioctl$I2C_PEC(r7, 0x708, 0x2)
ioctl$I2C_SMBUS(r7, 0x720, &(0x7f0000000180)={0x1, 0x0, 0x5, &(0x7f0000000140)={0x0, "96e67ad2d32945a0324a1c270700000000b76b8afe83c910c40000000000001d00"}})
socket$nl_generic(0x10, 0x3, 0x10)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
preadv(r0, &(0x7f0000000200), 0x0, 0x9, 0x1)

6.190598939s ago: executing program 4 (id=116):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r0=>0x0)
timer_create(0x6, &(0x7f0000000180)={0x0, 0x1d, 0x0, @tid=r0}, &(0x7f00000001c0))
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_io_uring_setup(0x24fa, &(0x7f0000000380)={0x0, 0x0, 0x108, 0x1}, 0x0, 0x0)
getpgid(0xffffffffffffffff)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

6.140896826s ago: executing program 3 (id=117):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1, 0x0, 0x0, <r2=>0x0})
r3 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
write$evdev(r3, &(0x7f0000000000), 0x100000008) (async)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r3, 0x80004506, 0x0) (async)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) (async)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f0000000100)={0x30, r2, 0x0, 0x0, 0xa0, 0xa, 0x0, 0x0})

598.324µs ago: executing program 3 (id=118):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x1fffff, 0x1, 0x11, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0xe)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x4008032, 0xffffffffffffffff, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000002c0)={'syz0\x00', {0xfff, 0x0, 0x3, 0x5c}, 0x30, [0x5, 0x9, 0x6, 0x5, 0xe1c5f86f, 0x1, 0x0, 0x25b, 0x0, 0x7ff, 0x4, 0xffffffff, 0x0, 0x101, 0x663, 0x1, 0x2, 0x7, 0x0, 0x4, 0x8, 0x1, 0x0, 0xff, 0x8, 0x32ec, 0x0, 0x2, 0xd, 0xfffff20e, 0x3, 0x40, 0x6, 0x5, 0xff, 0xfffffffb, 0x10, 0xe, 0x9, 0x4, 0x7, 0x3, 0x0, 0x0, 0x8, 0x1, 0x14000000, 0x100, 0x9dd, 0x3, 0x7, 0x6, 0x9, 0x4, 0x3, 0x10001, 0x4, 0x5, 0xea11, 0x1, 0xfffffff8, 0x9, 0x0, 0xfffffffd], [0x2, 0xb, 0x6, 0x4, 0x6, 0x3, 0x1, 0x1, 0x9, 0x100, 0xa1, 0x1, 0xb, 0x7, 0x525, 0x4, 0x6, 0x400, 0xa, 0x2, 0x2, 0xa000000, 0x6, 0x7, 0x9, 0x0, 0x200000, 0x4, 0x80000000, 0x80000000, 0x80000001, 0x7e2f, 0x0, 0xe87, 0x9c, 0x8, 0x3, 0x2, 0x6, 0x2, 0xf, 0x279a, 0x0, 0x3, 0x8, 0x6, 0x81, 0x6, 0x7, 0x81, 0xfff, 0x400, 0x7, 0x7f, 0x2, 0xf8c2, 0x8, 0x2, 0x4, 0x9, 0x4, 0x0, 0x1, 0x7fffffff], [0x8, 0x7e9, 0x8, 0x90, 0x8, 0x6, 0x4, 0x1, 0x6, 0x5, 0x4, 0x401, 0x5, 0x5, 0x7, 0xe0d2, 0x0, 0x9, 0x5, 0x3, 0xa, 0x2, 0x3, 0xfffffffd, 0x8, 0xa, 0xd0000000, 0xd, 0x3, 0x6, 0x1, 0x3, 0xe54, 0x3217889f, 0x3, 0x5, 0x4, 0x401, 0x3, 0xed2, 0x7, 0x3, 0x0, 0x4e, 0x8, 0x2, 0x7, 0x3, 0x5, 0x10, 0x5, 0x3, 0x1, 0x101, 0xfffffff7, 0x9, 0x9, 0x8, 0x8, 0xe4ab, 0xd, 0xc7, 0x1000, 0xa], [0x8001, 0x10001, 0x8, 0xfffffff7, 0x1, 0x8001, 0x1, 0xffff8001, 0x5, 0x401, 0x10000, 0x5, 0x4, 0x8, 0x7ff, 0xfffffffb, 0x7, 0x8, 0x89, 0x3, 0x1, 0x6, 0x8, 0x2, 0x3, 0x9, 0x6, 0xfffffe48, 0xba, 0x0, 0xf, 0x0, 0x6, 0xe, 0x9, 0x9, 0xc1a, 0x2a03, 0xffff, 0x80000001, 0x35, 0x66, 0xf695, 0x0, 0x10001, 0xe, 0xe3, 0xf, 0x81, 0x7f, 0x200, 0x96fc, 0x3, 0x1, 0x401, 0xe000, 0x9, 0x8000, 0x6060, 0x7, 0x8f8, 0x6, 0x4, 0x5]}, 0x45c)
syz_emit_ethernet(0x4e, &(0x7f0000000100)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0xc2, 0x1, 0x0, 0x0, {[@generic={0x3, 0x2}, @exp_smc={0xfe, 0x6}, @exp_fastopen={0xfe, 0x6, 0xf989, "1bd7"}, @timestamp={0x8, 0xa, 0x8, 0x5}]}}}}}}}, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

0s ago: executing program 4 (id=119):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x13}, 0x18)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
unshare(0x28000600)
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000600))
fallocate(0xffffffffffffffff, 0x2, 0x400000000000004, 0x5)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x33, 0x0, 0x0)
socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_dccp_int(0xffffffffffffffff, 0x21, 0x6, &(0x7f0000000100)=0x5, 0x4)
r1 = socket(0xa, 0x3, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'dummy0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_MTU={0x8}]}, 0x28}}, 0x0)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
r8 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r7, 0x0)
mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2002, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0xc8, 0x0, &(0x7f0000000780)=[@free_buffer={0x40086303, r8}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000002c0)={@fd, @fd, @flat=@binder={0x73622a85, 0xa, 0x4000000000002}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}, 0x400}, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000480)={@fda={0x66646185, 0x0, 0x0, 0x30}, @ptr={0x70742a85, 0x1, &(0x7f0000001740)=""/4096, 0x1000, 0x0, 0x16}, @ptr={0x70742a85, 0x0, &(0x7f0000000400)=""/81, 0x51, 0x2, 0x33}}, &(0x7f00000003c0)={0x0, 0x20, 0x48}}}, @request_death={0x400c630e, 0x0, 0x2000000}, @acquire_done={0x40106309, 0x3}], 0x0, 0x0, 0x0})
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r10, 0x4038ae7a, &(0x7f0000000240)={[{0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}]})
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.9' (ED25519) to the list of known hosts.
[   58.568036][ T5212] cgroup: Unknown subsys name 'net'
[   58.709443][ T5212] cgroup: Unknown subsys name 'cpuset'
[   58.717560][ T5212] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   60.116489][ T5212] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   62.479724][ T5223] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   62.506218][ T5223] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   62.513770][ T5223] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   62.522069][ T5223] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   62.530073][ T5223] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   62.537726][ T5223] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   62.614393][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.622498][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.643460][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.664446][ T5230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.672231][ T5230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   62.680010][ T5230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.687551][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.696401][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.704640][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.773743][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   62.777126][ T5223] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   62.789079][ T5223] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.796373][ T5236] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   62.804384][ T5236] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   62.819430][ T5238] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   62.827869][ T5223] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   62.835566][ T5238] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   62.842942][ T5223] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.851005][ T5238] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   62.858096][ T5236] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   62.867330][ T5236] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   62.880279][ T5236] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   62.891257][ T5236] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   62.899113][ T5223] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   62.961922][ T5226] chnl_net:caif_netlink_parms(): no params data found
[   63.092489][ T5226] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.100212][ T5226] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.108083][ T5226] bridge_slave_0: entered allmulticast mode
[   63.114738][ T5226] bridge_slave_0: entered promiscuous mode
[   63.124469][ T5226] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.131614][ T5226] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.138836][ T5226] bridge_slave_1: entered allmulticast mode
[   63.146012][ T5226] bridge_slave_1: entered promiscuous mode
[   63.195278][ T5226] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.207883][ T5226] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.274463][ T5226] team0: Port device team_slave_0 added
[   63.316130][ T5226] team0: Port device team_slave_1 added
[   63.358805][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_0
[   63.366883][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.393872][ T5226] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   63.409595][ T5226] batman_adv: batadv0: Adding interface: batadv_slave_1
[   63.416646][ T5226] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   63.442689][ T5226] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   63.464319][ T5244] chnl_net:caif_netlink_parms(): no params data found
[   63.530197][ T5226] hsr_slave_0: entered promiscuous mode
[   63.536956][ T5226] hsr_slave_1: entered promiscuous mode
[   63.669249][ T5242] chnl_net:caif_netlink_parms(): no params data found
[   63.684568][ T5240] chnl_net:caif_netlink_parms(): no params data found
[   63.727961][ T5244] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.735045][ T5244] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.743143][ T5244] bridge_slave_0: entered allmulticast mode
[   63.750382][ T5244] bridge_slave_0: entered promiscuous mode
[   63.793877][ T5244] bridge0: port 2(bridge_slave_1) entered blocking state
[   63.801247][ T5244] bridge0: port 2(bridge_slave_1) entered disabled state
[   63.808478][ T5244] bridge_slave_1: entered allmulticast mode
[   63.815081][ T5244] bridge_slave_1: entered promiscuous mode
[   63.832060][ T5243] chnl_net:caif_netlink_parms(): no params data found
[   63.889315][ T5244] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   63.928712][ T5244] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   63.972822][ T5242] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.980024][ T5242] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.988103][ T5242] bridge_slave_0: entered allmulticast mode
[   63.994710][ T5242] bridge_slave_0: entered promiscuous mode
[   64.002573][ T5242] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.009999][ T5242] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.017263][ T5242] bridge_slave_1: entered allmulticast mode
[   64.023900][ T5242] bridge_slave_1: entered promiscuous mode
[   64.043620][ T5240] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.051252][ T5240] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.059883][ T5240] bridge_slave_0: entered allmulticast mode
[   64.068056][ T5240] bridge_slave_0: entered promiscuous mode
[   64.106339][ T5240] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.116085][ T5240] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.123333][ T5240] bridge_slave_1: entered allmulticast mode
[   64.130436][ T5240] bridge_slave_1: entered promiscuous mode
[   64.147540][ T5244] team0: Port device team_slave_0 added
[   64.172570][ T5242] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.193206][ T5244] team0: Port device team_slave_1 added
[   64.207845][ T5243] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.215048][ T5243] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.222599][ T5243] bridge_slave_0: entered allmulticast mode
[   64.229774][ T5243] bridge_slave_0: entered promiscuous mode
[   64.238951][ T5243] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.246171][ T5243] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.253310][ T5243] bridge_slave_1: entered allmulticast mode
[   64.260726][ T5243] bridge_slave_1: entered promiscuous mode
[   64.278936][ T5242] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.290519][ T5240] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.303092][ T5240] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.321443][ T5244] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.328576][ T5244] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.355274][ T5244] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.401613][ T5244] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.409724][ T5244] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.436097][ T5244] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.472403][ T5240] team0: Port device team_slave_0 added
[   64.483550][ T5243] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.494867][ T5243] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.511794][ T5226] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   64.523075][ T5242] team0: Port device team_slave_0 added
[   64.530497][ T5240] team0: Port device team_slave_1 added
[   64.552086][ T5226] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   64.566840][ T5242] team0: Port device team_slave_1 added
[   64.589057][ T5226] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   64.606487][ T5232] Bluetooth: hci0: command tx timeout
[   64.613032][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.620403][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.646548][ T5240] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.677176][ T5243] team0: Port device team_slave_0 added
[   64.683172][ T5226] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   64.702624][ T5240] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.710143][ T5240] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.736248][ T5240] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.755233][ T5244] hsr_slave_0: entered promiscuous mode
[   64.762016][ T5244] hsr_slave_1: entered promiscuous mode
[   64.768724][ T5244] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   64.776901][ T5244] Cannot create hsr debugfs directory
[   64.784353][ T5243] team0: Port device team_slave_1 added
[   64.799900][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.807197][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.833332][ T5242] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.846500][ T5232] Bluetooth: hci1: command tx timeout
[   64.850953][ T5242] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.859445][ T5242] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.885662][ T5242] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.906426][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.913403][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   64.940761][ T5232] Bluetooth: hci3: command tx timeout
[   64.946389][   T54] Bluetooth: hci2: command tx timeout
[   64.951908][ T5243] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.999693][ T5243] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.006974][ T5232] Bluetooth: hci4: command tx timeout
[   65.012138][ T5243] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.042150][ T5243] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.065547][ T5240] hsr_slave_0: entered promiscuous mode
[   65.072005][ T5240] hsr_slave_1: entered promiscuous mode
[   65.078773][ T5240] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.087102][ T5240] Cannot create hsr debugfs directory
[   65.159808][ T5242] hsr_slave_0: entered promiscuous mode
[   65.167065][ T5242] hsr_slave_1: entered promiscuous mode
[   65.173164][ T5242] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.181343][ T5242] Cannot create hsr debugfs directory
[   65.240299][ T5243] hsr_slave_0: entered promiscuous mode
[   65.249092][ T5243] hsr_slave_1: entered promiscuous mode
[   65.255154][ T5243] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   65.262978][ T5243] Cannot create hsr debugfs directory
[   65.510861][ T5244] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   65.521060][ T5244] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   65.531713][ T5244] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   65.540563][ T5244] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   65.593112][ T5226] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.603942][ T5240] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.625399][ T5240] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.647314][ T5240] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.669448][ T5240] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.696371][ T5226] 8021q: adding VLAN 0 to HW filter on device team0
[   65.718139][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.725520][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.742179][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.749469][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.767298][ T5243] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.776952][ T5243] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.806783][ T5243] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.841279][ T5243] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.883154][ T5244] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.915278][ T5242] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   65.930779][ T5242] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   65.944814][ T5242] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   65.970145][ T5244] 8021q: adding VLAN 0 to HW filter on device team0
[   65.981610][ T5242] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   66.014677][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.021894][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.048885][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.056027][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.137991][ T5240] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.147968][ T5226] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.208933][ T5240] 8021q: adding VLAN 0 to HW filter on device team0
[   66.230861][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.238031][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.255871][ T5243] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.273773][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.281003][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.334524][ T5243] 8021q: adding VLAN 0 to HW filter on device team0
[   66.368157][ T5244] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.390194][ T5226] veth0_vlan: entered promiscuous mode
[   66.400709][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.407844][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.431287][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.438409][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.453727][ T5226] veth1_vlan: entered promiscuous mode
[   66.495473][ T5242] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.533905][ T5240] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.605498][ T5242] 8021q: adding VLAN 0 to HW filter on device team0
[   66.623269][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.630395][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.647425][ T5226] veth0_macvtap: entered promiscuous mode
[   66.659499][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.666631][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.680043][ T5240] veth0_vlan: entered promiscuous mode
[   66.693037][ T5240] veth1_vlan: entered promiscuous mode
[   66.696010][ T5232] Bluetooth: hci0: command tx timeout
[   66.700935][ T5244] veth0_vlan: entered promiscuous mode
[   66.715346][ T5226] veth1_macvtap: entered promiscuous mode
[   66.777227][ T5244] veth1_vlan: entered promiscuous mode
[   66.812789][ T5240] veth0_macvtap: entered promiscuous mode
[   66.824642][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.847678][ T5240] veth1_macvtap: entered promiscuous mode
[   66.865139][ T5226] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.887270][ T5226] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.896828][ T5226] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.905530][ T5226] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.915147][ T5226] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.926628][ T5232] Bluetooth: hci1: command tx timeout
[   66.937354][ T5244] veth0_macvtap: entered promiscuous mode
[   66.946891][ T5243] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.964922][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   66.980206][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   66.991855][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.003314][ T5244] veth1_macvtap: entered promiscuous mode
[   67.009378][ T5232] Bluetooth: hci2: command tx timeout
[   67.009424][   T54] Bluetooth: hci3: command tx timeout
[   67.035402][ T5240] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.046474][ T5240] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.059752][ T5240] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.075368][ T5242] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.086273][   T54] Bluetooth: hci4: command tx timeout
[   67.100408][ T5240] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.109439][ T5240] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.118724][ T5240] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.128220][ T5240] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.185104][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.196953][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.208439][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.219288][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.230821][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.259607][ T5242] veth0_vlan: entered promiscuous mode
[   67.314363][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.325082][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.337841][ T5244] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.348535][ T5244] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.359953][ T5244] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.388070][ T5242] veth1_vlan: entered promiscuous mode
[   67.403777][ T5243] veth0_vlan: entered promiscuous mode
[   67.411654][ T5244] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.420753][ T5244] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.430601][ T5244] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.441363][ T5244] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.461823][  T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.469873][  T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.504524][ T5243] veth1_vlan: entered promiscuous mode
[   67.532765][ T5242] veth0_macvtap: entered promiscuous mode
[   67.538786][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.550163][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.606808][ T5243] veth0_macvtap: entered promiscuous mode
[   67.619218][  T188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.627699][  T188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.651838][ T5242] veth1_macvtap: entered promiscuous mode
[   67.680375][ T1811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.690456][ T5243] veth1_macvtap: entered promiscuous mode
[   67.699984][ T1811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.736083][ T5226] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   67.771635][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.785427][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.803590][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.821990][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.836228][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   67.853394][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.866606][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.883438][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   67.914893][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.926077][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   67.944608][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.960689][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   67.970688][ T5280] Zero length message leads to an empty skb
[   67.972832][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   67.992846][ T5243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.005529][ T5243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.032097][ T5243] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.044052][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.058563][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.075775][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.087288][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.098299][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.110492][ T5283] sctp: [Deprecated]: syz.0.1 (pid 5283) Use of int in maxseg socket option.
[   68.110492][ T5283] Use struct sctp_assoc_value instead
[   68.131821][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.142613][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   68.154948][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.168525][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.195725][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   68.211412][ T5243] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.229911][ T5243] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.243633][ T5243] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.254435][ T5243] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.353600][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.364632][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.379922][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.390621][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.400982][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.411781][ T5275] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   68.420849][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.433544][ T5242] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   68.444117][ T5242] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   68.455450][ T5242] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.467470][ T5242] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.476670][ T5242] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.485394][ T5242] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.495121][ T5242] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.524712][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.544224][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.576249][ T5275] usb 3-1: Using ep0 maxpacket: 16
[   68.598704][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.640190][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   68.664570][ T5275] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   68.688405][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.697248][ T5275] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   68.715996][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.740628][ T5275] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[   68.766675][   T54] Bluetooth: hci0: command tx timeout
[   68.802998][ T5275] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 25
[   68.831165][ T5275] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   68.841171][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   68.851202][ T1811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.865537][ T5275] usb 3-1: SerialNumber: syz
[   68.889356][ T1811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.927863][ T5275] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[   68.952544][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.963505][ T5275] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12
[   68.981729][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.989009][   T29] audit: type=1326 audit(1726981528.631:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   68.989056][   T29] audit: type=1326 audit(1726981528.631:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.040237][   T29] audit: type=1326 audit(1726981528.691:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.062579][   T54] Bluetooth: hci1: command tx timeout
[   69.086338][   T29] audit: type=1326 audit(1726981528.691:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.087556][   T54] Bluetooth: hci3: command tx timeout
[   69.113701][   T54] Bluetooth: hci2: command tx timeout
[   69.166405][ T5232] Bluetooth: hci4: command tx timeout
[   69.205320][   T29] audit: type=1326 audit(1726981528.691:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.277580][ T5282] batadv0: entered promiscuous mode
[   69.283103][ T5282] macsec1: entered promiscuous mode
[   69.344031][ T5282] batadv0: left promiscuous mode
[   69.371020][   T29] audit: type=1326 audit(1726981528.691:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.400128][   T29] audit: type=1326 audit(1726981528.691:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.432911][   T29] audit: type=1326 audit(1726981528.691:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.465369][   T29] audit: type=1326 audit(1726981528.691:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.466063][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   69.540767][  T188] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   69.576997][  T188] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.616097][   T29] audit: type=1326 audit(1726981528.691:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5291 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68c217def9 code=0x7ffc0000
[   69.652641][ T5286] usb 3-1: USB disconnect, device number 2
[   69.905400][ T5304] bond_slave_0: entered promiscuous mode
[   69.905454][ T5304] bond_slave_1: entered promiscuous mode
[   69.905577][ T5304] vlan2: entered promiscuous mode
[   69.905589][ T5304] bond0: entered promiscuous mode
[   69.922305][ T5298] syz.3.4 (5298): drop_caches: 2
[   69.969786][ T5304] vlan2: entered allmulticast mode
[   69.969811][ T5304] bond0: entered allmulticast mode
[   69.969826][ T5304] bond_slave_0: entered allmulticast mode
[   69.969842][ T5304] bond_slave_1: entered allmulticast mode
[   69.980354][ T5304] bond0: left allmulticast mode
[   69.980377][ T5304] bond_slave_0: left allmulticast mode
[   69.980393][ T5304] bond_slave_1: left allmulticast mode
[   69.980416][ T5304] bond0: left promiscuous mode
[   69.980739][ T5304] bond_slave_0: left promiscuous mode
[   69.981299][ T5304] bond_slave_1: left promiscuous mode
[   70.656086][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.658527][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.662824][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   70.755898][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   70.859910][ T5232] Bluetooth: hci0: command tx timeout
[   71.056062][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[   71.056692][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   71.082909][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   71.084594][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   71.097363][ T5232] Bluetooth: hci1: command tx timeout
[   71.178650][ T5232] Bluetooth: hci2: command tx timeout
[   71.178700][ T5232] Bluetooth: hci3: command tx timeout
[   71.267047][   T54] Bluetooth: hci4: command tx timeout
[   71.536767][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[   71.547157][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[   72.177244][ T1813] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.450418][ T5295] syz.1.2 (5295): drop_caches: 2
[   72.453727][ T1813] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.738447][ T1813] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.930185][ T1813] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   72.975137][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   72.983339][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   72.996467][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   73.023453][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   73.053147][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   73.064498][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   73.112868][ T5335] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17'.
[   73.426897][ T5354] netlink: 'syz.4.20': attribute type 20 has an invalid length.
[   73.463594][ T5354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.20'.
[   73.551912][ T1813] bridge_slave_1: left allmulticast mode
[   73.572834][ T1813] bridge_slave_1: left promiscuous mode
[   73.591014][ T1813] bridge0: port 2(bridge_slave_1) entered disabled state
[   73.612661][ T1813] bridge_slave_0: left allmulticast mode
[   73.633394][ T1813] bridge_slave_0: left promiscuous mode
[   73.642164][ T1813] bridge0: port 1(bridge_slave_0) entered disabled state
[   73.730786][ T5351] syz.2.19 (5351): drop_caches: 2
[   74.143114][ T1813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   74.155356][ T1813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   74.165944][ T5275] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   74.179597][ T1813] bond0 (unregistering): Released all slaves
[   74.199461][ T5364] tunl0: entered promiscuous mode
[   74.214462][ T5364] netlink: 'syz.1.24': attribute type 1 has an invalid length.
[   74.231090][ T5364] netlink: 9 bytes leftover after parsing attributes in process `syz.1.24'.
[   74.285184][ T5342] chnl_net:caif_netlink_parms(): no params data found
[   74.330545][ T5278] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   74.356824][ T5275] usb 3-1: Using ep0 maxpacket: 8
[   74.368881][ T5275] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   74.393352][ T5275] usb 3-1: config 0 has no interfaces?
[   74.412053][ T5275] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[   74.426978][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   74.435007][ T5275] usb 3-1: Product: syz
[   74.440763][ T5275] usb 3-1: Manufacturer: syz
[   74.447210][ T5275] usb 3-1: SerialNumber: syz
[   74.463026][ T5275] usb 3-1: config 0 descriptor??
[   74.506034][ T5278] usb 1-1: Using ep0 maxpacket: 16
[   74.539110][ T5278] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   74.551682][ T5274] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   74.586096][ T5278] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[   74.634658][   T29] kauditd_printk_skb: 1698 callbacks suppressed
[   74.634677][   T29] audit: type=1326 audit(1726981534.281:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   74.672937][ T5278] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice=ff.40
[   74.697633][ T5362] FAULT_INJECTION: forcing a failure.
[   74.697633][ T5362] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   74.732455][ T5278] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[   74.764066][ T5362] CPU: 0 UID: 0 PID: 5362 Comm: syz.2.23 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[   74.770825][   T29] audit: type=1326 audit(1726981534.281:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   74.774263][ T5362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   74.806466][ T5362] Call Trace:
[   74.809762][ T5362]  <TASK>
[   74.812710][ T5362]  dump_stack_lvl+0x241/0x360
[   74.817435][ T5362]  ? __pfx_dump_stack_lvl+0x10/0x10
[   74.818221][   T29] audit: type=1326 audit(1726981534.311:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   74.822640][ T5362]  ? __pfx__printk+0x10/0x10
[   74.822669][ T5362]  ? __pfx_lock_release+0x10/0x10
[   74.854443][ T5362]  should_fail_ex+0x3b0/0x4e0
[   74.859171][ T5362]  set_fd_set+0x3a/0xa0
[   74.863360][ T5362]  core_sys_select+0x800/0x910
[   74.868165][ T5362]  ? __pfx_core_sys_select+0x10/0x10
[   74.873171][   T29] audit: type=1326 audit(1726981534.311:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   74.873500][ T5362]  ? __might_fault+0xaa/0x120
[   74.900409][ T5362]  ? __pfx_set_user_sigmask+0x10/0x10
[   74.905805][ T5362]  ? __fget_files+0x3f3/0x470
[   74.910507][ T5362]  __se_sys_pselect6+0x319/0x3f0
[   74.915504][ T5362]  ? __pfx___se_sys_pselect6+0x10/0x10
[   74.920985][ T5362]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   74.927339][ T5362]  ? do_syscall_64+0x100/0x230
[   74.932132][ T5362]  ? __x64_sys_pselect6+0x21/0xf0
[   74.937107][   T29] audit: type=1326 audit(1726981534.311:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   74.937163][ T5362]  do_syscall_64+0xf3/0x230
[   74.963805][ T5362]  ? clear_bhb_loop+0x35/0x90
[   74.968518][ T5362]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.974473][ T5362] RIP: 0033:0x7f6f20d7def9
[   74.978923][ T5362] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.998576][ T5362] RSP: 002b:00007f6f21b72038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[   75.007027][ T5362] RAX: ffffffffffffffda RBX: 00007f6f20f35f80 RCX: 00007f6f20d7def9
[   75.015020][ T5362] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000040
[   75.018335][   T29] audit: type=1326 audit(1726981534.311:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   75.022992][ T5362] RBP: 00007f6f21b72090 R08: 0000000020000040 R09: 0000000000000000
[   75.023011][ T5362] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[   75.023025][ T5362] R13: 0000000000000000 R14: 00007f6f20f35f80 R15: 00007f6f2105fa28
[   75.023055][ T5362]  </TASK>
[   75.080753][ T5278] usb 1-1: Product: syz
[   75.082115][ T5286] usb 3-1: USB disconnect, device number 3
[   75.085021][ T5278] usb 1-1: SerialNumber: syz
[   75.135222][ T5389] netlink: 40 bytes leftover after parsing attributes in process `syz.4.31'.
[   75.162695][   T29] audit: type=1326 audit(1726981534.311:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   75.196883][   T54] Bluetooth: hci4: command tx timeout
[   75.268855][   T29] audit: type=1326 audit(1726981534.311:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   75.348265][ T5342] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.355625][ T5342] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.373864][   T29] audit: type=1326 audit(1726981534.311:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   75.409606][ T5342] bridge_slave_0: entered allmulticast mode
[   75.427330][ T5342] bridge_slave_0: entered promiscuous mode
[   75.472964][   T29] audit: type=1326 audit(1726981534.311:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5386 comm="syz.1.29" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   75.520851][ T5342] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.552744][ T5342] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.562931][ T5342] bridge_slave_1: entered allmulticast mode
[   75.587178][ T5342] bridge_slave_1: entered promiscuous mode
[   75.654997][ T5409] syz.4.33 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   75.793149][ T5412] netlink: 56 bytes leftover after parsing attributes in process `syz.2.34'.
[   75.826791][ T1813] hsr_slave_0: left promiscuous mode
[   75.833051][ T1813] hsr_slave_1: left promiscuous mode
[   75.858495][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   75.872864][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_0
[   75.892480][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   75.900923][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_1
[   75.940125][ T1813] veth1_macvtap: left promiscuous mode
[   75.959087][ T5418] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   75.999654][ T1813] veth0_macvtap: left promiscuous mode
[   75.999840][ T1813] veth1_vlan: left promiscuous mode
[   76.000082][ T1813] veth0_vlan: left promiscuous mode
[   76.065974][ T5274] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[   76.260356][ T5274] usb 5-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[   76.269761][ T5274] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.298599][ T5274] usb 5-1: config 0 descriptor??
[   76.377663][ T5278] usb 1-1: 0:2 : does not exist
[   76.440850][ T5278] usb 1-1: USB disconnect, device number 2
[   76.529174][ T5274] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   76.553370][ T5274] asix 5-1:0.0: probe with driver asix failed with error -71
[   76.567778][ T5426] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[   76.587172][ T5274] usb 5-1: USB disconnect, device number 3
[   76.883265][ T1813] team0 (unregistering): Port device team_slave_1 removed
[   76.924658][ T1813] team0 (unregistering): Port device team_slave_0 removed
[   76.936167][ T5276] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   77.123874][ T5276] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   77.140989][ T5276] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   77.160794][ T5276] usb 2-1: New USB device found, idVendor=0499, idProduct=1058, bcdDevice=31.95
[   77.199066][ T5276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.209303][ T5276] usb 2-1: config 0 descriptor??
[   77.246639][   T54] Bluetooth: hci4: command tx timeout
[   77.520927][ T5438] netlink: 24 bytes leftover after parsing attributes in process `syz.4.39'.
[   77.546688][ T5276] usb 2-1: USB disconnect, device number 2
[   77.833349][ T5342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.850303][ T5422] bond_slave_0: entered promiscuous mode
[   77.856177][ T5422] bond_slave_1: entered promiscuous mode
[   77.862346][ T5422] vlan2: entered promiscuous mode
[   77.869249][ T5422] bond0: entered promiscuous mode
[   77.874608][ T5422] vlan2: entered allmulticast mode
[   77.893557][ T5422] bond0: entered allmulticast mode
[   77.898866][ T5422] bond_slave_0: entered allmulticast mode
[   77.906660][ T5422] bond_slave_1: entered allmulticast mode
[   77.914172][ T5422] bond0: left allmulticast mode
[   77.919223][ T5422] bond_slave_0: left allmulticast mode
[   77.925661][ T5422] bond_slave_1: left allmulticast mode
[   77.931498][ T5422] bond0: left promiscuous mode
[   77.937598][ T5422] bond_slave_0: left promiscuous mode
[   77.943066][ T5422] bond_slave_1: left promiscuous mode
[   77.961668][ T5446] tunl0: entered promiscuous mode
[   77.970049][ T5446] netlink: 'syz.0.42': attribute type 1 has an invalid length.
[   77.977776][ T5446] netlink: 9 bytes leftover after parsing attributes in process `syz.0.42'.
[   77.993429][ T5342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.175214][ T5342] team0: Port device team_slave_0 added
[   78.331479][ T5342] team0: Port device team_slave_1 added
[   78.546940][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.580617][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.648815][ T5342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.670661][ T5342] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.681511][ T5342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.738488][ T5342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.850620][ T5342] hsr_slave_0: entered promiscuous mode
[   78.858276][ T5342] hsr_slave_1: entered promiscuous mode
[   78.872248][ T5342] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.886751][ T5276] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   78.904091][ T5342] Cannot create hsr debugfs directory
[   79.046177][ T5276] usb 1-1: Using ep0 maxpacket: 8
[   79.074257][ T5276] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   79.097385][ T5276] usb 1-1: config 0 has no interfaces?
[   79.115610][ T5276] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[   79.133504][ T5276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.152013][ T5276] usb 1-1: Product: syz
[   79.166980][ T5276] usb 1-1: Manufacturer: syz
[   79.174030][ T5276] usb 1-1: SerialNumber: syz
[   79.208072][ T5276] usb 1-1: config 0 descriptor??
[   79.209233][ T1813] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.345004][   T54] Bluetooth: hci4: command tx timeout
[   79.346515][ T1813] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.394948][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   79.404154][ T5232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   79.411944][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   79.507239][ T5276] usb 1-1: USB disconnect, device number 3
[   79.516352][ T5232] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   79.532864][ T5232] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   79.548398][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   79.595793][ T5485] netlink: 8 bytes leftover after parsing attributes in process `syz.2.51'.
[   79.609646][ T5485] vlan2: entered allmulticast mode
[   79.689256][ T1813] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.710331][ T5487] netlink: 'syz.1.50': attribute type 1 has an invalid length.
[   79.718703][ T5487] netlink: 9 bytes leftover after parsing attributes in process `syz.1.50'.
[   79.908639][   T29] kauditd_printk_skb: 59 callbacks suppressed
[   79.908658][   T29] audit: type=1326 audit(1726981539.561:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5497 comm="syz.1.52" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x0
[   80.677486][ T5276] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   80.842473][ T5276] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   80.853095][ T5276] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   80.867030][ T5276] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   80.876168][ T5276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.890603][ T5276] usb 1-1: config 0 descriptor??
[   80.902370][ T5276] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[   81.008963][ T5274] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   81.172222][ T5274] usb 2-1: Using ep0 maxpacket: 8
[   81.179900][ T5274] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.190835][ T5274] usb 2-1: config 0 has no interfaces?
[   81.213250][ T5274] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[   81.222430][ T5274] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.230561][ T5274] usb 2-1: Product: syz
[   81.234795][ T5274] usb 2-1: Manufacturer: syz
[   81.239578][ T5274] usb 2-1: SerialNumber: syz
[   81.252945][ T5274] usb 2-1: config 0 descriptor??
[   81.337336][ T1813] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.417678][   T54] Bluetooth: hci4: command tx timeout
[   81.461386][ T5508] FAULT_INJECTION: forcing a failure.
[   81.461386][ T5508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   81.493875][ T5508] CPU: 0 UID: 0 PID: 5508 Comm: syz.1.56 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[   81.504092][ T5508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[   81.514197][ T5508] Call Trace:
[   81.517508][ T5508]  <TASK>
[   81.520455][ T5508]  dump_stack_lvl+0x241/0x360
[   81.525144][ T5508]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.530347][ T5508]  ? __pfx__printk+0x10/0x10
[   81.534947][ T5508]  ? snprintf+0xda/0x120
[   81.539209][ T5508]  should_fail_ex+0x3b0/0x4e0
[   81.543909][ T5508]  _copy_to_user+0x2f/0xb0
[   81.548344][ T5508]  simple_read_from_buffer+0xca/0x150
[   81.553730][ T5508]  proc_fail_nth_read+0x1e9/0x250
[   81.558771][ T5508]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   81.564337][ T5508]  ? rw_verify_area+0x55e/0x6f0
[   81.569203][ T5508]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   81.574771][ T5508]  vfs_read+0x201/0xbc0
[   81.578940][ T5508]  ? __pfx_lock_release+0x10/0x10
[   81.583993][ T5508]  ? __pfx_vfs_read+0x10/0x10
[   81.588693][ T5508]  ? __fget_files+0x3f3/0x470
[   81.593380][ T5508]  ? __fdget_pos+0x24e/0x320
[   81.597969][ T5508]  ksys_read+0x1a0/0x2c0
[   81.602219][ T5508]  ? __pfx_ksys_read+0x10/0x10
[   81.606998][ T5508]  ? do_syscall_64+0x100/0x230
[   81.611769][ T5508]  ? do_syscall_64+0xb6/0x230
[   81.616546][ T5508]  do_syscall_64+0xf3/0x230
[   81.621063][ T5508]  ? clear_bhb_loop+0x35/0x90
[   81.625755][ T5508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   81.631651][ T5508] RIP: 0033:0x7effdc17c93c
[   81.636066][ T5508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[   81.655765][ T5508] RSP: 002b:00007effdcf35030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   81.664271][ T5508] RAX: ffffffffffffffda RBX: 00007effdc335f80 RCX: 00007effdc17c93c
[   81.672250][ T5508] RDX: 000000000000000f RSI: 00007effdcf350a0 RDI: 0000000000000009
[   81.680404][ T5508] RBP: 00007effdcf35090 R08: 0000000000000000 R09: 0000000000000000
[   81.688383][ T5508] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[   81.696379][ T5508] R13: 0000000000000000 R14: 00007effdc335f80 R15: 00007effdc45fa28
[   81.704387][ T5508]  </TASK>
[   81.707516][    C0] vkms_vblank_simulate: vblank timer overrun
[   81.735500][   T54] Bluetooth: hci2: command tx timeout
[   81.761400][ T5286] usb 2-1: USB disconnect, device number 3
[   81.779730][ T1170] cfg80211: failed to load regulatory.db
[   81.853274][   T29] audit: type=1326 audit(1726981541.501:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   81.948211][   T29] audit: type=1326 audit(1726981541.501:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   81.971287][   T29] audit: type=1326 audit(1726981541.531:1782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   81.993718][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.000346][   T29] audit: type=1326 audit(1726981541.531:1783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.023071][   T29] audit: type=1326 audit(1726981541.531:1784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.045359][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.052018][   T29] audit: type=1326 audit(1726981541.531:1785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.104306][   T29] audit: type=1326 audit(1726981541.531:1786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.126637][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.171222][   T29] audit: type=1326 audit(1726981541.531:1787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.173083][ T5273] usb 1-1: USB disconnect, device number 4
[   82.193399][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.225242][   T29] audit: type=1326 audit(1726981541.531:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5515 comm="syz.1.59" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   82.247517][    C0] vkms_vblank_simulate: vblank timer overrun
[   82.456798][ T5527] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   82.466635][ T1813] bridge_slave_1: left allmulticast mode
[   82.482883][ T1813] bridge_slave_1: left promiscuous mode
[   82.490097][ T1813] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.508687][ T1813] bridge_slave_0: left allmulticast mode
[   82.514377][ T1813] bridge_slave_0: left promiscuous mode
[   82.520262][ T1813] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.666647][ T5273] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   82.854047][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   82.886110][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   82.896495][ T5273] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[   82.905586][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   82.933321][ T5273] usb 1-1: config 0 descriptor??
[   83.419118][ T5274] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   83.431036][ T1813] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   83.460629][ T1813] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   83.495811][ T1813] bond0 (unregistering): Released all slaves
[   83.580148][ T5274] usb 2-1: Using ep0 maxpacket: 8
[   83.590495][ T5555] tunl0: entered promiscuous mode
[   83.610460][ T5555] netlink: 'syz.2.65': attribute type 1 has an invalid length.
[   83.619883][ T5555] netlink: 9 bytes leftover after parsing attributes in process `syz.2.65'.
[   83.694707][ T5274] usb 2-1: unable to get BOS descriptor or descriptor too short
[   83.707385][ T5493] chnl_net:caif_netlink_parms(): no params data found
[   83.716805][ T5274] usb 2-1: no configurations
[   83.721458][ T5274] usb 2-1: can't read configurations, error -22
[   83.811326][   T54] Bluetooth: hci2: command tx timeout
[   83.857497][ T5562] loop4: detected capacity change from 0 to 7
[   83.888178][ T5563] loop2: detected capacity change from 0 to 7
[   83.896745][ T5562] Dev loop4: unable to read RDB block 7
[   83.902455][ T5562]  loop4: unable to read partition table
[   83.916356][ T5563] Dev loop2: unable to read RDB block 7
[   83.921974][ T5563]  loop2: unable to read partition table
[   83.941707][ T5562] loop4: partition table beyond EOD, truncated
[   83.952792][ T5563] loop2: partition table beyond EOD, truncated
[   83.963498][ T5562] loop_reread_partitions: partition scan of loop4 (�被x������ڬ��dƤ����ݡ�����
[   83.963498][ T5562] 
) failed (rc=-5)
[   83.989092][ T5563] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[   84.037531][ T5342] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   84.069575][ T5342] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   84.133446][ T5551] PKCS7: Unknown OID: [4] 2.19.13055.170809666(bad)
[   84.145999][ T5551] PKCS7: Only support pkcs7_signedData type
[   84.163707][ T5342] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   84.194338][ T5342] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   84.368518][ T5493] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.389943][ T5493] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.413704][ T5493] bridge_slave_0: entered allmulticast mode
[   84.424626][ T5493] bridge_slave_0: entered promiscuous mode
[   84.446651][ T1813] hsr_slave_0: left promiscuous mode
[   84.456649][ T1813] hsr_slave_1: left promiscuous mode
[   84.473243][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   84.487984][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_0
[   84.512858][ T1813] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   84.542970][ T1813] batman_adv: batadv0: Removing interface: batadv_slave_1
[   84.614695][ T1813] veth1_macvtap: left promiscuous mode
[   84.630916][ T1813] veth0_macvtap: left promiscuous mode
[   84.646748][ T1813] veth1_vlan: left promiscuous mode
[   84.652606][ T1813] veth0_vlan: left promiscuous mode
[   84.698992][ T5569] netlink: 'syz.1.68': attribute type 1 has an invalid length.
[   84.771495][ T5569] mmap: syz.1.68 (5569) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   85.566013][ T5273] usbhid 1-1:0.0: can't add hid device: -71
[   85.572067][ T5273] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[   85.601349][ T5273] usb 1-1: USB disconnect, device number 5
[   85.647380][   T29] kauditd_printk_skb: 23 callbacks suppressed
[   85.647396][   T29] audit: type=1326 audit(1726981545.301:1812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5577 comm="syz.1.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   85.675794][    C0] vkms_vblank_simulate: vblank timer overrun
[   85.701814][ T5581] openvswitch: netlink: Flow actions attr not present in new flow.
[   85.713443][   T29] audit: type=1326 audit(1726981545.301:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5577 comm="syz.1.71" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effdc17def9 code=0x7ffc0000
[   85.782584][   T29] audit: type=1326 audit(1726981545.311:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   85.835625][   T29] audit: type=1326 audit(1726981545.311:1815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   85.857938][    C0] vkms_vblank_simulate: vblank timer overrun
[   85.886178][   T54] Bluetooth: hci2: command tx timeout
[   85.892454][   T29] audit: type=1326 audit(1726981545.311:1816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   85.961325][   T29] audit: type=1326 audit(1726981545.311:1817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dd657df33 code=0x7ffc0000
[   86.006109][   T29] audit: type=1326 audit(1726981545.311:1818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1dd657df33 code=0x7ffc0000
[   86.028129][    C0] vkms_vblank_simulate: vblank timer overrun
[   86.035567][   T29] audit: type=1326 audit(1726981545.311:1819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   86.057770][    C0] vkms_vblank_simulate: vblank timer overrun
[   86.091619][ T1813] team0 (unregistering): Port device team_slave_1 removed
[   86.116223][   T29] audit: type=1326 audit(1726981545.311:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   86.173316][   T29] audit: type=1326 audit(1726981545.321:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5580 comm="syz.0.72" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f1dd657def9 code=0x7ffc0000
[   86.206957][ T1813] team0 (unregistering): Port device team_slave_0 removed
[   86.666221][ T5590] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=32768 (65536 ns) > initial count (54 ns). Using initial count to start timer.
[   86.814162][ T5560] coredump: 47(syz.2.67): interrupted: fatal signal pending
[   86.827565][ T5560] coredump: 47(syz.2.67): written to core: VMAs: 42, size 100966400; core: 51114992 bytes, pos 88539136
[   86.973573][ T5493] bridge0: port 2(bridge_slave_1) entered blocking state
[   86.990658][ T5493] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.000502][ T5493] bridge_slave_1: entered allmulticast mode
[   87.022861][ T5493] bridge_slave_1: entered promiscuous mode
[   87.053114][ T5586] netlink: 'syz.0.74': attribute type 1 has an invalid length.
[   87.067128][ T5586] netlink: 9 bytes leftover after parsing attributes in process `syz.0.74'.
[   87.161438][ T5493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   87.208087][ T5493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   87.248736][ T5594] netlink: 'syz.0.77': attribute type 1 has an invalid length.
[   87.319691][ T5493] team0: Port device team_slave_0 added
[   87.346484][ T5493] team0: Port device team_slave_1 added
[   87.461215][ T5493] batman_adv: batadv0: Adding interface: batadv_slave_0
[   87.475727][ T5493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.536289][ T5493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   87.605206][ T5493] batman_adv: batadv0: Adding interface: batadv_slave_1
[   87.630450][ T5493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   87.699537][ T5493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   87.789806][ T5342] 8021q: adding VLAN 0 to HW filter on device bond0
[   87.882961][ T5602] syz.0.78 (5602): drop_caches: 2
[   87.958172][ T5613] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   87.966230][   T54] Bluetooth: hci2: command tx timeout
[   87.976551][ T5613] ALSA: seq fatal error: cannot create timer (-22)
[   88.006062][   T25] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   88.019804][ T5493] hsr_slave_0: entered promiscuous mode
[   88.082088][ T5493] hsr_slave_1: entered promiscuous mode
[   88.114333][ T5493] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   88.131435][ T5493] Cannot create hsr debugfs directory
[   88.180820][   T25] usb 3-1: device descriptor read/64, error -71
[   88.280248][ T5342] 8021q: adding VLAN 0 to HW filter on device team0
[   88.342540][ T5624] openvswitch: netlink: Flow actions attr not present in new flow.
[   88.360058][   T62] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.367302][   T62] bridge0: port 1(bridge_slave_0) entered forwarding state
[   88.436720][   T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   88.448288][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.455423][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   88.618045][   T25] usb 3-1: device descriptor read/64, error -71
[   88.737024][   T25] usb usb3-port1: attempt power cycle
[   88.851069][ T5342] 8021q: adding VLAN 0 to HW filter on device batadv0
[   89.049164][ T5342] veth0_vlan: entered promiscuous mode
[   89.116552][   T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   89.127690][ T5342] veth1_vlan: entered promiscuous mode
[   89.157043][   T25] usb 3-1: device descriptor read/8, error -71
[   89.241684][ T5342] veth0_macvtap: entered promiscuous mode
[   89.304999][ T5342] veth1_macvtap: entered promiscuous mode
[   89.364748][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.406271][   T25] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   89.435414][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.456549][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.456867][   T25] usb 3-1: device descriptor read/8, error -71
[   89.476039][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.513724][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   89.541854][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.563865][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_0
[   89.596731][   T25] usb usb3-port1: unable to enumerate USB device
[   89.606838][ T5493] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   89.637835][ T5493] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   89.651786][ T5493] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   89.688137][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.704095][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.714782][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.766219][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.803400][ T5342] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   89.829023][ T5342] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   89.852214][ T5342] batman_adv: batadv0: Interface activated: batadv_slave_1
[   89.896419][ T5493] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   89.967646][ T5342] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   90.011057][ T5342] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   90.050578][ T5342] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   90.076233][ T5342] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   90.385022][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.393961][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.406816][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   90.417057][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   90.548326][ T5493] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.556974][ T5299] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[   90.631287][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.644627][ T5493] 8021q: adding VLAN 0 to HW filter on device team0
[   90.645736][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.704284][ T5660] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   90.709699][ T1813] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.721734][ T1813] bridge0: port 1(bridge_slave_0) entered forwarding state
[   90.726738][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.757088][ T5299] usb 1-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[   90.766737][ T5299] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.793638][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.809172][ T5299] usb 1-1: config 0 descriptor??
[   90.816791][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.822971][ T5670] netlink: 'syz.2.86': attribute type 1 has an invalid length.
[   90.845765][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.858442][ T1813] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.865630][ T1813] bridge0: port 2(bridge_slave_1) entered forwarding state
[   90.888717][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.898885][ T5668] netlink: 'syz.1.85': attribute type 1 has an invalid length.
[   90.906252][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.909005][ T5668] netlink: 9 bytes leftover after parsing attributes in process `syz.1.85'.
[   90.923391][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   90.971940][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.000482][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.031655][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.052447][ T5299] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[   91.068436][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.076620][ T5299] asix 1-1:0.0: probe with driver asix failed with error -71
[   91.091169][ T5493] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.091937][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.120955][ T5299] usb 1-1: USB disconnect, device number 6
[   91.150525][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.180728][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.212895][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.212943][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.212973][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213002][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213031][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213060][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213089][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213141][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213170][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213198][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213226][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213254][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213282][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213311][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213338][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213366][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213394][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213423][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213451][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213480][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213508][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213536][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213565][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213593][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213622][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213650][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213679][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213707][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213736][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213764][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213793][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.213822][ T5273] hid-generic 0000:0000:0003.0001: unknown main item tag 0x0
[   91.238737][ T5273] hid-generic 0000:0000:0003.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[   91.285102][ T5493] veth0_vlan: entered promiscuous mode
[   91.302114][ T5493] veth1_vlan: entered promiscuous mode
[   91.363955][ T5493] veth0_macvtap: entered promiscuous mode
[   91.368634][ T5493] veth1_macvtap: entered promiscuous mode
[   91.587641][   T29] kauditd_printk_skb: 579 callbacks suppressed
[   91.587659][   T29] audit: type=1326 audit(1726981551.241:2401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.608403][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.657773][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.667713][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.678187][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.688112][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.703007][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.713434][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.724428][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.724912][   T29] audit: type=1326 audit(1726981551.241:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.736233][ T5493] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.809875][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.822271][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.835936][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.846752][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.865059][   T29] audit: type=1326 audit(1726981551.301:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.866117][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.899587][   T29] audit: type=1326 audit(1726981551.301:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.926881][   T29] audit: type=1326 audit(1726981551.301:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.956544][   T29] audit: type=1326 audit(1726981551.371:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   91.996584][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.006507][ T5493] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   92.019582][ T5493] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   92.038739][ T5493] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.051454][ T5493] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.061949][ T5493] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.091093][   T29] audit: type=1326 audit(1726981551.371:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   92.125932][ T5493] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.134768][   T29] audit: type=1326 audit(1726981551.371:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   92.157460][   T29] audit: type=1326 audit(1726981551.371:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fcae517def9 code=0x7ffc0000
[   92.180088][   T29] audit: type=1326 audit(1726981551.371:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5688 comm="syz.3.90" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcae517df33 code=0x7ffc0000
[   92.186283][ T5493] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.225761][ T5691] syz.3.90 (5691): drop_caches: 2
[   92.646435][  T188] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.674695][  T188] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.728629][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.729388][ T1170] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   92.745031][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.863706][ T5720] netlink: 'syz.1.97': attribute type 1 has an invalid length.
[   93.006277][ T1170] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   93.014999][ T1170] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   93.057930][ T1170] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[   93.080315][ T5727] netlink: 'syz.1.98': attribute type 1 has an invalid length.
[   93.103759][ T1170] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[   93.120307][ T5727] netlink: 9 bytes leftover after parsing attributes in process `syz.1.98'.
[   93.131179][ T1170] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[   93.172583][ T1170] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   93.209025][ T1170] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   93.231908][ T1170] usb 4-1: Product: syz
[   93.245782][ T1170] usb 4-1: Manufacturer: syz
[   93.338483][ T1170] cdc_wdm 4-1:1.0: skipping garbage
[   93.344718][ T1170] cdc_wdm 4-1:1.0: skipping garbage
[   93.378609][ T1170] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[   93.384577][ T1170] cdc_wdm 4-1:1.0: Unknown control protocol
[   93.594753][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.601610][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.608099][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.614806][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.621084][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.627712][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.634144][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.640769][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.647056][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.653698][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.660000][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.666632][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.672934][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.679563][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.685861][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.692475][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.699392][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.706029][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.712289][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[   93.718919][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[   93.764049][ T5276] usb 4-1: USB disconnect, device number 2
[   93.764100][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[   94.412773][ T5752] bond_slave_0: entered promiscuous mode
[   94.412816][ T5752] bond_slave_1: entered promiscuous mode
[   94.412893][ T5752] vlan3: entered promiscuous mode
[   94.412907][ T5752] bond0: entered promiscuous mode
[   94.413189][ T5752] vlan3: entered allmulticast mode
[   94.413204][ T5752] bond0: entered allmulticast mode
[   94.413217][ T5752] bond_slave_0: entered allmulticast mode
[   94.413231][ T5752] bond_slave_1: entered allmulticast mode
[   94.461527][ T5752] bond0: left allmulticast mode
[   94.461555][ T5752] bond_slave_0: left allmulticast mode
[   94.461574][ T5752] bond_slave_1: left allmulticast mode
[   94.461601][ T5752] bond0: left promiscuous mode
[   94.462023][ T5752] bond_slave_0: left promiscuous mode
[   94.462073][ T5752] bond_slave_1: left promiscuous mode
[   94.606230][   T25] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   94.760414][   T25] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   94.760459][   T25] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   94.760516][   T25] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   94.760545][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.763188][   T25] usb 2-1: config 0 descriptor??
[   94.772324][   T25] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[   94.976024][ T5273] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   95.265509][ T5702] coredump: 69(syz.0.93): interrupted: fatal signal pending
[   95.273075][ T5702] coredump: 69(syz.0.93): written to core: VMAs: 37, size 97476608; core: 58606070 bytes, pos 96063488
[   95.990870][ T5286] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   96.004907][ T5770] loop4: detected capacity change from 0 to 7
[   96.026856][ T5770] Dev loop4: unable to read RDB block 7
[   96.033993][ T5273] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   96.044673][ T5273] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   96.076403][ T5770]  loop4: unable to read partition table
[   96.096433][ T5770] loop4: partition table beyond EOD, truncated
[   96.108252][ T5273] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[   96.124440][ T5770] loop_reread_partitions: partition scan of loop4 (�被x������ڬ��dƤ����ݡ�����
[   96.124440][ T5770] 
) failed (rc=-5)
[   96.146030][ T5273] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.181656][ T5273] usb 4-1: config 0 descriptor??
[   96.196204][ T5286] usb 5-1: device descriptor read/64, error -71
[   96.207593][ T5273] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[   96.453729][ T5286] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   96.596064][ T5286] usb 5-1: device descriptor read/64, error -71
[   96.720315][ T5286] usb usb5-port1: attempt power cycle
[   96.933006][ T5779] netlink: 'syz.2.109': attribute type 1 has an invalid length.
[   96.977506][ T5780] syz_tun: entered promiscuous mode
[   96.989610][ T5780] vlan2: entered promiscuous mode
[   96.995042][ T5780] vlan2: entered allmulticast mode
[   97.005518][ T5780] syz_tun: entered allmulticast mode
[   97.054261][ T5780] syz_tun: left allmulticast mode
[   97.069109][ T5780] syz_tun: left promiscuous mode
[   97.090104][ T5286] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   97.126756][ T5286] usb 5-1: device descriptor read/8, error -71
[   97.303578][ T5273] usb 2-1: USB disconnect, device number 6
[   97.396598][ T5286] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   97.470046][ T5286] usb 5-1: device descriptor read/8, error -71
[   97.501155][ T5786] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.112' resets device
[   97.628109][ T5286] usb usb5-port1: unable to enumerate USB device
[   97.889591][   T46] usb 4-1: USB disconnect, device number 3
[   98.016488][ T5286] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[   98.189736][ T5286] usb 2-1: Using ep0 maxpacket: 16
[   98.223661][ T5286] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[   98.283698][ T5286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.343498][ T5286] usb 2-1: Product: syz
[   98.356559][   T29] kauditd_printk_skb: 104 callbacks suppressed
[   98.356604][   T29] audit: type=1326 audit(1726981558.011:2515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[   98.398624][ T5286] usb 2-1: Manufacturer: syz
[   98.424058][ T5286] usb 2-1: SerialNumber: syz
[   98.448524][ T5286] usb 2-1: config 0 descriptor??
[   98.474665][ T5286] visor 2-1:0.0: Sony Clie 3.5 converter detected
[   98.502560][   T29] audit: type=1326 audit(1726981558.041:2516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[   98.525055][    C1] vkms_vblank_simulate: vblank timer overrun
[   98.660965][   T29] audit: type=1326 audit(1726981558.061:2517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[   98.687322][ T5286] usb 2-1: clie_3_5_startup: get config number bad return length: 0
[   98.736551][ T5286] visor 2-1:0.0: probe with driver visor failed with error -5
[  101.590175][   T16] sched: DL replenish lagged too much
[  104.286566][   T29] audit: type=1326 audit(1726981558.061:2518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5f3e37df33 code=0x7ffc0000
[  104.707459][ T5286] usb 2-1: USB disconnect, device number 7
[  104.719760][   T29] audit: type=1326 audit(1726981558.061:2519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f5f3e37df33 code=0x7ffc0000
[  104.908381][   T29] audit: type=1326 audit(1726981558.071:2520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  105.000696][   T29] audit: type=1326 audit(1726981558.091:2521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  119.281565][   T29] audit: type=1326 audit(1726981558.091:2522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  126.696056][   T29] audit: type=1326 audit(1726981558.091:2523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  127.310200][   T29] audit: type=1326 audit(1726981558.091:2524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  127.433147][   T29] audit: type=1326 audit(1726981558.091:2525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  127.613549][   T29] audit: type=1326 audit(1726981558.091:2526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  127.786243][   T29] audit: type=1326 audit(1726981558.091:2527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  127.945990][   T29] audit: type=1326 audit(1726981558.091:2528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f5f3e37c890 code=0x7ffc0000
[  128.131375][   T29] audit: type=1326 audit(1726981558.091:2529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  128.318628][   T29] audit: type=1326 audit(1726981558.091:2530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  128.494242][   T29] audit: type=1326 audit(1726981558.091:2531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  128.661271][   T29] audit: type=1326 audit(1726981558.091:2532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5800 comm="syz.4.115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5f3e37def9 code=0x7ffc0000
[  130.005673][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  130.014669][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  130.022998][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  130.031831][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  130.039911][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  130.049229][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  130.117080][   T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  130.133087][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  130.140902][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  130.162932][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  130.173662][   T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  130.181679][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  130.586616][ T5232] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  130.618117][ T5232] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  130.628611][ T5232] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  130.636885][ T5232] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  130.644628][ T5232] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  130.652489][ T5232] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  130.837688][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  130.848786][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  130.856796][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  130.865587][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  130.873765][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  130.884640][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  131.034647][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  131.043308][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  131.051876][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  131.067272][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  131.077597][   T54] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  131.086062][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  131.299895][ T5831] chnl_net:caif_netlink_parms(): no params data found
[  131.512600][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.520999][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.537942][ T5831] bridge_slave_0: entered allmulticast mode
[  131.552749][ T5831] bridge_slave_0: entered promiscuous mode
[  131.562588][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[  131.576652][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.593442][ T5831] bridge_slave_1: entered allmulticast mode
[  131.602043][ T5831] bridge_slave_1: entered promiscuous mode
[  131.721713][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  131.750218][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.911144][ T5831] team0: Port device team_slave_0 added
[  131.925142][ T5831] team0: Port device team_slave_1 added
[  132.014902][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.023135][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.057496][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.084987][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.105205][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.135918][ T5232] Bluetooth: hci5: command tx timeout
[  132.149527][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.272373][ T5831] hsr_slave_0: entered promiscuous mode
[  132.286640][ T5232] Bluetooth: hci6: command tx timeout
[  132.296426][ T5831] hsr_slave_1: entered promiscuous mode
[  132.312867][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  132.322562][ T5831] Cannot create hsr debugfs directory
[  132.770379][ T5232] Bluetooth: hci7: command tx timeout
[  132.931856][ T5232] Bluetooth: hci4: command tx timeout
[  132.955269][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  132.966362][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  133.166110][ T5232] Bluetooth: hci2: command tx timeout
[  134.207045][ T5232] Bluetooth: hci5: command tx timeout
[  134.366185][ T5232] Bluetooth: hci6: command tx timeout
[  134.848899][ T5232] Bluetooth: hci7: command tx timeout
[  135.014403][ T5232] Bluetooth: hci4: command tx timeout
[  135.246294][ T5232] Bluetooth: hci2: command tx timeout
[  136.286035][ T5232] Bluetooth: hci5: command tx timeout
[  136.446257][ T5232] Bluetooth: hci6: command tx timeout
[  136.926440][ T5232] Bluetooth: hci7: command tx timeout
[  137.093846][ T5232] Bluetooth: hci4: command tx timeout
[  137.326020][ T5232] Bluetooth: hci2: command tx timeout
[  138.368435][ T5232] Bluetooth: hci5: command tx timeout
[  138.525965][ T5232] Bluetooth: hci6: command tx timeout
[  139.009439][ T5232] Bluetooth: hci7: command tx timeout
[  139.174178][ T5232] Bluetooth: hci4: command tx timeout
[  139.406042][ T5232] Bluetooth: hci2: command tx timeout
[  140.805012][ T5831] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.282257][ T5783] netlink: 'syz.2.111': attribute type 1 has an invalid length.
[  155.303071][ T5783] netlink: 9 bytes leftover after parsing attributes in process `syz.2.111'.
[  166.263063][ T5788] netlink: 'syz.1.112': attribute type 10 has an invalid length.
[  166.525764][ T5788] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  183.592557][ T5831] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  186.222478][ T5232] Bluetooth: hci0: command 0x0406 tx timeout
[  188.796280][ T5232] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  188.804739][ T5232] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  188.815403][ T5232] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  188.825088][ T5232] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  188.838536][ T5232] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  188.845977][ T5232] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  190.486481][   T54] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  190.495541][   T54] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  190.504522][   T54] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  190.517907][   T54] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  190.527314][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  190.536482][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  190.791452][ T5232] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  190.800096][ T5232] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  190.808658][ T5232] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  190.816773][ T5232] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  190.825516][ T5232] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  190.839174][ T5236] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  190.848855][ T5236] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  190.872951][ T5236] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  190.880779][ T5236] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  190.893376][ T5236] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  190.901424][ T5236] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  190.945050][ T5236] Bluetooth: hci1: command tx timeout
[  190.958062][   T54] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  190.976330][ T5232] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  190.993092][ T5223] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  191.002107][ T5223] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  191.010430][ T5223] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  191.018614][ T5223] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  191.030298][ T5223] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  191.227597][ T5831] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.606446][ T5223] Bluetooth: hci3: command tx timeout
[  192.932476][ T5223] Bluetooth: hci8: command tx timeout
[  193.006024][ T5236] Bluetooth: hci1: command tx timeout
[  193.013638][ T5223] Bluetooth: hci9: command tx timeout
[  193.166425][ T5223] Bluetooth: hci10: command tx timeout
[  194.371477][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  194.393407][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  194.686381][ T5223] Bluetooth: hci3: command tx timeout
[  195.006187][ T5223] Bluetooth: hci8: command tx timeout
[  195.086017][ T5236] Bluetooth: hci1: command tx timeout
[  195.093084][ T5223] Bluetooth: hci9: command tx timeout
[  195.246331][ T5223] Bluetooth: hci10: command tx timeout
[  196.766076][ T5223] Bluetooth: hci3: command tx timeout
[  197.085903][ T5223] Bluetooth: hci8: command tx timeout
[  197.167933][ T5236] Bluetooth: hci1: command tx timeout
[  197.173431][ T5223] Bluetooth: hci9: command tx timeout
[  197.326141][ T5223] Bluetooth: hci10: command tx timeout
[  198.856182][ T5223] Bluetooth: hci3: command tx timeout
[  199.174221][ T5223] Bluetooth: hci8: command tx timeout
[  199.246123][ T5223] Bluetooth: hci9: command tx timeout
[  199.406555][ T5223] Bluetooth: hci10: command tx timeout
[  242.492321][ T5831] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  242.705977][ T5814] bridge_slave_1: left allmulticast mode
[  242.711680][ T5814] bridge_slave_1: left promiscuous mode
[  242.761908][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.896536][ T5814] bridge_slave_0: left allmulticast mode
[  242.926449][ T5814] bridge_slave_0: left promiscuous mode
[  242.932278][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[  244.376270][ T5814] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  244.417887][ T5814] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  244.458848][ T5814] bond0 (unregistering): Released all slaves
[  249.450012][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  249.458755][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  249.468661][ T5236] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  249.503772][ T5236] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  249.511633][ T5236] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  249.528304][ T5236] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  249.814136][ T5878] chnl_net:caif_netlink_parms(): no params data found
[  250.011611][ T5878] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.026493][ T5878] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.033818][ T5878] bridge_slave_0: entered allmulticast mode
[  250.051076][ T5878] bridge_slave_0: entered promiscuous mode
[  250.069761][ T5878] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.083241][ T5878] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.093774][ T5878] bridge_slave_1: entered allmulticast mode
[  250.108756][ T5878] bridge_slave_1: entered promiscuous mode
[  250.343906][ T5878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  250.409180][ T5878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  250.758612][ T5878] team0: Port device team_slave_0 added
[  250.817093][ T5878] team0: Port device team_slave_1 added
[  251.088435][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_0
[  251.136343][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.241813][ T5232] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  251.266487][ T5232] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  251.274863][ T5232] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  251.290131][ T5232] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  251.299817][ T5232] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  251.309387][ T5232] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  251.384425][ T5878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  251.433391][ T5232] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  251.444417][ T5232] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  251.454718][ T5232] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  251.465971][ T5232] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  251.474134][ T5232] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  251.482198][ T5232] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  251.566230][ T5878] batman_adv: batadv0: Adding interface: batadv_slave_1
[  251.573231][ T5878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  251.603410][ T5232] Bluetooth: hci0: command tx timeout
[  251.644866][   T54] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1
[  251.657322][   T54] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9
[  251.667715][ T5878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  251.774188][ T5236] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9
[  251.782544][ T5238] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1
[  251.793635][ T5238] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9
[  251.802400][ T5238] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9
[  251.812650][ T5238] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4
[  251.821294][ T5238] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3
[  251.828762][ T5238] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2
[  251.870687][ T5878] hsr_slave_0: entered promiscuous mode
[  251.886972][ T5238] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4
[  251.896519][ T5238] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3
[  251.905406][ T5238] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2
[  251.980361][ T5878] hsr_slave_1: entered promiscuous mode
[  252.020314][ T5878] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  252.037086][ T5878] Cannot create hsr debugfs directory
[  252.783042][ T5232] Bluetooth: hci6: command 0x0406 tx timeout
[  253.406122][ T5223] Bluetooth: hci4: command tx timeout
[  253.574303][ T5223] Bluetooth: hci5: command tx timeout
[  253.645926][ T5223] Bluetooth: hci0: command tx timeout
[  253.886174][ T5223] Bluetooth: hci12: command tx timeout
[  253.966495][ T5223] Bluetooth: hci11: command tx timeout
[  255.503831][ T5223] Bluetooth: hci4: command tx timeout
[  255.656236][ T5223] Bluetooth: hci5: command tx timeout
[  255.736346][ T5223] Bluetooth: hci0: command tx timeout
[  255.808050][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  255.814408][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  255.966303][ T5238] Bluetooth: hci12: command tx timeout
[  256.046379][ T5238] Bluetooth: hci11: command tx timeout
[  257.566234][ T5238] Bluetooth: hci4: command tx timeout
[  257.726212][ T5238] Bluetooth: hci5: command tx timeout
[  257.806322][ T5238] Bluetooth: hci0: command tx timeout
[  257.895713][   T54] Bluetooth: hci7: command 0x0406 tx timeout
[  257.902208][ T5238] Bluetooth: hci2: command 0x0406 tx timeout
[  258.045996][ T5223] Bluetooth: hci12: command tx timeout
[  258.126906][ T5223] Bluetooth: hci11: command tx timeout
[  259.646099][ T5223] Bluetooth: hci4: command tx timeout
[  259.806308][ T5223] Bluetooth: hci5: command tx timeout
[  260.126338][ T5223] Bluetooth: hci12: command tx timeout
[  260.206407][ T5223] Bluetooth: hci11: command tx timeout
[  306.105119][ T5878] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  312.681117][ T5230] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1
[  312.696112][ T5230] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9
[  312.704114][ T5230] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9
[  312.712603][ T5230] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4
[  312.720434][ T5230] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3
[  312.728854][ T5230] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2
[  313.534087][ T5236] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1
[  313.543856][ T5236] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9
[  313.557274][ T5236] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9
[  313.566341][ T5236] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4
[  313.584077][ T5236] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3
[  313.592753][ T5236] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2
[  313.817295][ T5230] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1
[  313.826864][ T5230] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9
[  313.834673][ T5230] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9
[  313.846605][ T5230] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4
[  313.855141][ T5230] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3
[  313.863283][ T5230] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2
[  313.971828][ T5230] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1
[  313.985298][ T5230] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9
[  313.993765][ T5230] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9
[  314.002014][ T5230] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4
[  314.010285][ T5230] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3
[  314.018471][ T5230] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2
[  314.220113][ T5230] Bluetooth: hci9: command 0x0406 tx timeout
[  314.226263][ T5236] Bluetooth: hci1: command 0x0406 tx timeout
[  314.232300][ T5236] Bluetooth: hci3: command 0x0406 tx timeout
[  314.238816][ T5230] Bluetooth: hci8: command 0x0406 tx timeout
[  314.244855][ T5230] Bluetooth: hci10: command 0x0406 tx timeout
[  314.419300][   T54] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1
[  314.431248][ T4618] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9
[  314.440188][ T4618] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9
[  314.449946][ T4618] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4
[  314.458155][ T4618] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3
[  314.465702][ T4618] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2
[  314.766030][ T4618] Bluetooth: hci13: command tx timeout
[  315.656138][ T4618] Bluetooth: hci14: command tx timeout
[  315.886173][ T4618] Bluetooth: hci15: command tx timeout
[  316.446334][ T4618] Bluetooth: hci16: command tx timeout
[  316.525962][ T4618] Bluetooth: hci17: command tx timeout
[  316.846310][ T4618] Bluetooth: hci13: command tx timeout
[  317.256414][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  317.262938][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  317.736527][ T4618] Bluetooth: hci14: command tx timeout
[  317.974189][ T4618] Bluetooth: hci15: command tx timeout
[  318.526294][ T4618] Bluetooth: hci16: command tx timeout
[  318.606329][ T4618] Bluetooth: hci17: command tx timeout
[  318.926168][ T4618] Bluetooth: hci13: command tx timeout
[  319.805954][ T4618] Bluetooth: hci14: command tx timeout
[  320.046231][ T4618] Bluetooth: hci15: command tx timeout
[  320.606027][ T4618] Bluetooth: hci16: command tx timeout
[  320.685943][ T4618] Bluetooth: hci17: command tx timeout
[  321.006256][ T4618] Bluetooth: hci13: command tx timeout
[  321.886366][ T4618] Bluetooth: hci14: command tx timeout
[  322.126255][ T4618] Bluetooth: hci15: command tx timeout
[  322.686308][ T4618] Bluetooth: hci16: command tx timeout
[  322.766081][ T4618] Bluetooth: hci17: command tx timeout
[  370.366229][   T30] INFO: task syz-executor:5825 blocked for more than 143 seconds.
[  370.374115][   T30]       Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[  370.435984][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  370.444725][   T30] task:syz-executor    state:D stack:24440 pid:5825  tgid:5825  ppid:1      flags:0x00004006
[  370.491721][   T30] Call Trace:
[  370.495148][   T30]  <TASK>
[  370.506307][   T30]  __schedule+0x1895/0x4b30
[  370.510887][   T30]  ? __pfx___schedule+0x10/0x10
[  370.538544][   T30]  ? __pfx_lock_release+0x10/0x10
[  370.543643][   T30]  ? __mutex_trylock_common+0x92/0x2e0
[  370.562275][   T30]  ? schedule+0x90/0x320
[  370.572774][   T30]  schedule+0x14b/0x320
[  370.593032][   T30]  schedule_preempt_disabled+0x13/0x30
[  370.615148][   T30]  __mutex_lock+0x6a7/0xd70
[  370.626106][   T30]  ? __mutex_lock+0x52a/0xd70
[  370.630845][   T30]  ? ip_tunnel_init_net+0x20e/0x720
[  370.663838][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  370.669299][   T30]  ? read_word_at_a_time+0xe/0x20
[  370.674373][   T30]  ? sized_strscpy+0x8d/0x220
[  370.704205][   T30]  ip_tunnel_init_net+0x20e/0x720
[  370.723392][   T30]  ? __pfx_ip_tunnel_init_net+0x10/0x10
[  370.734954][   T30]  ? ops_init+0x75/0x590
[  370.746199][   T30]  ops_init+0x31e/0x590
[  370.750399][   T30]  ? lockdep_init_map_type+0xa1/0x910
[  370.774158][   T30]  setup_net+0x287/0x9e0
[  370.785771][   T30]  ? __pfx_down_read_killable+0x10/0x10
[  370.815838][   T30]  ? __pfx_setup_net+0x10/0x10
[  370.820673][   T30]  copy_net_ns+0x33f/0x570
[  370.825127][   T30]  create_new_namespaces+0x425/0x7b0
[  370.883703][   T30]  unshare_nsproxy_namespaces+0x124/0x180
[  370.903416][   T30]  ksys_unshare+0x619/0xc10
[  370.943468][   T30]  ? __pfx_ksys_unshare+0x10/0x10
[  370.956230][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  370.962301][   T30]  ? do_syscall_64+0x100/0x230
[  371.004139][   T30]  __x64_sys_unshare+0x38/0x40
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  371.033367][   T30]  do_syscall_64+0xf3/0x230
[  371.040656][   T30]  ? clear_bhb_loop+0x35/0x90
[  371.045416][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  371.066417][   T30] RIP: 0033:0x7f53a677f6f7
[  371.070894][   T30] RSP: 002b:00007f53a6a5ffa8 EFLAGS: 00000206 ORIG_RAX: 0000000000000110
[  371.124444][   T30] RAX: ffffffffffffffda RBX: 00007f53a67f22ec RCX: 00007f53a677f6f7
[  371.224042][   T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000000
[  371.289672][   T30] RBP: 0000000000000000 R08: 00007f53a7467d60 R09: 0000000000000000
[  371.315608][   T30] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000c
[  371.324508][   T30] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  371.353387][   T30]  </TASK>
[  371.359224][   T30] 
[  371.359224][   T30] Showing all locks held in the system:
[  371.373263][   T30] 1 lock held by khungtaskd/30:
[  371.381388][   T30]  #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  371.395925][   T30] 3 locks held by kworker/u8:2/35:
[  371.401078][   T30]  #0: ffff88802e274948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.423209][   T30]  #1: ffffc90000ab7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.444635][   T30]  #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[  371.454464][   T30] 3 locks held by kworker/1:1/46:
[  371.466104][   T30]  #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.484672][   T30]  #1: ffffc90000b67d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.510675][   T30]  #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[  371.530741][   T30] 3 locks held by kworker/u8:3/52:
[  371.542474][   T30]  #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.559180][   T30]  #1: ffffc90000bd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.575873][   T30]  #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  371.584933][   T30] 3 locks held by kworker/u8:4/62:
[  371.601325][   T30]  #0: ffff88801c7b9948 ((wq_completion)cfg80211){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.616658][   T30]  #1: ffffc900015e7d00 ((work_completion)(&(&rdev->dfs_update_channels_wk)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.635931][   T30]  #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cfg80211_dfs_channels_update_work+0xbf/0x610
[  371.655369][   T30] 3 locks held by kworker/0:2/1170:
[  371.661405][   T30] 2 locks held by getty/4982:
[  371.674175][   T30]  #0: ffff88814c2cc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  371.686219][   T30]  #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00
[  371.704761][   T30] 6 locks held by kworker/0:4/5274:
[  371.712738][   T30] 3 locks held by kworker/0:7/5277:
[  371.725795][   T30]  #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.749267][   T30]  #1: ffffc9000400fd00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.766107][   T30]  #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0
[  371.783193][   T30] 1 lock held by syz.0.110/5780:
[  371.790227][   T30]  #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  371.805910][   T30] 3 locks held by kworker/u8:9/5814:
[  371.815537][   T30]  #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850
[  371.835829][   T30]  #1: ffffc90009587d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850
[  371.856074][   T30]  #2: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  371.865546][   T30] 1 lock held by syz-executor/5824:
[  371.877840][   T30]  #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  371.892949][   T30] 2 locks held by syz-executor/5825:
[  371.902034][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  371.914943][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  371.931746][   T30] 2 locks held by syz-executor/5828:
[  371.938766][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  371.955841][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x20/0x90
[  371.965658][   T30] 1 lock held by syz-executor/5831:
[  371.980751][   T30]  #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0
[  371.993916][   T30] 2 locks held by syz-executor/5833:
[  372.004033][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.025024][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: cangw_pernet_exit_batch+0x20/0x90
[  372.035209][   T30] 2 locks held by syz-executor/5848:
[  372.046320][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.065192][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  372.075156][   T30] 2 locks held by syz-executor/5854:
[  372.085925][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.095413][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  372.114108][   T30] 2 locks held by syz-executor/5860:
[  372.121520][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.140653][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  372.155265][   T30] 2 locks held by syz-executor/5861:
[  372.165389][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.179972][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  372.194350][   T30] 2 locks held by syz-executor/5862:
[  372.203344][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.217717][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ip_tunnel_init_net+0x20e/0x720
[  372.236386][   T30] 7 locks held by syz-executor/5878:
[  372.241729][   T30]  #0: ffff88802e738420 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x224/0xc90
[  372.258481][   T30]  #1: ffff8880551d0088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1ea/0x500
[  372.274311][   T30]  #2: ffff888144310c38 (kn->active#49){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20e/0x500
[  372.288026][   T30]  #3: ffffffff8f568bc8 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xfc/0x480
[  372.306139][   T30]  #4: ffff888055c5d0e8 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0
[  372.326626][   T30]  #5: ffff888055c5e250 (&devlink->lock_key){+.+.}-{3:3}, at: nsim_drv_remove+0x50/0x160
[  372.344264][   T30]  #6: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: nsim_destroy+0x71/0x5c0
[  372.355352][   T30] 2 locks held by syz-executor/5892:
[  372.374517][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.394131][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.412371][   T30] 2 locks held by syz-executor/5894:
[  372.419557][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.435832][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.455652][   T30] 2 locks held by syz-executor/5896:
[  372.462084][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.479848][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.495887][   T30] 2 locks held by syz-executor/5897:
[  372.501201][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.518270][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.541693][   T30] 2 locks held by syz-executor/5904:
[  372.551243][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.566592][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.584594][   T30] 2 locks held by syz-executor/5909:
[  372.590276][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.606025][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.626338][   T30] 2 locks held by syz-executor/5911:
[  372.633246][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.646282][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.665620][   T30] 2 locks held by syz-executor/5913:
[  372.671259][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.685774][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.706991][   T30] 2 locks held by syz-executor/5915:
[  372.712327][   T30]  #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570
[  372.725786][   T30]  #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290
[  372.746706][   T30] 
[  372.749077][   T30] =============================================
[  372.749077][   T30] 
[  372.766619][   T30] NMI backtrace for cpu 1
[  372.770989][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[  372.781166][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  372.791240][   T30] Call Trace:
[  372.794534][   T30]  <TASK>
[  372.797490][   T30]  dump_stack_lvl+0x241/0x360
[  372.802206][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  372.807441][   T30]  ? __pfx__printk+0x10/0x10
[  372.812069][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  372.817088][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  372.822589][   T30]  ? _printk+0xd5/0x120
[  372.826769][   T30]  ? __pfx__printk+0x10/0x10
[  372.831394][   T30]  ? __wake_up_klogd+0xcc/0x110
[  372.836273][   T30]  ? __pfx__printk+0x10/0x10
[  372.840890][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  372.845946][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  372.851980][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  372.858001][   T30]  watchdog+0xff4/0x1040
[  372.862279][   T30]  ? watchdog+0x1ea/0x1040
[  372.866743][   T30]  ? __pfx_watchdog+0x10/0x10
[  372.871443][   T30]  kthread+0x2f0/0x390
[  372.875528][   T30]  ? __pfx_watchdog+0x10/0x10
[  372.880230][   T30]  ? __pfx_kthread+0x10/0x10
[  372.884844][   T30]  ret_from_fork+0x4b/0x80
[  372.889294][   T30]  ? __pfx_kthread+0x10/0x10
[  372.893912][   T30]  ret_from_fork_asm+0x1a/0x30
[  372.898730][   T30]  </TASK>
[  372.902814][   T30] Sending NMI from CPU 1 to CPUs 0:
[  372.908504][    C0] NMI backtrace for cpu 0
[  372.908518][    C0] CPU: 0 UID: 0 PID: 5274 Comm: kworker/0:4 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[  372.908548][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  372.908560][    C0] Workqueue: events nsim_dev_trap_report_work
[  372.908589][    C0] RIP: 0010:lock_release+0x658/0xa30
[  372.908619][    C0] Code: 3c 3b 00 74 08 4c 89 f7 e8 75 ca 8d 00 f6 84 24 91 00 00 00 02 75 77 41 f7 c5 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 27 00 00 00 00 4b c7 44 27 08 00 00 00 00 65 48 8b 04 25
[  372.908633][    C0] RSP: 0018:ffffc90000006d00 EFLAGS: 00000046
[  372.908649][    C0] RAX: 0000000000000001 RBX: 1ffff92000000db2 RCX: ffffc90000006d03
[  372.908662][    C0] RDX: 0000000000000006 RSI: ffffffff8c0adbc0 RDI: ffffffff8c60d040
[  372.908675][    C0] RBP: ffffc90000006e30 R08: ffffffff901c77af R09: 1ffffffff2038ef5
[  372.908689][    C0] R10: dffffc0000000000 R11: fffffbfff2038ef6 R12: 1ffff92000000dac
[  372.908702][    C0] R13: 0000000000000046 R14: ffffc90000006d90 R15: dffffc0000000000
[  372.908715][    C0] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  372.908730][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  372.908743][    C0] CR2: 0000001b32d1e000 CR3: 000000000e734000 CR4: 00000000003506f0
[  372.908759][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  372.908769][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  372.908781][    C0] Call Trace:
[  372.908787][    C0]  <NMI>
[  372.908794][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  372.908821][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  372.908849][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  372.908875][    C0]  ? nmi_handle+0x2a/0x5a0
[  372.908900][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  372.908924][    C0]  ? nmi_handle+0x14f/0x5a0
[  372.908941][    C0]  ? nmi_handle+0x2a/0x5a0
[  372.908959][    C0]  ? lock_release+0x658/0xa30
[  372.908989][    C0]  ? default_do_nmi+0x63/0x160
[  372.909017][    C0]  ? exc_nmi+0x123/0x1f0
[  372.909042][    C0]  ? end_repeat_nmi+0xf/0x53
[  372.909069][    C0]  ? lock_release+0x658/0xa30
[  372.909095][    C0]  ? lock_release+0x658/0xa30
[  372.909121][    C0]  ? lock_release+0x658/0xa30
[  372.909146][    C0]  </NMI>
[  372.909152][    C0]  <IRQ>
[  372.909161][    C0]  ? debug_object_activate+0x3e4/0x510
[  372.909186][    C0]  ? do_raw_spin_lock+0x14f/0x370
[  372.909208][    C0]  ? __pfx_lock_release+0x10/0x10
[  372.909238][    C0]  ? __pfx_debug_objects_fill_pool+0x10/0x10
[  372.909267][    C0]  _raw_spin_unlock_irqrestore+0x79/0x140
[  372.909287][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  372.909312][    C0]  debug_object_activate+0x3e4/0x510
[  372.909336][    C0]  ? ip_finish_output2+0x45f/0x1390
[  372.909360][    C0]  ? __pfx_debug_object_activate+0x10/0x10
[  372.909390][    C0]  ? rcuref_put_slowpath+0x138/0x340
[  372.909413][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[  372.909437][    C0]  call_rcu+0x97/0xa70
[  372.909461][    C0]  ? __pfx_call_rcu+0x10/0x10
[  372.909479][    C0]  ? rcuref_put+0x1e3/0x240
[  372.909500][    C0]  ? __pfx_rcuref_put+0x10/0x10
[  372.909527][    C0]  skb_release_head_state+0x73/0x250
[  372.909552][    C0]  consume_skb+0x60/0xf0
[  372.909574][    C0]  nft_synproxy_eval_v4+0x3d2/0x610
[  372.909598][    C0]  ? __pfx_nft_synproxy_eval_v4+0x10/0x10
[  372.909620][    C0]  ? nf_ip_checksum+0x13a/0x500
[  372.909643][    C0]  nft_synproxy_do_eval+0x362/0xa60
[  372.909666][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  372.909686][    C0]  ? __lock_acquire+0x1384/0x2050
[  372.909714][    C0]  ? __pfx_validate_chain+0x10/0x10
[  372.909738][    C0]  nft_do_chain+0x4ad/0x1da0
[  372.909777][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  372.909796][    C0]  ? __local_bh_enable_ip+0x168/0x200
[  372.909841][    C0]  ? __pfx_nf_nat_inet_fn+0x10/0x10
[  372.909864][    C0]  nft_do_chain_inet+0x418/0x6b0
[  372.909884][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  372.909901][    C0]  ? ipt_do_table+0x312/0x1860
[  372.909927][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  372.909944][    C0]  nf_hook_slow+0xc3/0x220
[  372.909960][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  372.909986][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  372.910028][    C0]  NF_HOOK+0x29e/0x450
[  372.910052][    C0]  ? NF_HOOK+0x9a/0x450
[  372.910075][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  372.910099][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  372.910126][    C0]  ? ip_rcv_finish+0x406/0x560
[  372.910151][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  372.910175][    C0]  NF_HOOK+0x3a4/0x450
[  372.910197][    C0]  ? __lock_acquire+0x1384/0x2050
[  372.910223][    C0]  ? NF_HOOK+0x9a/0x450
[  372.910246][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  372.910268][    C0]  ? ip_rcv_core+0x801/0xd10
[  372.910292][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  372.910320][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  372.910344][    C0]  __netif_receive_skb+0x2bf/0x650
[  372.910371][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  372.910396][    C0]  ? __pfx___netif_receive_skb+0x10/0x10
[  372.910421][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  372.910446][    C0]  ? __pfx_lock_release+0x10/0x10
[  372.910471][    C0]  ? _raw_spin_lock_irq+0xdf/0x120
[  372.910495][    C0]  process_backlog+0x662/0x15b0
[  372.910514][    C0]  ? process_backlog+0x33b/0x15b0
[  372.910534][    C0]  ? __pfx_process_backlog+0x10/0x10
[  372.910551][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  372.910577][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  372.910604][    C0]  __napi_poll+0xcb/0x490
[  372.910630][    C0]  net_rx_action+0x89b/0x1240
[  372.910657][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  372.910676][    C0]  ? sched_clock+0x4a/0x70
[  372.910704][    C0]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  372.910734][    C0]  handle_softirqs+0x2c5/0x980
[  372.910758][    C0]  ? do_softirq+0x11b/0x1e0
[  372.910781][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  372.910808][    C0]  do_softirq+0x11b/0x1e0
[  372.910828][    C0]  </IRQ>
[  372.910834][    C0]  <TASK>
[  372.910840][    C0]  ? __pfx_do_softirq+0x10/0x10
[  372.910861][    C0]  ? __pfx_lockdep_softirqs_on+0x10/0x10
[  372.910888][    C0]  ? rcu_is_watching+0x15/0xb0
[  372.910907][    C0]  __local_bh_enable_ip+0x1bb/0x200
[  372.910930][    C0]  ? nsim_dev_trap_report_work+0x75d/0xaa0
[  372.910953][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  372.910981][    C0]  ? do_raw_spin_unlock+0x13c/0x8b0
[  372.911003][    C0]  ? nsim_dev_trap_report_work+0x6a7/0xaa0
[  372.911028][    C0]  nsim_dev_trap_report_work+0x75d/0xaa0
[  372.911059][    C0]  ? process_scheduled_works+0x976/0x1850
[  372.911083][    C0]  process_scheduled_works+0xa63/0x1850
[  372.911119][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  372.911146][    C0]  ? assign_work+0x364/0x3d0
[  372.911170][    C0]  worker_thread+0x870/0xd30
[  372.911208][    C0]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  372.911228][    C0]  ? __kthread_parkme+0x169/0x1d0
[  372.911252][    C0]  ? __pfx_worker_thread+0x10/0x10
[  372.911274][    C0]  kthread+0x2f0/0x390
[  372.911288][    C0]  ? __pfx_worker_thread+0x10/0x10
[  372.911310][    C0]  ? __pfx_kthread+0x10/0x10
[  372.911325][    C0]  ret_from_fork+0x4b/0x80
[  372.911347][    C0]  ? __pfx_kthread+0x10/0x10
[  372.911381][    C0]  ret_from_fork_asm+0x1a/0x30
[  372.911426][    C0]  </TASK>
[  373.666773][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  373.673669][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0
[  373.683931][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  373.694120][   T30] Call Trace:
[  373.697422][   T30]  <TASK>
[  373.700375][   T30]  dump_stack_lvl+0x241/0x360
[  373.705083][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.710302][   T30]  ? __pfx__printk+0x10/0x10
[  373.714912][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  373.720935][   T30]  ? vscnprintf+0x5d/0x90
[  373.725298][   T30]  panic+0x349/0x880
[  373.729241][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  373.735433][   T30]  ? __pfx_panic+0x10/0x10
[  373.739871][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  373.745291][   T30]  ? __irq_work_queue_local+0x137/0x410
[  373.750878][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  373.756275][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  373.762471][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  373.768668][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  373.774862][   T30]  watchdog+0x1033/0x1040
[  373.779231][   T30]  ? watchdog+0x1ea/0x1040
[  373.783686][   T30]  ? __pfx_watchdog+0x10/0x10
[  373.788417][   T30]  kthread+0x2f0/0x390
[  373.792508][   T30]  ? __pfx_watchdog+0x10/0x10
[  373.797213][   T30]  ? __pfx_kthread+0x10/0x10
[  373.801827][   T30]  ret_from_fork+0x4b/0x80
[  373.806275][   T30]  ? __pfx_kthread+0x10/0x10
[  373.810888][   T30]  ret_from_fork_asm+0x1a/0x30
[  373.815699][   T30]  </TASK>
[  373.819068][   T30] Kernel Offset: disabled
[  373.823427][   T30] Rebooting in 86400 seconds..